10 Weirdest Concept Car Designs Ever
Most concept cars are never meant to be anything more than a concept. They’re elaborate ideas for vehicles that cannot possibly be mass manufactured (or even made) when they are showcased at trade shows and other industry events. Concept cars are instead meant to excite consumers, investors, and the general public about the future. As […]
The post 10 Weirdest Concept Car Designs Ever app … ⌘ Read more
How to use GitHub Copilot: What it can do and real-world examples
Real-world examples show you how Copilot can generate unit tests, refactor code, create documentation, perform multi-file edits, and much more
The post How to use GitHub Copilot: What it can do and real-world examples appeared first on The GitHub Blog. ⌘ Read more
10 of the Most Generation Defining Films
Since the early days of filmmaking, it seems every generation has certain movies that strongly reflect whatever sets them apart from their parents and grandparents. Whether it be fashion, social behavior, attitude toward life, or simply a refusal to conform in general, motion pictures that successfully capture what makes a generation unique often become nostalgic […]
The post [10 of the Most Generation Defining Films](https://listverse.com/2025/01/08/1 … ⌘ Read more
messing with gemini again, this time a static site generator called gssg - https://git.sr.ht/~gsthnz/gssg
my capsule is linked in my profile but just in case it’s over at gemini://lazuli.sayitditto.net
Monero Observer Blitz #37 - December 2024
Here’s a recap of what happened this December in the Monero community:
[ANN] [Bounty] Gamepad-controlled cryptographic multitool with offline wallet address generator
Links:
whoeverlovesDigit (Nostr) ⌘ Read more
[ANN] Phantom Circuit: Introduction
Phantom Circuit is a fictional short story generated entirely by AI. It was inspired by a Darknet Diaries podcast episode [..] I also managed to work in some mention of Monero…
Link: https://cyberspace.dad/book/
j@cyberspace.dad (XMPP) ⌘ Read more
‘The Monero Moon’ newsletter makes comeback with Issue #75 after short hiatus
John Foss1 has published Issue #752 of The Monero Moon curated weekly newsletter after a ~3.5 month hiatus:
After a few months’ hiatus due to life commitments ( wedding bells), we’re back! Explore this week’s edition for an update on all the latest Monero (XMR) news, developments, and entertainment!
The publication includes news about:
- Development, Releases, and Technology
- General News
- Eve … ⌘ Read more
Uncovering GStreamer secrets
In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.
The post Uncovering GStreamer secrets appeared first on The GitHub Blog. ⌘ Read more
How to generate unit tests with GitHub Copilot: Tips and examples
Learn how to generate unit tests with GitHub Copilot and get specific examples, a tutorial, and best practices.
The post How to generate unit tests with GitHub Copilot: Tips and examples appeared first on The GitHub Blog. ⌘ Read more
Generalized Bulletproofs ‘suitable for use’ according to Brandon Goodell security review
Brandon Goodell (aka Surae Noether)1 has concluded2 that Generalized Bulletproofs (GBPs) 3 are suitable for use after completing a review4 of the security proofs5 produced by CypherStack6:
My general results: Overall, GBPs are suitable for use, I think they are secure. [..] If the proofs of security for BPs are up to ind … ⌘ Read more
plowsof posts progress report for fifth CCS coordinator term
plowsof1 has submitted a progress report2 after working for more than two months during their fifth term as CCS coordinator3:
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
The post [Software is a team sport: Building the future of software development together](https://github.blog/news-insights/company-news/software-is-a-team-sport-building-the-future-of-software- … ⌘ Read more
How developers spend the time they save thanks to AI coding tools
Developers tell us how GitHub Copilot and other AI coding tools are transforming their work and changing how they spend their days.
The post How developers spend the time they save thanks to AI coding tools appeared first on The GitHub Blog. ⌘ Read more
I built a gaming PC back in 2020, and in 2024 the only resource-intensive task I perform with it is generating strong private keys for my nodes on the Yggdrasil network. Money well-spent!
‘The Aloha Project’ announces new Haveno mainnet instance with zero fees
alohamarkus1 from The Aloha Project 2 has announced3 the launch of Haveno Aloha 4, a new public Haveno instance running on Monero’s main network that apparently doesn’t charge any fees:
So I have been working on an ‘alternate’ network [..] it’s out now on mainnet but should require some testing, if anyone wants to help? [..] we have generous sponsors, that means haveno-aloh … ⌘ Read more
[ANN] [Video] The definitive guide to buying Monero (as of November 2024)
In this video, I explain the different ways somebody can acquire XMR, and the tradeoffs that each one has. If you found this useful, make sure to share with noobies, and if you are feeling generous, donations are appreciated!
