Hacker News new | past | comments | ask | show | jobs | submit | TimeBearingDown's comments login

Between this and vaxry’s ouster from freedesktop because his project’s Discord allowed crude and tasteless speech years ago, I’m wondering how many more projects will fracture or make some of their discussion channels private. I believe Free Software will survive social media, but it’s deeply troubling how quickly people insist that they can’t possibly work with someone who has differing politics or worldview in general, or how many actually go and seek out a hill to die on for their tribe. It seems the best policy It reminds me of the old Emo Phillips joke about the Northern Conservative Baptist Great Lakes Region Council. You’ll find a reason to spurn anyone if you look closely enough, and it seems to fill a religion-shaped hole for some culture warriors. https://youtu.be/l3fAcxcxoZ8

This sketch is a gem, I liked it! It is absolutely correct - people can and will divide if this is their goal. Sadly this mass social disintegration on all levels affects negatively various free software products. I don't even hold any extreme political beliefs (I think) but nevertheless I avoid discussing any politics in any professional environment because it's just not the place for these types of discussions and it usually doesn't lead to anything constructive or positive. I never cared what my peers' political/religious beliefs were and through the years never had problems with any of them. It was a simple life - as long as all of us did our job the final products were of decent quality.

Perhaps some kind of a policy which would treat politics as off-topic and would discourage discussing it would be beneficial to such projects in the long run.


My understanding is this was the official Discord for years until they distanced themselves from it last year. However, I don’t think there’s an official one, or at least not one that anybody uses.

The community manager blocking everyone on GitHub and X for quoting their founder’s words about not lumping people into groups or staying out of politik is not the same person as the Discord mod “xananax” who was dropping slurs in 2016.

Edit: 0x_rs summarizes events better than me: https://news.ycombinator.com/item?id=41701768


Had me until the end. I haven’t seen the friction? Let’s Encrypt and web 1.0 still work and domains are cheap. OpenBSD’s httpd is great for this job. You’ll exclude less people if you don’t require any features. You can still give your site out on big platforms or use a QR code. Users of open social networks can directly transfer value now, with KYC at the on and off-ramps. Telegram was closest to implementing it into a very large and permissive network with open clients, albeit centralized and closed servers, though we’ll see how Durov’s French situation develops now.


Try sending a link at your obscure dot com domain to a large group chat. Now try hosting the same material on a well known corporation's website. I'm certain that a lot more people are going to be visiting the corporate hosted URL. Why? Perceived security. People are terrified of personal websites because of the reasoning I gave above. Automatic powerful javascript execution has killed casual web surfing. Now opening a website URL is like running an application rather than reading a document.

As for the friction on the hosting side, the problem mostly has to due with keeping websites up, not setting them up. The short lifespan and fragility of the required CA TLS means any HTTPS only (because JS auto-exec) site will only survive for a few years without active human mantainence. Weather the acme(2) tool breaks, an LE root cert expires (like what happened this summer), acme version depreceates, host OS openssl version doesn't have cross support for required modern cyphers, or something in the 90 day cert lease cycle just breaks because it's so complex with so many things moving. CA TLS sites die. HTTP sites can last forever without being touched. HTTP+HTTPS should be the way, but with the security required for an auto-executing JS browser no one wants to risk HTTP. I've literally had people balk at loading a http://example.com/image.jpg because it was HTTP. The fear is not rationally evaluated on a case by case basis, it's just all security all the time no matter what habit now.


> Let’s Encrypt and web 1.0 still work and domains are cheap.

First the newest version of the protocol stops supporting something. Then, over time, most things switch to the new version, and the old version becomes unsupported.

It's a notable change when the new version doesn't support something that the old one does, because that thing is probably going away.

Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

> You can still give your site out on big platforms or use a QR code.

The big platforms don't like to encourage their competitors. Links to off-site content are not likely to be promoted by algorithms.

QR codes imply that you already have access to a large existing network of people in meatspace, which has never been true for most people.

> Users of open social networks can directly transfer value now, with KYC at the on and off-ramps.

How does that work? The internet is global but anyone without a first world bank account is stuffed. Even when everyone is in the US they can't send even trivial amounts of money to each other without an incompetent/predatory corporation acting as an intermediary.

