MCP Horror Stories: The Drive-By Localhost Breach
This is Part 4 of our MCP Horror Stories series, where we examine real-world security incidents that expose the devastating vulnerabilities in AI infrastructure and demonstrate how Docker MCP Gateway provides enterprise-grade protection against sophisticated attack vectors. The Model Context Protocol (MCP) has transformed how developers integrate AI agents with their development environments. Tools like… ⌘ Read more

I HATED iOS 26 Liquid Glass on iPhone, But Now I Like It
I admit, I was a hater. I absolutely loathed the Liquid Glass interface on iOS 26. I thought it was obnoxious, distracting, excessive, confusing, ugly, hard to read. My initial impressions were really bad, it was so weird looking and off that it made me hate using my iPhone and I immediately regretted upgrading to … Read More ⌘ Read more

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

Happy equinox – where the world is illuminated like this:

https://movq.de/v/3f9fc6ebdd/equinox.png

(Instead of this or this.)

@alexonit@twtxt.alessandrocutolo.it thank you and welcome back to Yarn! The somewhat plushie-like look is intentional, so I’m glad it was noticed.

Only have 2 sizes of him in this pose, as well as most other sitting poses, but if there’s ever a sitting pose, shared by more than 2 of them, I’ll be sure to make a matrioska edit.

@alexonit@twtxt.alessandrocutolo.it Personally, I find the reversed order of URL first and then timestamp more natural to reference something. Granted, URL last would be kinda consistent with the mention format. However, the timestamp doesn’t act as a link text or display text like in a mention, so, it’s some different in my opinion. But yeah.

I bought an iPhone (as my third smartphone)
I never thought I would do this, but I bought an iPhone. It’s a pretty cheap iPhone SE 2. Gen (2020) used from eBay, like the device I got issued from my work. It’s so tiny and it’s really difficult to type even a short text like this. ⌘ Read more

@movq@www.uninformativ.de But it’s so reliable and they have all the experts, they know what they’re doing! And don’t forget, it’s way cheaper! Just think of the 34 cents saved every year on paper, the business dude calculated!

Enjoy your weekend! (I hope, you just called it a day and don’t have to drive to the office or silly shenanigans like that.)

Why I’m Holding Off On Upgrading to MacOS Tahoe 26 For Now
If you’re anything like me, you’re typically excited about new operating systems being released, but also approach with a little hesitation. After diving right into iOS 26 on iPhone, I regretted it for various reasons including some Liquid Glass annoyances, sluggishness, and battery drain (though my opinions are rapidly evolving, more on that separately!), and … [Read More](https://osxdaily.com/2025/09/19/why-im … ⌘ Read more

Severe but funny burn-ins on my TFT again:

https://movq.de/v/9df0437d27/MVI_8891.MOV.mp4

Now everything looks like it has that silly slogan as a background image:

https://movq.de/v/9df0437d27/smol.jpg

@zvava@twtxt.net In tt, I recognize umlauts in nicks, but they cannot include whitespace, @, !, #, (, ), [, ], <, >, " (but ' is okay). Whitespace also acts as a separator between nick and URL. @<Hello World http://example.com> ends up exactly like that and is not a mention.

I would like to wish everyone, including all haters and losers (of which, sadly, there are many) a truly happy and enjoyable weekend!

@zvava@twtxt.net @movq@www.uninformativ.de I’m not entirely sure about the spaces, but maybe they were omitted to simplify parsing of mentions in the form of @<nick url>. If the next token after the @<nick does not look like a URL, it’s not a mention but regular text. This is just wild guessing, though.

Looking at the regex and tests in the original twtxt reference implementation seems to confirm that theory in the sense as it relies on whitespace as the delimiter:

https://lyse.isobeef.org/tmp/screenshot-2025-09-17-21-30-25.png

Another thing about nicks is that the original twtxt reference implementation converts nicks to all lowercase:

https://lyse.isobeef.org/tmp/screenshot-2025-09-17-21-20-39.png

You probably know this already, the original twtxt file format specification can be found here: https://twtxt.readthedocs.io/en/latest/user/twtxtfile.html

As for extensions, I don’t know of anything outside of twtxt.dev that has actually been (partially) implemented. However, there is also the issue tracker of the official reference implementation. You might wanna dig through that. For example, there is an alternative suggestions of multiline messages: https://github.com/buckket/twtxt/issues/157

@zvava@twtxt.net There would be only one hash for a message. Some to be defined magic date selects which hash to use. If the message creation timestamp is before this epoch, hash it with v1, otherwise hammer it through v2. Eventually, support for v1 could be dropped as nobody interacts with the old stuff anymore. But I’d keep it around in my client, because why not.

If users choose a client which supports the extensions, they don’t have to mess around with v1 and v2 hashing, just like today.

