Wow, this is a relic of another time. Seems like most of the features date from the 2000s, when XSLT was a thing, or the 2010s. The name is also obviously a pun on Apache webserver, the defacto standard at that time.
In the meantime, web servers got more slim, routers for actual FCGI or reverse proxied HTTP applications behind. Lighttpd and nginx were pioneering in that direction in the 2010s, and while I never heard about hiawatha, I guess it falls in the similar direction (having FastCGI already 2006).
Another funny thing is that nowadays, when people say "security" along with "webserver", they mostly mean something like integrated certbot ("automatic HTTPS"), like https://caddyserver.com/ does.
Hiawatha is a favorite of mine, originally I selected it for the gpl license which has since been changed, but the main dev is very responsive and frankly I really like his code style/readability. Its fast, the configs are simple but powerful enough, and has some good first layer security built in.
It's called a Web Application Firewall -- essentially there are so many random web applications that don't have proper input sanitization practices so it's just easier to do it on the web server before the application can receive the data.
I know people will say "defense in depth", but it really seems more like security theater to me. It only catches some basic (but admittedly historically common) mistakes. The problem with most WAFs is that they tend to have false positives, which can block/trouble legitimate users.
I once had a password with a " in it and I could never log in. It took me ages to discover that was because of the " and their "protection". This was for a large company that really ought to know better.
I do think it can add value, especially when done right, especially considering the context of 2005 when it was added and when these sort of things were horrendously common. These days, I probably wouldn't bother so much, although it would depend on the context. If I were to allow random people to host WordPress or some such I'd probably add something like this, even today. Not because WordPress is bad, but because you never know what random plugins people are going to install, and the quality of that is a lot more ... variable ... than WordPress itself, and your users having their entire database leaked/dropped/overwritten also sucks for everyone.
What do people here think about using native american names and cartoon images[0] for projects? I did a little digging, and it looks like some of Hiawatha's descendants[1] may have ended up in the mass graves at the residential schools that were in the news recently. Switching mental contexts for a second, I get a little annoyed when I see cars parked slightly askew in the parking lot, and I feel a little frustrated when the person ahead of me doesn't bother to hold a door open for a second. So, while I don't feel the need to sip tea with my pinky up, it does seems like a little politeness about naming things could go a long way.
Generally when you name something after a person / group of people, it's because you want to respect that thing, not disrespect that thing.
Especially with Open Source projects, where you are dumping lots of worker into something you will (on average) get little recognition or thanks for.
Said another way: if this project hadn't been named Hiawatha, you probably would not have done "a little digging", so on balance the naming of this project has increased the awareness for Native American tragedies. I certainly don't see a way in which this hurts Native Americans.
I suspect to some degree it could be about the icon that goes along with the name[0], which might seem a bit of a caricature.
Otherwise, since the project doesn’t seem to be directly referencing a tragedy and couldn’t reasonably have been named with the knowledge of the connection, how can this naming choice strike someone as inappropriate?
Fairly certain that the name and logo are both derived from the "little Hiawatha" comics.[1] It seems they never really took off in the states, but they're fairly common in the weekly Donald Duck cartoons, at in the Netherlands when I was young.
I'd ask the native americans what they think, and respect their answer.
Based solely on what I have heard from some, a respectful homage to a specific well-known leader is quite different than a caricature of an entire tribe/people into a cartoony mascot for a sports team. It also makes a difference if you are monetizing their images for your personal gain.
But again, I'm the wrong one to ask. If you really want to know whether Hiawatha is an acceptable name for this specific project, I'd contact the current tribal leaders and ask.
If people I know saw me working with that server, they'd likely laugh, point, say "look what jerry is working on", then hearing that others would gather around and laugh at me while I try to explain that the guy is european.
If you asked them, their opinions would not be uniform. Some would be for, some would be against, and some wouldn’t care.
Just like what would happen if you asked Anglo-Americans about their opinion on any controversial issue. And for what it’s worth, Joe Biden’s personal opinion would only get you so far.
If there's no enthusiastic yes, then it's a no then. Going ahead with something that might be offensive because there might be multiple opinions is not the best idea.
To me, the naming seems fine. It's a nice sounding word, and as far as I'm aware it's not a slur. You could claim that the context is sketchy (having a Hiawatha serving you sounds bad) but I think that's pushing it.
