On my blog: Real Life in Star Trek, Ethics https://john.colagioia.net/blog/2024/08/29/ethics.html #scifi #startrek #closereading

@prologic@twtxt.net My pod, which is running the same commit you are, does not return an error like that. It returns the same HTML it always has. Try it. I nuked my cache before restarting.

Edit: Oh wait, the plot thickens. I do get an error if I use curl or if I use a web browser that isn’t logged in. That’s good!

@prologic@twtxt.net I believe you are not seeing the problem I am describing.

Hit this URL in your web browser:

https://twtxt.net/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

That’s your pod. I assume you don’t have a user named lovetocode999 on your pod. Yet that URL returns HTTP status 200, and generates HTML, complete with a link to https://socialmphl.com/story19510368/doujin, which is not a twtxt feed (that’s where the twtxt.txt link goes if you click it). That link could be to anything, including porn, criminal stuff, etc, and it will appear to be coming from your twtxt.net domain.

What I am saying is that this is a bug. If there is no user lovetocode999 on the pod, hitting this URL should not return HTTP 200 status, and it should definitely not be generating valid HTML with links in it.

Edit: Oops, I misunderstood the purpose of this /external endpoint. Still, since the uri is not a yarn pod, let alone one with a user named lovetocode999 on it, I stand by the belief that URLs like this should be be generating valid HTML with links to unknown sites. Shouldn’t it be possible to construct a valid target URL from the nick and uri instead of using the pod’s /external endpoint?

@prologic@twtxt.net @bender@twtxt.net I partially agree with bender on this one I think. The way this person is abusing the /external endpoint on my pod seems to be to generate legitimate-looking HTML content for external sites, using a username that does not exist on my pod. One “semantically correct” thing to do would be to error out if that username does not exist on the pod. It’s not unlike having a mail server configured as an open relay at this point.

It would also be very helpful to give the pod administrator control over what’s being fetched this way. I don’t want people using my pod to redirect porn sites or whatever. If I could have something as simple as the ability to blacklist URLs that’d already help.

On my blog: Developer Diary, Women’s Equality Day https://john.colagioia.net/blog/2024/08/26/womens-equality.html #programming #project #devjournal

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

On my blog: Free Culture Book Club — Morrisa Jeanine https://john.colagioia.net/blog/2024/08/24/morrisa-jeanine.html #freeculture #bookclub

https://galusik.fr/log/2024-08-23-frm.html Tonight #fridayrockmetal playlist

On my blog: Toots 🦣 from 08/19 to 08/23 https://john.colagioia.net/blog/2024/08/23/week.html #linkdump #socialmedia #quotes #week

On my blog: Real Life in Star Trek, Power Play https://john.colagioia.net/blog/2024/08/22/power-play.html #scifi #startrek #closereading

On my blog: Developer Diary, World Humanitarian Day https://john.colagioia.net/blog/2024/08/19/humanitarian.html #programming #project #devjournal

On my blog: Free Culture Book Club — Antumbra, chapter 0 https://john.colagioia.net/blog/2024/08/17/antumbra.html #freeculture #bookclub

On my blog: Toots 🦣 from 08/12 to 08/16 https://john.colagioia.net/blog/2024/08/16/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, Conundrum https://john.colagioia.net/blog/2024/08/15/conundrum.html #scifi #startrek #closereading

On my blog: Yet Another Dark Mode Post https://john.colagioia.net/blog/2024/08/14/dark-mode-again.html #programming #techtips

Morphotrophic by Greg Egan is built around an idea for how life on Earth could have worked out differently. It gets increasingly strange and interesting as the story progresses. My partner and I finished it last night and thoroughly enjoyed it. The beginning is free online: https://gregegan.net/MORPHOTROPHIC/00/MorphotrophicExcerpt.html #scifi #reading

On my blog: Developer Diary, World Elephant Day https://john.colagioia.net/blog/2024/08/12/elephant.html #programming #project #devjournal

On my blog: Open Source Characters https://john.colagioia.net/blog/2024/08/11/open-source-characters.html #freeculture #licenses #rant

On my blog: Free Culture Book Club — Viaje a la Tierra del Quebracho https://john.colagioia.net/blog/2024/08/10/quebracho.html #freeculture #bookclub

On my blog: Toots 🦣 from 08/05 to 08/09 https://john.colagioia.net/blog/2024/08/09/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, The Masterpiece Society https://john.colagioia.net/blog/2024/08/08/masterpiece-society.html #scifi #startrek #closereading

On my blog: Developer Diary, Coast Guard Day (belated) https://john.colagioia.net/blog/2024/08/05/coast-guard.html #programming #project #devjournal

On my blog: Free Culture Book Club — Aether Age Codex - Helios, part 3 https://john.colagioia.net/blog/2024/08/03/helios-3.html #freeculture #bookclub

