r҉ustic cy͠be̸rpu̵nk🤠🤖 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

It’s a tad upsetting that the Chromebook, not dev mode hacked, is now the gold standard for secure computing

Just as the iPhone, not jail broken, is the gold standard for secure mobile

How did we end up here?

Apple and Google realized their walled gardens are used more and more by ordinary people who understood the privacy implications of their devices

While truly open source privacy tools retained the warmth of a dung-smeared cactus, these became the easy to use variants for the public

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

Open source tools are by and large NOT user friendly in the name of remaining powerful and familiar to those who are already used to them

It’s a degree of tech elitism that’s locked out the public. The typical computer user is not going to familiarize themselves with the command line. Meanwhile, point and click tools got the upper hand in the market

@cypnk i agree with this, but it has nothing to do with "general users being aware of their privacy". open source developers are smug, technical and hold this air of elitism that you refer to. this means the average user isn't going to use them regardless of their privacy stance, leaving only walled gardens as options.

Users wanted more privacy
Looked at what was available and cringed

Apple and Google saw a market opportunity

They’re both related

@cypnk the thing is that free software devs make things for themselves, not for some hypothetical end user.

I don't think there's anything wrong with that, as long as we aren't criticizing people for using nonfree software.

@popefucker Definitely not a criticism of users. They use what they can get used to. I would do the same in their place

Most hackers do build tools for themselves, but some (not all) still insist that learning them is the path to privacy and security for the general public. That’s just not gonna happen

I think that’s also part of the driving force behind “everyone should code”. I’d love it personally, but most people just want to enjoy their devices safely, not code on them

@cypnk true! And there has been a push of late for user-friendly FOSS tools, like signal and Ubuntu and whatnot, but it will never ever be at the same level as proprietary software because proprietary is what the industry grew around. There's so much more time and energy being poured into google than searx, for example.

@cypnk however, one thing:

radicals *need* to learn to use free software, and to thwart the surveillance dragnet. That's not a question of morality like most free software stuff is, it's a question of necessity, and too much organizing is still over corporate channels well-monitored by three-letter-agencies.

@popefucker That group already self-selects for people more likely to learn them

To be a radical is to expect some degree of hardship. To be revolutionary needs thinking beyond what’s already available, in use, or what’s “comfortable” and easy. And so many will learn new tools even if they’re not familiar with them initially

@cypnk I wish this were true, but it's really not.

Except for the truly hardcore revolutionaries, most don't know or care about this kind of stuff.

@popefucker They’re not radicals ;)

We also have to consider how many things the average person has to keep in mind beyond their sociopolitical interests. Family, children, and other engagements eat into their available bandwidth and what’s left is “use an iPhone and Chromebook”

Maybe a helpful friend will add “use Signal, use Tor”

@cypnk @popefucker Only if they realize that it's valuable to their cause.

@popefucker And most FOSS hackers I know are broke too. Some barely get by via Patreon. That’s just no match to the amount of cash Google and Apple can pour into user friendly alternatives

@cypnk @popefucker Another aspect of this is that the yield which Google and Apple get in terms of how much money they put in and how much usable software they get out is very low compared to the broke Free Software hacker living mostly in a hackspace.

@bob @popefucker Much like in meatspace, the luxury of experimentation and room for mistakes are only affordable for the wealthy in hackerspace

@bob @popefucker @cypnk do you mean that with just a little more money, open source would blow Google and Apple out of the water in terms of usability?

Then it’s even more important to push for campaigns like public money, public code, because govt software budgets would make all the difference.

@Tryphon @cypnk @popefucker I think more effort is needed on the public money public code campaign. I noticed that when it started I was seeing some pushback from the proprietary contingency, which indicated to me that a nerve had been struck.

It's also always worth being wary about government money, because sometimes strings can be attached. Projects like Tor have been trying to move away from relying so heavily on government money.

@cypnk It is so strange to me how supposedly the public won’t use a command line but they will edit registry keys for hours. I think they would totally use the command line if Ubuntu or whatever just came installed on every and they had to use it. Then they’d like it.

This must be the hacker version of unrealistic beauty standards ;)

To be fair, people also write entire applications and databases in Excel and never call it “programming”. Perceptions do matter and most users will never make that leap

@cypnk Using Excel to do visual design is computer hacking.

@rotatingskull It is indeed, but I’ve yet to meet an office manager who would call it that

If you ask the person who did all that work in Excel, you’ll likely find a hacker who thinks they aren’t one due to a conspicuous absence of a balaclava

@cypnk @rotatingskull This suggests to me that the whole business about command lines and programmatic interfaces (and I don't even claim that command lines are the be all and end all of programmatic interfaces) being /user unfriendly/ is sort of a problem conjured from nowhere. Apple happens to be /familiar/ and /cool, but there's nothing about its paradigm that makes it particularly easy to use.

Free Software could use more /polish/. A LOT more polish.

@rotatingskull @cypnk But that's a much smaller ask than wishing programmers would spend their free time building tools they actively dislike using and limit their actions.

@Azure @rotatingskull FOSS devs in particular take on tasks as a labor of love and just adding polish to open source tools is dreary and soul-sucking in a lot of ways. I just don't see it happening that way

But what I do see is projects being sponsored for polish depending on who uses it and how badly it's needed. You see project adoptions all the time, so there's hope for a lot of these

I just hope none become proprietary all of a sudden

Speaking of gold standards, if you do take the Chromebook route and want it to remain secure (I.E. easy to wipe and restore easily while traveling And security token enabled), this is a handy guide that’s easy enough for most users


It goes into the details of setting up a dev computer with YubiKey and 2FA with your mobile which takes care of most threat models (except nation states. But if a nation state is after you, you’ve got bigger problems)

I see some folks took this thread about open source privacy tools and made entirely about FOSS tools. That may be a limitation in text based communication or maybe some folks are paying disproportionate attention to the second toot and not the first one

One dev took it so personally, he viewed it as a personal insult. That’s unfortunate. It also highlights the uphill battle. It’s hard to view your world objectively from the view of those who know nothing of it

There’s an “othering” of the user

@cypnk I am not sure I understand your point. The tools that secure the chromebook and iphone aren't tools any users have access to.