The cartoon on the other hand is something I'd skip. It's generally a bad idea to promote caricatures like that. A nicer example is the Apache logo which is just a tasteful feather. A good balance between native american theme and abstraction.
Hiawatha is more than just a leader he’s essentially a religious figure to the Haudenosaunee who historically reside in roughly the area around Lake Ontario.
It is definitely in bad taste to take a meaningful symbol from an existing marginalized culture and use it to brand your open source project because you think it sounds cool. But, this is something that was not widely recognized as bad until very recently, especially outside North America, and obviously this already happened a lot in the past so I don’t think it reflects badly on the authors or contributors at this point. That said the name should change and, at bare minimum, that cartoon has to go.
It’s a great idea, though, for us all to learn the real story of Hiawatha, the Great Peacemaker, Jigonsaseh, Tadodaho and the origins of the Five (now Six) Nations. It’s not an exaggeration to say that it helped inspire the structure of the early USA. It’s also a refreshing alternative take on power and leadership from what we are usually shown in the West. One of the world’s great cultural treasures, I really think.
Very interesting piece of history right there. Just out of curiosity, what is your thought on the feather logo used by Apache? Is that something that needs to go as well?
I can see how using media fabrications around the subject of native Americans (e.g. their portrayal in cinema or cartoons) is impolite. But, how is it impolite to use their words or names as names for something unrelated? I'm not from US, so I might be missing something cultural. Would it be impolite to call a web server Londre (French for London)?
Or, is the idea that calling a server by the name of a disadvantaged group a bit like calling them servants? You might have a point.
IMO this is a very American outlook that is now being forced onto the rest of the world. There are multiple situations where developers would use a word, and be trampled by American developers for the choice of words.
“American outlook” here means the outlook of mainstream US culture, not some shared context of everyone who has ever inhabited the land. So the “American” (really, U.S. American) cultural context is in fact not related to Hiawatha at all.
Hiawatha didn’t know what “America” was and presumably wouldn’t have conceptualized himself as being part of a pan-“Native American” identity.
Assuming you could even explain the concept of a web server to a pre-industrial person, it’s impossible to know how he himself would have felt about this.
Somewhat unrelated, but I'd like to ask people for more restraint in using the word "forced". People sometimes say they don't like others doing something, but that's still very far removed from forcing those others not to do something.
I guess if it's really unrelated it's fine, but usually product names aren't chosen at random and it can happen that the intended connection of the product owner interacts poorly with the historical context they have ignored.
Not saying this is the case here, because I didn't even know Hiawata was a historical person.
And it's not a cultural issue that's particular to the US. It appears that the author of the Hiawatha web server is not from the US either (Wikipedia suggests he is Dutch), so you might ask what link he has to Hiawatha and what justification he has for using the name and laying claim, in whatever small way, to a piece of the original Hiawatha's prestige.
The term to research is cultural appropriation.
(Clearly all these web servers are following Apache's lead in their naming. ISTR a story in the past that ASF had (retroactively) sought and/or received the blessing of the Apache Nation leadership for their use of the name; there's some related information at <https://www.apache.org/apache-name/> though nothing as clear-cut as the story I'm vaguely remembering.)
I've done light reading on cultural appropriation. The concept of collective intellectual property rights even came up. I'm pretty sceptical. Sounds a lot like "I've defined myself according to this unique-ish thing, but now you're making it not unique and thus invalidating my identity".
I think an identity is a mutable, self-defined tool for being in society. If you say that your identity depends on something external, that is a lie, since you're implicitly saying that your self-definition is depended on something outside yourself.
I think Stoics' discourse on the subject is very accessible. This is Epictetus in Enchiridion:
> Men are disturbed, not by things, but by the principles and notions which they form concerning things. Death, for instance, is not terrible, else it would have appeared so to Socrates. But the terror consists in our notion of death that it is terrible. When therefore we are hindered, or disturbed, or grieved, let us never attribute it to others, but to ourselves; that is, to our own principles. An uninstructed person will lay the fault of his own bad condition upon others. Someone just starting instruction will lay the fault on himself. Some who is perfectly instructed will place blame neither on others nor on himself.
Being Dutch as well, I'm going to guess that the name Hiawatha is taken from the Disney character of the same name, given how popular the Donald Duck comics are around here, and Hiawatha is a recurring character in them. It's orders of magnitude more likely that a person here grew up with the Donald Duck comics than that they are aware of Native American history.
