Nope! Since the code's totally open-source, I'm sure someone would be able to set up another instance of the site, but a lot of the data would probably be lost and the domain would probably need...
Nope!
Since the code's totally open-source, I'm sure someone would be able to set up another instance of the site, but a lot of the data would probably be lost and the domain would probably need to change.
I should probably try to set up something, but I'm honestly not even sure of a good way to do it. Compiling a collection of all the passwords, SSH keys, 2FA backup codes, etc. needed to be able to manage everything is a bit risky, and I'm not even sure where I'd store it that would be secure but still accessible if someone needs to get to it.
I'm open to suggestions if anyone knows a good way to prepare for this kind of thing.
You should print everything, bury it and give the location to your close relatives. I’m only half joking. Analog security is something we should take more into account.
You should print everything, bury it and give the location to your close relatives. I’m only half joking. Analog security is something we should take more into account.
Yeah, I do this with some of my personal info. I have a safety deposit box that contains a bunch of passwords and 2FA backup codes written down and an extra YubiKey that's associated with my...
Yeah, I do this with some of my personal info. I have a safety deposit box that contains a bunch of passwords and 2FA backup codes written down and an extra YubiKey that's associated with my accounts, and some other stuff. That's intended more as a backup in case my house burns down or similar cases though, I doubt anyone's going to care about it if I die.
I should probably just try to do something similar with Tildes info (similar to what @Amarok was suggesting too): put together a "contingency package", get a safety deposit box registered to the non-profit, and give a key to one or more of the board members. It probably wouldn't be too bad to set up, just always have to remember to go replace anything in it if it ever changes. Having outdated passwords/etc. in there makes the whole thing useless.
When you store it in the bank, make damn sure it's encrypted just in case. Maybe it's just my paranoia, but that's a very easy target for law enforcement to obtain, so don't make their poking...
When you store it in the bank, make damn sure it's encrypted just in case. Maybe it's just my paranoia, but that's a very easy target for law enforcement to obtain, so don't make their poking around easy for them. Deposit boxes are better than closets, kids don't accidentally find things in them. Small ones tend to be damn cheap, too. Time was I hauled a box of 80 tapes to one every week as part of our offsite backups. That one was not small. :P
Not really. Most of the server-config stuff is all defined in Salt, and there aren't very many manual tasks. I should probably write some up though, it would be useful for people doing...
Not really. Most of the server-config stuff is all defined in Salt, and there aren't very many manual tasks. I should probably write some up though, it would be useful for people doing development, and eventually maybe people running their own instance of the Tildes code for their own site.
Hell yes. There's an old adage that applies here too. Never underestimate the bandwidth of a truck full of tapes hurtling down the highway. It's only one packet, but it's a big packet. The right...
Hell yes. There's an old adage that applies here too. Never underestimate the bandwidth of a truck full of tapes hurtling down the highway. It's only one packet, but it's a big packet.
The right way to do it is to create a USB drive (or multiple drives in multiple places in case of hardware failure or asteroid impact) that contains the information needed to resurrect Tildes, whatever that is. Then it's given to trusted individuals to basically toss in the closet and forget about.
If security is a concern, this can be encrypted, and the password/phrase only given verbally to the trusted individuals, just in case someone else finds a key somehow. In this circumstance, the password needn't be some massive complicated thing that has to be written down. It can be something like 'the first sentence from this book' - though being more creative than using a bible verse when choosing is encouraged, since that's more easy to guess/brute force.
I have something similar for my personal vaults, the ones I would definitely loose if I lost or forgot the passwords for. No post-death plan though. Gotta do that sometime.
I have something similar for my personal vaults, the ones I would definitely loose if I lost or forgot the passwords for.
No post-death plan though. Gotta do that sometime.
I've done contingency for my last two companies. It's pretty simple and straightforward. All user-input passwords should go in a password manager that allows you to share with someone else. I...
I've done contingency for my last two companies. It's pretty simple and straightforward.
