I Clicked a Random Button in Google Slides — Then Google Paid Me $2,240

Image

The strange trick that exposed a hidden security flaw (and how you can find bugs like this too).

[Continue reading on InfoSec Write-ups »](https://in … ⌘ Read more

I’d have to write i up in full, but essentially looks a bit like this (contribived examples follow)…

@prologic@twtxt.net OH SHIT using this for a protocol like gopher is smart! might have to try that for gemini so i don’t have to keep a port open for that

From $30 parmigianas to $15 pints, can Australia still afford the pub?
From our coffee addiction to a weekend pub tradition, some of the simple pleasures many Australians have taken for granted now feel like luxuries. But if patrons can no longer afford to visit the pubs and cafés we love, there may be something bigger at stake. ⌘ Read more

@movq@www.uninformativ.de noted! i did try something like this but it wouldn’t connect on anything without the SSL stuff, which is normally handled by caddy for me but i can’t use certbot with caddy on so i’m stuck there LOL

@kingdomcome@yarn.girlonthemoon.xyz it’s slang that means to like focus and get shit done i guess. originates from AAVE

@prologic@twtxt.net Hmm, speaking of locally running “AI” stuff: Someone on Mastodon has this in their profile description:

My profile pic is AI modified to prevent deepfakes. I used local Stable Diffusion on my solar powered 7900XTX to average a few selfies.

That sounds like a fun thing to do. Do I have a chance of doing that on my old box from 2013 without a dedicated GPU? 😂

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

@prologic@twtxt.net Since you have to check and double check everything it spits out (without providing sources), I don’t find any of this helpful. It’s like someone’s in the room with you and that person is saying random stuff that might or might not be correct. At best, it might spark some new idea in your head and then you follow that idea the traditional way.

Information published on the internet (or anywhere, for that matter) was never guaranteed to be correct. But at least you had a “frame of reference”: “Ah, I read this information about Linux on a blog that usually posts about Windows, so this one single Linux post might not necessarily be correct.” That is completely lost with LLMs. It’s literally all mushed together. 🤷

AI isn’t a shortcut for thinking. In her guide for skeptics, Hilary Gridley reframes AI as a collaborator—not a replacement. Use it like spellcheck for your thoughts. Don’t fear it—iterate with it. Insight improves, speed follows. Full post: https://hils.substack.com/p/the-ai-skeptics-guide-to-ai-collaboration

Chaining Bugs Like a Hacker: IDOR to Account Takeover in 10 Minutes

Image

🚀Free Article Link…

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/chaining-bugs-like-a-hacker-idor-to-account-takeover-in-1 … ⌘ Read more

**Bypassing Like a Pro: How I Fooled the WAF and Made It Pay **

Image

Hi there!

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-like-a-pro-how-i-fooled-the-waf-and-made-it-pay-e433193e1d9d?source=rss—-7b722bf … ⌘ Read more

@prologic@twtxt.net Shit like what? References/threads? 😅

Just adopted this majestic floof. He looks like he’s plotting something, but I’m too in love to care. ⌘ Read more

Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔

sqlite> select * from twts where content like 'The web is such garbage these days%';
      hash = 37sjhla
  feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
   content = The web is such garbage these days 😔 Or is it the garbage search engines? 🤔
   created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
   subject = #37sjhla
  mentions = []
      tags = []
     links = []
sqlite>

@movq@www.uninformativ.de It’s nice to see shit like this still works 🤣 Even years later 😂

I do want to improve the feeds.twtxt.net service one day (soon™) with features like this. But first I’ll have to prevent spammers from abusing it by introducing IndieAuth as an authentication layer.

is it like… ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because i’ve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk i’m trying to think of ways to support my server stuff but every time i come up with something it feels weird

Seem like it’s a server-client thingy? 🤔 I much prefer tools in this case and defer the responsibility of storage to something else. I really like restic for that reason and the fact that it’s pretty rock solid. I have zero complaints 😅

@kat@yarn.girlonthemoon.xyz ngircd is nice: https://ngircd.barton.de/ You can absolutely host this on your server for you and your friends (I’ve been doing that for a very long time). Actually peering with something like libera is hard, though, because they have strict requirements and a lot of traffic. Then again, there’s no real benefit in peering, actually. IRC is pretty “decentralized” anyway and people are usually used to connecting to several networks, so joining another one isn’t a big deal, imho. 🙃