As for the school of thought, personally, I’d prefer something else, too. I’m in camp location-based addressing, or whatever it is called. There more I think about it, a complete redesign of twtxt and its extensions would be necessary in my opinion. Retrofitting has its limits. Of course, this is much more work, though.

@thecanine@twtxt.net Id like that too, it just can’t come from me, because native mobile dev just isn’t my thing 😢

Adding too this. The configuration example at the repository reads:

{
	"nick": "Example",
	"description": "alice's twtxt instance!",
	"host": "twtxt.example.com",
	"admin": "alice"
}

Would it make more sense changing nick to instance_name or similar? Usually nick is reserved for users, like here, quark. Right? Also, is host the same FQDN to be used while proxying traffic to the application? That is, using the above configuration, it’s Caddy configuration would be:

twtxt.example.com {
	encode
	reverse_proxy :31212
}

Is that correct?

On the configuration topic, the example at the repo reads like this:

“

@movq@www.uninformativ.de Luckily, I had a grep -v git at the end, so my repo is still in working order. Phew. I wish find had grep-like --exclude-dir and --exclude options (or the include variants) instead of its own weird options that I never can remember and combine properly.

@zvava@twtxt.net I was about to suggest that you post some examples. By now, we’re pretty good at debugging hashing issues, because that happens so often. 😂 But it looks like you figured it out on your own. ✌️

@prologic@twtxt.net excellent, mate, that’s what we like to read! Enjoy the weekend!

@lyse@lyse.isobeef.org no, as mentioned this “diagonal arrow” eye shape, is usually used for a smug expression. The optional white part, is in this case, where the dogs sclera would be visible, while they have their eyes, like this.
Here is a comparison between a real dog, making the face it is based on, and the exaggerated drawn version.

@thecanine@twtxt.net Yeah, what @bender@twtxt.net said. That tail is sick. Is this dog crying, though? The vertically elongated eye looks a bit like a tear running down.

Drawn based on a quick doodle, the canine returns victorious, from the battle of Hot Topic bargain bin, as smug as can be.
Whoever will be the first to inform him, the spikes aren’t real gold and it’s most likely not even leather, meaning it’s not what he’s really been searching the universe for, better prepare themselves, to be jumped on, bitten and shredded by claws.

is it normal for my yarn pod mentions tab to be totally empty because it’s been like this from the start

Woooooaaaahh, that’s bloody amazing! I wish I’d had a teacher like that.

English version: https://youtu.be/wi_q6IythMk
German version: https://youtu.be/2Lv1MMlFDBs

@kat@yarn.girlonthemoon.xyz The duck was in a darker spot, so my camera wasn’t all that happy with the lighting. Upon further inspection, you’re right, now that you pointed it out, I can see it too! The feathers do look like an oil painting. ;-)

Woot, thank you! Using a config.json like this:

{
  "host": "localhost:31212",
  "protocols": ["http"]
}

Indeed did the trick! I know it isn’t production ready, but I wanted to see with my own eyes, locally, how did it look. :-) I like where you are going! It is looking very nice, and polished. Can’t wait for an alpha, beta, and release!

@lyse@lyse.isobeef.org omg this looks like a painting!

@zvava@twtxt.net I gave this, in my mind, a like/star/love.

Since Google announced their intentions to heavily limit sideloading on Android, starting end of 2026, I’ve been looking for potential solutions, for this policy change, that threatens the majority of projects I maintain, in some way. Google already killed my browser project years ago, but I have no other choice, than to fight this, any way I can.

The best choice to deal with this, will probably be the Android Debug Bridge, which can be used not only to install apps unrestricted, but also to uninstall, or remove, almost any unnecessary part of the OS. Shizuku, combined with Canta Debloater, is the winning combination for now.

I’ve already removed most Google apps from my device: the annoying AI assistant, the stupid Google app adding the annoying articles, left of your homes screen, Google One, Gboard, Safety app… it’s amazing, no distracting Google slopware, like in the good old Android 2 days! And I absolutely intend to keep it this way, from now on, no new Google apps or services on my devices, unless Google can give me a good enough reason, to allow them there and whenever the app that verifies signatures, to block installing apps not approved by Google, I’ll just remove it from my device and advocate others do so too.

@dce@hashnix.club Nope. 😃 What’s that genre called? Sounds like old horror movies from the 70’ies (or it could be a soundtrack to Salad Fingers, if anyone remembers that).

@bender@twtxt.net I see, thanks. Well, I never found these warnings useful. To hide answers to conundrums or the like, ROT13ing or base64-encoding them is plenty sufficient.

Hahaha, I never heard of Poopgate before. :-D Poor passengers.

Something like this, for example.

