1. 17

    Windows 2000.

    And no, I’m not really joking… maybe a little.

    1. 2

      It’s still the best for me. Great system when you were used to Win95, Win98, WinME before. Ran all the XP software and games but without the online activation hussle of XP when you changed or reinstalled the PC.

      1. 2

        Heh. I was going to say the same thing. I ran Windows 2000 from beta until EOL. It was NT 4 with DirectX.

        But, glad I don’t need to run Windows at all anymore.

      1. 1

        Heh. Did you get this from my phlog reference or is this a coincidence?

        Been eyeing building one of these for some time. I’m new to electronics, though, and don’t have a pile of components or know good sources for them. Building one of these from scratch seems overwhelming. Though it’s small and would be a good one to start with, I guess. I’d need a chip programmer, too, though.

        Someone distribute it in kit form. :)

        1. 2

          Here is the kit. Currently sold out, but more PCBs are on the way. You can join waitlist to get notified.

          1. 1

            Sweet! Thanks. Somehow I didn’t even think to look on Tindie.

        1. 1

          I’ve been looking forward to the first issue for a while. Happy to see the release.

          The list of articles looks great.

          1. 1

            Highly amusing to see Squirrelmail on the list of recommended clients, even though it hasn’t seen any action in the last 7 years. I remember poking at the code… let’s just say a very long time ago and wasn’t impressed with the code quality even back then. Who knows what vulnerabilities it’s riddled with at this point.

            One of the most sensible and lightweight web mail clients that I know of is RoundCube. It doesn’t have much in the way of fancy features, just keeps its UI out of the way and lets you get your shit done. (And is actively maintained.)

            1. 2

              Although no release since 2013, Squirrelmail does still have updates on the development branch and nightly builds, including CVE remediation.

              For example:

              https://sourceforge.net/p/squirrelmail/code/14829/

              1. 1

                In fact I sent the details about Squirrelmail, with question “should we even add this, last release in 2013”, and Drew answered “Hey, at least one webmail that does everything correct by default”. So, while it is old, it is the only webmail that does what this website propagates.

              1. 8

                One of the best things in CGI in that era was CGI.pm which lived in Perl’s standard distribution from 1997 to 2015. The docs alone are still pretty amazing. Combined with taint mode it could sometimes lead to rather safe programming practices. And yes it is funny how much aws lambda, etc feel like a rehash, but ideally in a good way.

                docs: https://metacpan.org/pod/release/LDS/CGI.pm-3.05/CGI.pm

                perl taint: https://docstore.mik.ua/orelly/linux/cgi/ch08_04.htm

                For truly learning about how simple CGI is I think writing an unsafe cgi handler in c is a good way as per this example: http://jkorpela.fi/forms/cgic.html

                1. 3

                  Combined with taint mode it could sometimes lead to rather safe programming practices.

                  Until programming turned into copy and paste from Stack Exchange and everyone “fixed” tainted input with =~ /.*/

                  1. 2

                    Before that, programming was copy and past from Matt’s Script Archives, so it’s not like things have gotten significantly worse.

                1. 1

                  This is a great talk. Anytime anyone mentions the AGC, I point them to this.

                  The other “Ultimate” talks are great, too.

                  Youtube playlist

                  1. 1

                    I try to not send people to youtube since the CCC wants people to use their site more, but I totally agree. Great talk series: https://media.ccc.de/search/?q=ultimate

                    1. 1

                      Yeah, I thought about that. Forgot you could search the CCC media site and figured people could at least see which Congress a talk was from to find it more easily. Thanks.

                  1. 2

                    I wasn’t able to live in Windows day to day without BBlean and Cygwin.

                    This was last needed ~8 years ago so I don’t know if there is anything that followed BBLean and I suppose WSL can replace cygwin.

                    1. 2

                      Will this conflict with trousers?

                      1. 6

                        A more pressing question is whether or not it’s been ported to systemd? Or does systemd come with its own /usr/lib/systemd/systemd-pants?

                        1. 11

                          That was recently depreciated in favor of systemd-socks, actually. systemd-socks is missing the feature that it covers the upper half of the legs that systemd-pants had (by design, devs claim it’s no longer necessary in 2019, completely ignoring that this makes it impossible to port to BSD because of their notion of clothesd(8); of course, GNOME depends on the new behavior already).

                          The “officially sanctioned” workaround for this is to spin up multiple instances to cover the area by spinning up multiple instances and gluing them together with configuration files in /etc/systemd/ if required.

                          1. 2

                            Of course, all this glue will over time need refreshing and maintenance as well.