@kat@yarn.girlonthemoon.xyz is there anything i can even run or is this like email where you should just use libera and shut up

That was a wild ride:

https://www.youtube.com/watch?v=QSMDb1CWD6Y

Notice how old all these people sound. They started playing this game like 10, 15, 20 years ago, most of them left, but some are still there. I love that level of commitment. 😃

Also interesting from a technical point of view. Creating that virtual world and keeping it running consistently for so long … 🤯

@kat@yarn.girlonthemoon.xyz Sounds like a lot of fun ! 😁 GOOD LUCK!

LXQt 2.2.0 released
LXQt, the Qt-based alternative to KDE as Xfce is the GTK-based alternative to GNOME, has released version 2.2.0. LXQt is in the middle of its transition to Wayland, and as such, this release brings a number of fixes and improvements for Wayland, like improved multi-display support and updated compatibility with Wayland compositors. Beyond all the Wayland work, LXQt Power Management now supports power profiles, text rendering in QTerminal and QTermWidget has been improved, the file manager PC … ⌘ Read more

@movq@www.uninformativ.de From what I can tell, they use strict semantic versioning and backwards compatibility. There are two versions of the storage, v1 and v2, but it doesn’t look like v2 is enabled yet.

@prologic@twtxt.net @bmallred@staystrong.run So is restic considered stable by now? “Stable” as in “stable data format”, like a future version will still be able to retrieve my current backups. I mean, it’s at version “0.18”, but they don’t specify which versioning scheme they use.

Got him from the shelter, look how cozy he is like he belonged here ⌘ Read more

CAN MY FEDI INSTANCE STOP CRASHING

(it is running gotosocial which is like one of the lightest fedi servers out there. the machine it runs on is as old as a high schooler. guess the root problem)

Radxa Dual 2.5G Router HAT Expands Networking and Storage for Raspberry Pi 5 and ROCK SBCs
The Radxa Dual 2.5G Router HAT adds high-speed networking and NVMe storage expansion to single-board computers like the Raspberry Pi 5 and Radxa ROCK series, using a single PCIe connection in a compact form factor. The HAT uses the ASM2806 PCIe Gen3 switch chip to convert a single PCIe lane into multiple downstream lanes. This […] ⌘ Read more

I think videos like this will be common in the future😅 ⌘ Read more

10 Mind-Blowing Revelations About Our Solar System
Considering the universe is almost 100 billion light-years across—due to inflation (not monetary) and whatnot—it’s amazing that some of the coolest discoveries and revelations are in our solar system. That’s like crossing the world (many, many, many times) and then finding treasure in your own backyard. Maybe the proximity is part of the appeal because […]

The post [10 Mind-Blowing Revelations About Our Solar System](https://listv … ⌘ Read more

@kat@yarn.girlonthemoon.xyz It’s more like a cache, it stores things like “timestamp of the most recent twt we’ve seen per feed” or “last modification date” (to be used with HTTP’s if-modified-since header). You can nuke these files at any time, it might just result in more traffic (e.g., always getting a full response instead of just “HTTP 304 nope, didn’t change”).

@quark@ferengi.one Yes, I often write a couple of twts, don’t publish them, then sometimes notice a mistake and want to edit it. You’re right, as soon as stuff is published, threads are going to break/fork by edits.

@movq@www.uninformativ.de HELP THIS IS GENUINELY SO SWEET THANK YOU ;_; omg i felt so nervous posting this because i was like what if i get something wrong but then i did it anyway and i felt so free… like woah i did all of this

@kat@yarn.girlonthemoon.xyz As someone who has a say in hiring decisions (every now and then – I’m not an executive nor an HR person 😆): This is gold. Writeups like these tell me/us so much about job applicants. It’s much more valuable than “a CV without gaps” or “know your algorithms” or whatever. Instead, it shows how you work and that you understand what you’re doing, and that’s the most important part. 🥇

