@movq@www.uninformativ.de > That guy over there in the corner…

I’m literally sitting in a corner chuckles. I rarely get any emails nowadays. But if I do and it is not plain-text, then my Mutt gets to bark at it and I, just… won’t read it. 🤷🏽‍♂️

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

@bender@twtxt.net Both Gopher and Mastodon are a way for me to “babble”. 😅 I basically shut down Gopher in favor of Mastodon/Fedi last year. But the Fediverse doesn’t really work for me. It’s too focused on people (I prefer topics) and I dislike the addictive nature of likes and boosts (I’m not disciplined enough to ignore them). Self-hosting some Fedi thing is also out of the question (the minimalistic daemons don’t really support following hashtags, which is a must-have for me).

I’ll probably keep reading Fedi stuff, I just won’t post that much, I think.

@prologic@twtxt.net Yeah, it’s difficult, you often don’t get what you’d expect. They also make heavy use of 3rd party libraries. IIUC, for random numbers, they refer to this library. I’ve read many times that the Rust stdlib is intentionally minimalistic (to make it easier to maintain and port and all that).

I’m struggling with this, using 3rd party libs for so many things isn’t really my cup of tea. I’ll probably make my own tiny little “standard library”. It’s silly, but I don’t see any other options. 🤷

@prologic@twtxt.net You can read more about the “cryptic” live coding language Punctual in my newsletter

Wanna read something very scary?

Your future doctor is using ChatGPT to pass medical school, so you better start riding a bike and eating healthy now.

😨😨😨

https://infosec.exchange/@duanegran/114531604486731084

@lyse@lyse.isobeef.org I can’t read. 🤦 Yeah, that’s gonna be a problem. I was not yet able to trigger it, though. Maybe they are (like Google) rolling out these changes gradually …

@bender@twtxt.net Basically the way I’m reading this is 1 RPM. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you’re logged in. You can basically kiss “pursuing” casually, anonymously goodbye.

Imagine if I imposed that kind of rate limit on twtxt.net?! 🤣

@prologic@twtxt.net I read a little about her. Looks to be a good fit for the seat she is holding. I hope she gets to keep it.

@andros@twtxt.andros.dev Programming is art. You become good at art by practising your art. You learn artistic patterns by being inspired by and reading others art works. The most importance however is that you practise your art.

@bender@twtxt.net Mainly the bsd.cafe ones. I like how the minimalist single column profiles look. Image embeds are full width and reading through threads feels nice (as in it doesn’t feel like pealing layers upon layers of a fresh onion).

Confession:

I’ve never found microblogging like twtxt or the Fediverse or any other “modern” social media to be truly fulfilling/satisfying.

The reason is that it is focused so much on people. You follow this or that person, everybody spends time making a nice profile page, the posts are all very “ego-centric”. Seriously, it feels like everybody is on an ego-trip all the time (this is much worse on the Fediverse, not so much here on twtxt).

I miss the days of topic-based forums/groups. A Linux forum here, a forum about programming there, another one about a certain game. Stuff like that. That was really great – and it didn’t even suffer from the need to federate.

Sadly, most of these forums are dead now. Especially the nerds spend a lot of time on the Fediverse now and have abandoned forums almost completely.

On Mastodon, you can follow hashtags, which somewhat emulates a topic-based experience. But it’s not that great and the protocol isn’t meant to be used that way (just read the snac2 docs on this issue). And the concept of “likes” has eliminated lots of the actual user interaction. ☹️

@prologic@twtxt.net and the aim, and end result, is that by reading and learning from it you will prepare yourself to nearly completely avoid accidents. Am I right? 🙂

These ideas are dr the two books:

• Drift into Failure: From Hunting Broken Components to Understanding Complex Systems by Sidney Dekker (2011)
  
• Engineering a Safer World by Nancy Leveson (2011)
  

The former I haven’t read. The later I haven’t finished reading 😅

@lyse@lyse.isobeef.org haha, not satire. It is also in Mark Twain’s “Huckleberry Finn” as well:

“If fifteen cows is browsing on a hillside, how many of them eats with their heads pointed the same direction?”

“The whole fifteen, mum.”

“Here’s what we do know: After their meeting ended and Vice President Vance left the room, the pope was still alive. We can deduce that he was alive, because he was heard asking an assistant, “Ho appena incontrato il volto del diavolo?” which roughly translates to, “Have I just encountered the face of the devil?” It’s a very common question that has been asked in many languages after encounters with JD Vance.”

I couldn’t help but chuckling a bit while reading.

@andros@twtxt.andros.dev Haha 🤣 We’ve explored this idea in the past and we decided that it’s actually a good idea to have an “append-only” feed for various reasons. We’ve also explored the idea of using Range requests, but opted instead to just archive/rotate our feeds periodically 😅 There really isn’t much point in having a feed in reverse chronological order, except (maybe?) so a human read view the new twts at the top of the file?! 🤣

@prologic@twtxt.net Since you have to check and double check everything it spits out (without providing sources), I don’t find any of this helpful. It’s like someone’s in the room with you and that person is saying random stuff that might or might not be correct. At best, it might spark some new idea in your head and then you follow that idea the traditional way.

Information published on the internet (or anywhere, for that matter) was never guaranteed to be correct. But at least you had a “frame of reference”: “Ah, I read this information about Linux on a blog that usually posts about Windows, so this one single Linux post might not necessarily be correct.” That is completely lost with LLMs. It’s literally all mushed together. 🤷

@prologic@twtxt.net This shi_ is as fun as it is frustrating! 😆 the bot is poking at me from a different ASN now, Alibaba’s.

1. Short term solution: I’ve geo-locked my Timeline instance since I’m the only one using it (and I only do so for reading twts when I’m away from terminal).
   
2. Long term: I took a look at your Caddy WAF but couldn’t figure things out on my own; until then, I’ll be poking at Caddy-Defender, maybe throw in a Crowdsec for lols… #FUN

@eapl.me@eapl.me This is one of my concerns too. The moment you post publicly ciphertext, you open yourself up for future attacks on the ciphertext, which you really want to avoid if you can. If you have a read of the Salty.im Spec you’ll note we went to great lengths to protect the user’s privacy as well as their identity and make it incredibly hard to guess at inboxes. It’s still a WIP, but I’d love to see it progressed even further – I truly feel strongly about a purely decentralised messaging ecosystem 👌

Fascinating read on the emerging Model Context Protocol — a new standard for integrating LLMs with agents and tools.

@prologic@twtxt.net you wrote:

“Based on a recent study of the brains of mice I estimated the human brain to have 200B cells/neurons and 50,000T connections.”

What’s the relation between the brains of mice, and the human brain? I am kind of lost trying to make the connection.

I also read that it isn’t 5 watts, but more like 10-20 watts. Still a super tiny consumption, comparing to what it takes to run anything AI.

So I re-write this shell alias that I used all the time alias dkv="docker rm" to be a much safer shell function:

dkv() {
  if [[ "$1" == "rm" && -n "$2" ]]; then
    read -r -p "Are you sure you want to delete volume '$2'? [Y/n] " confirm
    confirm=${confirm:-Y}
    if [[ "$confirm" =~ ^[Yy]$ ]]; then
      # Disable history
      set +o history

      # Delete the volume
      docker volume rm "$2"

      # Re-enable history
      set -o history
    else
      echo "Aborted."
    fi
  else
    docker volume "$@"
  fi
}

you just haven’t read this yet.

I saw 100% I/O wait in htop today but couldn’t find a process which actually does I/O. Turns out, I/O wait isn’t what it used to be anymore:

https://lwn.net/Articles/989272/

In my case, it was mpd which triggered this:

https://github.com/MusicPlayerDaemon/MPD/issues/2241

mpd doesn’t actually do anything, it just sits there and waits for events. To my understanding, this is similar to something blocking on read(). I’m not quite sure yet if displaying this as I/O wait (or “PSI some io”) is intentional or not – but it sure is confusing.

@lyse@lyse.isobeef.org Ha, “imps”, when I read imps, I think of these guys: https://dungeonkeeper.fandom.com/wiki/Imp 😂

re reading so NewRAMStorage(…) is just something that setups your storage and initial data.. that can probably live with storage/sqlite. The point is the storage package does not import the implementations of storage.Storage It just defines the contract for things that use that interface. Now storage/sqlite CAN import storage and not have a circle dep.

It kinda works in reverse for import directions. usually you have your root package that imports things from deeper in the directory structures.. but for the case of interfaces it reverses where the deeper can import from parents but parents cannot import from children.

- app < storage
      < storage/sqlite
      < controller < storage
                   < storage/sqlite
 
- sqlite < storage

- storage X storage/sqlite

@prologic@twtxt.net I formed my opinion about this before reading/watching any additional media coverage. And yes, this is extremely bad. These two have no place on the “world stage”. They are deciding on our future. (And I am well aware that my country is heading into a similar direction – unless we stop it.)

I agree. finding good writings on architecture is hard to find. I used to read architecture reviews over on the high scalability blog. i suspect the reason why is that the arch is how the big tech companies can build moats around their bases. I know in AWS world it only goes as far as how to nickle and dime you to death.

I have the books but they don’t grow much more past interview level.

@lyse@lyse.isobeef.org I am a big fan of “obvious” math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . It’s written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .

@lyse@lyse.isobeef.org Thanks for sharing. I really enjoyed it. The beginning part about the history of life on Earth was fun to watch having just read Dawkin’s old book The Selfish Geene, and now I want to read more about archaea. The end of the talk about what might be going on on Mars made me a bit hopeful someone will find some good evidence.

@prologic@twtxt.net I’d stumbled upon #FrankenPHP while reading through #Caddy stuff and thought maybe it’s bit overkill for what i need it for but then again, it will be just a “One container in for two out”, that’s win in my book 😆

@johanbove@johanbove.info Way to go! ✊ what will you be reading? Got anything planned?

@prologic@twtxt.net I say we should find a way to support mentions with only url, no nick, as per the original spec.

• For @<nick url> we already got support
  
• For @<nick> the posting client should expand it to @<nick url>, if not then the reading client should just render it as @nick with no link.
  
• For @<url> the sending client should try to expand it to @<nick url>, if not then the reading client should try to find or construct a nick base on:
  
  1. Look in twtxt.txt for a nick =
     
  2. Use (sub)domain from URL
     
  3. Use folder or file name from URL

Thank you @bender@twtxt.net Much appreciated 🙏 and Sorry you/anyone had to read that…

I’m usually comfortable keeping my hardship to myself, most especially AWAY from the internet; an act of kindness of sorts towards others, “Everyone’s got their own problems to worry about” kind of thing.. But maaan am I starting to believe creating a twitter account would be a healthy decision 🤣🤦 Read nothin’ out there, just a one way echo chamber of sorts to let that shi_ out of my chest. It seem that’s what everyone else’s been using it for all this time.

A Bsky would be even better! 😂 I’d get to shi_ post and yap all I want, allll the way from terminal and never ever have to look back at it or whatever comes out of it. But I digress…

I FU_ing despise this … whatever this is. I wish I could just wake up in some sort of parallel universe where everything is just sunshine and rainbows, alas, life would be just as meaningless.

and sorry you had to read this if you did.

@xuu@txt.sour.is ROFLMAO! 🤣 reading that, the Tech bro sounded in my mind like Cow from Cow and Chicken

This year is a perfect square: 2025 = 45². Most of us reading this at time of posting won’t be alive next time that happens since 46² = 2116, 91 years from now. This has been bouncing around the internet but for some reason I felt compelled to record it here!

What should the advantage be to nick = _compared to just not defining a nick and let the client use the domain as the handle?