                            GNOME now depends on this, too

                      1. 3

                        I’m on the fence with a lot of these.

                        I came to gopher recently so a lot of “abuses” were commonplace. And coming from the WWW it’s still refreshingly clean and simple.

                        But, obviously, gopher is leaving something to be desired and people are getting creative. Creativity within constraints is fun and amazing, but “wanting more” brought us to the current web.

                        I haven’t opined about it yet, but I definitely prefer to leave gopher alone and create a newer protocol like Gemini. Whether Gopher should be stricly adheared to or “massaged” within it’s boundaries to find what it’s capable of, I am undecided.

                        1. 3

                          I played Rogue for the first time just this year. I think I had tried the DOS version back in the day but didn’t take to it. I build a retro computer kit to run CP/M and started playing that version. Then tried Rogue and Hack on BSD. Different versions seem to have varying difficulty. On CP/M I can consistently get to level 12-15. On BSD, I don’t think I’ve made it past level 6.
                          I can’t believe it’s actually possible to beat the game. :D

                          My best day was when I wanted to rest for 10 turns and accidently bounced on the 0 key a couple times and slept for 1000. The entire room was wall to wall monsters. Needless to say, I did not make much further progress.

                          1. 1

                            I’ve had is 8-bit computer videos in my “to watch” list but haven’t gotten to them yet. This is the first of his videos I’ve seen. Very straight forward and understandable. Good stuff.

                            1. 5

                              Highly recommend those, where he builds a CPU from discrete logic; gave me a simple but solid understanding of how a CPU works at the ‘logic’ level e.g. what is microcode? how does stuff get moved around between registers, what’s the relationship between clock and microcode or assembly ‘instructions’, basic of how busses work at hardware level. Modern CPU’s I’m sure are very advanced / optimised, but I imagine the concepts hold.

                            1. 1

                              I want to do something similar. Run much of my digital entertainment off of solar. Just to step into some green technology as well as maybe create limits around tech time.

                              Really curious what my usage is like compared to how much electricity I could slurp up from the sun.

                              1. 10

                                This feels like it misses that a lot of this complexity of there because people like it, not just because of “fighting for attention”. Major things gopher lacks:

                                • Being able to include images, as illustrations or to discuss them

                                • Text that looks good on a wide range of devices. Hard word wraps assume a number of characters per line that don’t work for phones.

                                • Communications that can’t be observed or modified by anyone who happens to be on the network path between you and the server.

                                Only the last one is fundamentally complex, but these all provide real value.

                                1. 1

                                  Images can be transferred by gopher but not displayed inline. I don’t think this is necessarily a bad thing: usually, when I see an image on the web, I have not wanted to see it, & to the extent that I do want to see such images, I would find it completely acceptable to have performed another operation to download and display it.

                                  Hard word wraps, certainly, are bad style and should not be used (on gopher or elsewhere). Every text display system is capable of character-wrapping on lines (if not word-wrapping). This is not a problem with gopher, but a problem with the people who write documents for gopher.

                                  Crypto is useful if (1) a MITM has a reason to modify content, or (2) a MITM has a reason to intercept content. In the absence of stuff like authentication & authorization (stuff bolted onto the side of HTTP by NetScape), gopher documents are mostly static & gopher users are practically (if not reliably) anonymous – in other words, no secret information should ever be transmitted over the protocol, nor should information ever be tailored to individual users in any way. (After all, gopher is so stateless that it closes the socket after writing a response.) Despite some folks trying really hard to bolt crypto onto gopher, I hope they do not meet with success, because the inability to target users or perform commerce on gopher is what keeps it usable as a hypertext system.

                                  The complexity of the web is not because ‘people like it’ but because features were deemed useful for potential profit centers & added without thinking the consequences through. Any system built organically by beginners will eventually end up looking like the web.

                                  Anyway, I don’t think the primary thrust of this essay is promoting gopher. Instead, gopher is an example of how to get 90% of the desirable functionality with less than 1% of the code (and less than 1% of the undesirable stuff).

                                  My own (very strong) take: HTML (all of it) is a bug; HTTP (most of it) too; CSS is a collection of bugs intended to work around HTML’s limitations without actually fixing them, and ends up merely adding complexity. There is no utility in preserving a knot of technical debt this way. The features added largely should either not exist or should have been provided by already-existing facilities (that could not be used because of problems introduced by poor design).

                                  1. 2

                                    I want to focus on crypto, because that’s both the most complex feature we’re talking about and the one with the strongest case for it. Consider the case where gopher or something else similarly simple succeeds to the point where it’s an important protocol that a lot of information people care about is transmitted across. Sure, responses are not individually tailored, which means the information shouldn’t be secret, but there are at least two ways you still need crypto:

                                    • Without it other people can tell what you’re reading. You should be able to read things without your ISP/coffee shop/government knowing.