@bender@twtxt.net NOOOO i self host an XMPP server and also revolt but as much as i love XMPP (gajim client reminds me of using skype as a kid highkey) i don’t use it much and revolt is a bitch to maintain. like i broke revolt file uploads and it stayed that way for months until literally last week lmao. i never bothered with matrix tbh maybe i should’ve but it seems not worth it

@prologic@twtxt.net hm would there be any loss with the re-fetch option? i wouldn’t mind either but i’d like to hold onto what i got if possible! but if it IS possible but also really annoying to do i’ll just do the re-fetch of feeds because i’m lazy af LMAO

Using AI in education is like using a forklift in the gym. The weights do not actually need to be moved from place to place. That is not the work. The work is what happens within you.

https://fedi.neuwirth.priv.at/@konrad/114352350424913566

@xuu@txt.sour.is like, badly broken. I mean, the guy doesn’t even use twtxt (it is more like an RSS feed for him). So, yeah, even if it was the correct mention it would never reach the intended ears. 😂

️ Mr. Robot CTF Walkthrough | TryHackMe

Image

“A beginner-friendly guide to hacking like Elliot Alderson”

Continue reading on InfoSec Write-ups » ⌘ Read more

** In reply to: Common Cyborg | Jillian Weise | Granta **
In reply to: Common Cyborg | Jillian Weise | Granta

They like us best with bionic arms and legs. They like us deaf with hearing aids, though they prefer cochlear implants. It would be an affront to ask the hearing to learn sign language. Instead they wish for us to lose our language, abandon our culture and consider ourselves cured. They like exoskeletons, which none of us use. They would never consider cyborg those of us with pace … ⌘ Read more

@hacker-news@feeds.twtxt.net I like this 👌

I do think integrating things like Salty.im might actually be a good idea. I can also see a future where we integrate other things like todo.txt and calendar.txt. I’d even love to see decentralised forms of “plain text” voting too.

@andros@twtxt.andros.dev I don’t see any “fighting” here. This is just good experimentation. Unfortunately there hasn’t really been enough time or effort by other “client authors” yet, me especially as I’ve been super busy with ya’ know my “day job” that pays the bills and refactoring yarnd to use a new and shiny and much better SqliteCache 🤣 – I certainly don’t think your efforts are wasted at all. I would however like @doesnm.p.psf.lt@doesnm.p.psf.lt encourage you to look at the work we’ve done as a community (which was also driven out of the Yarn.social / Twtxt community years back).

⚡️Oops, They Logged It! Turning LFI into Remote Shell Like a Pro ⚔️

Image

Free Link🎈

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Foops-they-logged-it-turning-l … ⌘ Read more

Gmail Showing 1 Unread Message? Here’s How to Find It
If you’re the type of person who likes to maintain Inbox Zero, or who recently went and tidied up their Gmail inbox to get every email marked as read, you may come across a frustrating situation where Gmail shows 1 unread message, and you simply can’t locate that unread email message in Gmail. If you … Read More ⌘ Read more

Happy 1st Twtxt~iversary to me … I guess. It feels like it was 5 years since my first twt 😅

Do you like Betty? ⌘ Read more

Beta 2 of iOS 18.5, MacOS Sequoia 15.5, iPadOS 18.5 Released for Testers
New betas are available as iOS 18.5 beta 2, MacOS Sequoia 15.5 beta 2, and iPadOS 18.5 beta 2, for users who are participating in the beta testing programs for Apple system software. No notable new features or major changes are expected in these beta versions, at least thus far, suggesting they’re likely focused on … [Read More](https://osxdaily.com/2025/04/14/beta-2-of-ios-18-5-macos-sequoi … ⌘ Read more

The subjective charms of Objective-C
To argue that Objective-C resembles a metaphysically divine language, or even a good language, is like saying Shakespeare is best appreciated in pig latin. Objective-C is, at best, polarizing. Ridiculed for its unrelenting verbosity and peculiar square brackets, it is used only for building Mac and iPhone apps and would have faded into obscurity in the early 1990s had it not been for an unlikely quirk of history. Nevertheless, in my time working as a softwar … ⌘ Read more

I personally really like the news minimalist (fuck it mentions are kind of broken atm here in the UI :/) feed myself, really good quality, very high signal 👌