Hacker News new | past | comments | ask | show | jobs | submit login
tilde.town: A social network over SSH (tilde.town)
258 points by apsec112 6 months ago | hide | past | favorite | 82 comments


I'm the founder and primary admin of tilde.town.

I see many people signed up! Every application is manually reviewed, so, uh, give me a few days.

Regarding "good" and "bad" users; this question has been at the center of tilde.town since its inception. We're a community first and a technological project second and encouraging a sense of belonging for users is our primary goal.

Certain users sign up to abuse resources; that's easy to catch and deal with. Other users want to import the wider culture war aspects of the internet into our space, using a variety of tactics to provoke anger and discomfort.

I'm a generally conflict-avoidant person so this took getting used to. On the server, I had to learn to be willing to ban the persistent trolls. I want to provide a space where people can grow and mature as I was given on IRC and web forums back in the early 2000s instead of a place that throws people out at the first hint of having "incorrect" beliefs. Unfortunately this gave too much leeway to people that were consistently there to recreationally troll or promote genuinely hateful movements.

I became much more free with both temporary and permanent bans and made the signup intentionally cumbersome, wracked with nerves about the "good" folks who might be intimidated. I still have that anxiety, but ever since increasing the scrutiny on applications and doing more banning we've had a much more stable community environment.

I read a lot of books on digital communities; the Virtual Community by Howard Rheingold is a great starting point, but the book that helped me the most was Cyber Chiefs by Mathieu O’Neil. It helped me understand that all communities that manage to grow over time will hit an unsustainable point and either retract or dissipate.

Dissipation was a real possibility; for a long time I felt completely emotionally burned out by the town. I chose retraction though, and in retrospect, it was the right choice.

I'm still learning and thinking all the time about ways to encourage quieter or less technologically inclined people to sign up and make a home on the town and am always excited to talk about it or hear ideas.

(edited to clarify i'm not the only admin)

Hey! Miirc here! I really have to get my plant back up and running. Plant, RIP.

You've done a great job with the community. Thanks for all you do!

I signed up when this post was first posted, but haven't heard anything back yet. Is there a way to check your application status? (I used the same name as here)

I run tilde.fun. It's currently defunct but I'm migrating the site to a new server today.

We have an SSH signup form with no need for any personal details but an email address, written in Python, in the making (https://code.tilde.fun/tilde/ssh-reg) I'd really like to automate account creation and have someone look over it before I actually deploy it.

Write me an email (address in my profile) if you're interested in helping run/develop this or some MB of free HTML web hosting.

We are two admins and run a few other services (https://wiki.tilde.fun/tilde/start lists some of them). We want to take back the internet from megacorps into the hands of users. I have an empty server just waiting for some people with dank HTML skills!

> address in my profile

Note that the HN profile e-mail field is not public. That field is for password reset stuff or something.

If you want people to see your e-mail you will need to write what it is in the profile description.

Ah right, thanks. I'll edit my profile to include it in my bio.

I’ll help! I can do front end, backend and sysadmin work. I am willing to contribute funds to hosting too

alainr.richardt (at) (google mail service).com (I can’t see your email in your profile)

An interesting monologue about pseudonymity hidden here: http://tilde.town/~karlen/nowertb/anonymous.mp3

I've been listening to the other notes on there, and enjoying them. Where are the text posts that he's talking about though? All I see are these voice notes.

(not the narrator, but I was active when the narrator was creating these ...)

The rule for these audio clips was to do a search for any blog post on the internet which started with "No One Will Ever Read This, But ..." and where the blog had been abandoned for at least a year. If you listen to the audio and do some searching, sometimes you can find the post, if it's still up.

This is uniquely precious and I wish there was RSS to subscribe to new entries.

Sadly, the narrator of this set of audio readings has moved on from the project, to my knowledge.

That may be for the best, though. Some of the charm (in my own opinion) is that this little project was a gem to discover, a bit ephemeral, and special in its scarcity.

Hey, I'm a user here! I never expected a tilde site to get on Hacker News again; I thought the wave of interest in the tildeverse died out years ago.

I don't really use the HTML part of it; I only interact on the command-line forum and play with some of the games/sims.

If you'd like a guided tour of the tildeverse, there's one on The Dork Web: https://thedorkweb.substack.com/p/tales-from-the-dork-web-5

Also relevant community: https://tildes.net/~tildes

tildes.net is an independent, nonprofit reddit replacement.

Yup, but when I originally wrote the tildes piece it was shared there and people lamented that I didn't mention them, so I am now :)

I'm curious about the general way tilde sites are administered. How do they keep people from using them as hosts for cyberattacks or spam?

I can only speak for tilde.fun, but it's helpful to not have any users currently (^^) and disable outside communication apart from ~/html/ where our users can put static files into.

Most tilde sites don't have public mail servers and only federate mail between them and other tilde servers. See also https://tilde.team/.

Do you use a VPS on AWS or something like that, or an actual physical box?

It's currently a VPS rented from Strato.de, one of the biggest German hosting providers.

Since I'm paying out of my own pocket I currently don't want to afford a colocated server, even though I realise that'd be cooler and possibly more secure.