Securing a device is hard to do, but really easy if a pro from apple does it for you.

I don't think there is a good exemplar of an easy to secure system that is also easy to use.

@_tj Repost from another reply:
“Users wanted more privacy
Looked at what was available and cringed

Apple and Google saw a market opportunity”

My point is that secure devices came ready made because the tools to do it ourselves are complex and arcane by comparison

A non jailbroken iPhone is still secure
Likewise a non-rooted Chromebook
Both don’t need much further tweaking besides not installing more spyware

@cypnk I think that you need consider what it means for a tool to be "successful" in the first place. Being used by the most clueless people, like with commercial software, doesn't really fit.

@deshipu The only measure of success that’s relevant for widespread privacy and security is adoption. All other measures, while they may be philosophically and personally satisfying, don’t help the masses

Clueless people are not lesser than you because they’re clueless or because they use commercial software

@cypnk You are missing the point. I'm not trying to argue the moral superiority of one or the other, like you do. I'm simply pointing out a simple mechanism that is at work here.

Developers are getting punished for making accessible software, and rewarded for writing more obscure one. As long as that happens, there will be certain tendencies in the software that survives.

Lesser or no, non-contributing users are a burden on a project, and "popular" projects will always be at a disadvantage.

@deshipu You’re seeing it from your point of view as a developer who accepts bug reports and pull requests and I’m showing it from the user’s perspective

I’m not missing point
I’m simply saying end users don’t understand nor care about the intricacies or effort of software development

Not caring doesn’t mean they don’t deserve a better product

@cypnk How do you expect to change anything? By keeping not to care and loudly demanding what users deserve?

Or by trying to get to the center of the issue, analyze what is actually happening, what forces are in play, and coming up with changes that are going to push the whole mechanism in the right direction?

Shaming developers into trying harder and being more selfless is not going to help much. They are already doing what they can.

@deshipu I’ve never shamed developers for writing tools or demanded they try harder. But I’ve routinely poked fun at developers for suggesting users take to the command line as a first resort

Computers are not humane

Dev tools are specifically designed around architectures and not the humans who use them

In that environment, expecting users at large to contort themselves to our arcane tools is unrealistic and selfish

We need easier to use tools for the masses

@cypnk Excellent! How do you propose to achieve that? Who is going to write those tools?

The shape of software reflects the environment in which it was created and the development process that created it. Developers don't do that on purpose, it just happens.

To have humane software, you have to create the environments and processes that would lead to creating it.

Just saying that the masses deserve it will not make that happen.

@cypnk Consider how that works for commercial software: the more accessible it is and the better it solves the user's problems, the more popular it gets. The company that made it earns more money, hires more developers, raises salaries, creates more documentation and training materials, fixes bugs and adds more features. The software thrives. You have a positive feedback loop (at least until they realize that investing in marketing pays better than investing in usability).

@deshipu Hence my other reply. It’s already out of your hands

If you want to meaningfully affect change at this point, getting hired by Google or Apple is in the cards

@cypnk What if we found some way of developing open source software, that would have a similar positive feedback loop from its users, instead of a negative burden? So that development would be easier and more pleasant when the software is popular? Wouldn't it be awesome?

But I don't think we will get there by mimicking the commercial companies, only without profits. By making "products" for "consumers".

@deshipu Feedback loops work if developers and designers detach themselves from their own wants and consider the user perspective with each iteration. There’s a lot of objectivity at play

That’s fundamentally not how most open source hackers work. Most hackers take their work very personally and it’s a passion project. There’s a degree of ownership in the design choices that aren’t shared among users or are easy to explain

That has to change first

@deshipu Hackers need to consider first who is it they’re doing the work for

On the surface, it’s for the users
But is it really?

If you made a tool for yourself and release the source, you’re either expecting others to use it as-is or you expect to make improvements. If it’s the latter, then it’s a job

You may not feel like it is, if you enjoy it, and you’re not getting paid, but it is. And the users are your boss

What does your boss deserve?

Start from that perspective

@cypnk I mean, I already have a day job, I don't need another.

@cypnk Also, bosses generally tend to pay you for the work you do.

@deshipu Then you’re not developing for the users. This is a hobby and you’re doing it for you

Apple and Google stepped in and they’re doing it as a job. Who do you think the users will flock to?

And that’s how we ended up in this situation. Fundamentally different perspectives between what users and developers want out of the same software

Don’t blame users

@cypnk Well, of course I do it as a hobby. Since nobody wants to pay for it, it's impossible to do it as a job.

So unless we find some way of making it work as a hobby, without having to do it as a second, unpaid and unappreciated job, nothing is going to change.

Now, do you perhaps have any idea about what we could try doing?

@cypnk Even the developers who are lucky to be working on open source code as their job have their own bosses to answer to, frankly can't afford to also consider every human on the plant to be their boss.
So maybe you have any ideas about how to encourage the companies that sponsor open source development to care about the users more?

@deshipu Like I said, the time to build goodwill among users is long past

It’s the age of the Big Silos now and if you want to get either Google or Apple to sponsor your project (you’ll have a better chance with Google), you’ll be able to develop as a job and keep it sustainable

Or you could work for them as a proper job and get better tools to users. But if you go at it alone, think of it as an unpaid job and don’t expect anything from users. It’s not how people behave

@cypnk Now I am confused. What was the point of the initial toot then?

“How did we end up here” is what I wrote in the first toot

@cypnk Ah, now I actually scrolled and read it. Sorry, I only saw your second toot, as it was boosted by someone.

I can only say this: nobody will remember Apple and Google in a couple dozen years, and the open source will still be there.

@deshipu Well, we’ll see. People thought of IBM the same way we think of Google and Apple today so anything is possible, I guess

@deshipu @cypnk Some tech CEOs might prefer you to believe that, but in reality "installed by default" gets the goods. Even if it's user-hostile, like Windows 10, if its installed by default it will be "popular".