All user-input passwords should go in a password manager that allows you to share with someone else. I recommend 1Password, but I recently (on Tildes) have heard lots of good about Bitwarden. I haven't tried it yet though so YMMV.
Route all accounts possible through a central account management system. I use GSuite for that; it's cheap and very standard, and most websites allow login-with-google (which gives you login-with-gsuite for free).
For infrastructure, use the excellent Terraform. This allows you to define infrastructure relationships declaratively. It also avoids storing too much shit in your password managers and having to copy/paste those around, as you can use various providers to lug credentials around more securely (eg. to SSM, or gitlab variables, or what have you). There's even-more-secure solutions for this (such as Hashicorp Vault), but they're overkill for small projects.
This is some example terraform config for one of my projects:
You can set up a dead-man-switch to automatically unlock your password manager (eg. by sending an email with some one-time-use credentials) for a trusted person if you want to get fancy, but I'm personally a proponent of "every serious project should always have at least two people with super-admin access", even if that role is the only role that second person fulfills.
I'm personally happy with that answer. The community can stand up and take over with a new chapter rather than someone being hostage of the/your original will. The community wouldn't be tempted so...
I'm personally happy with that answer.
The community can stand up and take over with a new chapter rather than someone being hostage of the/your original will. The community wouldn't be tempted so much to compare the successor to the predecessor since you didn't choose them to pursue your goal.
On the topic of data, I personally think the data should simply vanish. The problem with keeping that data open is that anyone who wishes to delete their data would find it much harder if anyone has access to the full database.
Furthermore, if someone's account were to be compromised which was in the original database, they'd be able to impersonate the person on any of the successor's services.
I don't think there'd be a safe avenue in which you could give tildes to someone else without it causing many issues really.
I like where your head is at. I think it could work better than that too. Store everything only as disassociated data in the resurrection drives (well, once we're there with that feature). That...
I like where your head is at. I think it could work better than that too. Store everything only as disassociated data in the resurrection drives (well, once we're there with that feature). That way all the original content is preserved, even after all the user information is wiped out. Then you reactivate all of the invite codes and let people create new accounts with them again. I bet most people still have their invite codes in their PMs in other places, so that'll get some of them back really easily. I haven't seen many raw codes out in the wild, it's been almost all PMs. Then we just use invites@tildes.net and/or /r/tildes to bring in the rest.
That means the site is wiped clean of all content and starts at square one again - not a good plan. Wiping the user accounts out and leaving all content up as disassociated solves that problem,...
That means the site is wiped clean of all content and starts at square one again - not a good plan.
Wiping the user accounts out and leaving all content up as disassociated solves that problem, and any problems of impersonation, since everyone has to register a new account again.
I think the idea is that people should have control over their history beyond disassociation, and that their ability to retain the ability to delete trumps the ability to retain the site at all.
I think the idea is that people should have control over their history beyond disassociation, and that their ability to retain the ability to delete trumps the ability to retain the site at all.
I'll go into more detail why I'd be strongly opposed to this type of backup. First, Tildes builds around communities - it doesn't create them. Why's that relevant? Well, if we save the groups then...
I'll go into more detail why I'd be strongly opposed to this type of backup.
First, Tildes builds around communities - it doesn't create them.
Why's that relevant? Well, if we save the groups then we've created a problem Tildes has tried to avoid since the beginning - We don't want to divide communities more than necessary by the communities themselves. So if, we started up a new service based on that data, we'd have created exactly that. Empty communities which are useless until real communities come.
Secondly, tildes is not about content - it is about discussion
"So why not save those conversations then?", well, simply put they're only relevant for the context they're in. The people that speak them, their experiences and the work they've put into them would be lost if we dissociated them from each other, it'd be meaningless banter and following a conversation would be quite hard without knowing who said what. Furthermore, if we don't save the groups and only the conversations, it becomes quite cumbersome to find the data and all context is basically lost. It's just not worth it.
Thirdly, people's control
The content they share at a certain point might feel fine to them but not at another time, they may want to delete that data but if we dissociate them from the data then they are unable to do so and loose control over their own work and thoughts.
The goal here isn't to create a new site, it's to restore this site. If we want to start Tildes over again, there's no need to retain any of the data, and there's no need for any kind of backup -...
The goal here isn't to create a new site, it's to restore this site. If we want to start Tildes over again, there's no need to retain any of the data, and there's no need for any kind of backup - all that's needed is the source code that's already up on gitlab.
If we're going about this instance of Tildes, what's the point of a backup at all? Can't someone just take Deimos' keys and just keep it running? I don't really see the purpose to dissociate the...
If we're going about this instance of Tildes, what's the point of a backup at all? Can't someone just take Deimos' keys and just keep it running?
I don't really see the purpose to dissociate the data there.
Also, if we kill people's accounts in the transfer, my points still stand. I mean, what purpose does the content have if we can't figure out what it means as pointed in my second point? There's no guarantees that the same people will come back so the communities from my first point still stands too. And if we dissociate the data, the third point still stands.
Do you want to wipe out over a year of productive discussions about features just in the ~tildes group? For most of that theorycrafting, those user posts are the only record of the ideas and...
Do you want to wipe out over a year of productive discussions about features just in the ~tildes group? For most of that theorycrafting, those user posts are the only record of the ideas and solutions we've come up with but haven't implemented yet. Wiping that out just to safeguard some kind of nebulous ownership of comments seems idiotic.
I certainly don't want my posts there wiped out just because the main server goes up in flames for whatever reason. If they get disassociated, that doesn't bother me, because at least they still exist for reference in the future.
People get hit by buses. Hardware fails. Coders make brown-paper-bag mistakes and vaporize their database structures. So do systems administrators. So do court judges and overzealous law enforcement officials. I could give you a multiple-page list of scenarios like these that I've personally seen, and a longer one covering the crazy shit that happens, like airplanes having unscheduled landings on your datacenter, or drunk drivers taking a detour home through the rack hosting your system.
It seems like you're advocating that we don't need backups. Frankly, that's crazy talk, and ignores every kind of best practice in the entire sphere of computing technology going back to the 70s.
If we keep everything up, I think it's fine to keep it but if we dissociate it and don't give people's accounts then I think it's kind of a pointless dance which is dangerous at worst. I'm...
Do you want to wipe out over a year of productive discussions about features just in the ~tildes group? For most of that theorycrafting, those user posts are the only record of the ideas and solutions we've come up with but haven't implemented yet. Wiping that out just to safeguard some kind of nebulous ownership of comments seems idiotic.
If we keep everything up, I think it's fine to keep it but if we dissociate it and don't give people's accounts then I think it's kind of a pointless dance which is dangerous at worst.
It seems like you're advocating that we don't need backups. Frankly, that's crazy talk, and ignores every kind of best practice in the entire sphere of computing technology going back to the 70s.
I'm advocating that we either transfer it as a whole to a new entity or start anew, trying to do something in between creates a lot of issues in my eyes.
Transferring it as a whole is what I see as the ideal option. The reason I brought up disassociation is because you mentioned there that you were concerned with impersonation. Wiping user accounts...
Transferring it as a whole is what I see as the ideal option.
On the topic of data, I personally think the data should simply vanish. The problem with keeping that data open is that anyone who wishes to delete their data would find it much harder if anyone has access to the full database.
Furthermore, if someone's account were to be compromised which was in the original database, they'd be able to impersonate the person on any of the successor's services.
The reason I brought up disassociation is because you mentioned there that you were concerned with impersonation. Wiping user accounts out and reactivating invite codes solves that problem while preserving the data because no one will be able to tell who made what comments. All the names would be random. Users would lose the ability to delete their comments in the interface because they'd have to create new accounts. Anyone who wanted old data wiped in a selective fashion could simply PM the new site administrator to have that done and include a list of comments.
It comes down to how badly you care about impersonation. I don't really see that as much of a risk, since 2FA already exists here.
Yes I was in the context of making that backup available to the public, not to someone which Deimos would've chosen. Ah, I assumed all the names would be "Unknown" or "Removed" or something of the...
The reason I brought up disassociation is because you mentioned there that you were concerned with impersonation.
Yes I was in the context of making that backup available to the public, not to someone which Deimos would've chosen.
Wiping user accounts out and reactivating invite codes solves that problem while preserving the data because no one will be able to tell who made what comments. All the names would be random.
Ah, I assumed all the names would be "Unknown" or "Removed" or something of the like where it would be really hard to follow any type of conversations.
Users would lose the ability to delete their comments in the interface because they'd have to create new accounts. Anyone who wanted old data wiped in a selective fashion could simply PM the new site administrator to have that done and include a list of comments.
I mean yes but that's also more complicated to do and you don't have a list of your comments so it'd be really hard to find it and just generally not a great system to do so.
Yeah, I didn't really make that clear after re-reading this. I guess I must've edited it out when I was drafting the responses. I tend to restructure and change the post as my ideas become more...
Yeah, I didn't really make that clear after re-reading this. I guess I must've edited it out when I was drafting the responses. I tend to restructure and change the post as my ideas become more clear and yeah.. That was my bad.
What you should do is that record a message that releases upon your death that you have hidden a master vault password for Tildes in five parts around the world and whoever can follow the clues...
What you should do is that record a message that releases upon your death that you have hidden a master vault password for Tildes in five parts around the world and whoever can follow the clues and gathers all five pieces of the password becomes the new Deimos. You don't actually have to do any of that, but even if you just release the message and have no intention of setting up a post-mortem scavenger hunt, it would be kind of entertaining to watch it play out.
Yeah, the problem with using a dead man's switch for something like this is that it takes a month to send the files over to the person that's supposed to be taking over, and they're locked out...
Yeah, the problem with using a dead man's switch for something like this is that it takes a month to send the files over to the person that's supposed to be taking over, and they're locked out until it goes off. You don't want something like this to have a significant delay on it, so you end up with a really annoying switch that you have to remember to hit every day or something similar.
And the other problem with time bombs is that they tend to explode. See Mozilla's recent certificate issues. Or the number of domains that people have let carelessly expire over the years. Even...
And the other problem with time bombs is that they tend to explode. See Mozilla's recent certificate issues. Or the number of domains that people have let carelessly expire over the years. Even Microsoft has fallen victim to that one.
Having a trusted second man with the keys and clear instructions seems like a safer approach, generally speaking. Then your bus factor is two instead of one.
Probably because Deimos hasn't written the necessary code for that feature yet - just like so many other things that don't work yet in this early unfinished alpha-testing version of Tildes. :)
Probably because Deimos hasn't written the necessary code for that feature yet - just like so many other things that don't work yet in this early unfinished alpha-testing version of Tildes. :)
Tildes is so good and stable that I tend to forget it is still alpha. Maybe that is because most 1.0 stuff out there are actually still pre-alpha quality... Big thanks to @Deimos &co for going at...
Tildes is so good and stable that I tend to forget it is still alpha. Maybe that is because most 1.0 stuff out there are actually still pre-alpha quality...
Big thanks to @Deimos &co for going at it with care!
It freaks me out how well it's being managed. The number of developers I've personally worked with is in the hundreds, and I can count the number who had this level of care and rigor on one hand....
It freaks me out how well it's being managed. The number of developers I've personally worked with is in the hundreds, and I can count the number who had this level of care and rigor on one hand. It really is an impressive track record.
A lot of people do. That's why I make a point of reminding people of this whenever the opportunity presents itself - because it's important for everyone to keep in mind that Tildes is nowhere near...
Tildes is so good and stable that I tend to forget it is still alpha.
A lot of people do. That's why I make a point of reminding people of this whenever the opportunity presents itself - because it's important for everyone to keep in mind that Tildes is nowhere near finished yet (it's barely started).
Hmph! I don't guess. I extrapolate in an informed manner, based on past trends and mathematically calculated predictions. Anyway, everyone knows if something doesn't work around here, it's because...
confirming Algernon's guess. ;)
Hmph! I don't guess. I extrapolate in an informed manner, based on past trends and mathematically calculated predictions.
Anyway, everyone knows if something doesn't work around here, it's because it still has an "Under Construction" sign hanging on it.
Nope!
Since the code's totally open-source, I'm sure someone would be able to set up another instance of the site, but a lot of the data would probably be lost and the domain would probably need to change.
I should probably try to set up something, but I'm honestly not even sure of a good way to do it. Compiling a collection of all the passwords, SSH keys, 2FA backup codes, etc. needed to be able to manage everything is a bit risky, and I'm not even sure where I'd store it that would be secure but still accessible if someone needs to get to it.
I'm open to suggestions if anyone knows a good way to prepare for this kind of thing.
You should print everything, bury it and give the location to your close relatives. I’m only half joking. Analog security is something we should take more into account.
Yeah, I do this with some of my personal info. I have a safety deposit box that contains a bunch of passwords and 2FA backup codes written down and an extra YubiKey that's associated with my accounts, and some other stuff. That's intended more as a backup in case my house burns down or similar cases though, I doubt anyone's going to care about it if I die.
I should probably just try to do something similar with Tildes info (similar to what @Amarok was suggesting too): put together a "contingency package", get a safety deposit box registered to the non-profit, and give a key to one or more of the board members. It probably wouldn't be too bad to set up, just always have to remember to go replace anything in it if it ever changes. Having outdated passwords/etc. in there makes the whole thing useless.
When you store it in the bank, make damn sure it's encrypted just in case. Maybe it's just my paranoia, but that's a very easy target for law enforcement to obtain, so don't make their poking around easy for them. Deposit boxes are better than closets, kids don't accidentally find things in them. Small ones tend to be damn cheap, too. Time was I hauled a box of 80 tapes to one every week as part of our offsite backups. That one was not small. :P
Tangential question - do you have a runbook yet?
Not really. Most of the server-config stuff is all defined in Salt, and there aren't very many manual tasks. I should probably write some up though, it would be useful for people doing development, and eventually maybe people running their own instance of the Tildes code for their own site.
Hell yes. There's an old adage that applies here too. Never underestimate the bandwidth of a truck full of tapes hurtling down the highway. It's only one packet, but it's a big packet.
The right way to do it is to create a USB drive (or multiple drives in multiple places in case of hardware failure or asteroid impact) that contains the information needed to resurrect Tildes, whatever that is. Then it's given to trusted individuals to basically toss in the closet and forget about.
If security is a concern, this can be encrypted, and the password/phrase only given verbally to the trusted individuals, just in case someone else finds a key somehow. In this circumstance, the password needn't be some massive complicated thing that has to be written down. It can be something like 'the first sentence from this book' - though being more creative than using a bible verse when choosing is encouraged, since that's more easy to guess/brute force.
It's not perfect security but it's enough.
I have something similar for my personal vaults, the ones I would definitely loose if I lost or forgot the passwords for.
No post-death plan though. Gotta do that sometime.
I've done contingency for my last two companies. It's pretty simple and straightforward.
This is some example terraform config for one of my projects:
You can set up a dead-man-switch to automatically unlock your password manager (eg. by sending an email with some one-time-use credentials) for a trusted person if you want to get fancy, but I'm personally a proponent of "every serious project should always have at least two people with super-admin access", even if that role is the only role that second person fulfills.
(AMA on contingency if you like)
Can offer support for bitwarden; it is rock solid with a servicable UI. Its also opensource, which is always nice.
