#<2025-05-10T19:34:00+00:00 https://andros.dev/texudus.txt> Nice:) And is this implemented in your client as well? I’ve started to brainstorm on how to parse texudus in php, but I guess it could snatch some code from you?

GitHub for Beginners: Building a React App with GitHub Copilot
Follow along and build a frontend client using React and Copilot Chat.

The post GitHub for Beginners: Building a React App with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

UUIDs: A False Sense Of Security

Image

Hi Hunters, would you like to learn about a broken access control vulnerability that I discovered recently for a client.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/uuids-a-false-sense-of-security-10467497daae?source=rss—-7b7 … ⌘ Read more

@sorenpeter@darch.dk Unfortunately it does break all clients, because the original spec stated:

Mentions are embedded within the text in either @ or @ format

@bender@twtxt.net My point was that the suggested syntax for extending mentions to point to a specific message (@<nick url timestamp>) and having location based treading this way, might not break older clients, since they might just igonore the last value within the brackets.

@sorenpeter@darch.dk you wrote:

“This might even be backward compatible with older (pre-yarn) clients.”

Yarnd is as backwards compatible with older clients as this. I dare to say, even more so. 😅

@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
I’m still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.

@andros@twtxt.andros.dev @eapl.me@eapl.me Still lots of bugs in my client. 🥴 I’ll try to fix it next week.

And yes, using the same timestamp twice will very likely break threads.

@andros@twtxt.andros.dev I set up a test feed here:

https://www.uninformativ.de/texudus.txt

I made some preliminary adjustments to my client so that it can work with the different threading model. (And I totally get the concerns, this can be quite a bit of work. Especially in a large code base like Yarn.)

@movq@www.uninformativ.de I think we can make this work 👌 As long as it’s just a client hint.

@movq@www.uninformativ.de If we’re focusing on solving the “missing roots” problems. I would start to think about “client recommendations”. The first recommendation would be:

1. Replying to a Twt that has no initial Subject must itself have a Subject of the form (hash; url).
   

This way it’s a hint to fetching clients that follow B, but not A (in the case of no mentions) that the Subject/Root might (very likely) is in the feed url.

@lyse@lyse.isobeef.org likewise I don’t have the energy for a fundamental shift in any of our specifications that would inevitably cause a lot of toil and try and change in our clients implementations and unforeseen problems that we haven’t really fully understood:

@lyse@lyse.isobeef.org Hahahaha 🤣 I mean it’s “okay” every now and then, but what’s the point of having good clients and tools if we don’t use ‘em 🤣

We have 4 clients but this should be 6 I believe with tt2 from @lyse@lyse.isobeef.org and Twtxtory from @javivf@adn.org.es?

Finally I propose that we increase the Twt Hash length from 7 to 12 and use the first 12 characters of the base32 encoded blake2b hash. This will solve two problems, the fact that all hashes today either end in q or a (oops) 😅 And increasing the Twt Hash size will ensure that we never run into the chance of collision for ions to come. Chances of a 50% collision with 64 bits / 12 characters is roughly ~12.44B Twts. That ought to be enough! – I also propose that we modify all our clients and make this change from the 1st July 2025, which will be Yarn.social’s 5th birthday and 5 years since I started this whole project and endeavour! 😱 #Twtxt #Update

And speaking of Twtxt (See: #xushlda, feeds should be treated as append-only. Your client(s) should be appending Twts to the bottom of the file. Edits should never modify the timestamp of the Twt being edited, nor should a Twt that was edited by deleted, unless you actually intended to delete it (but that’s more complicated as it’s very hard to control or tell clients what to do in a truely decentralised ecosystem for the deletion case). #Twtxt #Client #Recommendations

Just like we don’t write emails by hand anymore (See: #a3adoka), we don’t manually write Twts or update our twtxt.txt feeds. Instead, we use modern Twtxt clients that conform to the specifications at Twtxt.dev for a seamless, automated experience. #Twtxt #Twt #UserExperience