What is not intuitive is that you put something in the nick field that is not to be taken literary. The special meaning of _ is only clean if you read the documentation, compared to having something in nick that makes sense in the current context of the twtxt.txt.

@wbknl@twtxt.net are you still in Russia? It could be hard mailing anything to there these days. I read your “russia is eternally cold”, and became curious. Patagonia is the only place I know on South America that it has rounded mountains, though they can be anywhere. Originally from Chile, or Argentina? My curiosity doesn’t need feeding, by the way. It’s all good if it doesn’t. :-)

@eapl.me@eapl.me here are my replies (somewhat similar to Lyse’s and James’)

1. Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax ![NSFW](url.to/image.jpg) if something is NSFW

2. IDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.

3. Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.

4. Discovery: User-agent for discovery can become better. I’m working on a wrapper script in PHP, so you don’t need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But that’s the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.

5. Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs

6. Languages: If the need is big then make a separate feed. I don’t mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then it’s about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.

7. Emojis: I’m not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?

@prologic@twtxt.net I’m not a yarnd user, so it doesn’t matter a whole lot to me, but FWIW I’m not especially keen on changing how I format my twts to work around yarnd’s quirks.

I wonder if this kind of postprocessing would fit better between composing (via yarnd’s UI) and publishing. So, if a yarnd user types ¼, it could get changed to ¼ in the twtxt.txt file for everyone to see, not just people reading through yarnd. But when I type ¼, meaning first out of four, as a non-yarnd user, the meaning wouldn’t get corrupted. I can always type ¼ directly if that’s what I really intend.

(This twt might be easier to understand if you read it without any transformations :-P)

Anyway, again, I’m not a yarnd user, so do what you will, just know you might not be seeing exactly what I meant.

Inversion by Aric McBay was another random library pick. Like The Fall of Io, it’s the most recent in a series, though I think this series is pretty loosely connected. In contrast, the villain in this book is simple and cartoonishly evil. The book presents a design for utopia which was interesting but a little cloying. I’m not sure if I’m supposed to want to live there, but I don’t think I do. I enjoyed the book as easy reading, and might try the others in the series some time. (4/4)

I read Starter Villain by John Scalzi. Enjoyable, like his other books that I’ve read. Somewhat sillier. (¾)

I’m enjoying Wesley Chu’s Tao and Io series. Spies, action, ancient aliens. Some funny parts, some interesting world-building parts, some action-filled parts. I picked up The Fall of Io at random from a library a few weeks ago, and it turned out to be the last in a series of six (technically two series), so after finishing that I read the first and am partway through the second. Usually I try to read series in order, but this way is interesting. One thing I liked about The Fall of Io was that it it followed many points of view with somewhat conflicting interests, some more evil than others, and I felt sympathy for most of them. (I was kind of hoping it would be about Jupiter’s moon Io, but it wasn’t, but I’m satisfied with what I ended up with.) (2/4)

Recent #scifi #reading: (¼)

Simplified twtxt - I want to suggest some dogmas or commandments for twtxt, from where we can work our way back to how to implement different feature like replies/treads:

1. It’s a text file, so you must be able to write it by hand (ie. no app logic) and read by eye. If you edit a post you change the content not the timestamp. Otherwise it will be considered a new post.

2. The order of lines in a twtxt.txt must not hold any significant. The file is a container and each line an atomic piece of information. You should be able to run sort on a twtxt.txt and it should still work.

3. Transport protocol should not matter, as long as the file served is the same. Http and https are preferred, so it is suggested that feed served via Gopher or Gemini also provide http(s).

4. Do we need more commandments?

@doesnm@doesnm.p.psf.lt finally someone read my blogpost ;)

@prologic@twtxt.net currently? it wouldnt :D.

we would need to come up with a way of registering with multiple brokers that can i guess forward to a reader broker. something that will retry if needed. need to read into how simplex handles multi brokers

Reading about browser security measures and getting sad we don’t live in a world where cross-site scripting is a feature instead of a bug.