                                    • Without it other people can modify the content. This includes the range from public WiFi inserting ads into responses (simple text ads would still be commercially viable to inject if gopher/etc took off) to governments modifying news coverage or editorials to support their position.

                                    1. 1

                                      That’s true, but consider possible threat models. Why do people care what you’re reading? Why do people want to change the content?

                                      In the absence of commerce & personalization, vast third party commercial enterprises have no reason to do drag-net surveillance (they don’t care what you’re reading because they don’t know who you are) or to change data (they don’t know who you are or what you’ve been reading, so they have no reason to believe they can improve revenue by changing ads, nor does inserting ads make as much economic sense).

                                      In other words, your threat model is substantially less vague: you only need to care about secrecy if you personally know of specific organizations with a specific interest in specifically you, & you only need to care about anti-tamper if you specifically know a MITM has reason to change your stream (to feed you modified information for political reasons or something).

                                      If either of those things are true, it makes sense to use crypto for gopher. The appropriate way is probably to use ssh tunneling or tor, both of which already work & require no changes to the protocol.

                                      1. 3

                                        You’re forgetting authoritarian governments who have a vested interest in controlling the information their citizens consume.

                                        1. 1

                                          An authoritarian government is a known specific organization acting as a MITM with reason to change your stream. I intentionally specified the threat model to include that. Even so, authoritarian governments don’t want to intercept or modify all content – only certain types that are generally predictable.

                                        2. 2

                                          That’s true, but consider possible threat models. Why do people care what you’re reading? Why do people want to change the content?

                                          To inject advertising and make an extra few cents. There are already instances of ISPs doing this.

                                          1. 1

                                            People barely pay for targeted advertising (like, a couple cents for a few hundred click-throughs – not even impressions). What makes you think anybody will consider it viable to pay for advertising to be injected on a platform that supports neither tracking nor click-through metrics.

                                            1. 3

                                              People barely pay for targeted advertising (like, a couple cents for a few hundred click-throughs – not even impressions).

                                              This sounds way off. Quickly searching I see AdStage claiming “In Q1 2018, advertisers spent, on average, $2.80 per thousand impressions (CPM), and $0.75 per click (CPC). The average click-through rate (CTR) on the GDN was 0.35%.” Those are in-line with what I’d expect to see, and would be $75 for a hundred click-throughs, not $0.02. And this is for a mixture of personalized and unpersonalized ads, since it’s an average across the GDN.

                                              There’s also content-based targeting: inserting ads for credit cards into someone’s post on how to choose a credit card would be very profitable.

                                              What makes you think anybody will consider it viable to pay for advertising to be injected on a platform that supports neither tracking nor click-through metrics.

                                              Advertisers bought ads before the internet, and still buy ads in untracked media: billboards, tv spots, radio, etc. Personalized ads are worth more, sure, but not so much that only personalized ads are worth running.

                                              You also can still track clicks through URL decoration. This is like when you see an ad on the subway and it gives a url like www.example.com/subway.

                                              1. 1

                                                This sounds way off.

                                                Numbers are from my experience running ads on blogs & personal websites since 2006. I have made a total of nine dollars and change from those ads, eight dollars of which come from a 2-month period in 2006 during which things were computed differently. I’ve had thousands of impressions and hundreds of click-throughs. Maybe my blogs were exceptionally hard to target or attracted only low-paying advertisers, or maybe AdStage’s metrics are biased by a handful of folks spending thousands on SEO or click farms.

                                                Advertisers bought ads before the internet, and still buy ads in untracked media

                                                You also can still track clicks through URL decoration.

                                                Fair enough. I don’t think it’s a major risk, even in the case that gopher really takes off, on the grounds that the main lesson from adtech (and the falling price of personalized ads) is that even in the best-case scenario (micro-targeted ads with 100% tracking across sites), ads don’t work well enough to spend market rates on. That said, it’s not like people don’t regularly make terrible business decisions.

                                                Tracking through URL decorations is definitely a thing, but I only really see it used in an influencer context (where somebody has a strong parasocial relationship with, say, a podcast host & so is disposed to include the tracking info when retyping a URL). With third party ad injection, impressions are unintentional on the part of the user and click-throughs are accidental. It’s very different from someone you trust recommending things to you. Techniques to turn accidental click-throughs into impulse purchases are less effective when you can’t make purchases through the same protocol, as well.