@lyse@lyse.isobeef.org a content warning is kind of like a forum spoiler cut, or like the <details> tag in HTML; it lets you write a sentence or so that someone can then click to expand to see the actual post. it’s called a CW because most people use it to warn for potentially triggering/harmful subjects, but you can really use it for anything, like spoilers in a TV show or even for joke punchlines

I have a feeling that learning to play electric double bass through an amplifier was a big mistake.

At the core, this is an acoustic instrument. If you play it through an amp, you will instinctively only do the bare minimum to get some sound going, because the amp does the heavy lifting. But it’s just not right.

This is a very physical instrument. It needs a lot of force and strength – in comparison, an electric bass guitar is almost flimsy and delicate. I need to “feel” what’s going on and that’s just not the case when using headphones.

I feel like I wasted ~3 years. 🫤 But maybe it’ll get better from now on …

Made this a few weeks ago, just listened to it again and I quite like it:

https://www.uninformativ.de/music/2025-1-ebow/Fog.ogg

This is just one instrument: Electric bass guitar + EBow. And echo/delay on top. But it’s a single track, single take. It amazes me quite a bit how much you can do with that little thing. 🤯

https://movq.de/v/2496f8ba36/s.png

Just like @lyse@lyse.isobeef.org, I totally forgot about the eclipse!

Unfortunately, it’s not as sharp as I’d like it to be: https://lyse.isobeef.org/abendhimmel-2025-09-07/

** Strata **

A Counterfeit - a Plated Person -

I would not be -

Whatever strata of Iniquity

My Nature underlie -

Truth is good Health - and Safety, and the Sky.

How meagre, what an Exile - is a Lie,

And Vocal - when we die -

– Emily Dickinson

I made another game! This one pretty much has one single verb:“move.” The game, like most games I make, is a roguelike that relies heavily on probabilities and rng (random number generation).

Each level is … ⌘ Read more

@movq@www.uninformativ.de this seems like a bit of an overkill, that would also harm modding and power users - who often need to see the exact implementation of new features and benefit from the ability to pull up the history of code changes, in their browser. Sure they could clone the repo and do that locally, but if it has dependencies, they’d also have to clone those, to see how those get updated and it’d soon be a mess.

@kat@yarn.girlonthemoon.xyz Completely off-topic, I didn’t know that the English language picked up the German word “Ersatz”. Discovering things like that always brings me joy. It has some interesting other properties, though: https://en.wikipedia.org/wiki/Ersatz_good#Etymology

@kat@yarn.girlonthemoon.xyz like it’s the shame that kills me the most but i just gotta get through it if i want a working server (and i really do!!!)

Dear dev.alessandrocutolo.it, do you really need to fetch my twtxt feed every 20-30 seconds? 😅 Not that it’s posing a problem, but I feel like this could be optimized. For example, how about using the if-modified-since request header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Modified-Since

@lyse@lyse.isobeef.org @dce@hashnix.club It’s pretty cool, I won’t argue that, but also really simple, to be completely honest. 😅 The BIOS already provides all you need to send data to the printer:

https://helppc.netcore2k.net/interrupt/bios-printer-services

The BIOS actually does provide a great deal of things, which, to me, was one of the most surprising learnings of this project (the project of writing a little 16-bit real-mode OS, that is). It often doesn’t feel like I was writing an operating system – it felt more like writing a normal program that just uses BIOS calls like we would use syscalls these days.

(I’ve also read a lot of warnings, like “don’t use the BIOS for this or that”. Mostly because it tends to be very slow.)

Listen missy, don’t you disappear on us like that again, do you hear me?! 😂 Welcome back, kat! I was wondering where you were, but figured something more interesting was keeping you busy. 🙈

The XMPP Standards Foundation: The XMPP Newsletter August 2025

Image

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of August 2025.

Like this newsletter, many projects and their efforts in the XMPP community are a result of people’s voluntary work. If you are happy with the services and software you may be using, please consider saying thanks or help these proj … ⌘ Read more

@lyse@lyse.isobeef.org Weather’s great at the moment, isn’t it? I like it when it’s cloudy, dark, chilly. 😊

Ariadne explains some of the reasons behind this “Wayback” thingy (rootful X11 on Wayland):

• https://social.treehouse.systems/@ariadne/115147291885663574
  
• https://social.treehouse.systems/@ariadne/115147331909980717
  

They should put this in a FAQ on their website or something. The whole endeavor makes more sense when you look at it like this.

@lyse@lyse.isobeef.org I usually only have my GPS tracker with me. That trip yesterday was probably a one-time thing. 😅 It was fun, but I’d rather not carry so much stuff around. 🥴

@dce@hashnix.club Glad you liked it. 😅

@movq@www.uninformativ.de Oh, nice read!

If I’m in the woods, I’d like to not waste my time with computers and focus on the beauty of nature. ;-) So, I’m not gonna participate in that event. But I’d read your articles on that subject anytime. :-)