I'll try to have a detailed cost overview online somewhere soon-ish.

I admin a smaller pubnix/tilde, for me I tie down email, inbound connections, some strict resource limits per user, and keep a close eye on anything running. I'm sure if I start getting more users it'll become more time consuming but with a decent logging and sensible security practices you could probably negate the vast majority of bad actors.

I'm a volunteer admin for tilde.town and I also run trash.town

We mostly monitor resource usage, and built in a way to ban users from our django-based administration app. We have begun screening users more before allowing them to sign up, asking them things about what they want to use the town for.

So is this a BBS?

I find that amazing that the BBS acronym doesn't show up although it would seem an obvious comparison.

It's a bit like a BBS, yes, and that's what drew me to the concept initially (I'm an early member of tilde.town; still reasonably active).

We do have an internal bulletin board, and an internal IRC (like the chat rooms of multi-line BBSes of the late 80s/early 90s). There are a ton of little projects by members, and the projects are pretty varied.

I find it a fun place to hang out, personally.

Yeah. That was my first thought. Its a BBS. Weird that you sign up via the web though.

You'd want to look at Enigma https://github.com/NuSkooler/enigma-bbs

There are lot many good Tildes out there which forms Tildeverse : https://tildeverse.org

You could also take a look at:

* tilde.club

* tilde.team

* ctrl-c.club

* tilde.institute

* thunix.net

* remotes.club

* yourtilde.com

* envs.net

* squiggle.city

* aussies.space

* radiofreqs.space

* rw.rs

* tilde.pw

* dimension.sh

* breadpunk.club

* cosmic.voyage

* hackers.cool

* rawtext.club

* tilde.black

* tilde.pink

I'm sure many others do exist…

I'm not really sure I get the point... is there some kind of fuse mount that gives people the possibility to see live posts, user profiles, and other stuff? Are you directly logged into a game like shell when you connect? Or is this just plain old ssh to bash?

It's a community, like HN is, but accessed via ssh instead of http. So it's a community where the active participants necessarily can navigate a shell, irc client, tmux/screen, and maybe even prefer socializing in that environment vs. something like the web or mobile apps. Access is also a privilege which can be taken away. So everyone you interact with there is either new or cooperative and mature enough to not get banned from a shared resource with very few safeguards preventing abuse.

~town is by far the largest multiuser system I've logged into in the last decade, not that I've been looking. It kind of reminds me of the university UNIX systems I dialed into in the 90s, fingering users to read their plans, updating my .plan, running ytalk to chat with friends, email w/pine, and usenet w/tin.

I still don't get it... so, there's an IRC client you can access on a server, using ssh credentials to login and there's a public folder that gets served by a static web server ? How do people interact on that social network (sending messages, pictures, etc.) ?

> ~town is by far the largest multiuser system I've logged into in the last decade

You may wish to look at sdf.org then.

I'm aware of sdf.org, and I haven't logged into it in over a decade :)

I just discovered sdf.org through your post.

Can you please validate my account? because I can't send them 1 USD in the mail as I don't live in the US (and thus have no access to its currency).


What OS are they running? Strangely enough, it's not mentioned in the FAQ and I couldn't find it with a cursory look at their wiki.

Currently: Ubuntu 20.04.1 LTS (Focal Fossa)

You can find that info and more about all the member tildes of the tildeverse (including tilde.town) on the tildeverse website here: https://tildeverse.org/members/

I had this anti-climax moment a couple months back when my low-tech loving friends were fawning over Tildeverse.

For anyone who remembers the internet of the past 15 years, it's just public home dirs in server/~username. An old feature of web servers.

And then they link to each others home dirs on some directory site. We used to call this a web ring. ;)

Ah a public shell, fond memories. I used to have a nic-nac-project (now freeshell.de?) account some 15 years ago. It was my first exposure to Debian, which led me to order a free mail-in CD of Ubuntu Warty Warthog. These were different times.

Unfortunately public shells largely went the way of the dodo due to how cheaply you can get a VPS now (and not worry about resource quota, ulimits, local exploits or lack of root access...)

I learned a lot of basic Linux through the same shell provider back in the day!

My ~/public_html 25+ years ago :-)

It's shared computer/server. You got your SSH key and log in.

It has some social features inside - BBJ (command line driven forum), IRC chat, "timeline" command (think of local twitter on command line).

However main difference is that it's up to you how can you interact it others. You can setup some scripts/games for others, or just present yourself in your public_html folder. I have created gallery of those homepages and these are very diverse - https://tilde.town/~severak/gallery/ - so much good stuff hidden there.

For example - I have created cronjob, that builds youtube playlist out of songs added by !sotd command on IRC - https://tilde.town/~severak/town_radio.html (for technical description see https://tilde.town/~severak/sotds.html)

We have cli based games, an internal irc, federated mail, etc. It's a fun community.

I signed up for a shell account on a similar service, b.armory.com, in 2008. Since that time, the website is gone and activity is very low. It was a nice way to learn about Linux thanks to someone's generosity in sharing their server.