@bob @cypnk That's what I broadly meant by "marketing". Also deals between companies, monopolies, etc.

@deshipu @cypnk I'd say it's a leadership problem.
Most of the software developers are working for companies right now. Most of them are not interested on the end user: they are interested on profit.
And the developers just do what the companies ask them to do.
It's sad but it's true.

Once there are resources and a strong leadership towards a more human-centered design it will happen. I have no doubt on that.

The key is that the devs have a lot of power but they (we) are wasting it in shit.

@ekaitz_zarraga @cypnk I'm not convinced. It's a bit like saying that a wise and benevolent dictator solves the problems of both capitalism and communism. It does, but it's very hard to ensure that you will always get one like that.

@deshipu @cypnk I'm not saying the leader has to be an individual.

There are many ways to get leadership. Users can demand human-centered technologies and that can change companies' target. Also, some developers could raise awareness and make others leave the companies to start other kind of projects and businesses. I can also happen that the govs decide to push technology and R&D in a social way...

In general what I see is the devs have bosses and make what they say. Bosses have bosses too.

@ekaitz_zarraga @cypnk I would be very interested in ideas about how we could change our communities to make it easier for open source developers to work in user-centered way.
One obvious thing is to make the users more involved — not necessarily as coders, but generally in the project and/or community. You will think twice before adding a feature to a project that a friend who you just spoke to would have trouble using. And you are more likely to fix it if a friend complains.

@deshipu @ekaitz_zarraga @cypnk that is one reason I talk about the projects And My Axe is doing on here.

@inmysocks @cypnk @deshipu And that's also why I try to talk about my decision to leave the standard way and try my own.

@inmysocks @deshipu @ekaitz_zarraga @cypnk

Tried that with #aardwolf (should also be listed with #andmyaxe group) but users, in my experience have been, unresponsive, or divided 23 ways on what they want :3

Still gonna keep trying though!!

@banjofox @deshipu @ekaitz_zarraga @cypnk yeah, the only thing that I am getting consistent feedback about is ExecuBot-5000. But that isn't a reason to not do it.

@inmysocks @deshipu @ekaitz_zarraga @cypnk

You just need to remind yourself that you are the project lead and that you make the final decision

@banjofox @inmysocks @ekaitz_zarraga @cypnk It's not that easy — once you've asked for feedback, there is this expectation that you will listen, and you can aggravate a lot of people and make them feel ignored.

@deshipu @banjofox @inmysocks @cypnk The only way to make it happen is with enough resources. As individuals is very difficult to give the users all they need.
Backed by organizations or grouped in cooperatives the devs can do more.

@ekaitz_zarraga @deshipu @banjofox @inmysocks @cypnk when I find a small project on github that does exactly what I need, except it crashes, I'll most likely make a bug report, or join its IRC channel and there's a high chance I'll be able to talk with the developers and help them fix the issue. OTOH, if Firefox crashes, there's no way I could have such a direct contact with the developers. Because Mozilla is a huge opaque organization. Tell me more about oranizations being helpful.

@Wolf480pl @deshipu @banjofox @inmysocks @cypnk You are just mentioning one case and you are a *very specific* kind of user.

If something is broken in your, say, debian package, you can just change it and correct it. You are done.

All organizations are not the same. I'm not saying the organizations we have are good but your comparison is not fair.

@ekaitz_zarraga @deshipu @banjofox @inmysocks @cypnk Ok, sorry, equating all the organizations is wrong.
Anyway, off the top of my head, I can't think of an organization that actually made the user-developer interaction easier.
Also, I don't understand your example with Debian. How's any organization involved here?
Maybe we have a different definition of an organization?

@Wolf480pl @deshipu @banjofox @inmysocks @cypnk Yeah maybe we have.
With organization I mean a "team" a group of people working together. It can be one like Mozilla but it can be also one like KDE or a small group of individuals like .

User-developer interaction is never easy but if we want it to happen we need help.

A big piece of software like firefox can't be compared with a small tool you can find on github.

@ekaitz_zarraga @deshipu @banjofox @inmysocks @cypnk oh, ok, makes more sense now. Yeah, in that case I can imagine that being organized helps. I just don't exactly see how yet. Mind providing a concrete example, or explaining the Debian one (assuming it's relevant) ?

@Wolf480pl @deshipu @banjofox @inmysocks @cypnk The debian example was a random one. Consider KDE (I know this org better), they are just organized to have more resources and power and they totally do.
It's a good starting point.

Organized as they are they can work with Purism or things like that, and that makes them able to take part in decisions and have impact in products and institutions.

I'm sure there are many ways more and I'm surely find some others, but being alone is not good.

@ekaitz_zarraga @deshipu @banjofox @inmysocks @cypnk oh, so IOW developers being organized helps not necessarily by making it easier to hear the users, but by making it easier to shape the surrounding ecosystem in such a way that the uses can take beter advantage of the software these developers make. So eg. Mozilla needs to be organized to push the W3C in a sane direction, cause otherwise we're all screwed. Makes sense now.

@Wolf480pl @deshipu @banjofox @inmysocks @cypnk Yeah, that's one of the points yeah.
Advocacy is also a powerful tool because it can change the way the users and developers think and demand.
There are many points :)

@banjofox @inmysocks @ekaitz_zarraga @cypnk Not sure what you tried exactly, but the idea is to make the users part of the project, helping with the non-technical things — helping other users, improving the documentation, reviewing changes, etc. Not just asking them what they want — that would only invite bikeshedding.
Of course it's hard to do — you have to set the expectations right, and many people can't get past the "product"/"customer" mindset.

@deshipu kde & gnome are developing design teams who try to specify common ui design language. Next step would be to also include usability testing but thats going to be hard without resources.

@deshipu I think *paying them* would be the fastest way to get open source developers to work in a more user-centered way. @ekaitz_zarraga @cypnk

@cypnk @ekaitz_zarraga @deshipu Another idea for improving user-centered development in open source is to broaden the focus beyond people who write code, to 1) respect & 2) cultivate relationships with people who care enough about a project to garden the bug tracker or documentation. I can the projects where my engagement was returned, ever, on more than the specific bug reports, on two fingers, and I've been doing this 20 years.

@deshipu @ekaitz_zarraga @cypnk Just like in every 9-5 software job I hated, gardening the issue trackers & docs is treated as a low-value afterthought. Keep in mind what Github, in their infinite wisdom, consider worthy of a green spot on one's little timeline. Then users wonder why the documentation is terrible & developers wonder why they're drowning in a sea of unorganized issues.

@cypnk @ekaitz_zarraga @deshipu Anyway, if I won the lottery I'd love to plow millions into making open source more usable, and there's not even a patchwork system to do this, let alone a couple clearinghouse options. Meanwhile, at this point in my life I have a fair amount of spare time & no money at all. You better believe if I could get small payouts for working on issue management & docs for open source, I would be doing it. ¯\(°_o)/¯

@deutrino @cypnk @ekaitz_zarraga It probably won't be easy to find a setup in which you get money for this, but collaborating with all those people can be beneficial in many indirect ways, including a chance at landing a nice job just because they already trusted you when an opening appeared. Of course, this is a lot like free internship or working "for exposure", so caveats apply. But if you have that time free anyways, you might as well spend it cooperating with some nice people you like.

@deshipu Yeah, I'm doing so. But it would be so nice to be able to afford new socks, or to get my boots re-soled, a little easier from the hours I've contributed to open source. Maybe someday. I do agree that I'm fairly likely to eventually find tech work which is compatible with me (9-5 butts-in-seats emphatically is not) by doing so, I just wish they didn't have to be separate. @cypnk @ekaitz_zarraga

@deutrino @ekaitz_zarraga @cypnk I agree that it's a huge mistake to treat the tasks internal to the project as low-value. After all, it's better to have a well functioning team that works slowly but surely and is sustainable, than quickly delivered features and people dropping like flies from the burnout. After all you are not competing here with other products, this is not a race like it is in the commercial world.
Then again, contributor docs are 100x more important than end user docs.

@deutrino @cypnk @ekaitz_zarraga Who do you expect to return that engagement to you? The developers who are already giving all attention they have spare (and often more) to the project, or the thousands of non-contributing users?
This is why it's important to have at least a rudimentary form of a community manager on the project — someone who's only (or at least the main) job is to smooth out the interactions, make sure that all people are properly thanked, etc. This is an unthankful job.

@deutrino @ekaitz_zarraga @cypnk I have my doubts about this. I think those money would disappear like a drop in the sea, and the momentary improvement would quickly fade.
I think it's more important to think about ways to change the open source culture itself, so that it will be more likely to create the kinds of environments that make it easier to care about the user.
Yes, that's a third derivative — I never said it would be easy. But if you want a real change, you need to go deep.

@ekaitz_zarraga @deshipu @cypnk
I agree with you. I am in the twilight years of my professional career. Once I have the option to code as I wish instead of to exist, after retirement, my goal is to support an open project or two to give back. I wish that everyone in that position would do so.

Imagine what a better world it would be if every tech billionaire or retiree, who doesn't need more money, did the same.

@ekaitz_zarraga @deshipu @cypnk

It is not just companies though. When I took my project to a local web dev meetup the others kept asking me how to monetize it.

thankfully not everyone is like that though

@banjofox @deshipu @cypnk Yup, not only companies but devs are just into the standard way. The way that capitalism (and companies) define as the normal and common.

People is educated on that, and that's very difficult to break.

@deshipu Google and Apple are already doing just that. They’re hyper-capitalist orgs doing it primarily for profit, and that’s not how I would have preferred it, but it’s already out of your hands

Decades of “RTFM” or “did you check x before installing” or “open the terminal...” has driven away users from crusty open source developers into the warm embrace of user-friendly alternatives

Our time had come and gone and we squandered it by forgetting human nature

@cypnk "The only measure of success that’s relevant for widespread privacy and security is adoption." I believe this to be behind basically every decision made in the development of Signal and related tooling. Some of those decisions make a hell of a lot more sense when viewed in that context. @deshipu


Very true, but some enterprising coders who understand the desire for and ease of use of graphical interfaces have an opportunity to market overlays for open source or, if they're really kind people who simply want to make things easier, they'll keep their GUIs open source, too, and free or shareware.

@EuphoriaLavender The more choices we have, the better it is for end users at least since they’re not cornered. Right now, there just aren’t enough resources to pour into better and open source alternatives, but I’m still hopeful


One of the best things about Open Source is that ANYONE can use it and contribute. There are so many people learning to code while they're young now and someone is likely to innovate simply because they'd like to have GUIs or want to make things easier for their grandparents or maybe even just for fun. Then there are older people who aren't working for a living anymore, have extra time and need intellectual stimulation and like a challenge.


I'm fairly certain we'll be seeing more and more innovations from people in that category, clever people with lots of life experience and knowledge who are redirecting their ambitions.

@cypnk "If it was hard to code, it should be hard to use!"

@Xinjinmeng @cypnk
I just can't let that slide. Software should be written to make tasks easier or faster to perform. Poorly written code (even if it was difficult to write) that is unintuitive or difficult to use, is just that.

Full disclosure: I have, for several reasons, written my share of bad code over the course of 30+ years.

@cypnk command line would be fine if it was not the minimum common denominator
people who use the firefox/chrome javascript console regularly are usually lost in lower command shells

@Efi That’s partly a lack of easy to access instructions. YouTube has helped a lot, but few people go out of their way to find tutorials. That’s mostly because of work and life leaving precious little time for much else

@cypnk affordances are better than instructions
people already know to click on buttons and links, but ttys can't leverage that

@cypnk Those who are already used to them are also users. Being friendly to them is also important. Making their work efficient is also important. Most beginner-friendly software I've seen is very unfriendly to advanced users. It wants you to keep being a beginner.