On my blog: Toots 🦣 from 07/29 to 08/02 https://john.colagioia.net/blog/2024/08/02/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, Violations https://john.colagioia.net/blog/2024/08/01/violations.html #scifi #startrek #closereading

I learnt how to display a txt file in a html page in a pretty way: https://melyanna.ichi.city/twtxt.html

On my blog: Developer Diary, Thai Language Day https://john.colagioia.net/blog/2024/07/29/thai.html #programming #project #devjournal

On my blog: Free Culture Book Club — Aether Age Codex - Helios, part 2 https://john.colagioia.net/blog/2024/07/27/helios-2.html #freeculture #bookclub

On my blog: Toots 🦣 from 07/22 to 07/26 https://john.colagioia.net/blog/2024/07/26/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, Hero Worship https://john.colagioia.net/blog/2024/07/25/hero-worship.html #scifi #startrek #closereading

@prologic@twtxt.net Hitting that URL returns a bunch of HTML even though there is no user named lovetocode999 on my pod. I think it should 404, and maybe with a delay, to discourage whatever this abuse is. Basically this can be used to DDoS a pod by forcing it to generate a hunch of HTML just by doing a bogus GET like this.

https://ane.iki.fi/emacs/patches.html

On my blog: Developer Diary, Ratcatcher’s Day https://john.colagioia.net/blog/2024/07/22/ratcatcher.html #programming #project #devjournal

On my blog: Free Culture Book Club — Aether Age Codex - Helios, part 1 https://john.colagioia.net/blog/2024/07/20/helios-1.html #freeculture #bookclub

On my blog: Toots 🦣 from 07/15 to 07/19 https://john.colagioia.net/blog/2024/07/19/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, New Ground https://john.colagioia.net/blog/2024/07/18/new-ground.html #scifi #startrek #closereading

On my blog: Developer Diary, Queen Yun https://john.colagioia.net/blog/2024/07/15/yun.html #programming #project #devjournal

On my blog: Sleep, Addendum https://john.colagioia.net/blog/2024/07/14/sleep-2.html #sleep #advice #rant

On my blog: Free Culture Book Club — Raiders of the Unix Seas https://john.colagioia.net/blog/2024/07/13/raiders-unix-seas.html #freeculture #bookclub

On my blog: Toots 🦣 from 07/08 to 07/12 https://john.colagioia.net/blog/2024/07/12/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, A Matter of Time https://john.colagioia.net/blog/2024/07/11/matter-time.html #scifi #startrek #closereading

On my blog: Developer Diary, Emancipation Day (observed) https://john.colagioia.net/blog/2024/07/08/emancipation.html #programming #project #devjournal

On my blog: Free Culture Book Club — Nevada, part 5 https://john.colagioia.net/blog/2024/07/06/nevada-5.html #freeculture #bookclub

On my blog: Toots 🦣 from 07/01 to 07/05 https://john.colagioia.net/blog/2024/07/05/week.html #linkdump #mastodon #socialmedia #week

On my blog: Real Life in Star Trek, Unification Part 2 https://john.colagioia.net/blog/2024/07/04/unification-part-2.html #scifi #startrek #closereading

Ignite Realtime Blog: Openfire 4.8.2 Release
Openfire 4.8.2 has landed!

This release addresses a number of issues in the real time collaboration server created by the Ignite Realtime Community that aim to reduce bugs and increase stability and performance.

Interested in getting started? You can [download installers of Openfire here](https://igniterealtime.org/downloads/#op … ⌘ Read more

On my blog: Developer Diary, Canada Day https://john.colagioia.net/blog/2024/07/01/canada.html #programming #project #devjournal

二次元游戏的内在困境：服务型游戏为何在“服务”上翻车？
当一款游戏需要更新好几年甚至十几年的时候，它就会把能想到的手段都用上，打造一个大而全的世界，可这一切加深着人们的审美疲劳。

编辑丨熊宇

编者按：在 《二次元游戏的内在困境：怎么总在“切割”或“开除”？》 中，我们说明了“二次元”是标签而非游戏类型，这个标签可以吸引到更多的玩家，但也意味着玩家与游戏类型将会更加不匹配，同时在设计、剧情和人设方面开始受到“二次元”文化的限制。接下来，我们将继续讨论服务型游戏的特点如何影响了“二次元”游戏。

让我们再说一次：游戏分类是一笔烂账。

我曾经尝试在Steam库中给自己的游戏进行一整套严格的分类，希望创造一个秩序井然的世界……但我失败了，有的游戏似乎需要扔进多个分类，有的游戏却好像塞不进任何分类，最终，这个分类 … ⌘ Read more

On my blog: Free Culture Book Club — Nevada, part 4 https://john.colagioia.net/blog/2024/06/29/nevada-4.html #freeculture #bookclub

On my blog: Toots 🦣 from 06/24 to 06/28 https://john.colagioia.net/blog/2024/06/28/week.html #linkdump #mastodon #socialmedia #week