I'm always wary of using SSH services which aren't running on systems I control. If I'm not mistaken, an SSH service is able to see all of the pubkeys you have in your ~/.ssh/, so there goes your privacy.

I believe you could use SSH config files to restrict which keys that each host would be able to see.

Something along the lines of:

    Host a.example
      IdentityFile ~/.ssh/id_a
      IdentitiesOnly yes

But they were public keys, it's completely fine if the entire world sees them

Perhaps the parent commenter is worried of public keys being used as a tracking vector?

Then they should create one key per service and only use that one.

Which they've done from the sound of it, and are concerned about the ability to read those other public keys and use them as a tracking vector.

As another commenter already pointed out, the IdentitiesOnly config option removes that ability. The ssh-config man page explains this.

Out of curiosity, are there reasons that that behavior shouldn't be the default?

I can think of three reasons:

1. It would stop SSH agent forwarding from working if the remote has it enabled.

2. It would stop alternative SSH agent implementations from working.

3. It would only make sense if you actually have multiple identities.

I'm not sure it makes much sense unless you also override the default IdentifyFile.

Argh, IdentityFile.

I make the same damn mistake in my actual config file, too.

I recently discovered github publishes any of your registered ssh public keys at https://github.com/username.keys

pretty neat, i signed up. reminds me of the days hanging out on sdf.lonestar.org.

I was just thinking about that, but I could not remember "sdf". Thank you

There's also hashbang.sh, for those curious

I thought "Wow, cool - I gonna sign up".

And then I saw their sign up form. 10 fields is a bit too much.

Even such low barriers as a small form do wonders for the quality of people on the other side, you won't be missed. (if you genuinely can't be bothered)

Harsh but true, I remember telling my life story to sign up for text based message boards.

If that's the attitude on the other side, then I guess the feeling is mutual :).

From personal experience in running similar things, they aren't a good method of discerning quality of people.

I'm curious, what are the "good" methods for discerning/filtering quality of people? How are "good" and "bad" quality of people categorized? (binary? spectrum/distribution?) How can you estimate/measure the quality of the filter/method with precision?

I assume no filter is perfect and mistakenly filter out "good" quality people too, so if this method isn't good that suggest there's a metric and a more efficient method out there. In your personal experience what worked better?

> I'm curious, what are the "good" methods for discerning/filtering quality of people?

Observation is probably the best method. I rarely have found form options to be effective. A good chunk of 'good' people tend to get filtered out from my observation.

Generally the approach that has worked for me having a tier system. People who meet your criteria get greater access etc over time.

> How are "good" and "bad" quality of people categorized?

Generally, "good" is anyone that helps your community prosper. "Bad" are typically people who cause unwanted conflicts, create a toxic environment etc.

I've really liked metafilters $5 lifetime membership model. Seems to work

Bah, back in my day you had to send the sysadmin a postcard (https://en.wikipedia.org/wiki/Shareware#Postcardware) to get your account approved ;)

The picture database of all the postcards is still around [https://freeshell.de/postcards/] .

What's this 'postcard' thing you speak of? I've heard a rumor people used to have slices of dead trees lugged around the world. But the latency would be enormous!!

The trick is to glue in some microSD cards. Trades bandwidth for latency.

(Long time tilde.town member here)

This is a fair criticism. There is a bit of a barrier to entry here. I think pengaru is unnecessarily harsh in his response.

The server has a limited number of admins (really only a single main administrator with a handful of volunteer helpers), and the process of adding an account is mostly manual at the moment, I believe (with some helper scripts, of course). There are efforts underway to improve this.

In the end, though, this is just one person's fun little side project. We're along for the ride, and I would like the admin to keep enjoying his project so I can share in that joy. If they don't have the time to address signup process improvements, I figure that's OK ... we're not in this for money or fame or anything, right? It's just ... fun (IMO).

Creating a user is luckily very automated, but we have had to increase the amount of information we ask to hopefully screen out bad actors who just want a shell account and then run bitcoin miners (which has happened several times).

Can't you block bitcoin miners via limiting CPU time per user?

As soon as a user hits x amount of minutes CPU per minute, you kill all his programs.

Not nice but effective.

Tilde.fun has a somewhat working ssh signup with an admin interface: https://code.tilde.fun/tilde/ssh-reg

Maybe we can work together and create a lightweight admin framework.

It's probably better like this, don't worry.

There are dozens or hundreds of other hosts in the tildeverse that you could check out. I'm a member of ctrl-c.club, which has a much shorter sign-up form.

Send me an email and I get you an account on tilde.fun.

It's pretty defunct right now but I'd like to have some actual users ;)

No need for any personal info besides your email address.

Thanks, I just wanted to play around so there is no real need to do that but here it is tadas dot subonis eta gmail dot com :)

Why do you need an email address? Reddit & HN don't.

Probably to send the credentials. An alternative would be to ask tasubotadas to post their public key.

I don't but currently the ssh registration script is nonfunctional.

Once that's working again you'd just have to give a fake mail address, but you won't be notified if we created an account for you this way.

For good or bad, that scrolling title really reminded of the early 90's HTML galore <3

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact