Fair warning: this post is pretty passive-aggressive
I recently participated in the Hack-a-Sat CTF. How my team did and the write-ups for that are entirely outside the scope of this post, but the uniquely notable part is that we organized a team, coordinated solutions, and worked as a team with entirely open-source communication, much of it self-hosted. Namely, we used:
- Mastodon and related ActivityPub-based services for finding a team
- Matrix for communications, additionally bridged to IRC
- Jitsi Meet for video calls
- Self-hosted Etherpad for collection of textual data and sharing code
- A couple files uploaded to my Linx server for things too big to be on Etherpad or non-textual content
…and it went off without a hitch, with the only issue in comms being my internet breaking for an hour, which only affected me.
To date, I’ve noticed a lot of projects that don’t seem to follow the philosophy that “we do open source, so we should use open source”. The project being alluded to in the above screenshot won’t be named, though it’s decidedly an example. Another example is that of the Rust programming language — its primary communication medium is now that of Discord, and the rest of Mozilla has moved to Matrix after they decided to dump IRC (I don’t believe Rust has a Matrix channel, but I could be wrong). For a time, I was convinced that this was due to some inherent usability aspect of open-source communication, but my time with Hack-a-Sat decidedly disproved that, at least for a team of around 10-15 people.
To date, I’ve gotten better and better with avoiding proprietary software to the point where the only truly proprietary things that I use on a day-to-day basis are Discord (which is going soon) and my phone’s software (which I have a whole other post as to why I can’t avoid it). Overall, my impression is becoming that open-source comms are viable, and you should use them. I personally believe that open-source projects should be doing the following:
- Make an IRC or Matrix channel, not Discord, not Slack, especially if your target audience is people who know How To Computer.
- Avoid external services. They will take down your content. This means Medium, GitHub, etc — it’s probably best to set up your own Git server. Unfortunately, this is getting harder and harder as of late as said companies are controlling browsing. (Note that this link is, ironically, Medium.)
- If you’ve got a binary, give it a torrent. This makes it harder to DMCA. For a lot of projects, this is overkill, but it should almost always be an option.
- If what you’re publishing is a jailbreak or an exploit, have a freaking writeup. This is a direct callout to the subtoot from the beginning of this article. Don’t put freaking proprietary binaries in your GitHub repository… you WILL get DMCAed, it’s just a matter of when. Make it easy to compile your work. Most projects are good about this.
Why are people not using open-source means of communication, then? Speaking from personal experience, a lot of people are unwilling to accept federated protocols, since they aren’t a tech person and don’t need to care. I think that better marketing of things like Mastodon and Matrix could cause them to reach Discord levels of popularity, as well as a concrete set of good servers with enough servers to sustain a large number of people. I’ve personally coaxed many of my friends into joining Matrix and other platforms by pulling the nuclear option of threatening to leave Discord — but with better marketing, it’s my impression that I wouldn’t have to do this.
Another thing that I notice is that people are generally harder on open-source options than proprietary options. Namely, Riot (the reference Matrix client) is criticized extremely often for being “borderline unusable”. While Riot has many issues, I don’t believe that these concerns are well-founded. Anecdotally, Discord has made many UI and app changes that break things, and they generally go unannounced. It would seem that people, even in tech, have higher standards for open-source software than that of proprietary software.
CW for this paragraph alone: nazism
Finally, one of the things I often hear about is “lack of moderation”. Notably, after Gab started as a federating Mastodon-based server, those inexperienced with federated software blamed Mastodon for allowing this… when it’s inherently impossible to have “platform-wide” control. This problem hinges at the core of open-source: that people can repurpose and modify your software. While TootSuite blacklists Gab by default, most instances have this block and more in place, and many clients outright prevent usage of Gab’s servers (Tusky in particular rickrolling the user rather than allowing it), forks pop up to remove these restrictions. The problem lies at the crux of open-source — that anyone can modify your code as long as they’re within the context of the license. I believe, however, that Mastodon handled the situation extremely well. Namely, it blacklisted instances holding these beliefs on the developer-run instance (m.s), and released an official statement condemning these actions. There’s only so much you can do.
Overall, if you’re an open-source developer and using proprietary communications, please consider otherwise! The situation has improved greatly, and what you knew about Matrix et al a year ago may not be true today. I believe the problem to be psychological rather than founded in the true nature of open-source communication protocols and their clients.
Also, like, just don’t be a blockchain engineer. Just don’t. Please.