@cypnk You'd expect you could do more advanced things with it once you learn more, or use it in a faster and more efficient way, but nope, the software treats you like an idiot, and the more you learn, the more "are you sure" warnings you have to click through, only to realize you can't do what you wanted anyway.

@Wolf480pl I’m absolutely not advocating for advanced users being handicapped, but that also doesn’t mean excluding the average user from secure and private computing

I don’t know id you read the toot this is a reply to. I’m specifically referring to the state of duopoly between Apple and Google

@cypnk IOW, you're saing that we need a beginner-friendly operating system with good privacy and security protections, that our mothers and grandpas can use, while we continue to use mutt on gentoo? Seems legit. OTOH, I wouldn't want to develop software that I hate using, and I guess many FOSS devs feel the same.

@Wolf480pl Hence the dilemma. FOSS hackers have fundamentally different goals in mind, but it did leave the space wide open for Google and Apple to swoop in

I honestly think it’s too late for something different at this point. Unless Google and Apple change, it’s the Age of the Big Silos now

@bob @Wolf480pl My other worry is what happens to all that data

Also, Google isn’t even just a tech company anymore; It wants to “change the world” (whatever that means). I can see Apple getting dethroned, but Google has far too many tentacles to fall “cleanly”

@cypnk @bob

Google is like an AI gone wild.

Which makes a lot more sense when you know the corporation->AI isomorphism described on #34c3 (IIRC it was this talk events.ccc.de/congress/2017/Fa )

@cypnk yeah, we all know it's the Age of Big Silos and it sucks. I was hoping you had an idea how to fix things, but if you're saying it's too late, and we may as well go back to the proverbial installing of gentoo, then fine.

@Wolf480pl There’s a tiny glimmer of hope

I don’t think the model of a company providing Thing or Service is gonna be viable for long. I think the future may be in creating what we need when we need it

E.G. I’m building a DIY writing computer (glorified typewriter, basically). Totally not expecting anyone else to do the same, but I can see someone taking the design, tweaking it and selling it on eBay. It may be the era of bespoke devices and services

@Wolf480pl @cypnk I don't think the age of big silos will last. You can see the seeds of its destruction in the problems of today - like the fact that Twitter has been turning into the social equivalent of a toxic waste dump. I don't think they will be able to solve their social problems by deploying AI, though they will try.

There mere fact that we're communicating here in the fediverse rather than in a corporate silo is an indicator of the way things are going. Twitter can't really emulate the fediverse without destroying its business model.

I started out on this social network thing around 2010, and back then the situation really did look hopeless. It looked like Facebook had crushed everything and turned it into a naff farming game. For years the fediverse was mostly just a few Free Software holdouts.

@bob @cypnk OTOH, look at the IM space. Facebook Messanger, Telegram, WhatsApp, Snapchat, Signal - all are centralized silos a.k.a. walled gardens.

@cypnk @bob and barely anyone uses XMPP or IRC, especially on mobile.

@bob @cypnk @Wolf480pl I've been excited to see the Zeitgeist turning back towards an interest in smaller dispersed online communities. I've been championing keeping ancient bulletin boards and IRC channels going for years with no success.

@lordbowlich @bob @cypnk so you're saying this is the right time to push decentralized solutions, because people no longer want to interact with "EVERYONE!!1" and instead they want to be in a few small communities?

@Wolf480pl @lordbowlich @bob I hope the communities aren’t too few or too small ;)

But I do love the idea of cozy discussions in communities where each person can truly connect with and appreciate each other. I don’t see that on big platforms. Everyone is busy talking past each other and don’t spend enough time listening

@lordbowlich @Wolf480pl @cypnk Things do seem to be changing and I think there are multiple factors involved.

@cypnk @Wolf480pl a real part of this dynamic is:

i've been using FOSS operating systems as my main environment for 18 or 20 years. i write software and administer systems for a living. i have spent time as a technical writer on these topics for a novice audience, etc.

and "dung smeared cactus" strikes me as an entirely accurate assessment of the experience of most standard FOSS security tooling.

@Wolf480pl @cypnk there're plenty of libre tools in the general sense with decent to very good UX. my very non-technical mom has happily used linux as her main driver for ages.

but, aside from ssh, which most people can learn, interacting with security-specific tooling like openssl (anything to do with ssl, really) and (a little less so but still) gpg is just generally an awful nightmare.

@brennen @cypnk
I'm confused now: is this talk about security/privacy tools, or is it about "I want a calendar app on my phone that doesn't send all the data to a cloud service that makes money selling data to advertisers" ?

@Wolf480pl @cypnk ...that's a fair question. i haven't been awake long and i'm foggy, so i'm probably just muddling the discussion.

i would say that i think the two things are kinda related, and i concur with the original point that the duopoly situation sucks and is also probably inescapable in practice.

you can have e-mail / calendar / IM that's pretty "secure", but you mostly can't have it without giving up a bunch of other freedoms.

@cypnk @Wolf480pl i.e., gmail on an iphone is probably your best security option as j. random user in all sorts of senses.

...aside from all the ways that platform is surveilling you to hell and gone.

@cypnk @Wolf480pl nobody would have to give up the depth and expressiveness of professional grade tooling in order for these experiences to be less nightmarish, or for that matter in order for libre systems to be more generall accessible in other ways. it's a false dichotomy.

@brennen @cypnk I kinda agree openssl commandline is weird, but I feel like it more-or-less reflects the x509 data model, which is weird on its own. And the closer a tool's UI reflects the data model, the less likely you are to experience weird problems that seem to make no sense.

OTOH, gpg is a bit of a treat-user-like-idiot, with its commandline benig on a pretty high level of abstraction, far from data model, and with nonstandard options hidden behind --expert. I kinda understand why...

@cypnk not just "not going to" but can't. Maybe if they used tons and tons of free time and energy they don't have to devote themselves to learning it; maybe even if they did that they would never be able to figure it out. Either way learning how complex computer tools like the command line is a "can't" for most people, I believe. So anybody who wants to advance the cause of privacy, security, and FOSS has to accept that if they want to spread past a relatively small group of tech enthusiasts.