Link: https://redirect.invidious.io/watch?v=UKOE2DKBmRQ
lordx3nu:matrix.org ⌘ Read more
25% of Google Code is AI Generated
Layoffs, lack of pay raises for engineers, but they’re not replacing programmers with Al. Wink wink. ⌘ Read more
mainnet-pat submits CCS proposal to complete XMR-BCH atomic swaps project
mainnet-pat1 has submitted a CCS proposal2 looking to finalize the effort to create the web platform for XMR-BCH atomic swap utilizing the adaptor signatures:
The work on server-side is mostly done and being tested, funded by generous donors from BCH Flipstarter campaign3. As we have initially underestimated (in the framework of BCH flipstarter) the effort to finish the task, … ⌘ Read more
m-a-x-c creates Monero churn timing tool
m-a-x-c1 has created Monero Churn Timer 2 - a Python script that generates randomized wait times for XMR transactions and can potentially help users increase their privacy by scheduling churns:
The way it works is as follows: after receiving Monero, you would use the Monero Churn Timer to generate a random wait time. You would then set a reminder to “churn” (i.e., send that transaction to yourself at a new address) after the specified … ⌘ Read more
everoddandeven releases monerod-gui v0.1.1-rc
everoddandeven1 has announced2 the release of monerod-gui 3 version 0.1.1-rc4, a cross-platform desktop app that simplifies the process of managing a full Monero node:
Changes overviewHey guys, I just released v0.1.1-rc of my monerod-gui. Now you can try also installation with deb package and autostart/start at boot feature
Auto launch support for Windows, MacOS and Linux (only installers)
General b ... ⌘ [Read more](https://monero.observer/everoddandeven-releases-monerod-gui-v0.1.1-rc/)SNeedlewoods submits CCS proposal for 1 month of part-time Monero dev work
SNeedlewoods1 has submitted their first CCS proposal2 to work part-time on Monero development for 1 month:
For this proposal the focus of work will be on the new wallet API [..] The work is already ongoing since May 2024 [..] This is a “pilot” proposal to see how things work out. [..] Hopefully I will become a long term contributor for general development.
Funding proposed: 2.15 XMR (10-15 hour ... ⌘ [Read more](https://monero.observer/sneedlewoods-submits-monero-dev-work-ccs-proposal/)@aelaraji@aelaraji.com Yep seems alright! Really fast too. I’m still using my main Firefox in general cos.. well it’s set up so much and it’s hardened, profile running in RAM, all that crazy stuff that got it working the way I want 😂
But keeping a good eye on Zen Browser’s progress.
pluja launches experimental ‘AI-driven’ weekly Monero podcast
pluja1 has announced2 the launch of XMR.FAN 3, an AI-driven experimental weekly podcast that aims to deliver the latest insights and news from the world of Monero and privacy:
I’ve been experimenting with Google’s NotebookLM, voice generation (elevenlabs/piper), and other AI tools (SD, flux…). I discovered that these are really useful to produce very decent weekly news overviews, so I made this websi … ⌘ Read more
@prologic@twtxt.net I think printf is a more portable option than echo -e for interpreting \t as tab. E.g. printf ‘%s\t%s\t%s’ “$url” “$time” “$text”. In general I always prefer printf over echo for anything non-trivial in unix shell scripts. See last paragraph of https://en.wikipedia.org/wiki/Echo_(command)#History
Code referencing now generally available in GitHub Copilot and with Microsoft Azure AI
Announcing the general availability of code referencing in GitHub Copilot and Microsoft Azure AI, allowing developers to permit code suggestions containing public code matches while receiving detailed information about the match.