                                                1. 1

                                                  Numbers are from my experience running ads on blogs & personal websites since 2006. I have made a total of nine dollars and change from those ads, eight dollars of which come from a 2-month period in 2006 during which things were computed differently. I’ve had thousands of impressions and hundreds of click-throughs.

                                                  Hundreds of click-throughs with thousands of impressions seems much higher than I’d expect; normally you see 0.1% to 1% as many clicks as impressions?

                                                  I’ve also had ads on my personal sites, going back to late 2010, though I had them turned off for a while 2015-2018. Checking AdSense, I see a CPM of $1.79, and a CPC of $0.54. These are also after AdSense’s 32% cut, which means advertisers are paying more like $0.80 CPCs.

                                                  (Disclosure: I work for Google, though I’m speaking only for myself)

                                              2. 1

                                                Because it would be so cheap to inject content into text as to make it worth it regardless of targeting or tracking. Look at spam email. Or how Google displayed ads in GMail based on text in the messages. That’s a level of targeting that might give it value.

                                                You’d have to be part of the connection chain like an ISP or WiFi provider, unlike email where anyone can send mail to anyone. But “free” WiFi could have the ability to do this and someone might think it worth doing. A lot of stores (or places otherwise selling something) provide WiFi and would have an incentive to advertise in any plain text protocol if the tools were available to them.

                                                1. 1

                                                  If you’re a large ISP & you have enough of a monopoly that you have no risk of losing customers by alienating them with injected ads, you have the potential to inject ads & perhaps the motive. (And, Comcast famously did this with targeted ads, replacing already-existing ads with their own.) But, that’s a lot more effort for less return than simply increasing your prices and lowering your quality of service.

                                                  If you’re using gopher and your ISP has started doing this, I would recommend using an encrypted tunnel. I do not think gopher ought to have out-of-the-box encryption. Gopher is nice because even a newbie programmer can implement a gopher server or a gopher client in a couple lines of code. Using a tunnel maintains that simplicity, while building encryption into the protocol means only crypto experts can write gopher implementations anymore.

                                                  1. 2

                                                    If you’re using gopher and your ISP has started doing this, I would recommend using an encrypted tunnel.

                                                    I agree. I think something like Tor is probably the best solution as it solves multiple problems such as protecting your IP, protecting your DNS queries, as well at protecting the data in transit. And as long as it’s not a hidden service only, it can be opted out of to maintain backwards compatibility or remain light weight if someone doesn’t want/need the security.

                                    1. 0

                                      Sadly, that is not an undesirable result. Bloated code does not just keep programmers employed, but managers and whole companies, internationally. Compact code would be an economic disaster. Because of its savings in team size, development time, storage requirements and maintainance cost.

                                      This

                                      1. 3

                                        It’s that sort of like the “broken window fallacy”? Yes, in today’s world if all the extra bloat suddenly disappeared, it could cause huge problems. But if that bloat never existed in the first place, all those resources would have been been free to use for more, better things.

                                      1. 20

                                        prog21 was a great blog, really too bad he stopped :(

                                        I recommend browsing around there, if you’re not familiar with it.

                                        1. 8

                                          slumming with basic programmers in particular is one of my favourite programming blog posts from anyone.

                                          1. 3

                                            Yeah it’s great. I ended up writing a script to package the whole blog into an shook for my kindle and read almost all the articles in one go. I’m not interested in writing forth but the authors level of pragmatism really spoke to me

                                            1. 5

                                              He writes about Python an J and other languages. From the impression left on me reading his blog in the past, it’s almost never about the language. He’s always making a larger point.

                                              1. 1

                                                Care to share? Book or script

                                            1. 9

                                              As an alternative to the Google search engine, I suggest Startpage. They use Google’s search as their backend, but send none of your data to Google. It’s super convenient, and provides much better results than DDG.

                                              As for email, I’ve been very happy with ProtonMail. Been a user since their early invite-only beta and have had a great experience so far. They take privacy very seriously and they’re open source too!

                                              I can’t say much about web analytics, I don’t use any and I frankly don’t care. I don’t see why it should matter, unless you’re building a product to turn a profit.

                                              Lastly, a question. What about mobile? I’ve found it nearly impossible to go Google-free on mobile. As an Android user, the entire ecosystem is so tied in to Google Play Store and Services that apps nowadays just refuse to work without Play Services. It’s absurd. I have tried solutions like Micro-G, but they’re hacky at best and tend to break every other day.

                                              1. 5

                                                I can’t say much about web analytics, I don’t use any and I frankly don’t care. I don’t see why it should matter, unless you’re building a product to turn a profit.