@sadie_bunny To be fair, we’re seen exceptions pop up that are gaining design cues that make them easier to use. It’s slow going, and something like Chrome from scratch is probably not gonna come out any time soon, but things are changing

I think the future is in products and services that aren’t delivered by giant corporations. We’re seeing people retreat to their communities for products and services and I think the same will happen for software


1) Writing GUI software is hard. It's costly, and developers aren't your slaves. They don't have an obligation to feed you, many do hard work for free, and the elitism is in your entitlement only. Not all people is pleasant as you can see, but they're also not the rich pieces of shit who work for massive corporations. Adjust your frustration accordingly.



2) FOSS that is easy to use exists, if you care to do your part of the job evaluating things that are good for you. Yours is only an ignorant, destructive, aggressive, and lazy rant. When you actually make a honest effort to understand and learn, you may find that it's been available to you for a long time.
I'm not asking anything for myself, it would be a good thing that you could do things that are good for you without shitting on the work of others though.

@h You’ve severely misunderstood this post and maybe that’s my fault

My point here is to express how a typical non-technical user will view their options. I don’t expect any user to spend more time looking for solutions than they could afford. The overwhelming majority of open source tools used for creating a secure and private computing environment (we can forget phones for now) aren’t remotely easy for the non-technical user

They ran to the silos instead


No, I didn't misunderstand.

You misunderstand and your rant was lazy, and ignorant when you decide to pile on the free software developers and use epithets to address them.

We are not Facebook, you need to be more clear on who you're talking to when you insult them.

I don't know how else to explain this to you. Your fucking rant is shite, ignorant, and lazy, making the work of devs harder and more ingrate.

Hope you understand this now.

@cypnk There are ways to formulate constructive critiques and calling people elitists and somehow making things hard on you due to their flawed character is incredibly offensive.

The way you did it is not constructive. It's just an uninformed rant that may feel like a good cathartic exercise.

It fixes nothing, it communicates nothing, it only helps you release your frustration and nothing else. Just a shit rant.

@h I didn’t take anything you just wrote personally because I understand your passion for what you do

If you do want to curse me out some more, feel free. It’s not good to hold on to emotions

“How did we end up here” is a long and complicated road where users were more and more left out of secure computing if they were not savvy. “RTFM” exists for a reason

The surveillance issues, hackers, and leaks left users scrambling for alternatives. What they found were the Silos


We're not discussing "hackers, leaks" and other things things apparently undesirable for your totally un-elitist and pristine presence and sensibility.
You're stirring things to totally unrelated topics.

The person who started disparaging other people's work, being totally unprovoked was you. If you can't acknowledge that, there's nothing more to be discussed.

@h This is a thread. All subsequent posts are related to the very first one which started with my lament over the iPhone and Chromebook. If you only look at the second in isolation, yes it may seem like an insult

Creating a secure environment was the problem. Users solved it by grabbing the first thing that neatly packaged it in lieu of having to learn comparatively difficult tools

That’s not an insult to the developers. It’s what happened

@cypnk could also just be because they're trained by marketing to trust brands they've heard of

@h My “lazy rant” was to highlight the disconnect between typical user expectations and what the open source world provides and expects of users

It’s not that users are lazy. They have, jobs, kids, lives etc...

“I want a private, secure computer I can take with me to the airport. I can lock it down by following tutorials or I can get a cheap Chromebook”

These are the real world choices users make. They will not indulge instructions in depth

@h Just to clarify, I’m absolutely not disparaging developers who dedicate their time for free to develop tools

But if the default first stance of secure computing is “open the terminal” the accepted solution will come from Google or Apple

The general public will absolutely not be tweaking the BIOS, editing config files, running command line or the like. It’s just not gonna happen. So we end up with the situation we have now:
Broke FOSS devs and a duopoly

@cypnk Yes you are. There is no elitism, there's only an irgnorant and lazy rant shitting on the work of others.

No need to apologise to me, it's unlikely that you're using anything I produced.

@cypnk @h I'll jump into the fray with these two points:

1) Before Windows 95 came out regular users used MS-DOS (and other DOS variants). What's happened is companies have fostered the "learning is hard" mentality that keeps them ignorant and using GUI tools only. Regular users have been taught to fear the CLI, but if they're taught the basics and have easy access to documentation they'll use it.

2) A very useful bridge between GUIs and the CLI is the frontend, which you don't see much today.

@ND3JR I'm not even claiming that all people should use the command line. There's plenty of perfectly usable FOSS GUI software for the last 8 years at least. There are areas that may be lacking applications like video and audio editing, but for the most part portraying free software as something that can only be used effectively from the command line is just ignorant FUD rubbish from someone who hasn't even made an honest attempt to understand anything, only insult developers.


@ND3JR @cypnk @h Conversely, regular people *DIDN'T USE COMPUTERS* before pervasive internet, which was well after GUIs had displaced CLIs (late 1990s).

I do feel like there's plenty of room to make CLIs more user-friendly, though - one possible example is IBM i (formerly i5/OS, formerly OS/400), which had some interesting ideas for a CLI - you can issue a command at the CLI, or pop up a form with all of the options, and pop up lists of possible values in the form.

@bhtooefr @cypnk @h Maybe not at home, but they did at work, which led them to want to stick with the same companies at home, Microsoft in particular. It's one of the reasons they dominated in the PC software market.

As for a more friendly FOSS CLI, it doesn't get as much publicity as I think it deserves, but there's the friendly interactive shell, or fish: fishshell.com/

@ND3JR @cypnk @h OK, that's fair enough. But, at work, they would often receive task-specific training, rather than general training, AFAIK. And, they'd be helpless to handle a new task without intensive training.

As far as home computer ownership, 50% in the US wasn't reached until 2000: census.gov/content/dam/Census/

@ND3JR @bhtooefr @cypnk @h I think BASIC disappearing into a Microsoft-dominated product you had to pay for probably didn't help either.

I like to think Python is carrying the torch these days for the average Joe that wants to start programming on their personal computer.

