[HN Gopher] Tilde.town is a computer meant for sharing
___________________________________________________________________
Tilde.town is a computer meant for sharing
Author : memorable
Score : 251 points
Date : 2022-05-14 06:49 UTC (16 hours ago)
(HTM) web link (tilde.town)
(TXT) w3m dump (tilde.town)
| bovermyer wrote:
| This is my page on Tilde.town: https://tilde.town/~sithlord/
|
| It's a hand-written, kind of ugly test bed for random things. I
| have a random startup generator. It's stupid.
|
| I love this community.
| canadaduane wrote:
| Hey sithlord! It's been a while, but fun to see your page. I'm
| here: https://tilde.town/~canadaduane
|
| I love having a simple page somewhere, hosted within a
| community that might take a peek every once in a while. Feels
| like a lot less lonely of a vast Internet.
| bovermyer wrote:
| For sure! I haven't posted in chat in ages, though. I should
| probably jump back in.
| the_default wrote:
| mjfisher wrote:
| Every single hot sauce your generator comes up with sounds
| amazing
| hieloz wrote:
| It is very convenient. Similar tilde sites https://tilde.club/,
| more details can be found in tildeverse.org
| https://tildeverse.org/
| sherr wrote:
| The .org link seems to be a rick-roll.
| kuschku wrote:
| Many sites, including that .org link, have redirects for
| users coming from HN (because HN has a _lot_ of trolls,
| though you may not see them unless you have showdead enabled)
| alwayslikethis wrote:
| I turn off referers in my browser. There is no reason to
| have it on, especially cross-origin. It's only good for
| tracking and not much else.
| yjftsjthsd-h wrote:
| Didn't it get used for some login flows?
| alwayslikethis wrote:
| Yeah. You can re-enable them when needed, such as with
| https://addons.mozilla.org/en-
| US/firefox/addon/togglereferre...
| 453453636 wrote:
| That's hilarious. No wonder /g/ ridicules the Tildeverse
| whenever it's brought up.
| lupire wrote:
| It takes 3 seconds to check and prove that you are wrong
| about this case.
| ryukafalz wrote:
| I took the 3 seconds to check and they were right.
| jfred@lambdacrypt ~$ curl -IL https://tildeverse.org
| HTTP/2 200 server: nginx/1.18.0 (Ubuntu)
| date: Sat, 14 May 2022 14:05:51 GMT content-type:
| text/html; charset=UTF-8 vary: Accept-Encoding
| strict-transport-security: max-age=31536000
| jfred@lambdacrypt ~$ curl -IL https://tildeverse.org -H
| "Referer: https://news.ycombinator.com" HTTP/2 301
| server: nginx/1.18.0 (Ubuntu) date: Sat, 14 May
| 2022 14:06:18 GMT content-type: text/html
| content-length: 178 location:
| https://www.youtube.com/watch?v=dQw4w9WgXcQ strict-
| transport-security: max-age=31536000
| yardshop wrote:
| It takes a similar amount of time to prove that he is
| correct.
|
| If you copy the link into a new window instead of coming
| from HN, you get a different result.
| memorable wrote:
| What is shodead? Cannot find any relevant info on them.
| progval wrote:
| https://news.ycombinator.com/newsfaq.html#dead
| david_allison wrote:
| showdead is a setting on your HN profile
| sva_ wrote:
| This is crazy. What an absolute gem to discover all this.
| mmastrac wrote:
| I miss this small-community feel from the early internet days.
| Social media really blew up the togetherness you feel from being
| around a finite number of people.
| LanternLight83 wrote:
| I was just looking around the other day, and can't reccomend
| enougj to do so yourself-- several user's pages are gems of
| character, one in particular has great nostalgia links like
| textfiles.com, and the site really captures small-web vibes.
| samatman wrote:
| This brings back fond memories, grex was my first shell and a
| large influence on everything which followed
| http://www.cyberspace.org/grex.xhtml
|
| Thirty years old this year, my goodness. Wild that an online
| space I was using 'talk' on when Hackers was in theaters is still
| around and kicking.
| Bessie69 wrote:
| vnorilo wrote:
| The procedure for credential reset sounds a little concerning:
|
| > are you a town resident that lost their ssh key? try this:
| using the email address with which you registered, send an email
| to root@tilde.town. put "new public key" in the subject. include
| the new public key in the body of the email
|
| Hopefully they will at least reply to confirm the person can
| actually read the email instead of just replacing pubkeys from
| any forged from-address.
| Affric wrote:
| It does seem like they read the emails. A reminder that the web
| can be social.
| vnorilo wrote:
| Reading the emails is not enough: they would need to send
| some secret to the email associated with the account to link
| the power to exhange keys to ownership of the account. Just
| reading a legit-sounding email and relying on from-address is
| 100% suspectible to abuse.
| hnlmorg wrote:
| This is a operation for people to have little sandboxes for
| fun. Not only is the threat model signify lower than your
| average social network but the blast radius too.
|
| It's also worth noting that there's a multitude of ways one
| could take over these machines if they were determined
| enough. The entire principle behind this is giving people
| shell access for giggles. So we aren't exactly taking about
| VPSs for serious business here.
|
| While security is always important for anything online,
| it's also important that security is balanced against
| appropriateness. Here the point is a little slice of the
| old days even though that does invite some risk.
| mccorrinall wrote:
| Usually your email doesn't even make it into the spam
| folder but just gets straight rejected if the DKIM
| signature isn't valid.
|
| Unless the admin doesn't know how to run an email server in
| 2022.
| 8organicbits wrote:
| It's also worth considering threat models. It may be
| worth risking account takeover if they can keep the reset
| flow user friendly. Not every site needs bulletproof
| security, this one seems lower risk.
| lupire wrote:
| If the person can't read the email, then they can't read the
| key.
|
| This is exactly how credential reset works on every system with
| registered backup email address, include Google.
|
| The only risk is if they send the key to the wrong email
| address, such as From and Reply-To.
| lights0123 wrote:
| > If the person can't read the email, then they can't read
| the key.
|
| You're sending them your public key, not receiving a private
| key.
| imdsm wrote:
| Interesting, the SSH join form doesn't ask for an email, so they
| have no way of getting back to me with their answer.
| lupire wrote:
| Yes it does. https://cgi.tilde.town/users/signup
|
| "e-mail: "
|
| The hardest part is deciding which answer to "are you a robot?"
| is correct.
| nonrandomstring wrote:
| Perhaps perfect granularity of social networks can be achieved if
| little "towns" are aggregated on top of small Unix servers or
| VPS.
|
| A 1GHz 1GB compute unit can probably handle 1000 people, with IRC
| level chatting and light browsing a text protocol like Gemini.
|
| If each "town" has a maximum population before it becomes a grind
| and people want to move out there's a natural feedback mechanism.
|
| Am elected local council can take care of some (sysadmin) things
| and vote on new services and boundary (firewall rules).
|
| If people identify with an online location, instead of an
| amorphous brand maybe they'll take pride in the upkeep and so on.
|
| It's an interesting metaphor/model, and the Tilde project
| certainly seems to have proved it can work. I wonder what wisdom
| the inhabitants could give to other federated social projects?
| rsolva wrote:
| This is what is happening with the Fediverse (sans the
| minimalism), only there is interoperability between all the
| small communities. I think it's the future, as long as it
| doesn't grow to fast.
| NelsonMinar wrote:
| One particular choice of Mastodon is that pretty much
| everything federates all the time. Some local instances try
| to create a sense of local community, but other than the
| local timeline page you might as well be anywhere.
|
| Hometown is a fork of Mastodon that adds a "local only" post
| feature, posts that deliberately do not federate. I think
| it's an interesting experiment. https://github.com/hometown-
| fork/hometown
| HidyBush wrote:
| I guess the server should enable instant messages between its
| users and only offer email communication with people outside
| pm90 wrote:
| you do see a version of these dynamics in mmorpgs like eve
| online
| ourcat wrote:
| That's not a million miles away from how Second Life operated
| (and still does). Where the 'Land' & 'Estates' (and parcels
| within them) were servers. Each has their own limitations to
| how many user avatars they can support at one time.
|
| People flock to places they identity with. Buy parcels. Build
| their own space and communities within communities.
|
| As far as 'voting' and governance goes, I think there's room
| for development with blockchain login/identity/ownership and
| Decentralised Autonomous Organisations (DAOs) which support
| that.
| remram wrote:
| You can vote without Blockchain, somehow everyone forgot
| about that. In fact Blockchain and other "trustless"
| mechanisms are completely useless in a community where people
| know each other, since Sybil attacks require anonymity.
| latexr wrote:
| > As far as 'voting' and governance goes, I think there's
| room for development with blockchain login/identity/ownership
| and Decentralised Autonomous Organisations (DAOs) which
| support that.
|
| Immediately turning it into a community of crypto bros where
| the only subject is cryptocurrencies and derivations. A
| figurative and literal waste.
| Gigachad wrote:
| This is essentially what discord is. Most people find a group
| of under 100 people which is a more personal space to interact
| with.
| lrvick wrote:
| If you do not care about censorship, lock-in, and their anti-
| privacy policy.
|
| I for one refuse to touch Discord.
| klysm wrote:
| Unfortunately, it's where the people are.
| GekkePrutser wrote:
| Yeah it's mad how many FOSS projects use it for their
| comms. Like home assistant. Which was developed to keep
| your home automation away from the data mining cloud
| services. Yet to chat with them you have to use discord.
|
| It's terrible considering there's so many good alternatives
| available that work great and offer the same user
| experience while respecting your privacy.
|
| Discord even use this fact for advertising now :(
| https://discord.com/open-source
| kuschku wrote:
| Except that discord isn't anything like that, having
| centralized control of all these groups on one platform with
| global rules enforced upon all of them (see the recent iOS
| NSFW ban)
| klysm wrote:
| I agree the technical foundations aren't like that but the
| social structure is. The incredible ease of setting up a
| new server is a strict requirement for discord being
| successful. I don't think we're at a point where you can
| have people self host this stuff easily.
| Gigachad wrote:
| The average person realistically doesn't care. You can just
| use the desktop app and switch a toggle that turns off the
| nsfw ban which is what Apple requires for apps. Discord and
| similar IM apps have become small scale social hubs for the
| world.
| fossuser wrote:
| There's some overlapping ideas with how groups on urbit
| operate. Though urbit goes further down the stack to replace
| the bits that make managing a Linux server hard (fixing the
| incentives that lead to everyone having to be on one
| centralized server in the first place).
| whartung wrote:
| I've not seen this discussed anywhere, and it's a bit of an under
| documented facet nowadays.
|
| But, how does one go about securing a "tilde town".
|
| That is, when you're letting random strangers have access to your
| machine with a fully operating shell, all of the Unix tool suite,
| and even programming languages, what's the threat level like?
|
| Most security today is keeping people off the server in the first
| place, but here we're holding the door open for them.
|
| Back in the day, I had a Netcom dial up shell account. So, I
| assume there's some way to secure a system where folks log in to
| a random machine and have their home directory NFS mounted. In
| the old days, there was NIS, but that's right out from what I can
| read. Replaced with LDAP I reckon.
|
| Anyway, I appreciate that many of these communities are
| "Friendly", with several "don't do that" clauses in their
| guidelines, but that doesn't mean there's not room for stuff to
| be better secured.
|
| Any write ups on this?
| xhrpost wrote:
| I don't know about this site in particular but sometimes
| they're just writing application servers that utilize the ssh
| protocol.
|
| https://github.com/charmbracelet/wish
| z3t4 wrote:
| Ive made https://webide.se that gives you a Linux shell on a
| shared machine. I count on Linux to be secure by default. So
| users are free to do whatever they want except email spam, dos
| attacks, and crypto mining which is blocked by iptables. Im
| working on giving each user their own IP but for now incoming
| connections are proxied via http proxy and unix sockets and
| wildcard domain name so that foo.user.webide.se is proxied to
| /home/user/sock/foo
|
| Similar services use Docker containers or VPS for user
| isolation.
| qudat wrote:
| > But, how does one go about securing a "tilde town".
|
| On top of something like charm, you can also use a force
| command when using ssh to limit the commands a user can take
| within the session.
| tonguez wrote:
| "On top of something like charm"
|
| my autismometer just exploded
| IgorPartola wrote:
| The OG version of this idea is of course the Super Dimensional
| Fortress: http://sdf.org/
| tecleandor wrote:
| What does "OG" stands for?
| sphars wrote:
| OG means "original gangster", but now it's generally a
| quicker way of saying "original".
| yjftsjthsd-h wrote:
| I thought it was "original generation"
| tedunangst wrote:
| https://www.merriam-webster.com/dictionary/OG
| tinsmith wrote:
| SDF is tons of fun, and good people. I wish I had more time to
| experiment with the systems and build my own space there, but
| anyone interested in preservation of the Old Ways of the
| Internet should certainly spin up a free account and see what's
| what.
| 8bitsrule wrote:
| "I think web apps have their place in the world of commerce but
| that people should not feel ashamed if they don't want to combine
| megabytes of javascript and css to their framework-powered
| dynamic blog just to put their thoughts online. People shouldn't
| also be forced to use corporate-mediated, surveillance-based
| platforms like Twitter and Facebook just to put some ideas up for
| others to see." [https://brutalistwebsites.com/tilde.town/]
|
| Been a long wait.
| z3t4 wrote:
| You dont need JS nor massive frameworks to build a static web
| site in order to publish stuff online. I reccomend learning
| vanillla HTML which is very simple if you compare with modern
| JS and CSS frameworks.
| Commodore63 wrote:
| Ah, shell accounts! Such nostalgia. I ran an Eggdrop bot on one
| for years. Great way to dip my toes into Linux-land.
| Taylor_OD wrote:
| These things are always seem really cool but I feel like I don't
| know how to use them. Anyone have a use case they can share? Like
| what do you do on this site? How does it provide you with some
| type of value/or compel you to spend time on?
| r3dk1ng wrote:
| past discussion:
|
| https://news.ycombinator.com/item?id=24300907 (2020)
| lloydatkinson wrote:
| It's funny none of the links work except for the donate one.
| What's the story there?
| GekkePrutser wrote:
| Tilde.town is pretty great. Nice community and handy as a reserve
| ssh host.
|
| Be careful though with stuff like port forwarding on a shared
| computer because forwarded ports are accessible to all users on
| the same machine.
| lrvick wrote:
| You might also check out #!, a similar community running for over
| 20 years.
|
| https://hashbang.sh
| 453453636 wrote:
| https://tilde.town/wiki/conduct.html
|
| The aesthetic is late 90s, but the attitude towards censorship is
| squarely late 2010s. Neocities is better; much less pozzed.
| betwixthewires wrote:
| Meh, this is to be expected by some communities.
|
| The cool thing is the tilde communities in general, not this
| specific one. Anyone can start one, they're small, community
| oriented, simple and light little online spaces that can be a
| lot of fun.
| yjftsjthsd-h wrote:
| > If anyone asks you to stop a particular kind of behavior,
| always err on the side of respecting their wishes. If you
| believe their request is unreasonable or unfair, ask an admin,
| but don't respond with hostility.
|
| That does seem rather lopsided:\
| wolverine876 wrote:
| It seems like run-of-the-mill good, mature behavior to me.
| I'm not perfect in my behavior, but there is rarely a good
| moment to be hostile. Among other things, it empowers the
| other person to turn me into someone I don't want to be.
| yjftsjthsd-h wrote:
| > Among other things, it empowers the other person to turn
| me into someone I don't want to be.
|
| That's the problem, yes. _Considering_ all input is
| reasonable. Giving every troll you meet power over you is
| not.
| wolverine876 wrote:
| > pozzed
|
| ? Is this a signal of something?
| kuu wrote:
| I wonder what kind of things are interesting to do on a server
| under ssh. Write files? have websites? Ascii art? It's a bit hard
| to me to grasp what is the "fun" in this project.
| justusthane wrote:
| All of the above. Socialize with other members. Write CGI
| scripts to do interactive stuff. Ctrl-C Club keeps a list of
| neat things their members are doing here:
| https://ctrl-c.club/#frigginsweet
| lupire wrote:
| Play in the MUD
| memorable wrote:
| The fun of creating a website.
| inputvolch wrote:
| This is one of those moments where "if you have to ask, you'll
| never know" is appropriate.
___________________________________________________________________
(page generated 2022-05-14 23:02 UTC)