The post [Code referencing now generally available in GitHub Copilot and with Microsoft Azure AI](https://github.blog/ne … ⌘ Read more
@prologic@twtxt.net Regarding the new way of generating twt-hashes, to me it makes more sense to use tabs as separator instead of spaces, since the you can just copy/past a line directly from a twtxt-file that already go a tab between timestamp and message. But tabs might be hard to “type” when you are in a terminal, since it will activate autocomplete…🤔
Another thing, it seems that you sugget we only use the domain in the hash-creation and not the full path to the twtxt.txt
$ echo -e "https://example.com 2024-09-29T13:30:00Z Hello World!" | sha256sum - | awk '{ print $1 }' | base64 | head -c 12
Some more arguments for a local-based treading model over a content-based one:
The format:
(#<DATE URL>)or(@<DATE URL>)both makes sense: # as prefix is for a hashtag like we allredy got with the(#twthash)and @ as prefix denotes that this is mention of a specific post in a feed, and not just the feed in general. Using either can make implementation easier, since most clients already got this kind of filtering.Having something like
(#<DATE URL>)will also make mentions via webmetions for twtxt easier to implement, since there is no need for looking up the#twthash. This will also make it possible to make 3th part twt-mentions services.Supporting twt/webmentions will also increase discoverability as a way to know about both replies and feed mentions from feeds that you don’t follow.
@prologic@twtxt.net Thanks for writing that up!
I hope it can remain a living document (or sequence of draft revisions) for a good long time while we figure out how this stuff works in practice.
I am not sure how I feel about all this being done at once, vs. letting conventions arise.
For example, even today I could reply to twt abc1234 with “(#abc1234) Edit: …” and I think all you humans would understand it as an edit to (#abc1234). Maybe eventually it would become a common enough convention that clients would start to support it explicitly.
Similarly we could just start using 11-digit hashes. We should iron out whether it’s sha256 or whatever but there’s no need get all the other stuff right at the same time.
I have similar thoughts about how some users could try out location-based replies in a backward-compatible way (append the replyto: stuff after the legacy (#hash) style).
However I recognize that I’m not the one implementing this stuff, and it’s less work to just have everything determined up front.
Misc comments (I haven’t read the whole thing):
Did you mean to make hashes hexadecimal? You lose 11 bits that way compared to base32. I’d suggest gaining 11 bits with base64 instead.
“Clients MUST preserve the original hash” — do you mean they MUST preserve the original twt?
Thanks for phrasing the bit about deletions so neutrally.
I don’t like the MUST in “Clients MUST follow the chain of reply-to references…”. If someone writes a client as a 40-line shell script that requires the user to piece together the threading themselves, IMO we shouldn’t declare the client non-conforming just because they didn’t get to all the bells and whistles.
Similarly I don’t like the MUST for user agents. For one thing, you might want to fetch a feed without revealing your identty. Also, it raises the bar for a minimal implementation (I’m again thinking again of the 40-line shell script).
For “who follows” lists: why must the long, random tokens be only valid for a limited time? Do you have a scenario in mind where they could leak?
Why can’t feeds be served over HTTP/1.0? Again, thinking about simple software. I recently tried implementing HTTP/1.1 and it wasn’t too bad, but 1.0 would have been slightly simpler.
Why get into the nitty-gritty about caching headers? This seems like generic advice for HTTP servers and clients.
I’m a little sad about other protocols being not recommended.
I don’t know how I feel about including markdown. I don’t mind too much that yarn users emit twts full of markdown, but I’m more of a plain text kind of person. Also it adds to the length. I wonder if putting a separate document would make more sense; that would also help with the length.
There’s a simple reason all the current hashes end in a or q: the hash is 256 bits, the base32 encoding chops that into groups of 5 bits, and 256 isn’t divisible by 5. The last character of the base32 encoding just has that left-over single bit (256 mod 5 = 1).
So I agree with #3 below, but do you have a source for #1, #2 or #4? I would expect any lack of variability in any part of a hash function’s output would make it more vulnerable to attacks, so designers of hash functions would want to make the whole output vary as much as possible.
Other than the divisible-by-5 thing, my current intuition is it doesn’t matter what part you take.
Hash Structure: Hashes are typically designed so that their outputs have specific statistical properties. The first few characters often have more entropy or variability, meaning they are less likely to have patterns. The last characters may not maintain this randomness, especially if the encoding method has a tendency to produce less varied endings.
Collision Resistance: When using hashes, the goal is to minimize the risk of collisions (different inputs producing the same output). By using the first few characters, you leverage the full distribution of the hash. The last characters may not distribute in the same way, potentially increasing the likelihood of collisions.
Encoding Characteristics: Base32 encoding has a specific structure and padding that might influence the last characters more than the first. If the data being hashed is similar, the last characters may be more similar across different hashes.
Use Cases: In many applications (like generating unique identifiers), the beginning of the hash is often the most informative and varied. Relying on the end might reduce the uniqueness of generated identifiers, especially if a prefix has a specific context or meaning.