                                                Even if you are selling a product, I have never seen the need to do more than analyze server logs.

                                                As for email, I’ve been very happy with ProtonMail.

                                                I host my own e-mail. I have been running my own mail server since around 1998. It used to be easy but it is getting harder and harder, purely because of spam. Frankly, it is now such a pain that I would love to out-source it but it is prohibitively expensive to do so. I have multiple mailboxes - at least one for each member of my family, and a few friends too - spread across multiple domains, which is ridiculously expensive at $5/month each. All of them are currently hosted by a single VPS at $5/month for the lot.

                                                1. 6

                                                  I’ve given a shot at hosting my own mail server as well, and honestly, it isn’t worth the effort. For similar reasons as yours, the spam and too much sysadmin work for me to bother with. But yeah, outsourcing at your scale is probably not going to be cheap. What’s your setup like, are you running something like Mail-in-a-Box? Or Dovecot with Postfix?

                                                  I have been running my own mail server since around 1998

                                                  Your server is a year older than I am. :)

                                                  1. 3

                                                    What’s your setup like …?

                                                    I use OpenSMTPd and Dovecot. Both are excellent. Neither cause any sysadmin work beyond the initial setup.

                                                    I have used all sorts of things for spam filtering. Greylisting with OpenBSD’s spamd was very effective - i.e. blocked a lot of spam - but resulted in too many false positives and unacceptable delays. Whitelisting using SPF records helps a bit but only after the fact (and constantly updating it is a pain).

                                                    Some spam still gets through so I need SpamAssassin as well anyway. SA is pretty good but its spamd (not to be confused with the other spamd) fell over a few times for me. This led to mail outages.

                                                    I’ve looked at dspam and rspamd but neither appeared to offer anything more than SpamAssassin for my use case. Since I have a small number of users, Bayesian filtering has never been very effective. I found the distributed checksum services - razor, pyzor and DCC - much more useful and SA supports them all.

                                                  2. 3

                                                    which is ridiculously expensive at $5/month each

                                                    I haven’t started paying (yet) but I believe Zoho are $1/user/mth, which seems quite reasonable.

                                                    1. 1

                                                      That’s a good price. I wonder how good they are at spam filtering?

                                                      1. 2

                                                        Not quite as good as gmail - mostly they’re a bit over-eager. It has gotten better with time as I’ve marked things as ‘not spam’. It’s maybe one or two false positives a month now (after 6 months or so of use).

                                                        I forgot to mention earlier that they have a free plan, which works perfectly well so long as you’re happy to use their apps (it doesn’t support POP/IMAP). They do let you use your own domain but the functionality is somewhat limited (no catch-all, only one domain etc). I could happily get along on the free plan, but am going to start paying anyway.

                                                        1. 2

                                                          IMAP is a hard requirement for me. But their pricing is very good anyway so that’s not a problem. Their spam filtering sounds OK but not great. I might give them a try sometime - thanks for mentioning them.

                                                    2. 1

                                                      They take privacy very seriously and they’re open source too!

                                                      They are not open source. I would still be skeptical even if they are open source

                                                    3. 4

                                                      I must say I’ve had the opposite experience on Android. I’ve been using Lineage with no GAPPS for 18 months now and it’s been fine.

                                                      The only micro-g element I use is unifiednlp for location, so I can get a good GPS signal. Not had any trouble with that since installing it.

                                                      For me, apps that don’t work aren’t worth my time. 99% of what I use is from F-Droid, the rest is Whatsapp (which works fine on its own) and the occasional game from the Humble Bundle app.

                                                      1. 4

                                                        I’ve been without Google Play on my phone for about the same time.

                                                        Started with CopperheadOS until that blew up then switched to Rattlesnake stack to build AOSP. It uses terraform to deploy a build environment to AWS for you. Don’t much like relying on AWS, either, but I used to build Copperhead myself and really struggled to find enough space for it. AOSP is a huge mess. I think it took a week to do the initial checkout and would take me 3 days to build it. AWS can build it in a few hours and costs me less than $1.50 a month.

                                                        I haven’t needed Google Play or even mico-g. F-Droid has a replacement for every app I had on stock Android.

                                                        1. 1

                                                          Now I feel like a noob flashing lineage zips lol

                                                      2. 3

                                                        I used to use startpage, and found it to be incredibly slow to respond to my search requests. I stuck with it, because I liked it. My main impetus for switching was that Google returned shorter summaries in Firefox than in Chrome – probably something to do with my choice in font sizes, and startpage didn’t have that problem. Plus at the time I felt it gave better search results than DDG.