Meanwhile the theory also doesn't work, because "KYC at the on and off-ramps" is pretty meaningless for any system popular enough for its internal credits to be a de facto currency. But KYC has never really worked anyway. It has, however, caused a lot of trouble for innocent people who just want to be able to transfer small amounts of money for ordinary purchases without being subject to warrantless mass surveillance and the caprice of infuriating bureaucracies.

These are real problems that deserve to be solved rather than dismissed.


> Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

Were you ever going to send a link to a bare IP address to your mom?

You can get a free subdomain and programs will automate the certificates as they serve off your desktop. The hardest part of self-hosting is often doing the port forwarding.


> Were you ever going to send a link to a bare IP address to your mom?

When you're in the same house and it's the local IP of your machine? Sure. You could also use the local machine name via mDNS, often with no additional configuration.


If it's in the same house you can turn off the warnings. Though wait, aren't the warnings already disabled for local IPs?


That's assuming you can (and know how to) turn off the warnings.

And many browsers do warn for self-signed certificates even on local IPs. They may not warn for unencrypted connections -- which is a weird choice given that TLS with a self-signed certificate is still more secure (e.g. against passive eavesdroppers) than unencrypted HTTP -- but HTTP/3 doesn't support unencrypted connections or self-signed certificates.


My argument is just that you can still screw around easily. I'm not worried about HTTP/1 going away soon.


Sometimes it's worth considering what the long-term implications of something are.

HTTP/3 is likely to become widely adopted over time, if for no other reason than that people install software updates and it becomes the default once popular browsers and web servers add support. People may even like the new features.

Then we get some new security vulnerabilities that get fixed in HTTP/3 but not older versions, and by then only a minority of sites use the older versions, so they get a warning. That spurs most of the holdouts to switch to the new version because they can't have scary browser warnings driving users away from their site. Which in turn allows the older versions to be fully deprecated and ultimately removed. And that's more likely here because the code for handling TCP and UDP are quite different and people aren't going to want to maintain the former if hardly anybody is using it.

It'll be years before that happens, but if a problem is foreseeable then maybe we should demand a solution contemporaneously with the creation of the problem instead of foisting it on the kids.


The current trend as far as I can tell is that it's easier than it used to be to host a web server. So that also has long term implications.

It's really tricky to predict exactly what web servers will do, but I don't see any reason to think it well ever be hard to set one up. You're fixating on a very specific warning and the way you're extrapolating into the future assumes that half the software changes but the other half doesn't. It just doesn't work well to predict things. And we already have solutions, they're just used less because HTTP/1 is so easy.

Another thing to consider is that the number of household devices that need access is growing rapidly. We're not going to break them all.


Great answer. Denuvo and other heavy anti-piracy tools are also sometimes used for releases on PCs which can seriously impact performance.


BusKill was created for this, USB with a magnetic attachment to a keyring that can be configured to take action on disconnect.


Modern information access seems to have led to the sinking ship feeling, across many of the most prosperous countries, and so effectively that world wars, deadlier pandemics, and thermonuclear brinkmanship can scarcely compare.


Yep. Could be a big hit to GrapheneOS users. I wonder how Aurora Store will manage.


Likely through the use of the free market.

Privacy conscious folks will just... not use those apps. With any luck app devs will notice that apps with this flag get installed less and stop setting it.


Scare quotes on people? I know I’m a bit sensitive to dehumanization, but really?


You don’t think they have built that public image themselves?


If we are to dehumanize career criminals, there are countless thugs, gangs, despots, governments, and militaries with far fewer scruples and a far worse legacy than the Hell’s Angels.

but the point is, dehumanization is anathema to civilized society.


Sorry, it’s more flair than anything. I don’t think they specifically are realistically at risk of that, but I get it re: crime as a whole


Cool - no worries. Pardon if that sounded like an accusation.


Don’t forget a physical handle to pull open the door.

I’d take a steam sensor as well.

Thanks to Technology Connections, great channel. Convinced me to read all the fine print until I found a Breville that had it. https://youtu.be/UiS27feX8o0


The iPad 12.9” with double-stacked OLEDs is very good, but not as bright as miniLED. 1000 bits typical and 1600 in high brightness mode, says Apple. Of course that mode won’t last super long in the heat, on battery. I’m not sure what good portable bright miniLEDs exist.

Cheap E Ink readers are such a natural fit for sun and sand.

And yep - iPhone 15 and up have 1000 nits typical, 2000 in high brightness mode. Keep in mind it’s a logarithmic scale.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: