1. 3

    In retrospect it’s kind of amazing how quickly we moved from an Internet with no “like” counts (the golden age of blogging) to an Internet where it’s very difficult to find any community where “like” counts or upvotes are not a core part of the system. Even indie sites like Lobste.rs or Metafilter that eschew a lot of the apparatus of the modern Internet incorporate this very quantitative approach to community and social interaction.

    1. 2

      Yes. The quieter, less-evaluative Internet was hijacked by one of addictive narcissism.

      1. 2

        After writing my earlier comment I realized that there is one type of online community I participate in that is completely free of likes/voting/ranking/quantitative anything: mailing lists.

        It’s probably not a coincidence that I love mailing lists, while people whose Internet experience started even a few years later than mine did seem to really, really hate them. I wonder if there is a real generational (or internet-generational) divide here, or if I’m just an outlier.

        1. 2

          It’s probably not a coincidence that I love mailing lists, while people whose Internet experience started even a few years later than mine did seem to really, really hate them. I wonder if there is a real generational (or internet- generational) divide here, or if I’m just an outlier.

          As a guy who first acquired an ISP in 1993, I can honestly say that I generally dislike mailing lists (like most people, I guess). I always think of them as a poor-man’s usenet, I would much rather just hop on tin(1) and read the latest posts in my subscribed groups.

          Having said that, I am a member of some mailing lists that I genuinely enjoy. Though they are the exception, not the rule…

        2. 1

          It would be interesting to see an implementation of an upvote button that didn’t display the count to the users. You still get the “community” aspect of it, without the narcissistic side.

          1. 1

            HN does this.

            1. 2

              Right! For the comments. They still show the points for each story, which I think makes sense (or does it…?)

          2. 1

            Back then we had guestbooks and hit counters to provide the tingle of popularity that is oh so addictive.

            I remember when I first added commenting to my blog and getting ten or so meaningfull comments within the first week of publishing a new post was a thrill to see; those were different to likes though, because they were actual meaningful interactions that often spawned discussion.

          1. 2

            I think that’s a reasonable rational and I wonder if DoH is going to end up being OS supported at some point.

            1. 4

              Absolutely not! Why the hell would you want to centralise something that was decentralised since before Al Gore invented the internet?

              1. 5

                What? How would providing a DoH at an OS level centralize anything more than providing dns over tcp?

                Edit: It occurs to me that perhaps you thought I meant dns over https (DoH) as is implemented by firefox, ie with cloudflare being the defacto resolver. What I meant was that I wonder if DoH might come to be provided as a an alternative to or super set of normal OS DNS support with some sort of resolver discovery.

                1. 2

                  Maybe cnst is talking about CAs.

                  1. 1

                    DoH/DoT don’t inherently require CAs. The OS could offer an interface like “set IP address and expected certificate in resolv.conf”, for example. (but, IMO, concerns about CAs are silly. Everything in userspace WILL use CAs, why would an OS take a hard stance against CAs?)

              2. 2

                I’m still not convinced that we need DoH in the OS. What does DoH gives us that DoT doesn’t?

                1. -1

                  What does DoH gives us that DoT doesn’t?

                  Transport encryption.

                  1. 3

                    What does the T in dot stand for?

                    1. 1

                      TCP

                      1. 6

                        No, it’s TLS.

                        1. 1

                          Is it? My bad.

                            1. 2

                              Conventional DNS is a UDP protocol ;)

                              1. 5

                                Primarily UDP, but TCP if the response it too large and EDNS is not supported; also for zone transfers.

                1. 7

                  The important thing is to show the player the AI. There’s no point having sophisticated AI that the player doesn’t notice.

                  This is so true. And there’s also an opposite effect: players may interpret random events and coincidences as AI being clever or mean.

                  1. 4

                    This even applies to tabletop games! Players have a habit of seeing patterns and intricate plots despite the fact that the DM just picked a random NPC or character trait from a table.

                    1. 2

                      The thesis of this is something like dwarf fortress, where the “psychology” is somewhat visible to you. It has a rich system and you can see it.

                    1. 2

                      How can this be spam when I’m not the author of this story?

                      1. 20

                        It reads like a marketing brag piece, and the product is apparently in “private alpha” so nobody here can test its claims.

                        1. 5

                          Spam is the closest thing to “this is a bad article”.

                          Alternatives:

                          • Off-topic -> clearly about IT/Technology/Sciences
                          • Already Posted -> not already posted (the link would appear at the bottom)
                          • Broken Link -> link works just fine

                          So, we are left with “Spam”: a catch all, which includes “Rubbish” but also “Marketing”, “Low Effort”, “Just Absolute Bollocks” and more.

                          1. 5

                            Spam is the closest thing to “this is a bad article”.

                            IMO off-topic is better used for this, e.g. when someone posts something that would fit in better on HN, even if it’s tech-related, it can be off topic for this site.

                            1. 0

                              Now this is interesting. You felt the need to “downvote” this story because you don’t like it, and you chose the only flag which could possibly be interpreted as “bad content”, under the assumption that on-topic “bad content” is something that you should be able to flag. I feel like you’re abusing the flag in doing so, but I also imagine that this form of abuse is quite common. In any case, it’s quite “low effort” on your part.

                              I suggest we would all be better served if you would instead articulate what you dislike about the story.

                              1. 2

                                Oi dude, don’t assume things out in the wild and then feel like you should be the one preaching the solution.

                                I just replied to OP’s comment, nothing else.

                            2. 5

                              I’m used to languages and development/orchestration tools being open source or at least something you can download an play with. Since I can’t do that, then or all practical purposes, as far as I’m concerned this Dark thing does not actually exist. And since it doesn’t exist, then reading about all of its impressive (and likely inflated) claims was a huge waste of my time.

                              (I didn’t flag, downvote, or upvote the story, however.)

                              1. 1

                                Commenting on a story acts like upvoting it, so you should probably flag it (that’s what I’m doing right now to cancel out my comment).

                            1. 9

                              I do most stuff in the terminal. File management, email, IM, music, word processing (plaintext vim for simple notes, vim with latex for nice stuff).

                              We’re probably all on the same page here so I’m curious as to what people don’t do.

                              • I can’t live with terminal web browsing. It sucks.
                              • I failed at RSS. Newsboat is great but too many feeds stops it in its tracks, plus no images sucks (although I think it could be implemented).
                              • Even simple rescaling or format conversion of images I tend to do in GIMP. I just can never remember the convert command to use.
                              1. 6

                                Photo editing and photo organization/tagging are two things that I definitely can’t do in the terminal.

                                1. 1

                                  I use some rss to email program to read my feeds the same way I read my emails. I can’t remember what it’s called off the top of my head but it shouldn’t be hard to find. Have you ever tried doing something like that?

                                  1. 1

                                    Is that something you self-host, or a third-party service?

                                    1. 2

                                      The one that I use I run on a cron job locally, and it just adds a folder into my main maildir.

                                1. 22

                                  suite of productivity apps

                                  heh, I’m still used to “Google” meaning “search”, not “productivity apps”. YaCy would be the real “open source Google” if we still remember that Search is the big part :D

                                  1. 4

                                    I don’t think search is the big part when it comes to replacing google. Most people I talked to about migrating from google products say they can’t because they rely too much on Gmail and Drive. Even though some of them also said search alternatives sucked, they were more willing to deal with that then losing the collaborative power that Google Drive gave them. I advocate against google as well by the way, but damn their Chrome + Gmail + Drive combo is becoming the definition of professional computing for a lot of people, specially since they also offer that in an Enterprise edition as well.

                                    1. 4

                                      I disagree, search is a biggest part.

                                      • Chrome replacable with Firefox 100%
                                      • Gmail replacable by something N% (Protonmail?)
                                      • Drive replacable by bunch of things - dropbox, one drive, IFS, NextCloud, etc. particularly with some tooling that utilize multiple things. Drive, IMO, has insulting interface and operability for 2019.

                                      Search on the other hand, is not easily replaced, especially since ddg, startpage and many others use google in the backend. Bing is retarded with those wallpapers and Yahoo is a mess. No bueno. All should die, perhaps we should return to altavista or do the SETI thing (best option IMO).

                                      1. 3

                                        DuckDuckGo uses Bing as its backend. Not Google.

                                        1. 4

                                          Well, it includes results from Bing. And a variety of other search engines.

                                        2. 3

                                          The pull is the multiple-concurrent-editors spreadsheets and text documents (which I think got rebranded from Docs to fall under Drive) rather than just the ability to share files.

                                          There are fewer competing products for the Docs use cases. They are quite hard to implement.

                                          1. 4

                                            Document collaboration is possible in Next Cloud with Colabora and it works on premise and with open office docs:

                                            https://nextcloud.com/collaboraonline/

                                            1. 1

                                              I did not know that and I am surprised. Interesting, thank you.

                                          2. 1

                                            We’re discussing different things. I want practical results not theoretical ones.

                                          3. 2

                                            Whoever down-voted with “incorrect”, can you please explain your reason? I don’t mind the vote count, I’m just genuinely interested in what was “incorrect” in my post?

                                            1. -1

                                              Down-voting is lame so any interaction with such dudes is meh. Provide comments when downvoting, don’t hide behind the counter.

                                            2. 2

                                              For me, replacing calendaring is the most difficult, because other than email, calendaring is the system most subject to network effects. I can switch to DDG or OpenStreetMaps on my own and it doesn’t affect those around me, but if I were to switch off Google Calendar, I don’t know how I’d be able to coordinate with others the same way.

                                              1. 1

                                                Yeah I have the same issue with Google Calendar. Though Docs is also subject to network effects, specially for professions that do a lot of document editing (journalism, PR, etc).

                                                1. 1

                                                  Sure; I’ve pretty much made peace with being stuck with a work-related Google account and have only made efforts to remove it from my personal usage.

                                            3. 2

                                              That was my first reaction as well actually.

                                              1. 1

                                                Is YaCy still alive? I tried using their demo portal and my browser kept timing out.

                                                1. 2

                                                  I’ve tried it at home relatively recently, with crawling enabled. Got my IP address temporarily banned from some places / started seeing more captchas everywhere :D Search did work, yes.

                                                2. 0

                                                  Also there’s no Gmail replacement, which is probably the second most popular Google product.

                                                  1. 4

                                                    Gmail was a web-based mail system. It might have embraced and extended the concept of mail in such a way that Gmail is more than just a web-based mail user agent but that does not imply it can not be replaced by another web-based mail user agent, of which there there are many.

                                                    1. 1

                                                      Right, but there’s nothing in Bloom that replaces any part of Gmail.

                                                    2. 3

                                                      Think about what would be involved there. Setting up an SMTP server is non trivial for the average user (This is where 90 of you in the audience pop up and say “I set up SMTP servers in my sleep and 5 before breakfast!” :)

                                                      Of course a big part of that is all the infra that big mail processors like Google have put in place for spam prevention (and maybe a side order of lock-in :)

                                                      You could easily bundle a webmail interface with the assumption that all the guts would be handled elsewhere I guess, but there are already quite a number of those.

                                                      1. 2

                                                        Spam is a huge part, I think. I use Gmail for accounts and such, and self-host for my FOSS contributions / mailing lists / more personal interactions, and the open source spam filtering capabilities imo are nowhere near what Gmail offers. Don’t get me wrong, rspam has made things a lot better, but I still think self-hosting for most people isn’t feasible because of spam/phishing alone.

                                                    3. 0

                                                      YaCy is would be, if it proved to be practical, and so far it didn’t. Maybe it would be good to utilize some better strategy then theirs. For example, remember SETI screensavers ? All OS’es could have something like that but for search indexing.

                                                    1. 7

                                                      The end of controlling what you see on the Web is coming.

                                                      1. 27

                                                        Not if you switch to Firefox :)

                                                        I really hope Google is shooting themselves (and Chrome’s market share) in the foot with this move… but somehow I doubt it.

                                                        1. 7

                                                          Firefox development is mostly funded by Google. I can’t imagine them doing much to piss Google off.

                                                            1. 13

                                                              This actually sounds reassuring:

                                                              Regardless of what happens with Chrome’s manifest v3 proposals, we want to ensure that ad-blockers and other similarly powerful extensions that contribute to user safety and privacy remain part of Mozilla’s add-ons ecosystem while also making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                              1. 8

                                                                making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                                This part is scary.

                                                                1. 1

                                                                  Yeah, but …

                                                                  We have those APIs now isn’t it ? And the world isn’t collapsing.

                                                                  1. 4

                                                                    The scary part is that Firefox thinks it’s their job to decide how users use their own computers.

                                                                    1. 18

                                                                      It’s kind of impossible not to if you’re creating consumer facing software, isn’t it?

                                                                      1. 4

                                                                        It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                        1. 12

                                                                          If it’s about the signed extension thing, please read about the history of that feature It is not based on threat models and predictions. It was done this way to get rid of adware that was auto-installing itself and making real-world people’s lives worse. It has to be hard-coded into the EXE, because it’s only the EXE that Windows performs signature checks on and that Mozilla can sue adware developers for impersonating.

                                                                          1. 2

                                                                            Alright. If it doesn’t affect people building from source, I guess it doesn’t matter.

                                                                            1. 2

                                                                              So… block it on Windows?

                                                                          2. 3

                                                                            It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                          3. 3

                                                                            I never understand this sort of rhetoric.

                                                                            I maintain quite a few open-source projects, and contribute to others. They all make choices about what they support and what they don’t. Is it sinister of them to do so? Many of them don’t provide any sort of toggle to make them support things the developers have chosen not to support, which is what you seem to object to. Is that really controlling behavior, or just developers disagreeing about what should be supported?

                                                                            1. 1

                                                                              My issue is that it’s user-hostile to prevent users from doing what they want with their computers. Firefox runs on my computer; I as an end user — and my grandparents as end-users — should be free to determine which extensions I run within Firefox. It’s not Mozilla’s computer to control. The ability to choose how to use one’s computer shouldn’t be reserved to developers: it should be available to everyone.

                                                                              1. 0

                                                                                Mozilla is free to develop the software they want to develop. You’re free to not use it.

                                                                                You don’t have the right to force them to develop something they don’t want to, but you seem to be trying to assert such a right.

                                                                    2. 2

                                                                      Or, rely on blocklists: https://firebog.net/ I’ve got a little side project to automate it: https://gitlab.com/dacav/myofb

                                                                      If you want something more complex, more popular, more user-friendlly: pi-hole

                                                                      1. 3

                                                                        Until they fully control DNS as well with something like DoH.

                                                                        1. 1

                                                                          Ah, this cat-and-mouse thing! :) Let’s try. You play adversary :)

                                                                          My next move is to use the blacklist to place a filter at firewall level instead of using it at dns level.

                                                                          Your move

                                                                          1. 1

                                                                            Or use /etc/hosts

                                                                            1. 1

                                                                              That’s actually one of the options of my scripts: populating /etc/hosts. :)

                                                                            2. 1

                                                                              Proxying ads through the website you want to see, so the ad urls are http://destination.com/double click/ad/1234

                                                                              1. 1

                                                                                Definitely. But the website gets a performance penalisation, I think.

                                                                                Plus, I’m wondering, will it be as effective for the trackers to deal with the tracked browser with a proxy server in between? (maybe, maybe not).

                                                                              2. 1

                                                                                I place Ads and DoH on the same IP address as the CDN that millions of websites use.

                                                                                1. 1

                                                                                  Wait what? I don’t get this one. How many millions of websites are passing through the same IP address? Can you elaborate?

                                                                                  1. 1

                                                                                    Many of the ones that sit behind CloudFlare and Fastly.

                                                                    1. 8

                                                                      That super strange mozilla used a googledoc instead of a blogpost for doing such a punmication

                                                                      1. 5

                                                                        Maybe they want google to read it.

                                                                        1. 5

                                                                          Mozilla uses Google Apps internally; my guess is that this started as an internal document and they said “well we can just reuse it to share publicly”

                                                                          1. 3

                                                                            Other than the title of the paper, how do we know this is actually from Mozilla?

                                                                                1. 2

                                                                                  Thanks. I’m not really in the habit of trusting random google docs, and wasn’t able to find anything like this.

                                                                              1. 2

                                                                                Similar, internal position/planning/architecture documents tend to be written and distributed this way. This one happens to have been made public.

                                                                              1. 1

                                                                                Can someone please link a source for this that doesn’t ask my web browser for a location and whatever other nonsense? :-/ I’m on the road and going through lynx or whatever isn’t currently practical.

                                                                                1. 4

                                                                                  Here is the link to the actual paper. https://eprint.iacr.org/2019/459.pdf

                                                                                  1. 1

                                                                                    Thank you! ♥

                                                                                  2. 1

                                                                                    Loads fine for me on firefox mobile with noscript fyi

                                                                                    1. 3

                                                                                      works for me.

                                                                                    1. 6

                                                                                      I have a theory that the real reason this stuff doesn’t take off is because it’s so hard for the average person to run their own instance. In a way it’s not a protocol problem. It’s because the missing killer feature is one click install and run. The missing piece might be making it easy to operate an instance.

                                                                                      Centralization happens because a company solves the operating problem.

                                                                                      1. 6

                                                                                        I think that problem is mostly mitigated (depending on the platform). With Secure Scuttlebutt, for example, the client is the instance. There is no extra work for a user, though that has it’s tradeoffs. Mastodon, or ActivityPub, has enough instances that individuals don’t need to run their own to get on the platform.

                                                                                        I think the biggest hurdle is simply inertia. People don’t care enough that a platform is centralized. And once they’ve established themselves on one, it’s very hard to move. It’s like asking someone to drop everything and move to a new country. The language is different, the environment is different, everyone they know is “back home”, and there is no shared interface to continue communicating with those that didn’t follow you to the new place. You’ll need some additional common platform if you don’t stay on the old one.

                                                                                        1. 4

                                                                                          I found Scuttlebutt to have a very high barrier to entry because as you say the client IS the user identity and I’m on 3 different machines in every day not counting mobile so that model REALLY doesn’t work for me.

                                                                                          See above for my thoughts on Mastodon’s problems.

                                                                                          1. 1

                                                                                            SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                                            The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                                            1. 1

                                                                                              SSB users seem to get around this by having an identity for each machine with related avatars & names, all mutually friending each other (so that they’re within one hop of each other). This doesn’t 100% solve the problem, but since most folks have hops set to 3 by default, visibility is almost the same.

                                                                                              The alternative (without some really messy changes to how gossip works underneath – changes folks have been discussing for years at this point) is to use remote access. Because most SSB clients are webtech, this is a problem: they aren’t built to connect to a remote sbot (or they don’t even let you run a separate sbot), so you’re stuck using VNC or X forwarding or something. Not really viable for most current users, let alone a general non-technical audience.

                                                                                              1. 3

                                                                                                SSB is such a cool concept but I suspect that incredibly machine focused aspect of its nature will keep it from ever being adopted very broadly.

                                                                                                We live in a world where many of us work on several machines through the day and several more mobile devices, and we expect our social identity to follow us, not be pinned to one particular device.

                                                                                            2. 2

                                                                                              I think you’re on the right track here.

                                                                                              If folks don’t have a very strong reason to leave a platform, Metcalfe’s law means that platform’s monopoly will only grow & its leverage will become only more powerful. It’s not just inertia, but gravity: these platforms gain power through everybody they bring in, and they gain power based on how long they’ve been there.

                                                                                              SSB aside (since it’s fairly unconventional in other ways), if Pleroma did the SSB thing and made a straightforward all-in-one turnkey client-and-server install, it wouldn’t move most of twitter or facebook to the fediverse: neither connections nor history would be preserved (and facebook & twitter have an interest in making sure moving your entire history to another service is hard, even if they might be forced to make it possible for legal or PR reasons). If, say, a fediverse instance offered to grab your whole twitter history (which is technically possible but would take a while because of API limits & would probably confuse a lot of other users), it would probably get a lot of pushback (the way that LinkedIn does on the grounds of mining & importing your entire address book by default), even though this would be basically the only way to make a lot of twitter users OK with leaving twitter & moving to the fediverse. (Maybe folks who juggle ten social media accounts are rare.)

                                                                                              OP has an interesting idea with displaying an alternate feed alongside twitter (and plugins like this exist – I’ve had my facebook trends replaced with reddit for years, as a side effect of an extension intended to do something unrelated), but installing browser extensions is something a lot of users are circumspect about these days. It’s unclear why we should believe people would be more willing to install a weird extension they have never heard of than sign up for a new social network.

                                                                                              1. 1

                                                                                                That’s why the demise of federated chat systems was so sad…

                                                                                                1. 1

                                                                                                  Are they actually dead? Would Matrix count?

                                                                                                  1. 2

                                                                                                    I’m unfortunately not that familiar with Matrix. From its FAQ it does seem to be the solution.

                                                                                                    I was thinking about XMPP. For a while there, with Google’s buy-in, it looked as if chatting to someone would be as easy as sending email. It’s possible XMPP couldn’t be extended to handle voice and video though.

                                                                                                    1. 1

                                                                                                      You should check it out. I think it has much of the promise of Jabber, but has already gained much more traction than Jabber ever did outside of Google, sadly.

                                                                                                      It’s not clear to me that it’s good for point to point person to person chat without the concept of groups/rooms like XMPP is though.

                                                                                              2. 3

                                                                                                I think this is spot on. Mastodon is amazing, but there’s currently this kind of awkward model where setting up an instance is easy-ish if you have UNIX chops but there are a LOT of moving parts and it’s very easy for something to go hayware and cause your instance to fall on its face.

                                                                                                One particular pain point this awkwardness manifests as is the fact that the instance owner controls the horizontal and the vertical. If your friend Betty pisses off instance admin Bob, Betty’s toast and neither you nor Bob have any say in the matter - this is fine since it’s effectively Bob’s house, but it’s a house with MANY people living there who may not know Bob.

                                                                                                So yeah, the clear solution is to have everyone be able to run their own instance, but that brings up problems of its own. We need MUCH easier / more accessible ways for people to have little blobs of compute they can “own” for various purposes.

                                                                                                Digital Ocean goes some way towards this, but we have a long way to go.

                                                                                                1. 2

                                                                                                  Email improved on this a zillion years ago. Regular users can buy a domain, then pay a host (and can always port to another host if they like).

                                                                                                  I’m capable of (but not interested in) running a node. I want to forward my records to a host.

                                                                                                  I’ve raised issues for this on mastodon and plemora; the former consider it low-priority, the latter don’t want to support it at all.

                                                                                                  1. 1

                                                                                                    Yes I agree Mastodon has some work to do in this regard. You can export your toot follower list to a CSV file, but actually using that to get your followers back on a new node can be tricky.

                                                                                                    Much cleaner would be a way to simply say ’export my identity” and have all the data get saved locally as one stop shopping.

                                                                                                    I suspect part of the problem here may be the exceedingly high complexity of Mastodon’s underpinnings, it’s a Postgresql / RoR application under there, and the schema seems complicated to my untrained eye.

                                                                                                2. 2

                                                                                                  Centralization also enables easy discovery. For example, it’s not possible to get a comprehensive list of all mastodon instances on the internet. If I say that @whjms I’m on Mastodon, the next question for people is ‘which instance?’. Versus where I can say I’m @whjms on Twitter and everyone knows how to find me.

                                                                                                  1. 4

                                                                                                    That’s part of the “new language” people would need to learn. “On Twitter” means something specific that we all happen to know. No one says, “Email me at trondd”. We all know the language that emails have to have a domain attached. Same for Mastodon and I don’t see why people couldn’t learn that language like they did for email.

                                                                                                    …Unless they don’t want to.

                                                                                                    I agree with the discovery benefits of a central service, thought. If I search Mastodon for @user and get 50 results, who is the person I was looking for? Although, I find Facebook with real names to have the same problem anyway.

                                                                                                1. 28

                                                                                                  This article isn’t quite at the level of “zomg dihydrogen monoxide is LETHAL” alarmism, but it’s getting close. On one hand, it’s good to have a third-party review of Firefox’s privacy tradeoffs, but jumping up and down yelling “SPYWARE” doesn’t help educate anyone, it just feeds people’s sense of entitlement and injury.

                                                                                                  For example, the very first example of “spyware” on the list is that Firefox requests http://detectportal.firefox.com/success.txt at startup. If you’ve ever visited an airport, a coffee shop, or a mall with “free wifi” that automatically redirects you to a sign-in page where you can provide your email address in exchange for an hour of Internet access, you know what this is about: if you turn off this protection, then the next time you open your browser in such an environment, all your open tabs will be redirected to the sign-in page, and your browser state is ruined. Alternatively, if most of the websites you use are HTTPS, the situation’s worse: when you open your browser, websites will mysteriously fail to load with no indication why. And so, at startup Firefox makes an unencrypted request for a file with known, specific content, and if the response contains anything else, Firefox knows it’s behind a portal and needs to present the login page before it tries to restore any other state.

                                                                                                  So yeah, there’s a bunch of tradeoffs here:

                                                                                                  • do nothing
                                                                                                    • pro: privacy friendly!
                                                                                                    • con: terrible experience in a common environment
                                                                                                  • always make a portal-baiting request
                                                                                                    • pro: excellent experience, comparable to competing products
                                                                                                    • con: very slight privacy leak
                                                                                                  • make request by default, allow it to be disabled
                                                                                                    • pro: excellent experience by default, super-privacy-conscious people can still get what they want
                                                                                                    • con: very slight privacy leak by default

                                                                                                  I think Firefox has definitely made the right choice here, but I appreciate opinions may differ. On the other hand, just putting this behaviour under the heading “Phoning home” (as the OP article does) without any context doesn’t help anyone make an informed decision about this tradeoff.

                                                                                                  1. 6

                                                                                                    A fourth option might be to only make that request whenever a HTTPS certificate is failing. That way in the normal case where the user is logged into the portal or not using a portal-enabled Internet they won’t be calling out to Mozilla as often.

                                                                                                    But yeah, it’s difficult to be privacy-sensitive. It’s more work. Asking Firefox to be better than Chrome while doing more work and flying blind by not collecting any stats… doesn’t seem to be the best option here.

                                                                                                    1. 1

                                                                                                      Perhaps, but ensuring that the certificate used doesn’t expire and ruin everything sounds hard…

                                                                                                    2. 2

                                                                                                      if you turn off this protection, then the next time you open your browser in such an environment, all your open tabs will be redirected to the sign-in page, and your browser state is ruined.

                                                                                                      is this really what happens? i would expect only the active tab to load, which would be subject to the redirect. i wouldn’t call this a “terrible experience.”

                                                                                                      firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does. how would you feel about this option?

                                                                                                      1. 1

                                                                                                        firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does.

                                                                                                        nitpick: from my memory, this option is just for fetching media metadata from the internet, not for telemetry.

                                                                                                        1. 2

                                                                                                          what do you mean by telemetry and how do you know VLC’s use doesn’t constitute telemetry?

                                                                                                          to me, telemetry means automatic requests to Internet servers. am i using the term wrong?

                                                                                                          1. 1

                                                                                                            Good point. I’ve mainly heard the term telemetry used in conjunction with analytics and tracking, but I guess it’s not limited to those.

                                                                                                            1. 1

                                                                                                              it’s also fair to expect that any requests will be tracked and analyzed, even if their primary purpose is to fetch media metadata

                                                                                                        2. 1

                                                                                                          i would expect only the active tab to load, which would be subject to the redirect. i wouldn’t call this a “terrible experience.”

                                                                                                          These days browsers are smarter about lazily restoring tabs at startup, but they’ll still load the active tab in each window, plus however many pinned tabs the user has.

                                                                                                          Besides, data loss is data loss. Even if it’s just one tab of hundreds, it can still be a terrible experience for someone.

                                                                                                          firefox could also ask users whether they want telemetry enabled the first time firefox starts up, like what VLC does.

                                                                                                          I just booted up Firefox 66.0.1 (the latest stable version) with a fresh profile, and the two default tabs it opens are an advertisement for Firefox Sync, and the Firefox Privacy Notice, which is a huge list of all the various kinds of information Firefox may (deliberately or otherwise) collect, and why. Under the very first heading, “Improve performance and stability for users everywhere”, there’s an “opt-out” link which takes you to a support article about opting in or out, and a big “Choose how you want to share this data in Firefox” button which takes you directly to the “Firefox Data Collection and Use” section of the preferences where you can turn things off (including “Studies”).

                                                                                                          So Firefox does provide detailed information about telemetry, including how to turn it off, on first startup. It doesn’t provide a simple “telemetry yes/no” banner, because people have learned to click those away subconsciously, and if there’s one thing people like even less than things happening without their consent, it’s when they feel tricked into giving consent.

                                                                                                          1. 1

                                                                                                            Besides, data loss is data loss. Even if it’s just one tab of hundreds, it can still be a terrible experience for someone.

                                                                                                            i must confess i don’t know exactly what properties people expect out of tab restoration. what data is lost? the URL of the tab that gets redirected? would this be available in the history?

                                                                                                            So Firefox does provide detailed information about telemetry, including how to turn it off, on first startup. It doesn’t provide a simple “telemetry yes/no” banner, because people have learned to click those away subconsciously, and if there’s one thing people like even less than things happening without their consent, it’s when they feel tricked into giving consent.

                                                                                                            how is what firefox currently does better? haven’t people learned to subconsciously close the ads and privacy notice tabs which are open by default? aren’t they already being tricked into giving consent? you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                            1. 1

                                                                                                              what data is lost?

                                                                                                              The URL, the page scroll position, form field content… imagine getting five paragraphs into a comment on a site like Lobsters, letting your browser restart to apply a security update, and suddenly your comment is lost to the ether. Sure, maybe people shouldn’t expect that to work 100% reliably, but it does work 95% reliably, which makes the last 5% all the more frustrating.

                                                                                                              you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                              Yes, I do.

                                                                                                              If somebody says to me “here’s what I’m going to do”, and then I ignore what they say, and then later I decide I didn’t want them doing that, that’s fundamentally my fault.

                                                                                                              If somebody says to me “to-let-me-do-the-thing-say-what” and I blink and say “what?” and they say “thanks!” and run off, I’m going to be annoyed, regardless of what they wanted to do. If it turns out to be something I didn’t want, I’m going to be doubly annoyed if they use my “opt-in” as an excuse, since they fact that they tricked me is already evidence that they knew I wouldn’t have said yes if I knew what was going on.

                                                                                                              People hate twenty-page small-print “terms and conditions” documents because they obscure what they’re asking you to agree to, and a “telemetry yes/no” banner would similarly obscure what it wants you to agree to. The Firefox Privacy Notice page really is a great example for how to present a complex set of ideas to a non-expert audience, and really I think that’s as much as anyone could expect Mozilla to do. You can’t force people to form an educated opinion, you can only make education as accessible as possible, and treat the people who blindly trust you anyway with dignity and respect.

                                                                                                              1. 1

                                                                                                                The URL, the page scroll position, form field content… imagine getting five paragraphs into a comment on a site like Lobsters, letting your browser restart to apply a security update, and suddenly your comment is lost to the ether. Sure, maybe people shouldn’t expect that to work 100% reliably, but it does work 95% reliably, which makes the last 5% all the more frustrating.

                                                                                                                i wouldn’t want to rely on it if it only works 95% of the time even with the telemetry preventing data loss due to captive portals. but i think this point is exhausted.

                                                                                                                you think people would be more mad if they were given a telemetry yes/no banner at first startup?

                                                                                                                Yes, I do.

                                                                                                                If somebody says to me “here’s what I’m going to do”, and then I ignore what they say, and then later I decide I didn’t want them doing that, that’s fundamentally my fault.

                                                                                                                If somebody says to me “to-let-me-do-the-thing-say-what” and I blink and say “what?” and they say “thanks!” and run off, I’m going to be annoyed, regardless of what they wanted to do. If it turns out to be something I didn’t want, I’m going to be doubly annoyed if they use my “opt-in” as an excuse, since they fact that they tricked me is already evidence that they knew I wouldn’t have said yes if I knew what was going on.

                                                                                                                i don’t follow your analogy. VLC asks users “do you want to allow telemetry,” they select yes or no, then the program runs based on their preference. are either of your scenarios analogous to that?

                                                                                                                People hate twenty-page small-print “terms and conditions” documents because they obscure what they’re asking you to agree to, and a “telemetry yes/no” banner would similarly obscure what it wants you to agree to.

                                                                                                                a sentence takes less time to read and understand than twenty small-print pages. what exactly is obscure about “do you want to allow telemetry for these purposes?” followed by a bulleted list and a yes/no button?

                                                                                                                The Firefox Privacy Notice page really is a great example for how to present a complex set of ideas to a non-expert audience, and really I think that’s as much as anyone could expect Mozilla to do. You can’t force people to form an educated opinion, you can only make education as accessible as possible, and treat the people who blindly trust you anyway with dignity and respect.

                                                                                                                the privacy notice page is longer than the VLC notice and you have to read it and dig through documentation in order to disable telemetry. this is not obscure?

                                                                                                                why can’t we expect mozilla to show us a telemetry yes/no button whenever they implement new telemetry?

                                                                                                                1. 1

                                                                                                                  I guess my basic argument is:

                                                                                                                  • if Alice wants to do something on Bob’s behalf, and she can obtain Bob’s informed consent first, she should do so
                                                                                                                  • if Alice can’t obtain Bob’s informed consent (because Bob can’t be contacted, because Bob is too busy to listen to a properly detailed explanation, or for some other reason) and Alice is say 90% sure that it’s in Bob’s interest, it’s OK to go ahead as long as she describes what she’s doing somewhere Bob can find it, and she’s willing to stop if Bob does express an opinion later
                                                                                                                  • if Alice can’t obtain Bob’s informed consent, it’s not OK to ask an oversimplified version of the question and treat the answer as consent, since the consent would not be fully informed
                                                                                                                  • it’s also not OK to ask a super-detailed over-complexified version of the question, since we know most people won’t read it, and the consent would still not be fully informed

                                                                                                                  VLC’s startup notice falls into the first category - VLC is not too complex, the privacy risks are easy to explain, and so it’s reasonable to present the question directly at first startup.

                                                                                                                  Firefox falls into the second category. Firefox is very complex, and its privacy risks are intricate and involve multiple parties. They can’t be easily summarised in a sentence or two, so Firefox just makes the information as accessible as possible without actively getting in people’s way, and does its best.

                                                                                                                  The third category is your hypothetical version of Firefox that asks for telemetry consent at first startup. I claim it’s not possible to describe Firefox’s privacy risks more clearly and concisely than the Privacy Notice page already does, so any shorter summary would be misleading and the answer would not ethically count as permission.

                                                                                                                  The fourth category is every “I have read and understood the terms and conditions” checkbox, or a hypothetical version of Firefox that pointed people to the Privacy Notice and demanded people read it before giving consent. You can’t force people to read and understand things, so that would still not ethically count as permission.

                                                                                                                  As for asking permission about each new kind of telemetry individually, that might be OK, if each kind can be described concisely enough. You couldn’t ask too many questions in a row without fatiguing people, though, and there might be features whose risks are wildly different depending on what other features they’ve consented to. Overall, I suspect it might be problematic for engineering reasons even if it was ethically fine.

                                                                                                                  1. 1

                                                                                                                    if Alice can’t obtain Bob’s informed consent (because Bob can’t be contacted, because Bob is too busy to listen to a properly detailed explanation, or for some other reason) and Alice is say 90% sure that it’s in Bob’s interest, it’s OK to go ahead as long as she describes what she’s doing somewhere Bob can find it, and she’s willing to stop if Bob does express an opinion later

                                                                                                                    how can i express to firefox that i want no automatic requests to remote servers?

                                                                                                                    is firefox willing to stop?

                                                                                                                    i can go to the privacy notice page, click the “Improve performance and stability for users everywhere,” follow the links to the privacy preferences page, and uncheck the boxes under “firefox data collection and use.”

                                                                                                                    but that’s not enough, as explained in the original post. there are many other ways firefox sends automatic requests which can tell a remote server about your browsing. they can’t be disabled through the GUI. even if i set things in about:config or a custom user.js file, firefox will add more telementry features which are buried in a privacy notice page and require digging to figure out how to disable. you really think this is the best we can ask for?

                                                                                                                    1. 1

                                                                                                                      Firefox is a user agent, a tool for automatically turning a high-level user goal (“show me the front page of https://lobste.rs”) into a collection of requests to remote servers. If somebody really want absolutely zero automatic requests to remote servers (no images, no css, no following HTTP redirects), then their expectations are so far from the normal definition of “web browser” that they’d probably be happier with a completely different product.

                                                                                                                      Specifically for telemetry, my understanding is that occasionally Mozilla will add some new measurement that they’re interested in (for example, some statistic about a newly-added feature) but the existing “disable telemetry” option in the GUI is a master switch - if it’s disabled, it disables newly-added measurements too.

                                                                                                                      If by “telemetry” you include the various other miscellaneous connections described/slandered in the original article, then yes, sometimes Mozilla does add enabled-by-default features that involve automating requests to remote servers. However, historically Mozilla have worked very hard on minimising the privacy risk of such features (the Safe Browsing feature in particular I think is quite elegant), and I personally trust them to make responsible decisions in future. If they ever mess up, I’m sure it’ll be all over Lobsters and HN.

                                                                                                                      No software is infinitely configurable, if you really need to prevent a piece of software from doing something, don’t run it.

                                                                                                                      1. 1

                                                                                                                        Firefox is a user agent, a tool for automatically turning a high-level user goal (“show me the front page of https://lobste.rs”) into a collection of requests to remote servers. If somebody really want absolutely zero automatic requests to remote servers (no images, no css, no following HTTP redirects), then their expectations are so far from the normal definition of “web browser” that they’d probably be happier with a completely different product.

                                                                                                                        i think you understand the distinction between requests made in order to display a web page requested by the user, and requests made without any action or without being necessary to display a page.

                                                                                                                        If by “telemetry” you include the various other miscellaneous connections described/slandered in the original article, then yes, sometimes Mozilla does add enabled-by-default features that involve automating requests to remote servers.

                                                                                                                        presumably you don’t include these in your definition of “telemetry.” what substantive difference is there?

                                                                                                                        1. 1

                                                                                                                          The distinction between requests necessary to display a page and requests unnecessary to display a page may be blurry. For example, portal detection is sometimes necessary to display a requested page, and the only way for Firefox to know for sure is to send the request. So is it necessary or not?

                                                                                                                          Strictly speaking, “telemetry” means “measurement at a distance”. A feature designed to automatically send local measurements to a remote system is telemetry; a feature that’s not automatic or only accidentally sends local measurements isn’t really telemetry. It might possibly be abused, but these non-telemetry signals should be designed to minimise their usefulness as telemetry.

                                                                                                                          For example, your ISP could use portal-detection pings to infer that you use Firefox; but they could also read your user-agent from any unencrypted HTTP request you make, so that’s not a big deal. Mozilla could use it to infer that one of your ISP’s customers uses Firefox, but it’s a much less reliable signal than things like update checks or actual telemetry. Mozilla could use the timing of the ping to infer when your ISP’s customers commonly use Firefox, but they could nearly as reliably determine that by looking at the timezone your ISP’s head office is in.

                                                                                                                          1. 1

                                                                                                                            The distinction between requests necessary to display a page and requests unnecessary to display a page may be blurry. For example, portal detection is sometimes necessary to display a requested page, and the only way for Firefox to know for sure is to send the request. So is it necessary or not?

                                                                                                                            it’s never necessary. it may give clues that a page cannot be reached, but it doesn’t help you reach the page.

                                                                                                                            Strictly speaking, “telemetry” means “measurement at a distance”. A feature designed to automatically send local measurements to a remote system is telemetry; a feature that’s not automatic or only accidentally sends local measurements isn’t really telemetry. It might possibly be abused, but these non-telemetry signals should be designed to minimise their usefulness as telemetry.

                                                                                                                            so firefox’s “disable telemetry” option disables features which are explicitly designed for measurement, but does not disable other features where telemetry is a side effect.

                                                                                                                            should users have control over the telemetry that happens as a side effect?

                                                                                                                            1. 1

                                                                                                                              Literally any network traffic at all, explicitly requested or otherwise, can be tracked and collated to provide information about the participants. Even the absence of network traffic can be a privacy leak - if there’s only one person on a given subnet that has disabled Firefox’s portal detection, a request that’s not preceded by a portal-detection request almost certainly comes from that person.

                                                                                                                              Given that a web-browser has to make some number of network requests to perform its function, I think it’s reasonable for the browser to make any number of extra requests, as long as the extra requests take negligible total extra time, use negligible total extra battery, and add negligible total extra privacy risk. Adding a new request might increase privacy risk (if it’s related to some identifying information) or reduce it (if it makes my network traffic look more like everybody else’s).

                                                                                                                              I think it’s reasonable for Mozilla to offer users control over what Mozilla does with their data (and they do, which is good); I think it’s unreasonable for Mozilla to offer users control over what third parties (ISPs, governments, engineers with Wireshark) do with users’ data, since Mozilla can’t enforce or even reliably influence that.

                                                                                                                              1. 1

                                                                                                                                I think it’s reasonable for the browser to make any number of extra requests, as long as the extra requests take negligible total extra time, use negligible total extra battery, and add negligible total extra privacy risk.

                                                                                                                                so to clarify, you think mozilla should decide on behalf of users what is a negligible privacy risk? they shouldn’t have control over the telemetry that happens as a side effect of other features?

                                                                                                                                1. 1

                                                                                                                                  Not screwtape, but yes.

                                                                                                                                  If I wanted to spend my limited time and energy making those decisions, I could do so fairly easily, since the source and build scripts are all available for free.

                                                                                                                                  Mozilla provides me with the option of making my own decisions, and also supplies a prebuilt binary that frees me from having to make them myselfves.

                                                                                                                                  I choose the prebuilt binary that makes those decisions for me.

                                                                                                                                  1. 1

                                                                                                                                    it’s easy for you to understand and modify firefox code?

                                                                                                                                    1. 1

                                                                                                                                      In the scheme of things, sure. The codebase is large and unfamiliar, but grep will get you pretty far.

                                                                                                                                  2. 1

                                                                                                                                    I’m not saying users shouldn’t have control, I’m saying they don’t have control. I, as a user, have no idea who might be passively observing my network connection, or what patterns of traffic they might be looking for or ignoring. There is no combination of Firefox configuration options I could enable or disable that would guarantee a lower privacy risk than I currently have, even if there were options for every byte of every header of every possible request.

                                                                                                                                    If there was a master “absolutely no non-essential network requests” toggle, it would have to carry the label “this may increase or decrease your privacy risk, or increase the risk from some sources while decreasing it from others, or have no practical effect”. That’s not giving users control over their privacy, it’s a dice-roll.

                                                                                                                                    The answer to “which changes in this new version of Firefox have possible privacy implications” is always “all of them”. The answer to “which changes are relevant to my privacy” is always “that depends on your individual needs”. If a user doesn’t trust Mozilla’s general-purpose defaults, and doesn’t want the responsibility of figuring out which available options are relevant to their personal concerns, what can Mozilla possibly do for that user?

                                                                                                                                    1. 1

                                                                                                                                      If a user doesn’t trust Mozilla’s general-purpose defaults, and doesn’t want the responsibility of figuring out which available options are relevant to their personal concerns, what can Mozilla possibly do for that user?

                                                                                                                                      a non-essential network requests yes/no button would do

                                                                                                        1. 1

                                                                                                          Did this effect people with auto updates? I’m getting whatever ubuntu is pushing in their updates so I haven’t been effected, hopefully won’t be.

                                                                                                          1. 1

                                                                                                            I was hit with the version from Debian stable’s repositories.

                                                                                                            1. 1

                                                                                                              I got hit by this and I’m running stable on ubuntu. :/

                                                                                                            1. 5

                                                                                                              While I absolutely agree that too many people jump to ‘buy a used 2-socket Xeon server to host my blog with a dozen views per month’, there’s a middle ground between an R710 and ARM SBCs. For example, I run Funkwhale on an Intel Celeron NUC. According to AnandTech, power consumption ranged between ~9w (idle) and 25w (maxed out). Assuming that the machine runs at full load 50% of the time, this would consume around 150 kWh per year, costing me around $25/year in energy. And it’s silent!

                                                                                                              Being able to plug machines in and have it autoscale seems nifty though. Also I don’t know much about ARM SOC efficiency, maybe they’re more efficient per watt than x86 for these loads.

                                                                                                              1. 3

                                                                                                                Agreed, instead of going for a full populated server and let the 72GB RAM burn electricity, most self hosting can be done with 16GB of ram and consumer level hardware. X86 is still way more powerful compared to arm, in terms of instruction efficiency and io.

                                                                                                                1. 1

                                                                                                                  X86 is still way more powerful compared to arm, in terms of instruction efficiency and io

                                                                                                                  I/O is not ISA dependent, and x86 (amd64 really) is not that efficient, in fact it wastes power on the rather complex variable-length instruction decoding.

                                                                                                                  Cheap amd64 stuff is more powerful than cheap aarch64 stuff, sure. And amd64 is ahead in SIMD deployment — you can get your hands on AVX-512 supporting processors now quite easily, while SVE right now is only implemented in the Fujitsu supercomputer you don’t have access to.