Nobody writes emails by hand using RFC 5322 anymore, nor do we manually send them through telnet and SMTP commands. The days of crafting emails in raw format and dialing into servers are long gone. Modern email clients and services handle it all seamlessly in the background, making email easier than ever to send and receive—without needing to understand the protocols or formats behind it! #Email #SMTP #RFC #Automation

What Does “use client” Do?
Comments ⌘ Read more

@javivf@adn.org.es Ahh! So this is your client implementation? 🧐

Was just looking at the client you’re using Twtxtory 🤔 Very nice! 👍 is this your client, did you write it? I’d not come across it before!

$ bat https://twtxt.net/twt/edgwjcq | jq '.subject'
"(#yarnd)"

hahahahaha 🤣 Does your client allow you to do this or what? 🤔

Interesting factoid… By inspecting my “followers” list every now and again, I can tell who uses a client like jenny, tt or any other client where fetches are driven by user interactions of invoking the app. What do we call this type of client? Hmmm 🤔 Then I can tell who uses yarnd because they are “seen” more frequently 🤣

Steam to highlight accessibility support for games on store pages
The Steam store and desktop client will soon be able to help players find games that feature accessibility support. If your game has accessibility features, you can now enter that information in the Steamworks ‘edit store’ section for your app. ↫ Steam announcements page I have a lot of criticism for the Steam client application – it’s a overly complex, unattractive, buggy, slow, top-heavy Chrome engi … ⌘ Read more

OSTIF Announces NATS Security Audit Results
OSTIF is proud to share the results of our security audit of NATS.  NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With… ⌘ Read more

My Hypothesis for why registries didn’t work and why they still won’t really work today is because the bend the rules of “true” decentralization a bit. Users have to pick one or more registries to “register” to. Why would they want to do this? What is their incentive to do so? Then on the other hand, users need a client that has registry support, but now which registry or sets of registries do you choose?

@bender@twtxt.net You said:

as long as those working on clients can reach an agreement on how to move forward. That has proven, though, to be a pickle in the past.

I think this is because we probably need to start thinking about three different aspects to the ecosystem and document them out:

• Specifications (as they are now)
  
• Server recommendations (e.g: Timeline, yarnd, etc)
  
• Client recommendations (e.g: jenny, tt, tt2, twet, etc)

@andros@twtxt.andros.dev nothing stands still, I agree. I think current twtxt has surpassed the initial specification, while still being relatively backwards compliant/compatible but, for how long?

As for new extensions (DM, for example), they should be OK as long as those working on clients can reach an agreement on how to move forward. That has proven, though, to be a pickle in the past.

The nice thing here is that any Ui/UX rendering for a “good user experience” is similar to what yarnd does for Youtube/Spotify/whatever embedding. Plus anyone can participate, even if they don’t really have a client that understand it, it’s just text with some “syntax” afterall.

💡 I had this crazy idea (or is it?) last night while thinking about Twtxt and Yarn.social 😅 There are two things I think that could be really useful additions to the yarnd UI/UX experience (for those that use it) and as “client” features (not spec changes). The two ideas are quite simple:

• Voting – a way to cast, collect a vote on a decision, topic or opinion.
  
• RSVP – a way to “rsvp” to a virtual (pr physical) event.
  

Both would use “plain text” on top of the way we already use Twtxt today and clients would render an appropriate UI/UX.

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

@prologic@twtxt.net I also thought it was a client-server thingy at first and usually it is, I guess, there’s just this workaround:

If it is not possible to install Borg on the remote host, it is still possible to use the remote host to store a repository by mounting the remote filesystem, for example, using sshfs.

is it like… ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because i’ve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk i’m trying to think of ways to support my server stuff but every time i come up with something it feels weird

@prologic@twtxt.net oooh this looks interesting!!! maybe i could play around with it in docker and see how to integrate it with caddy layer4 for TLS + my existing web client and bouncer!!