                                                        I’ve since switched to DDG – DDG results for me in the last 6 months have been better than what I typically get on startpage. On my phone I feel DDG gives better results than Google, too (on Google I get lots and lots of the same results on every page, and Google can’t seem to decide whether to give me 10 results per page or infinite scroll – it’s different every time). But IMO the main advantage of DDG over startpage is that it’s already available as an optional search engine on most devices, without having to install or configure anything extra.

                                                        I still occasionally fall back to startpage with !s, but I admit I’m guilty of relying too much on !g when I don’t find what I want.

                                                        1. 1

                                                          Same here pretty much. I just switched back to DDG because startpage was ‘too busy’ or ‘unavailable’ one too many times.

                                                        2. 1

                                                          What about mobile?

                                                          Is iOS off the table?

                                                          1. 1

                                                            Yeah, gopher encryption is a hot topic in the gopher space, so you’re not the only one. Rain, solderpunk, & I have been arguing about it for a while…

                                                            1. 1

                                                              I remember this. I’ve actually got a gopher+TLS listening on 7443 but no one talks to it currently, primarily for the reasons of service discovery you mention, I would imagine.

                                                              I think gopher is a good fit for retrocomputing and those would be the systems least likely to use TLS. Maybe the solution is something new that still keeps the menus and all that, as you suggest.

                                                              1. 1

                                                                I’m also not aware of any gopher clients that talk TLS—I know mine doesn’t [1]. What’s the host? I’d be interested in trying it out.

                                                                [1] But it could be easily added, as the Lua framework I’m using supports TLS.

                                                                1. 3

                                                                  I’m also not aware of any gopher clients that talk TLS

                                                                  VF-1

                                                                  Clic

                                                                  1. 1

                                                                    The very host proxying this post. :)

                                                                    I have a very rudimentary proof of concept browser that essentially keeps a history, tries 7443 first, and then 70, and remembers for future connections. I’m not sure this is the right approach but I can’t think of a better one right now.

                                                                    1. 1

                                                                      What host is proxying your post?

                                                                      1. 1

                                                                        I was trying to be cute but I think I failed. I mean the host proxying what rain1 wrote, i.e., Floodgap.

                                                                        1. 1

                                                                          Ah. I tried it out and yes, it worked. But it was a temporary hack to my gopher client, and I’m not sure how I would go about supporting this.

                                                              1. 1

                                                                TLS with Gopher is probably the only way that you can host multiple gopher sites per IP address.

                                                                1. 3

                                                                  Or virtual hosts based on hostname. Or different ports. Encryption is not required for that.

                                                                  1. 2

                                                                    Gopher doesn’t have the concept of vhosts. If the client supports SNI, the server can use that to approximate vhosts.

                                                                    1. 3

                                                                      Gopher doesn’t have TLS, either. If we’re going to add something, we could add anything.

                                                                    2. 1

                                                                      I’m going under the assumption that nobody is going to care enough to make their clients or URIs use alternate ports. People have a hard enough time remembering names of things.

                                                                      1. 1

                                                                        Maybe for gateways. Maps supply port numbers, so once the user is navigating they don’t need to worry.

                                                                        What’s the point of having multiple sites on the same host? Overloading the meaning of the same identifier string?

                                                                        1. 1

                                                                          Mostly so there’s a logical separation between my personal website and other things like When Then Zen and my Go Remote Import/Vanity Import server.

                                                                          1. 2

                                                                            Fair enough.

                                                                            I think that, to the extent that there’s an idiomatic gopher way to handle this, it’s the same as pre-vhost HTTP: i.e., pretend there’s a directory hierarchy (whether or not there really is – gopher actually just exposes a string-keyed hash table of strings, but gopher servers generally default to wrapping an actual filesystem like HTTP servers do) & have different sections as subdirectories (or as string prefixes, if you aren’t exposing an actual filesystem).

                                                                            Port numbers solve the problem, but not well because they aren’t meaningful.

                                                                            Of course, you could always have different IPs associated with different subdomains & route the requests to different tables (i.e., roll your own pseudo-vhost)…

                                                                    3. 3

                                                                      I’m imagining an alternative history in which Gopher beat out HTTP, so the lack of a Host header caused them to rush out full IPv6 deployment decades ahead of us. SNI never needed to be invented in that universe.

                                                                      It’s not all good though, the hypothetical gophers with the 128 bit addresses never invented the Hampster Dance.

                                                                    1. 6

                                                                      I have a theory that the real reason this stuff doesn’t take off is because it’s so hard for the average person to run their own instance. In a way it’s not a protocol problem. It’s because the missing killer feature is one click install and run. The missing piece might be making it easy to operate an instance.