                                                                                                                  But general performance is all about the microarchitecture. Cortex-A72 performs pretty well for a relatively low power core designed in 2014. Newer stuff like Apple Vortex, Nvidia Carmel, Broadcom→Cavium Vulcan (ThunderX2) is very impressive.

                                                                                                                  1. 1

                                                                                                                    That’s probably true, and you also stated that powerful x86 processors are more available (in terms of cost and quantity) in general. The IO issue I am complaining is similar, where you can find tons of cheap motherboards has pcie, sata and USB 3. But it’s still not available on consumer level arm boards.

                                                                                                                2. 2

                                                                                                                  Good point. Regular x86 servers will undoubtedly be faster and can be relatively cheap too (J3455 vs S922X). I think the real win for ARM is that it’s cheaper to get started and scales pretty well. The barebones kit of the NUC you linked is $130, with real working builds at $250 and higher. The S922X uses less power, is > 75% as fast (according to that random benchmark at least), and costs $90 (~$120 for a fully working system).

                                                                                                                  Being able to plug machines in and have it autoscale seems nifty though.

                                                                                                                  To be fair, you can totally do this with x86 as well, but people don’t generally buy that many servers for their house :P

                                                                                                                  1. 2

                                                                                                                    Floodgap’s web proxy uses Windows-1252 encoding by default for, what I presume to be, compatibility reasons. Most clients default to UTF-8, however.

                                                                                                                    1. 2

                                                                                                                      In my gopher clients it seems to work as intended: https://i.postimg.cc/dVq5pDVj/Screenshot-20190421-160850-Pocket-Gopher.png and https://i.postimg.cc/C1jDwHvB/Screenshot-20190421-161321-Diggie-Dog.png Lynx on the client as well. Have you tried a Gopher client?

                                                                                                                      The browser expects an encoding and I’m not sure how the floodgap proxy handles that for plain text files that don’t specify one.

                                                                                                                      1. 1

                                                                                                                        Interesting, so gopher clients assume all content is UTF-8 (or whatever encoding you’ve used here)?

                                                                                                                        1. 2

                                                                                                                          I guess so? The python script explicitly does UTF-8 and the clients I test with seem to as well. For the filenames I do strip out all except a-zA-Z.

                                                                                                                          1. 1

                                                                                                                            Why not allow numbers? Right now there are names like Queen_Attends_Easter_Service_on___rd_Birthday.

                                                                                                                            1. 1

                                                                                                                              No specific reason. I changed the regex so numbers are allowed now.

                                                                                                                          2. 1

                                                                                                                            The one I wrote assume UTF-8 as I found more pages using that than ISO-8859-1 or Windows-1252. It’s also pretty clear that UTF-8 is the way forward for encoding.

                                                                                                                            1. 1

                                                                                                                              Hey you’re behind the Boston diaries, but rumor goes, not even from, in or near Boston! I like reading your site and Gopherhole

                                                                                                                              1. 1

                                                                                                                                Thanks. There is a story behind the name.

                                                                                                                                1. 1

                                                                                                                                  I’m amused to see a number of people I’ve started following on gopher I’ve already seen on Lobste.rs or Mastodon and didn’t know it.

                                                                                                                          1. 2

                                                                                                                            I joined a photography-based instance. I mostly post my own photos:

                                                                                                                            whjms@photog.social

                                                                                                                            1. 30

                                                                                                                              I object to the historical tag. I use IRC on a daily basis. (In fact, it’s how I keep in touch with most of my social circle)

                                                                                                                              I do think that the most important thing IRC could do is implement server side history, which solves the main issue: catching up on history after joining a channel or going offline.

                                                                                                                              Everything else feels like fluff.

                                                                                                                              1. 22

                                                                                                                                On the other hand, I consider lack of history a feature, a highly desirable feature.

                                                                                                                                I don’t need to be notified of everything that happens, I don’t need to know all of the history.

                                                                                                                                IRC is like walking into a bar. If there’s an interesting conversation, you jump in. And when you’re away, if something important happened, someone else will fill you in. Otherwise, it wasn’t important.

                                                                                                                                Just miss out without fear. It’s okay. Do other things.

                                                                                                                                If you need persistent and slow communication, use a different protocol, but leave chat protocols as ephemeral and forgettable.

                                                                                                                                1. 5

                                                                                                                                  This is not usually how IRC is used in practise. In practise people use bouncers or “irssi in screen forever” to get the history client side. Better to let the protocol solve the problem most people seem to want, and if you don’t want history configure your client not to fetch or show it.

                                                                                                                                  1. 6

                                                                                                                                    I don’t know how usual this is. Lots of people don’t use bouncers. Some use bouncers. The way we use #octave in Freenode is memoryless; #emacs in Freenode has a no public-logging policy (just a politeness convention) and #mercurial in Freenode also has people coming and going all the time. If something happened and people are talking about it, I ask in #mercurial and people will give me the context. Nobody has ever said to me, “get a bouncer, ya n00b!”

                                                                                                                                    I don’t know if most people want persistent history but I certainly don’t.

                                                                                                                                    1. 3

                                                                                                                                      Sure it is. Source: JordiGH and I hang out in several of the same bars^Wchannels. (Sup.)

                                                                                                                                      I currently use “weechat in tmux forever” (formerly “ERC in screen forever”). However, I never actually bother to scroll back except to search for my own name to see if anybody was looking for me.

                                                                                                                                      Once in the past decade, I reviewed my entire buffer for a specific channel because there was “drama” going on when I got back and I wanted to know what happened. The privilege to do so is what the chanops and opers there grant me when they allow my client to idle.

                                                                                                                                      Honestly, after you join a few big channels and a lot of small ones, “keeping up” is neither possible nor worth it. Do you “keep up” with newly uploaded youtube videos? :)

                                                                                                                                      1. 5

                                                                                                                                        I do irssi in screen forever (call me old-fashioned ¯\_(ツ)_/¯), and that’s not really my experience. I don’t ‘keep up’, but – well, there are a couple of things. #1 is that when I join I’d like to have some context for what’s going on, and drama that causes me to want to scroll up quite a bit happens a lot more often than once in 10 years. Another thing is that sometimes, when it’s been a quiet day, I’ll go on and see that it’s not more than a screenful of text since last time I joined, which provides a nice sense of continuity. Additionally, just being already connected makes for a generally nicer experience. It makes communication asynchronous because there’s not an expectation that if you’re connected, you’re available; so, you can ignore people (or, to put it more generously, wait till later to talk to them). If you join a channel and immediately ask for help with something, it seems a lot stickier and you’re a lot less likely to get a response, than if you’ve been there for a while.

                                                                                                                                        1. 1

                                                                                                                                          Ah, yes. I agree with your description; I have experienced those things you describe. Which makes me wonder, why did I describe my experience differently?

                                                                                                                                          I think I figured it out… Social channels are different than technical channels. I do in fact review the full buffer of technical channels (if they are low-volume enough). I just hadn’t thought about it when posting my previous comment! Thanks.

                                                                                                                                          1. 2

                                                                                                                                            Huh. Generally I don’t look at what happened in technical channels. Generally I come, ask/answer a question, but when I’m not there, I’m not there. Only exception is when there’s some bickering in the c channel (it happens a lot), I read backscroll so I can get an informed opinion and join in. Social channels, I know the people there so I care about what they said while I wasn’t there.

                                                                                                                                    2. 1

                                                                                                                                      What do you do to chat with friends? Coordinating an event over email with 7-8 people is painful.

                                                                                                                                      1. 5

                                                                                                                                        I coordinate an event over email with 7-8 people; I don’t know, it works for me. I just did that last week.

