Tilde.town is a computer meant for sharing


265 points | by memorable 9 days ago


  • Perhaps perfect granularity of social networks can be achieved if little "towns" are aggregated on top of small Unix servers or VPS.

    A 1GHz 1GB compute unit can probably handle 1000 people, with IRC level chatting and light browsing a text protocol like Gemini.

    If each "town" has a maximum population before it becomes a grind and people want to move out there's a natural feedback mechanism.

    Am elected local council can take care of some (sysadmin) things and vote on new services and boundary (firewall rules).

    If people identify with an online location, instead of an amorphous brand maybe they'll take pride in the upkeep and so on.

    It's an interesting metaphor/model, and the Tilde project certainly seems to have proved it can work. I wonder what wisdom the inhabitants could give to other federated social projects?

    • rsolva 9 days ago
      This is what is happening with the Fediverse (sans the minimalism), only there is interoperability between all the small communities. I think it's the future, as long as it doesn't grow to fast.
      • NelsonMinar 9 days ago
        One particular choice of Mastodon is that pretty much everything federates all the time. Some local instances try to create a sense of local community, but other than the local timeline page you might as well be anywhere.

        Hometown is a fork of Mastodon that adds a "local only" post feature, posts that deliberately do not federate. I think it's an interesting experiment. https://github.com/hometown-fork/hometown

    • ourcat 9 days ago
      That's not a million miles away from how Second Life operated (and still does). Where the 'Land' & 'Estates' (and parcels within them) were servers. Each has their own limitations to how many user avatars they can support at one time.

      People flock to places they identity with. Buy parcels. Build their own space and communities within communities.

      As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.

      • latexr 9 days ago
        > As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.

        Immediately turning it into a community of crypto bros where the only subject is cryptocurrencies and derivations. A figurative and literal waste.

        • remram 9 days ago
          You can vote without Blockchain, somehow everyone forgot about that. In fact Blockchain and other "trustless" mechanisms are completely useless in a community where people know each other, since Sybil attacks require anonymity.
        • Gigachad 9 days ago
          This is essentially what discord is. Most people find a group of under 100 people which is a more personal space to interact with.
          • kuschku 9 days ago
            Except that discord isn’t anything like that, having centralized control of all these groups on one platform with global rules enforced upon all of them (see the recent iOS NSFW ban)
            • klysm 9 days ago
              I agree the technical foundations aren’t like that but the social structure is. The incredible ease of setting up a new server is a strict requirement for discord being successful. I don’t think we’re at a point where you can have people self host this stuff easily.
              • Gigachad 9 days ago
                The average person realistically doesn't care. You can just use the desktop app and switch a toggle that turns off the nsfw ban which is what Apple requires for apps. Discord and similar IM apps have become small scale social hubs for the world.
              • lrvick 9 days ago
                If you do not care about censorship, lock-in, and their anti-privacy policy.

                I for one refuse to touch Discord.

                • GekkePrutser 8 days ago
                  Yeah it's mad how many FOSS projects use it for their comms. Like home assistant. Which was developed to keep your home automation away from the data mining cloud services. Yet to chat with them you have to use discord.

                  It's terrible considering there's so many good alternatives available that work great and offer the same user experience while respecting your privacy.

                  Discord even use this fact for advertising now :( https://discord.com/open-source

                  • klysm 9 days ago
                    Unfortunately, it’s where the people are.
                • fossuser 9 days ago
                  There’s some overlapping ideas with how groups on urbit operate. Though urbit goes further down the stack to replace the bits that make managing a Linux server hard (fixing the incentives that lead to everyone having to be on one centralized server in the first place).
                  • HidyBush 9 days ago
                    I guess the server should enable instant messages between its users and only offer email communication with people outside
                    • pm90 9 days ago
                      you do see a version of these dynamics in mmorpgs like eve online
                    • IgorPartola 9 days ago
                      The OG version of this idea is of course the Super Dimensional Fortress: http://sdf.org/
                      • tinsmith 9 days ago
                        SDF is tons of fun, and good people. I wish I had more time to experiment with the systems and build my own space there, but anyone interested in preservation of the Old Ways of the Internet should certainly spin up a free account and see what's what.
                        • tecleandor 9 days ago
                          What does "OG" stands for?
                      • 8bitsrule 9 days ago
                        "I think web apps have their place in the world of commerce but that people should not feel ashamed if they don't want to combine megabytes of javascript and css to their framework-powered dynamic blog just to put their thoughts online. People shouldn't also be forced to use corporate-mediated, surveillance-based platforms like Twitter and Facebook just to put some ideas up for others to see." [https://brutalistwebsites.com/tilde.town/]