I'm personally happy with that answer.
The community can stand up and take over with a new chapter rather than someone being hostage of the/your original will. The community wouldn't be tempted so much to compare the successor to the predecessor since you didn't choose them to pursue your goal.
On the topic of data, I personally think the data should simply vanish. The problem with keeping that data open is that anyone who wishes to delete their data would find it much harder if anyone has access to the full database.
Furthermore, if someone's account were to be compromised which was in the original database, they'd be able to impersonate the person on any of the successor's services.
I don't think there'd be a safe avenue in which you could give tildes to someone else without it causing many issues really.
I like where your head is at. I think it could work better than that too. Store everything only as disassociated data in the resurrection drives (well, once we're there with that feature). That way all the original content is preserved, even after all the user information is wiped out. Then you reactivate all of the invite codes and let people create new accounts with them again. I bet most people still have their invite codes in their PMs in other places, so that'll get some of them back really easily. I haven't seen many raw codes out in the wild, it's been almost all PMs. Then we just use invites@tildes.net and/or /r/tildes to bring in the rest.
I think you're probably replying to the wrong person because I personally think transferring the data to anyone is a bad idea.
That means the site is wiped clean of all content and starts at square one again - not a good plan.
Wiping the user accounts out and leaving all content up as disassociated solves that problem, and any problems of impersonation, since everyone has to register a new account again.
I think the idea is that people should have control over their history beyond disassociation, and that their ability to retain the ability to delete trumps the ability to retain the site at all.
I'll go into more detail why I'd be strongly opposed to this type of backup.
First, Tildes builds around communities - it doesn't create them.
Why's that relevant? Well, if we save the groups then we've created a problem Tildes has tried to avoid since the beginning - We don't want to divide communities more than necessary by the communities themselves. So if, we started up a new service based on that data, we'd have created exactly that. Empty communities which are useless until real communities come.
Secondly, tildes is not about content - it is about discussion
"So why not save those conversations then?", well, simply put they're only relevant for the context they're in. The people that speak them, their experiences and the work they've put into them would be lost if we dissociated them from each other, it'd be meaningless banter and following a conversation would be quite hard without knowing who said what. Furthermore, if we don't save the groups and only the conversations, it becomes quite cumbersome to find the data and all context is basically lost. It's just not worth it.
Thirdly, people's control
The content they share at a certain point might feel fine to them but not at another time, they may want to delete that data but if we dissociate them from the data then they are unable to do so and loose control over their own work and thoughts.
The goal here isn't to create a new site, it's to restore this site. If we want to start Tildes over again, there's no need to retain any of the data, and there's no need for any kind of backup - all that's needed is the source code that's already up on gitlab.
If we're going about this instance of Tildes, what's the point of a backup at all? Can't someone just take Deimos' keys and just keep it running?
I don't really see the purpose to dissociate the data there.
Also, if we kill people's accounts in the transfer, my points still stand. I mean, what purpose does the content have if we can't figure out what it means as pointed in my second point? There's no guarantees that the same people will come back so the communities from my first point still stands too. And if we dissociate the data, the third point still stands.
I don't know where you're going with this.
Do you want to wipe out over a year of productive discussions about features just in the ~tildes group? For most of that theorycrafting, those user posts are the only record of the ideas and solutions we've come up with but haven't implemented yet. Wiping that out just to safeguard some kind of nebulous ownership of comments seems idiotic.
I certainly don't want my posts there wiped out just because the main server goes up in flames for whatever reason. If they get disassociated, that doesn't bother me, because at least they still exist for reference in the future.
People get hit by buses. Hardware fails. Coders make brown-paper-bag mistakes and vaporize their database structures. So do systems administrators. So do court judges and overzealous law enforcement officials. I could give you a multiple-page list of scenarios like these that I've personally seen, and a longer one covering the crazy shit that happens, like airplanes having unscheduled landings on your datacenter, or drunk drivers taking a detour home through the rack hosting your system.
It seems like you're advocating that we don't need backups. Frankly, that's crazy talk, and ignores every kind of best practice in the entire sphere of computing technology going back to the 70s.
If we keep everything up, I think it's fine to keep it but if we dissociate it and don't give people's accounts then I think it's kind of a pointless dance which is dangerous at worst.
I'm advocating that we either transfer it as a whole to a new entity or start anew, trying to do something in between creates a lot of issues in my eyes.
Transferring it as a whole is what I see as the ideal option.
The reason I brought up disassociation is because you mentioned there that you were concerned with impersonation. Wiping user accounts out and reactivating invite codes solves that problem while preserving the data because no one will be able to tell who made what comments. All the names would be random. Users would lose the ability to delete their comments in the interface because they'd have to create new accounts. Anyone who wanted old data wiped in a selective fashion could simply PM the new site administrator to have that done and include a list of comments.
It comes down to how badly you care about impersonation. I don't really see that as much of a risk, since 2FA already exists here.
Yes I was in the context of making that backup available to the public, not to someone which Deimos would've chosen.
Ah, I assumed all the names would be "Unknown" or "Removed" or something of the like where it would be really hard to follow any type of conversations.
I mean yes but that's also more complicated to do and you don't have a list of your comments so it'd be really hard to find it and just generally not a great system to do so.
Ah, I missed the 'available to the public' bit, that's where we got to talking past each other.
Yeah, I didn't really make that clear after re-reading this. I guess I must've edited it out when I was drafting the responses. I tend to restructure and change the post as my ideas become more clear and yeah.. That was my bad.
What you should do is that record a message that releases upon your death that you have hidden a master vault password for Tildes in five parts around the world and whoever can follow the clues and gathers all five pieces of the password becomes the new Deimos. You don't actually have to do any of that, but even if you just release the message and have no intention of setting up a post-mortem scavenger hunt, it would be kind of entertaining to watch it play out.
the Tildes
ThunderdomeAlternate Reality Game: 10,000 people enter, 1 Deimos leavesYeah, the problem with using a dead man's switch for something like this is that it takes a month to send the files over to the person that's supposed to be taking over, and they're locked out until it goes off. You don't want something like this to have a significant delay on it, so you end up with a really annoying switch that you have to remember to hit every day or something similar.
And the other problem with time bombs is that they tend to explode. See Mozilla's recent certificate issues. Or the number of domains that people have let carelessly expire over the years. Even Microsoft has fallen victim to that one.
Having a trusted second man with the keys and clear instructions seems like a safer approach, generally speaking. Then your bus factor is two instead of one.
Weekend at Deimos'? This sounds like a gnarly sitcom.
Tagging @Deimos in a comment, because user-tagging doesn't work in topics. (I mean... he reads everything in ~tildes anyway, but...)
Probably because Deimos hasn't written the necessary code for that feature yet - just like so many other things that don't work yet in this early unfinished alpha-testing version of Tildes. :)
Tildes is so good and stable that I tend to forget it is still alpha. Maybe that is because most 1.0 stuff out there are actually still pre-alpha quality...
Big thanks to @Deimos &co for going at it with care!
It freaks me out how well it's being managed. The number of developers I've personally worked with is in the hundreds, and I can count the number who had this level of care and rigor on one hand. It really is an impressive track record.
A lot of people do. That's why I make a point of reminding people of this whenever the opportunity presents itself - because it's important for everyone to keep in mind that Tildes is nowhere near finished yet (it's barely started).
Yep. Right now the notifications page is only set up to display comments, so there's no way for a topic to show up in that page yet.
Just FYI, Deimos answered less than a minute before you did (so you probably didn't see it) confirming Algernon's guess. ;)
Hmph! I don't guess. I extrapolate in an informed manner, based on past trends and mathematically calculated predictions.
Anyway, everyone knows if something doesn't work around here, it's because it still has an "Under Construction" sign hanging on it.