                                                                      Centralization happens because a company solves the operating problem.

                                                                      1. 6

                                                                        I think that problem is mostly mitigated (depending on the platform). With Secure Scuttlebutt, for example, the client is the instance. There is no extra work for a user, though that has it’s tradeoffs. Mastodon, or ActivityPub, has enough instances that individuals don’t need to run their own to get on the platform.

                                                                        I think the biggest hurdle is simply inertia. People don’t care enough that a platform is centralized. And once they’ve established themselves on one, it’s very hard to move. It’s like asking someone to drop everything and move to a new country. The language is different, the environment is different, everyone they know is “back home”, and there is no shared interface to continue communicating with those that didn’t follow you to the new place. You’ll need some additional common platform if you don’t stay on the old one.

                                                                        1. 4

                                                                          I found Scuttlebutt to have a very high barrier to entry because as you say the client IS the user identity and I’m on 3 different machines in every day not counting mobile so that model REALLY doesn’t work for me.

                                                                          See above for my thoughts on Mastodon’s problems.

                                                                          1. 1

                                                                            SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                            The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                            1. 1

                                                                              SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                              The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                              1. 3

                                                                                SSB is such a cool concept but I suspect that incredibly machine focused aspect of its nature will keep it from ever being adopted very broadly.

                                                                                We live in a world where many of us work on several machines through the day and several more mobile devices, and we expect our social identity to follow us, not be pinned to one particular device.

                                                                            2. 2

                                                                              I think you’re on the right track here.

                                                                              If folks don’t have a very strong reason to leave a platform, Metcalfe’s law means that platform’s monopoly will only grow & its leverage will become only more powerful. It’s not just inertia, but gravity: these platforms gain power through everybody they bring in, and they gain power based on how long they’ve been there.

                                                                              SSB aside (since it’s fairly unconventional in other ways), if Pleroma did the SSB thing and made a straightforward all-in-one turnkey client-and-server install, it wouldn’t move most of twitter or facebook to the fediverse: neither connections nor history would be preserved (and facebook & twitter have an interest in making sure moving your entire history to another service is hard, even if they might be forced to make it possible for legal or PR reasons). If, say, a fediverse instance offered to grab your whole twitter history (which is technically possible but would take a while because of API limits & would probably confuse a lot of other users), it would probably get a lot of pushback (the way that LinkedIn does on the grounds of mining & importing your entire address book by default), even though this would be basically the only way to make a lot of twitter users OK with leaving twitter & moving to the fediverse. (Maybe folks who juggle ten social media accounts are rare.)

                                                                              OP has an interesting idea with displaying an alternate feed alongside twitter (and plugins like this exist – I’ve had my facebook trends replaced with reddit for years, as a side effect of an extension intended to do something unrelated), but installing browser extensions is something a lot of users are circumspect about these days. It’s unclear why we should believe people would be more willing to install a weird extension they have never heard of than sign up for a new social network.

                                                                              1. 1

                                                                                That’s why the demise of federated chat systems was so sad…

                                                                                1. 1

                                                                                  Are they actually dead? Would Matrix count?

                                                                                  1. 2

                                                                                    I’m unfortunately not that familiar with Matrix. From its FAQ it does seem to be the solution.

                                                                                    I was thinking about XMPP. For a while there, with Google’s buy-in, it looked as if chatting to someone would be as easy as sending email. It’s possible XMPP couldn’t be extended to handle voice and video though.

                                                                                    1. 1

                                                                                      You should check it out. I think it has much of the promise of Jabber, but has already gained much more traction than Jabber ever did outside of Google, sadly.

                                                                                      It’s not clear to me that it’s good for point to point person to person chat without the concept of groups/rooms like XMPP is though.

                                                                              2. 3

                                                                                I think this is spot on. Mastodon is amazing, but there’s currently this kind of awkward model where setting up an instance is easy-ish if you have UNIX chops but there are a LOT of moving parts and it’s very easy for something to go hayware and cause your instance to fall on its face.

                                                                                One particular pain point this awkwardness manifests as is the fact that the instance owner controls the horizontal and the vertical. If your friend Betty pisses off instance admin Bob, Betty’s toast and neither you nor Bob have any say in the matter - this is fine since it’s effectively Bob’s house, but it’s a house with MANY people living there who may not know Bob.

                                                                                So yeah, the clear solution is to have everyone be able to run their own instance, but that brings up problems of its own. We need MUCH easier / more accessible ways for people to have little blobs of compute they can “own” for various purposes.