                        Been a long wait.

                        • z3t4 8 days ago
                          You dont need JS nor massive frameworks to build a static web site in order to publish stuff online. I reccomend learning vanillla HTML which is very simple if you compare with modern JS and CSS frameworks.
                        • bovermyer 9 days ago
                          This is my page on Tilde.town: https://tilde.town/~sithlord/

                          It's a hand-written, kind of ugly test bed for random things. I have a random startup generator. It's stupid.

                          I love this community.

                          • canadaduane 9 days ago
                            Hey sithlord! It's been a while, but fun to see your page. I'm here: https://tilde.town/~canadaduane

                            I love having a simple page somewhere, hosted within a community that might take a peek every once in a while. Feels like a lot less lonely of a vast Internet.

                            • bovermyer 8 days ago
                              For sure! I haven't posted in chat in ages, though. I should probably jump back in.
                              • the_default 8 days ago
                                i really should get off chat more, haven't even run into you two :P
                            • mjfisher 8 days ago
                              Every single hot sauce your generator comes up with sounds amazing
                              • bovermyer 7 days ago
                                I did try to put thought into that one, haha.
                            • hieloz 9 days ago
                              It is very convenient. Similar tilde sites https://tilde.club/, more details can be found in tildeverse.org https://tildeverse.org/
                              • sherr 9 days ago
                                The .org link seems to be a rick-roll.
                                • kuschku 9 days ago
                                  Many sites, including that .org link, have redirects for users coming from HN (because HN has a lot of trolls, though you may not see them unless you have showdead enabled)
                                  • alwayslikethis 9 days ago
                                    I turn off referers in my browser. There is no reason to have it on, especially cross-origin. It's only good for tracking and not much else.
                                  • 453453636 9 days ago
                                    That's hilarious. No wonder /g/ ridicules the Tildeverse whenever it's brought up.
                                    • memorable 9 days ago
                                      What is shodead? Cannot find any relevant info on them.
                                    • lupire 9 days ago
                                      It takes 3 seconds to check and prove that you are wrong about this case.
                                      • ryukafalz 9 days ago
                                        I took the 3 seconds to check and they were right.

                                          jfred@lambdacrypt ~$ curl -IL https://tildeverse.org
                                          HTTP/2 200
                                          server: nginx/1.18.0 (Ubuntu)
                                          date: Sat, 14 May 2022 14:05:51 GMT
                                          content-type: text/html; charset=UTF-8
                                          vary: Accept-Encoding
                                          strict-transport-security: max-age=31536000
                                          jfred@lambdacrypt ~$ curl -IL https://tildeverse.org -H "Referer: https://news.ycombinator.com"
                                          HTTP/2 301
                                          server: nginx/1.18.0 (Ubuntu)
                                          date: Sat, 14 May 2022 14:06:18 GMT
                                          content-type: text/html
                                          content-length: 178
                                          location: https://www.youtube.com/watch?v=dQw4w9WgXcQ
                                          strict-transport-security: max-age=31536000
                                        • yardshop 9 days ago
                                          It takes a similar amount of time to prove that he is correct.

                                          If you copy the link into a new window instead of coming from HN, you get a different result.

                                    • sva_ 8 days ago
                                      This is crazy. What an absolute gem to discover all this.
                                    • vnorilo 9 days ago
                                      The procedure for credential reset sounds a little concerning:

                                      > are you a town resident that lost their ssh key? try this: using the email address with which you registered, send an email to root@tilde.town. put "new public key" in the subject. include the new public key in the body of the email

                                      Hopefully they will at least reply to confirm the person can actually read the email instead of just replacing pubkeys from any forged from-address.

                                      • Affric 9 days ago
                                        It does seem like they read the emails. A reminder that the web can be social.
                                        • vnorilo 9 days ago
                                          Reading the emails is not enough: they would need to send some secret to the email associated with the account to link the power to exhange keys to ownership of the account. Just reading a legit-sounding email and relying on from-address is 100% suspectible to abuse.
                                          • hnlmorg 9 days ago
                                            This is a operation for people to have little sandboxes for fun. Not only is the threat model signify lower than your average social network but the blast radius too.

                                            It’s also worth noting that there’s a multitude of ways one could take over these machines if they were determined enough. The entire principle behind this is giving people shell access for giggles. So we aren’t exactly taking about VPSs for serious business here.

                                            While security is always important for anything online, it’s also important that security is balanced against appropriateness. Here the point is a little slice of the old days even though that does invite some risk.

                                            • mccorrinall 9 days ago
                                              Usually your email doesn’t even make it into the spam folder but just gets straight rejected if the DKIM signature isn’t valid.

                                              Unless the admin doesn’t know how to run an email server in 2022.

                                              • 8organicbits 9 days ago
                                                It's also worth considering threat models. It may be worth risking account takeover if they can keep the reset flow user friendly. Not every site needs bulletproof security, this one seems lower risk.
                                          • lupire 9 days ago
                                            If the person can't read the email, then they can't read the key.

                                            This is exactly how credential reset works on every system with registered backup email address, include Google.

                                            The only risk is if they send the key to the wrong email address, such as From and Reply-To.

                                            • lights0123 9 days ago
                                              > If the person can't read the email, then they can't read the key.

                                              You’re sending them your public key, not receiving a private key.

                                          • whartung 9 days ago
                                            I've not seen this discussed anywhere, and it's a bit of an under documented facet nowadays.

                                            But, how does one go about securing a "tilde town".

                                            That is, when you're letting random strangers have access to your machine with a fully operating shell, all of the Unix tool suite, and even programming languages, what's the threat level like?

                                            Most security today is keeping people off the server in the first place, but here we're holding the door open for them.

                                            Back in the day, I had a Netcom dial up shell account. So, I assume there's some way to secure a system where folks log in to a random machine and have their home directory NFS mounted. In the old days, there was NIS, but that's right out from what I can read. Replaced with LDAP I reckon.

                                            Anyway, I appreciate that many of these communities are "Friendly", with several "don't do that" clauses in their guidelines, but that doesn't mean there's not room for stuff to be better secured.

                                            Any write ups on this?

                                            • z3t4 8 days ago
                                              Ive made https://webide.se that gives you a Linux shell on a shared machine. I count on Linux to be secure by default. So users are free to do whatever they want except email spam, dos attacks, and crypto mining which is blocked by iptables. Im working on giving each user their own IP but for now incoming connections are proxied via http proxy and unix sockets and wildcard domain name so that foo.user.webide.se is proxied to /home/user/sock/foo

                                              Similar services use Docker containers or VPS for user isolation.

                                              • xhrpost 9 days ago
                                                I don't know about this site in particular but sometimes they're just writing application servers that utilize the ssh protocol.


                                                • qudat 8 days ago
                                                  > But, how does one go about securing a "tilde town".

                                                  On top of something like charm, you can also use a force command when using ssh to limit the commands a user can take within the session.

                                                  • tonguez 8 days ago
                                                    “On top of something like charm”

                                                    my autismometer just exploded

                                                • Taylor_OD 9 days ago
                                                  These things are always seem really cool but I feel like I don't know how to use them. Anyone have a use case they can share? Like what do you do on this site? How does it provide you with some type of value/or compel you to spend time on?
                                                  • samatman 9 days ago
                                                    This brings back fond memories, grex was my first shell and a large influence on everything which followed http://www.cyberspace.org/grex.xhtml

                                                    Thirty years old this year, my goodness. Wild that an online space I was using 'talk' on when Hackers was in theaters is still around and kicking.

                                                    • lrvick 9 days ago
                                                      You might also check out #!, a similar community running for over 20 years.


                                                      • kuu 9 days ago
                                                        I wonder what kind of things are interesting to do on a server under ssh. Write files? have websites? Ascii art? It's a bit hard to me to grasp what is the "fun" in this project.
                                                        • inputvolch 9 days ago
                                                          This is one of those moments where "if you have to ask, you'll never know" is appropriate.
                                                          • justusthane 9 days ago
                                                            All of the above. Socialize with other members. Write CGI scripts to do interactive stuff. Ctrl-C Club keeps a list of neat things their members are doing here: https://ctrl-c.club/#frigginsweet
                                                            • memorable 9 days ago
                                                              The fun of creating a website.
                                                              • lupire 9 days ago
                                                                Play in the MUD
                                                              • imdsm 9 days ago
                                                                Interesting, the SSH join form doesn't ask for an email, so they have no way of getting back to me with their answer.
                                                              • LanternLight83 9 days ago
                                                                I was just looking around the other day, and can't reccomend enougj to do so yourself-- several user's pages are gems of character, one in particular has great nostalgia links like textfiles.com, and the site really captures small-web vibes.
                                                                • GekkePrutser 8 days ago
                                                                  Tilde.town is pretty great. Nice community and handy as a reserve ssh host.

                                                                  Be careful though with stuff like port forwarding on a shared computer because forwarded ports are accessible to all users on the same machine.

                                                                  • mmastrac 9 days ago
                                                                    I miss this small-community feel from the early internet days. Social media really blew up the togetherness you feel from being around a finite number of people.
                                                                    • r3dk1ng 9 days ago
                                                                      • Commodore63 8 days ago
                                                                        Ah, shell accounts! Such nostalgia. I ran an Eggdrop bot on one for years. Great way to dip my toes into Linux-land.
                                                                        • wlonkly 8 days ago
                                                                          One thing I miss from that era (or, at least, one thing I am thankful to experience) is that I got to learn how to _use_ Linux before I had to _administer_ Unix.

                                                                          I feel bad for "kids these days" who didn't get to find their way around on a well-administered shared university server or similar.

                                                                        • lloydatkinson 9 days ago
                                                                          It’s funny none of the links work except for the donate one. What’s the story there?
                                                                          • Bessie69 9 days ago
                                                                            • 453453636 9 days ago

                                                                              The aesthetic is late 90s, but the attitude towards censorship is squarely late 2010s. Neocities is better; much less pozzed.

                                                                              • yjftsjthsd-h 9 days ago
                                                                                > If anyone asks you to stop a particular kind of behavior, always err on the side of respecting their wishes. If you believe their request is unreasonable or unfair, ask an admin, but don't respond with hostility.

                                                                                That does seem rather lopsided:\

                                                                                • wolverine876 8 days ago
                                                                                  It seems like run-of-the-mill good, mature behavior to me. I'm not perfect in my behavior, but there is rarely a good moment to be hostile. Among other things, it empowers the other person to turn me into someone I don't want to be.
                                                                                  • yjftsjthsd-h 8 days ago
                                                                                    > Among other things, it empowers the other person to turn me into someone I don't want to be.

                                                                                    That's the problem, yes. Considering all input is reasonable. Giving every troll you meet power over you is not.

                                                                                • betwixthewires 9 days ago
                                                                                  Meh, this is to be expected by some communities.

                                                                                  The cool thing is the tilde communities in general, not this specific one. Anyone can start one, they're small, community oriented, simple and light little online spaces that can be a lot of fun.

                                                                                  • matt321 5 days ago
                                                                                    I don't understand the problem with "don't be an ass" as a major rule
                                                                                    • wolverine876 8 days ago
                                                                                      > pozzed

                                                                                      ? Is this a signal of something?