So what's it called when someone appropriates a Disney character name for their own use? Should the Debian project have to worry?
Using a single relatively obscure native american word out of context seems like a very fringe case of cultural appropriation. It's not going to reinforce any preconceived notions and it doesn't seem to be riding on some prestige. Perhaps I'm wrong and Hiawatha is a massively loaded word with a lot of implications for the general public, but I doubt it.
The grandparent post was wondering what the issue is, and my post described what IMHO is the main potential issue.
You have your opinion on to what degree this might be a problematic instance of cultural appropriation, and I have my opinion (which I haven't stated).
But the point is that the opinion that matters is that of Iroquois people and other descendants and (cultural) inheritants of the person whose name is being used. (Not that they are obliged to have an opinion on this, or to speak with a single voice on this matter.)
Okay. It's absolutely true that neither of us knows. But considering, as you say, that the affected minority probably won't ever step forward with a unified opinion, what is the appropriate course of action? Should we stay away from using any words that someone else might possibly have interpretive precedence over?
I find this all incredibly hard to navigate. I also feel that language in general and naming things in particular would suffer from strictly not being able to reuse concepts or names from cultures we are not part of.
> you might ask what link he has to Hiawatha and what justification he has for using the name and laying claim, in whatever small way, to a piece of the original Hiawatha's prestige.
> The term to research is cultural appropriation.
You've already decided that:
- it's cultural appropriation
- the person has no right to use the name
I wonder, are you of Iroquis descent? If not, what right do you have to claim their cultural appropriation on their behalf?
Also, what are your views on such projects as Apache Kafka or apache Chukwa?
Ah yes. People "like me" (a Jew from Moldova, born in the USSR, who lived 7 years in Turkey, and has now lived 10 years in Sweden) have to be taught about some concepts like "cultural appropriation" by people who claim to be offended on behalf of cultures they've never been part of.
So you might ask what link he has to Hiawatha and what justification he has for using the name and laying claim, in whatever small way, to a piece of the original Hiawatha's prestige. [ questioning people's motives, being offended on behalf of Iroquis people -- d. ]
The term to research is cultural appropriation. [ assuming your opponent is ignorant of this -- d. ]
You have your opinion on to what degree this might be a problematic instance of cultural appropriation, and I have my opinion (which I haven't stated). [ as we see above, the opinion has been clearly stated -- d. ]
But it is important for people like you [ assuming I know nothing/little/not enough about cultural appropriation -- d. ] and me to be aware of the concept and issue in general
--- end quote ---
I don't have to put words in your mouth. You're speaking loud and clear. Perhaps you should reflect upon that.
We've yet to hear your views on views on such projects as Apache Kafka and Apache Chukwa.
I once had to explain to a Mexican why Speedy Gonzales can't be shown on American TV anymore. He was aghast that his beloved character had to be censored out of existence.
The path of least resistance in America today is to act like minority groups don't exist for the sake of not offending them, as if they're irrationally sensitive and need to be patronized, lest they lash out. I think it's an insult to their emotional intelligence and the actual problems that they face.
Black people in the US today experience poverty, violence, and government apathy at exceptional rates, but at least they've been spared the embarrassment of there being a black man on a box of rice.
A company I once worked for used "Crusade" as their internal product code for a product I was working on. As shipping became closer, and it became clear to me that a major client for the product was the Kuwait government, I drew product management's attention to the fact that that product code was unlikely to meet a warm reception in the Middle East. I was criticised for grumbling, and the product shipped with "Crusade" spattered throughout the source-code and the documentation.
This happened shortly before 9/11.
The product wasn't successful; probably because it was crap, rather than because of the naming debacle.
Big orgs have marketers on-board who spend their time looking for product names that aren't offensive to anyone in the world, don't mean anything offensive in any language, and don't step on trademarks. Small companies don't have that luxury.
It must be incredibly frustrating to present your open source project and be treated with the top rated comment being about how offensive the naming is or is not.
In the meantime, web servers got more slim, routers for actual FCGI or reverse proxied HTTP applications behind. Lighttpd and nginx were pioneering in that direction in the 2010s, and while I never heard about hiawatha, I guess it falls in the similar direction (having FastCGI already 2006).
Another funny thing is that nowadays, when people say "security" along with "webserver", they mostly mean something like integrated certbot ("automatic HTTPS"), like https://caddyserver.com/ does.