@bobstechsite @ND3JR @cypnk @h I've been making this point for quite a while - Visual Basic is better than it was given credit for (I mean, compared to today's world of HTML+JavaScript?), and Microsoft made a mistake by not including a cut-down VB (ala GW-BASIC, then QBASIC being distributed with DOS) with Windows 3.1.

@bobstechsite @ND3JR @bhtooefr @h I’m very happy to see Python making a presence in schools. That’s where Microsoft usually likes to weave in its tentacles so an alternative (and really nice!) programming language carrying on the torch is a delight

@starbreaker @ND3JR @bhtooefr @cypnk @h True! I didn't mention it because it never quite caught on in the same way ...and hasn't been updated for 2 years. 😂

@bhtooefr @ND3JR @cypnk @h Wonder who bought all these home computers during the mid/late 1980s and early '90s... Most seemed like pretty regular people from behind the counter in the Atari shop in 1993 or so. It was just not everyone and their kids.

@galaxis @ND3JR @cypnk @h I am basing all of this off of US-centric data, mind you, but my understanding is that it was basically early adopter types, as well as people buying them for their kids?

@bhtooefr I don't have any data, but there were a lot of people using their computers for business stuff. The Atari SLM804 laser printer sold pretty well in Germany, for example.

@galaxis Although that falls into work, not home, no?

@bhtooefr Yes, but then I'm not talking about big companies introducing computers into their offices, but shop owners doing their correspondence with some word processor and a printer, or their accounting - often from home. Where the computers were then used by the kids for fun, too. It's not as if most people could afford to buy several computers. Something in the line of "I need my computer for work but my son played games and now I can't find my documents" was a pretty common support case.

@galaxis @bhtooefr In UK the Amstrad PCW (CP/M machine supplied with a dot matrix printer), at one point badged "Schneider Joyce" in DE tended to get used for similar "home office" uses until early 1990s.

From memory the bunded "Locoscript" software had a UI that slightly isolated the user from the CP/M command line (a frontend of text menus with line drawing characters). a mono green display with limited graphics compared to other machines of the era meant it was of less appeal to kids..

@vfrmedia @galaxis And wasn't the PCW line basically positioned as a word processor? (Now that's a class of device that is totally dead.) It didn't come here, though - Smith Corona and Brother dominated that market here, AFAIK.

@bhtooefr @galaxis it was, although the machines were fully fledged CP/M systems and many business apps (payroll and accounts, database etc) were ported to the platform.

I suspect its hardware design would be a big factor why it wasn't sold to USA - the whole CPU, power supply and printer controller were inside the monitor case and the power unit was designed for 230V mains supplies..

@bhtooefr @ND3JR @cypnk @h OS/400 did this very well, and it was still too much for most users.

@ND3JR @cypnk @h
Okay, but consider that lots of disabled and poor people use computers to engage in resource-gathering. Things like work, socializing, making doctor's appointments, etc. If we have to learn an entire extra language just to have our basic needs met, more of us will die.

@ThisQueerBashesBack @cypnk @h I think you're focusing on 1) and skipping 2). I'm not saying that learning the command line should be mandatory, just that users are taught to fear it. I know that the CLI isn't appropriate for every situation, and I never said that.

Which brings me to 2) in more detail. When I say "frontend" I mean a GUI or TUI program that takes input from the user and uses it to execute commands on a CLI, which may or may not be visible to the user.

@ND3JR @cypnk @h

I've been using Linux since 1999, aside from a few years on Windows 7, so I've learned the basics of the CLI. I still avoid using it wherever possible because it's a layer of complexity I don't need and I don't use it enough to reliably remember most of the commands except for the simplest like CD and LS.

I don't imagine I'm alone in this by any means.

@Nezchan @cypnk @h This may surprise you, and not that you need my approval anyway, but I'm find with that. You've tried it, it doesn't work for you and you don't need it, so why should you have to use it? You've made a choice instead of just reflexively avoiding it like a lot of people have been taught to do.

@ND3JR @cypnk @h

I do still occasionally use it, mostly because the GUI for Streamlink STILL doesn't have a simple, straightforward installation, and occasionally restarting Pulseaudio because the stupid thing shuts down sometimes when my machine goes into sleep mode.

Won't deny CLI's got its uses, but I imagine a lot of people, even given the knowledge to use it, will look for other solutions that require less memorization.

@Nezchan @ND3JR @cypnk @h

I prefer to use a command line for most tasks, mainly because I find CLI tools are simpler, more reliable, and less costly in terms of memory and CPU.

However, I don't memorize everything. I don't even try. I just keep the manual page open, and I eventually memorize the commands and switches I most often use. Everything else is in the manual.

But I'm not going to begrudge people who prefer a GUI as long as they don't try to force me to use it.

@starbreaker @h @cypnk @Nezchan Your last sentence hits home what I think as well. One of the things I like most about (most) FOSS is that it doesn't force you to do things in one way; it gives users a choice. Or, to use the old Burger King slogan, it allows you to "have it your way."

I see frontends as an excellent way to achieve that: have a CLI for people who want that, but those that don't can stick to using the GUI or TUI frontend without having to learn the underlying commands.

@ND3JR @Nezchan @cypnk @h

Ideally all software would be designed and implemented so that the functionality is accessible via a well-documented API and it doesn't matter whether you're using a CLI tool, a desktop GUI app, or a web app to interact with the software.

But that might be overkill for low-level utilities.

@starbreaker @h @cypnk @Nezchan The best example I can think of that does what you describe is the Music Player Daemon, though it uses networking.


@starbreaker @ND3JR @cypnk @h

One of the strengths is that you *can* use either CLI or GUI, but you don't *have* to use one or the other (mostly, at least).

@ND3JR @Nezchan @h Some minor things here and there still need a bit of CLI love, but not the end of the world, hopefully ;)

My mom had a whale of a time on Elementary OS which is the nicest environment she’s used. Arguably on par with the Chrome experience and I don’t think she’s had to touch a terminal

@cypnk @h @ND3JR

One thing I do like is that most of the time if I have a problem that requires a terminal, there are sites that have the full commands ready to copy/paste. No need to fuss around with figuring it all out myself, and most of the time those solutions work.