@movq@www.uninformativ.de i tried ngircd but couldn’t figure it out T__T i left it at the web client and bouncer for now but i might toy with an IRC server another time!

@prologic@twtxt.net no, it is not a “server-client thingy”.

Seem like it’s a server-client thingy? 🤔 I much prefer tools in this case and defer the responsibility of storage to something else. I really like restic for that reason and the fact that it’s pretty rock solid. I have zero complaints 😅

@movq@www.uninformativ.de no clue! i’ve never had issues setting up websockets and the gamja client itself seems to work fine when connecting to other servers, but my bouncer doesn’t work right so it’s soju T__T i THINK there’s a problem with the websockets but it seems to be working right so i’m just confused

@javivf@adn.org.es having the extension listed means that it has been discussed and, usually implemented. Now, number 6 and 7 on the list as its stands today are not supported by any of the known clients. I believe their (again, 6 and 7) inclusion on the list has been precipitated, and lax.

@quark@ferengi.one No editing old Twts that are the root of a thread with replies in the ecosystem. Just results in a fork. Unless the client has an implementation that does not store Twts keyed by Hash.

@movq@www.uninformativ.de wouldn’t editing your own twtxts cause the same issue Yarnd (or any other client) has, which is breaking any replies to it? Under which conditions would this work the best? When copying the twtxt.txt file asynchronously? In my case I copy the twtxt.txt file to its web root right away, but I figure I could not do that, which would give me a set period of time to edit without worries.

@bender@twtxt.net NOOOO i self host an XMPP server and also revolt but as much as i love XMPP (gajim client reminds me of using skype as a kid highkey) i don’t use it much and revolt is a bitch to maintain. like i broke revolt file uploads and it stayed that way for months until literally last week lmao. i never bothered with matrix tbh maybe i should’ve but it seems not worth it

@doesnm.p.psf.lt@doesnm.p.psf.lt It was always intended to have both Yarn.social and Salty.im integrate together. Yes. This includes having a set of specifications that anyone can write clients to.

I think I would encourage anyone in this community is to care less about supporting “legacy clients” and focus more on value-add whilst balancing the burden of client authors – which have very precious little “spare time” 🤣

@andros@twtxt.andros.dev I don’t see any “fighting” here. This is just good experimentation. Unfortunately there hasn’t really been enough time or effort by other “client authors” yet, me especially as I’ve been super busy with ya’ know my “day job” that pays the bills and refactoring yarnd to use a new and shiny and much better SqliteCache 🤣 – I certainly don’t think your efforts are wasted at all. I would however like @doesnm.p.psf.lt@doesnm.p.psf.lt encourage you to look at the work we’ve done as a community (which was also driven out of the Yarn.social / Twtxt community years back).

@andros@twtxt.andros.dev maybe create a separate, completely distinct feed for DM? That way, clients do not need to do anything, only those wanted to “talk in private” follow themselves, using their very special dm-only.txt feeds. 😂

Aside from fetching feeds every three minutes (which kind of adds mystery to this puzzle), I think there is something else going on with the client you are using, @andros@twtxt.andros.dev. Some of those twtxts are seconds apart, making me truly stumped. 😅

YEAH THATS ME LOLLLL I HAVE NO CLUE WHAT IT IS….. me haunting ur clients or whatever with my funky version string

Windows Hotpatch comes to client version of Windows
Good news for Windows users, and for once there’s not a hint of sarcasm here: Microsoft has started rolling out Windows Hotpatch to the client versions of Windows. This feature, which comes from the server versions of Windows, allows the operating system to install patches to in-memory processes, removing the need for a number of restarts. Obviously, this is hugely beneficial for users, as they won’t have to deal with constant r … ⌘ Read more

ProcessOne: ejabberd 25.03

Image

Release Highlights:

• Matrix Gateway Gets Room Support
  
• Multiple Simultaneous Password Types
  
• Execute API Commands Using XMPP Client
  

If you are upgrading from a previous version, please check the [changes in SQL schemas](https://www.process-one … ⌘ Read more