I was not suggesting to that everyone need to setup a working webfinger endpoint, but that we take the format of nick+(sub)domain as base for generating the hashed together with the message date and content.
If we omit the protocol prefix from the way we do things now will that not solve most of the problems? In the case of gemini://gemini.ctrl-c.club/~nristen/twtxt.txt they also have a working twtxt.txt at https://ctrl-c.club/~nristen/twtxt.txt … damn I just notice the gemini. subdomain.
Okay what about defining a prefers protocol as part of the hash schema? so 1: https , 2: http 3: gemini 4: gopher ?
↳
In-reply-to
»
@prologic do that mean that for every new post (not replies) the client will have to generate a UUID or similar when posting and add that to to the twt?
⤋ Read More
@sorenpeter@darch.dk There was a client that would generate a unique hash for each twt. It didn’t get wide adoption.
Mozilla Bets the Future of the Web is A.I. Generated Content
A.I. website builders, A.I. award banquets, A.I. investments. And Firefox pushed aside. ⌘ Read more
↳
In-reply-to
»
@lyse This looks like a nice way to do it.
⤋ Read More
@prologic@twtxt.net do that mean that for every new post (not replies) the client will have to generate a UUID or similar when posting and add that to to the twt?
how little data is needed for generating the hashes? Instead of the full URL, can we makedo with just the domain (example.net) so we avoid the conflicts with gemini://, https:// and only http:// (like in my own twtxt.txt) or construct something like like a webfinger id nick@domain (also used by mastodon etc.) from the domain and nick if there, else use domain as nick as well
A Helping Hand for LLMs (Retrieval Augmented Generation) - Computerphile ⌘ Read more
↳
In-reply-to
»
There is a bug in
⤋ Read More
yarnd that's been around for awhile and is still present in the current version I'm running that lets a person hit a constructed URL like
@prologic@twtxt.net I believe you are not seeing the problem I am describing.
Hit this URL in your web browser:
https://twtxt.net/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin
That’s your pod. I assume you don’t have a user named lovetocode999 on your pod. Yet that URL returns HTTP status 200, and generates HTML, complete with a link to https://socialmphl.com/story19510368/doujin, which is not a twtxt feed (that’s where the twtxt.txt link goes if you click it). That link could be to anything, including porn, criminal stuff, etc, and it will appear to be coming from your twtxt.net domain.
What I am saying is that this is a bug. If there is no user lovetocode999 on the pod, hitting this URL should not return HTTP 200 status, and it should definitely not be generating valid HTML with links in it.
Edit: Oops, I misunderstood the purpose of this /external endpoint. Still, since the uri is not a yarn pod, let alone one with a user named lovetocode999 on it, I stand by the belief that URLs like this should be be generating valid HTML with links to unknown sites. Shouldn’t it be possible to construct a valid target URL from the nick and uri instead of using the pod’s /external endpoint?
↳
In-reply-to
»
There is a bug in
⤋ Read More
yarnd that's been around for awhile and is still present in the current version I'm running that lets a person hit a constructed URL like
@prologic@twtxt.net @bender@twtxt.net I partially agree with bender on this one I think. The way this person is abusing the /external endpoint on my pod seems to be to generate legitimate-looking HTML content for external sites, using a username that does not exist on my pod. One “semantically correct” thing to do would be to error out if that username does not exist on the pod. It’s not unlike having a mail server configured as an open relay at this point.
It would also be very helpful to give the pod administrator control over what’s being fetched this way. I don’t want people using my pod to redirect porn sites or whatever. If I could have something as simple as the ability to blacklist URLs that’d already help.
Survey: The AI wave continues to grow on software development teams
We surveyed 2,000 people on software development teams at enterprises in the U.S., Brazil, India, and Germany about the use, experience, and expectations around generative AI tools in software development.
The post Survey: The AI wave continues to grow on software development teams appeared first on The GitHub Blog. ⌘ Read more
Procreate Dev: “I really BEEPing hate generative AI”
Maker of graphic design software for iPad declares “No AI Features” policy. ⌘ Read more
It seems silly to me that we humans create thermal energy with coal, convert the thermal energy to mechanical energy with steam turbines, convert the mechanical energy to electrical energy with generators, and convert the electrical energy back into thermal energy with glass-top stoves and electric heaters.
What are AI agents and why do they matter?
Learn how AI agents and agentic AI systems use generative AI models and large language models to autonomously perform tasks on behalf of end users.
The post What are AI agents and why do they matter? appeared first on The GitHub Blog. ⌘ Read more
Introducing GitHub Models: A new generation of AI engineers building on GitHub
We are enabling the rise of the AI engineer with GitHub Models–bringing the power of industry leading large and small language models to our more than 100 million users directly on GitHub.
The post Introducing GitHub Models: A new generation of AI engineers building on GitHub appeared first on The GitHub Blog. ⌘ Read more
Configure GitHub Artifact Attestations for secure cloud-native delivery
Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.
The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on [The GitH … ⌘ Read more
@prologic@twtxt.net Hitting that URL returns a bunch of HTML even though there is no user named lovetocode999 on my pod. I think it should 404, and maybe with a delay, to discourage whatever this abuse is. Basically this can be used to DDoS a pod by forcing it to generate a hunch of HTML just by doing a bogus GET like this.
↳
In-reply-to
»
@prologic 10 Gbytes has accumulated since I made that last post. It's coming in at a rate of 55 Mbits/second !
⤋ Read More
@prologic@twtxt.net There are a lot of logs being generated by yarnd, which is something I haven’t seen before too:
Jul 25 14:32:42 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:42 (162.211.155.2) "GET /twt/ubhq33a HTTP/1.1" 404 29 643.251µs
Jul 25 14:32:43 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:43 (162.211.155.2) "GET /twt/112073211746755451 HTTP/1.1" 400 12 505.333µs
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (111.119.213.103) "GET /twt/whau6pa HTTP/1.1" 200 37360 35.173255ms
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (162.211.155.2) "GET /twt/112343305123858004 HTTP/1.1" 400 12 455.069µs
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (168.199.225.19) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Fwww.palapa.pl%2Fbaners.php%3Flink%3Dhttps%3A%2F%2Fwww.dwnewstoday.com HTTP/1.1" 200 36167 19.582077ms
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (162.211.155.2) "GET /twt/112503061785024494 HTTP/1.1" 400 12 619.152µs
Jul 25 14:32:46 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:46 (162.211.155.2) "GET /twt/111863876118553837 HTTP/1.1" 400 12 817.678µs
Jul 25 14:32:46 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:46 (162.211.155.2) "GET /twt/112749994821704400 HTTP/1.1" 400 12 540.616µs
Jul 25 14:32:47 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:47 (103.204.109.150) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Fampurify.com%2Fbbs%2Fboard.php%3Fbo_table%3Dfree%26wr_id%3D113858 HTTP/1.1" 200 36187 15.95329ms
I’ve seen that nick=lovetocode999 a bunch.
@movq@www.uninformativ.de Somewhere or another, I think in a William Byrd talk, I heard it suggested that the best ideas in computer science should fit on an index card (ah yes it’s this one: https://paperswelove.org/2017/video/will-byrd-most-beautiful-program/ ). He was referring to the basic principles of LISP/the lambda calculus, which have sometimes been called the Maxwell’s equations of computer programming (by Alan Kay). Simple, short, elegant, but very densely packed with meaning–generations of people have spent their whole careers unpacking what those simple rules can do.
Much of modern software feels like the polar opposite of that. Not only can you not write it on an index card, you never will be able to because people who write software don’t seem to aspire to try. I wish more people thought this way though!
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.
The post [How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT](https://github.blog/2024-07-17-how-researchers-are-using-github-innovation-graph-data-to-estimate-t … ⌘ Read more
I feel like complexity is measured differently at different levels of a project..
- at the function level you use cyclomatic complexity or how many branches internally and how much you need to keep in mind as it calls out to other functions.
- at a file/module level is a balance of the module doing too much against being so granular that you have cross dependency across modules. I have trouble with keeping things dry at this level because it can lead to parts being so abstract or generalized that it adds complexity.
- at a project level i suppose its a matter of how coupled things are across sub-modules.
it works fine if you properly escape your urls!
URIs include components and subcomponents that are delimited by
characters in the "reserved" set. These characters are called
"reserved" because they may (or may not) be defined as delimiters by
the generic syntax, by each scheme-specific syntax, or by the
implementation-specific syntax of a URI's dereferencing algorithm.
If data for a URI component would conflict with a reserved
character's purpose as a delimiter, then the conflicting data must be
percent-encoded before the URI is formed.
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="