@ND3JR @cypnk @h

This is wishful thinking. The average user in my managed environments would literally shit bricks if they had to use a CLI.

And god forbid you get a doctor, lawyer, or teacher involved. They would lynch you for the impact on their workflow.

Right or wrong, it is simply what it is. CLI is never going to be accepted by 90+% of users.

Ease of use is king. CLI is not intuitive without a training component for each command... GUI users standard gestures across suites.

@h @cypnk @ND3JR

See, it's easy for us, but we are nowhere near average. It's not elitist. It's real, any as a corollary, why we all have jobs in IT

@cypnk @h but didn't I just see you post advice to *not* make FOSS tools have an automagic installer? How do you consolidate these points?

@fenwick67 I don’t quite follow. Do you mean devices preinstalled?

@irina A beautiful oasis! But I was specifically referring to secure platform tools in the previous toot ;)

BTW, Krita is like the best thing to happen to the indie art community. It has brought people together, given so many countless hours of joy to so many people, even launched careers. All around a wonderful piece of software

@cypnk ah, neglected to read that (but I'm at fosdem for krita and had a great discussion about user friendliness yesterday, so it came to mind immediately)

@cypnk And thank you! I'll relay it to the maintainer (who I happen to be married to)

@irina Wow! Please convey the immense sense of satisfaction we have in knowing one of our favorite tools is in good hands

@cypnk I disagree there are a lot of open source programs that have lots of documentation

@Nixfreak Documentation, sure. But if you scroll up to the previous post, this is in relation to why Chrombooks and iPhones are reigning in the secure computing category. I really don't expect the typical non-technical user (a demographic that keeps increasing) will ever read the documentation

They just want their device in a nice secure package

It's a complicated problem

@cypnk - I don’t know that it’s elitism. I think the issue is lack of UI/UX designers and developers contributing to open source projects. For instance, I know how to code command line programs with python and bash. I use those skills in my day job, so its simple to volunteer time to FOSS tools in a similar arena. But, I don’t know GUI programming nor UI/UX concepts. In non-free software, those are dedicated positions.

@tinker That’s a big part of it, but platform tools by are largely still designed around the command line. Take my OS of choice, OpenBSD:
“Only two remote holes in the default install, in a heck of a long time”

That’s fantastic! But my tech illiterate neighbor who can barely operate his thermostat (unless his router came with it preinstalled) can’t benefit. Now the Chromebook OTOH, he can use like a champ

Not suggesting OpenBSD adopt a GUI, but it’s remained niche for a reason

@cypnk - Oh, I fully agree that it is not user friendly at all! And I fully agree that we should strive to make it user friendly for mass adoption! - The focus needs to be on getting Project Managers and UI/UX folks into FOSS development as well. A great example of this is Moxie Marlonspike’s efforts with Signal Private Messenger.

@tinker @cypnk

> The focus needs to be on getting Project Managers and UI/UX folks into FOSS development as well.

and they will fight you on this; they see PMs as pointless bureaucracy and UX people as masturbators who wish to "dumb down" their things

@calvin @cypnk - I’ve seen that attitude explicitly in one specific project that had so much promise. It’s almost fully withered right now.

@calvin @cypnk @tinker the key to having PMs in free software is to have a GOOD PM, one that actually cares about productivity not someone who just wants to be a dictator.

@jeff @cypnk @calvin - Absolutely. There’s a strong FOSS culture around many hackers and coders. What about PMs or Designers? How do we bring them in?

@tinker @calvin @cypnk money would absolutely solve it but that's probably not happening for most projects. I really have no idea on the topic of PMs, but for artists maybe promote the idea of collaboration between artists.
@tinker @calvin @cypnk
the sharing of assets aspect could be applied to art and that would yield a lot of art just like it did for software. not sure if that's compatible with most artists though. many just want to be known as an individual artist not as a community of artists.
@tinker @cypnk proprietary solutions have money to pay designers and do QA.
free software doesn't. that's the difference.

@jeff @cypnk - Money is one issue. Signal has Open Whisper Systems behind it which started off by a core group of people who become financially stable and could focus on it. Later it brought and continues to bring in a lot of donations, including corporate donations.

Most of the open source tools that we use are made by a coder for that coder’s personal use. They open it up to others who may contribute a bit here or there.

@tinker @cypnk UX/UI is hard and I personally am fine with stdout, stderr and stdin as I am insane. :p

@jeff @cypnk - As are we all! Haha :) and I don’t think that’s elitist. We’re just used to it and it fits our needs and skill level. - It’s not enough for mass adoption though. And if mass adoption is the goal for a specific FOSS project, UI/UX and the designers behind it have to be a core part of it.

@tinker Moxie’s and the team’s work is amazing. I’d be hard pressed to find another group that has done more to bring end-to-end encryption to the masses. They’ve probably saved lives with their work already

@cypnk - Definitely a combination of skill, drive, organization, funds, cultural zeitgeist, and I’m certain... a bit of luck. There’s a story there. Something to be studied and applied elsewhere.

@cypnk The banner of Open Source flies high for all to see!

(Bug "Can't reach banner" closed: Irrelevant to Project Goals, User Error)

@cypnk but gnome and kde are reasonably friendly to use. At work ms office using boss moved to libreoffice because of ms office bugs on os x. Only complaint was not finding where track changes in LO was. There are projects like pep foundation & even gpg that are hammering on the hard problem of streamlining trust management.

I think the reasons for this are more complicated than just gatekeeping - but to me, being accessible to end users is such an important part of being OPEN, I don't understand why it isn't expressed as a core value through what we build.

Gosh, after posting my masto client scrolled thru the 5 days of responses btw yr post and my reply.

Wishing client UI had surfaced "many responses have been made" somehow!

Anyway, interesting reading, I stopped at about day 1.5 with the first sweary response. Sorry to pile on! I think I agree with you.

We want the best tools not the most popular ones.