                                                                                Digital Ocean goes some way towards this, but we have a long way to go.

                                                                                1. 2

                                                                                  Email improved on this a zillion years ago. Regular users can buy a domain, then pay a host (and can always port to another host if they like).

                                                                                  I’m capable of (but not interested in) running a node. I want to forward my records to a host.

                                                                                  I’ve raised issues for this on mastodon and plemora; the former consider it low-priority, the latter don’t want to support it at all.

                                                                                  1. 1

                                                                                    Yes I agree Mastodon has some work to do in this regard. You can export your toot follower list to a CSV file, but actually using that to get your followers back on a new node can be tricky.

                                                                                    Much cleaner would be a way to simply say ’export my identity” and have all the data get saved locally as one stop shopping.

                                                                                    I suspect part of the problem here may be the exceedingly high complexity of Mastodon’s underpinnings, it’s a Postgresql / RoR application under there, and the schema seems complicated to my untrained eye.

                                                                                2. 2

                                                                                  Centralization also enables easy discovery. For example, it’s not possible to get a comprehensive list of all mastodon instances on the internet. If I say that @whjms I’m on Mastodon, the next question for people is ‘which instance?’. Versus where I can say I’m @whjms on Twitter and everyone knows how to find me.

                                                                                  1. 4

                                                                                    That’s part of the “new language” people would need to learn. “On Twitter” means something specific that we all happen to know. No one says, “Email me at trondd”. We all know the language that emails have to have a domain attached. Same for Mastodon and I don’t see why people couldn’t learn that language like they did for email.

                                                                                    …Unless they don’t want to.

                                                                                    I agree with the discovery benefits of a central service, thought. If I search Mastodon for @user and get 50 results, who is the person I was looking for? Although, I find Facebook with real names to have the same problem anyway.

                                                                                1. 3

                                                                                  Thanks for sharing your learnings! This couldn’t have come at a better time, since I’m considering learning Rust by implementing a TUI as well. Don’t ask me for what, I’m embarassed to say, but maybe I’ll share it as well once it reaches a satisfactory state.

                                                                                  1. 4

                                                                                    This morning it crossed my mind that I would like a gmail TUI client.

                                                                                    1. 4

                                                                                      Lynx used to work before they killed noscript support. :(

                                                                                      But some other terminal browser may work. browsh comes to mind, although I personally think it’s pretty heavyweight.

                                                                                      1. 1

                                                                                        It appears you can still browse gmail without js. I have to use gmail at work, and after disabling js, I can load a 2005-era gmail webpage.

                                                                                        “You are currently viewing [Company] Mail in basic HTML. Switch to standard view | Set basic HTML as default view”

                                                                                        1. 3

                                                                                          Per blog post, they disabled javascript free logins. So you’d have to login with one browser and somehow copy the cookies into lynx and hope it works.

                                                                                          https://security.googleblog.com/2018/10/announcing-some-security-treats-to.html

                                                                                          1. 1

                                                                                            Hmm…It’s still been working for me. I’ve been using the HTML GMail interface through www/links+ (links2 to the linux folk) for a long time. And I can log in with 2FA just fine.

                                                                                      2. 2

                                                                                        Oh I fully agree. I can’t be bothered to configure mutt and the other 5 tools you need. Also likely I’d be happy with just the basics but in TUI form.

                                                                                        (My project is not about that)

                                                                                        1. 1

                                                                                          Well, depending on your editor preference, there’s a vim plugin, or you can use emacs’ included email client.

                                                                                          Alternately, there was a project several years back called sup that aimed to put a gmail-like interface in the terminal, for any mail server. Sup is written in ruby.

                                                                                          1. 5

                                                                                            I’m writing a TUI MUA in rust, I haven’t released it yet because it seems my free time is not that much. I have some earlier screenshots in its mockup site: https://meli.delivery

                                                                                            1. 2

                                                                                              That does look really promising!

                                                                                            2. 1

                                                                                              sup is indeed really good. I can’t remember why exactly I stopped using it.

                                                                                              EDIT: now I remember: sup is no longer supported (for instance https://github.com/sup-heliotrope/sup/issues/546). There are instructions around to get it to work on an older ruby version (https://wiki.archlinux.org/index.php/sup#Configuration) but sup-config still crashes. Plus it needs offlineimap + mailfilter + msmtpd … that’s a bit too much for my taste

                                                                                              1. 1

                                                                                                it’s a turnoff, I want to edit a config with credentials and be done with it.

                                                                                                1. 1

                                                                                                  Absolutely. If you find that or write that, let me know, I want to try it out.

                                                                                              2. 1

                                                                                                interesting.