                                                                                                                                        1. 1

                                                                                                                                          Hm, to each their own I guess. For us, someone will usually just ask who’s free tonight and whose house is free, where we’re eating etc etc and within a few hours we’ve sorted it out and whoever comes comes.

                                                                                                                                          1. 1

                                                                                                                                            Yep, email works great for that.

                                                                                                                                    3. 7

                                                                                                                                      I’ve always been saying that if you want a paper trail, you want email. There’s nothing wrong with it, it works. Chats are for real-time conversations, and those don’t mix well with having a paper trail. Whenever I’m forced to use Slack in companies where it’s the main way of communication, it’s obvious how inconvenient it is to hold a conversation over a few days (or time zones) buried in a constant stream of messages not separated into topics.

                                                                                                                                      1. 4

                                                                                                                                        Wow - your post made me remember something I haven’t ‘felt’ about the web since back when Facebook’s instant messages feature was separate from it’s ‘mail’ feature, probably 2008. I remember reading that they planned on combining the two. At the time, I thought “How can they possibly do that? My IMs and my Mails are completely different ways to communicate, because one is real-time and the other asynchronous.

                                                                                                                                        Facebook and Slack messaging work the same now. Real-time, with the paper trail. Both real-time and asynchronous. Stopped starting at your phone or your desktop client? Too bad, you’re now behind.

                                                                                                                                        I miss being able to differentiate between a message I was expected to read instantly vs a message I could read on my own time.

                                                                                                                                      2. 3

                                                                                                                                        That’s certainly one of the biggest drivers that’s forced my scrum team to transition to AWS Chime.

                                                                                                                                        Being able to have persistent messages regardless of client connection state is an absolute deal breaker for us. Coordination becomes much MUCH more difficult otherwise. We used to use IRC, and it got to the point where I was the only one with ZNC working in the whole team :\

                                                                                                                                        1. 2

                                                                                                                                          I’m always a bit surprised by the staying power of IRC. This kind of feature is the reason I have always used XMPP for my chatrooms.

                                                                                                                                          1. 4

                                                                                                                                            XMPP is an awesome protocol IMO, the issue is that there does not seem to be any decent clients.

                                                                                                                                            1. 1

                                                                                                                                              What platform and style are you looking for? I’m partial to irssi-xmpp myself – and Conversations is king on Android. There are hundreds of clients of every kind, so hard to list at once until I know what you’re after :)

                                                                                                                                            2. 2

                                                                                                                                              Pardon my ignorance, I’ve used Jabber a bit way back in its infancy so I can’t recall - does XMPP inherently record server side traffic like that?

                                                                                                                                              1. 1

                                                                                                                                                The ability for a multi user chat to play back recent history when you join has been part of the protocol basically as long as the ability to have chatrooms at all. How much history is configured by room admin (usually).

                                                                                                                                                More recently there are extensions to make this even better, but in practise that original feature covers everything I’ve wanted.

                                                                                                                                              2. 2

                                                                                                                                                Matrix seems to have figured out how to bridge different networks well. Does XMPP have similar success in that area, and if not, do you have any theories why? Is it a technical thing or just a matter of not enough critical mass?

                                                                                                                                                1. 1

                                                                                                                                                  Yes, XMPP has always had bridges (we usually say “gateways” or “transports”) to different protocols. When I first started using XMPP most of my contacts were on MSN Messenger, and I talked to them seamlessly.

                                                                                                                                                  These days, there’s Spectrum as a gateway to everything in libpurple, transwhat to WhatsApp, biboumi to IRC, cheogram.com to SMS, even a few to Matrix :)

                                                                                                                                                  1. 1

                                                                                                                                                    So you guess it was mostly poor salesmanship kinda problem that not many people use those?

                                                                                                                                              3. 2

                                                                                                                                                Everyone I know who cares about persistent messages on IRC runs an IRC bouncer (e.g. ZNC). It’s pretty easy to set up..

                                                                                                                                                1. 2

                                                                                                                                                  You’re assuming several things:

                                                                                                                                                  1. Bedrock infrastructure to run znc on. Not at all easy or guaranteed in the enterprise.
                                                                                                                                                  2. Enterprise IRC has the same lax auth strategy that Freenode or other ‘open’ IRC servers do.
                                                                                                                                                  3. That younger people give enough of a shit to go through this admittedly minimal effort when they can just use SlickCord or whatever and not think about it.
                                                                                                                                                  1. 2

                                                                                                                                                    Eh, I was just pointing out that there are options besides “completely change the IRC server”, that users can do to use IRC with persistent messaging.

                                                                                                                                                  2. 2

                                                                                                                                                    You still have to pay for, secure, and patch a server though. Unless you run ZNC at home, in which case you’d probably want to isolate that machine from your LAN.

                                                                                                                                              1. 1

                                                                                                                                                This could be useful to help catch basic typos. For example the fields in if this.Latitude == that.Longitude will be coloured differently.

                                                                                                                                                1. 3

                                                                                                                                                  Wouldn’t it be something a sane type system could take care of?

                                                                                                                                                1. 1

                                                                                                                                                  SSL error :-/

                                                                                                                                                  1. 1

                                                                                                                                                    Weird. I’m using CloudFlare SSL. What is the exact error you’re getting?

                                                                                                                                                    1. 1

                                                                                                                                                      Here’s the error + cert details: https://imgur.com/a/lf1X1DK

                                                                                                                                                      Apparently my browser doesn’t trust “Cisco Umbrella Secondary SubCA chi-SG”?

                                                                                                                                                      1. 4

                                                                                                                                                        …what?

                                                                                                                                                        $ curl -v https://when-then-zen.christine.website
                                                                                                                                                        * Rebuilt URL to: https://when-then-zen.christine.website/
                                                                                                                                                        *   Trying 2606:4700:30::681c:a33...
                                                                                                                                                        * TCP_NODELAY set
                                                                                                                                                        * Connected to when-then-zen.christine.website (2606:4700:30::681c:a33) port 443 (#0)
                                                                                                                                                        * TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                                                                                                                                                        * Server certificate: sni39908.cloudflaressl.com
                                                                                                                                                        * Server certificate: COMODO ECC Domain Validation Secure Server CA 2
                                                                                                                                                        * Server certificate: COMODO ECC Certification Authority
                                                                                                                                                        > GET / HTTP/1.1
                                                                                                                                                        > Host: when-then-zen.christine.website
                                                                                                                                                        > User-Agent: curl/7.54.0
                                                                                                                                                        > Accept: */*
                                                                                                                                                        > 
                                                                                                                                                        < HTTP/1.1 200 OK
                                                                                                                                                        < Date: Wed, 10 Apr 2019 15:36:21 GMT
                                                                                                                                                        < Content-Type: text/html; charset=utf-8
                                                                                                                                                        < Transfer-Encoding: chunked
                                                                                                                                                        < Connection: keep-alive
                                                                                                                                                        < Set-Cookie: __cfduid=da886babdf3f59507ccfd8adafe8a9aaa1554910581; expires=Thu, 09-Apr-20 15:36:21 GMT; path=/; domain=.christine.website; HttpOnly; Secure
                                                                                                                                                        < Last-Modified: Wed, 10 Apr 2019 14:10:10 GMT
                                                                                                                                                        < Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                        < Server: cloudflare
                                                                                                                                                        < CF-RAY: 4c55cbbc6dd4c997-SEA
                                                                                                                                                        

                                                                                                                                                        You sure your network is okay? It should be served by CloudFlare/Comodo, not Cisco. I think your network might have a TLS man in the middle on it.

                                                                                                                                                        1. 1

                                                                                                                                                          Looks like some Cisco VPN trickery.