@seabirdie@yarn.girlonthemoon.xyz let’s goooo!!!!!! wait lemme follow u

@lyse@lyse.isobeef.org Oh! no need to be sorry and feel free to keep at it if it helps, I don’t mind. It’s just that I’m always on the lookout for corpo-bots and crawlers slipping through the cracks (a fun little game of sorts) 😅 the only thing I let them see is a robots.txt telling them to :diffoff

Also, I’m curious about the invalid lines in my feed. is it something I should lookout for in future?

Pinellas County - Long Run: 11.00 miles, 00:09:38 average pace, 01:46:02 duration
just one of those ones you never want to stop. it was dark, quiet, and lonely which just let me zone out with the cool weather and maintain what felt easy. didn’t look at the watch until the end when it notified me it was going to die. adjusted the mileage and time to reflect.
#running

Shi… I forgot to pull my twtxt file before twtin’ … let me see if I can recover them lost timeline twts.

Ok, amma start twting from my timeline instance, let me know if I break something xD

** Neon **
I was bemoaning the lack of color at my desk and a friend sent me this link to a place that makes custom neon signs. I am likely much to indecisive, and faaaar too cheap to actually order one, but I keep having intrusive thoughts about what I’d get if I were to get one.

I think the Yiddish phrase“zol er krenken un gedenken” would be funny. It means“let him suffer and remember” which is very melodramatic, but totally rife with so much meaning. ⌘ Read more

What should the advantage be to nick = _compared to just not defining a nick and let the client use the domain as the handle?

What is not intuitive is that you put something in the nick field that is not to be taken literary. The special meaning of _ is only clean if you read the documentation, compared to having something in nick that makes sense in the current context of the twtxt.txt.

A new addition to my domain collection
My list of domains is constantly changing. Sometimes it grows, and sometimes it shrinks as I let go of a domain I no longer need. The good thing is that letting go of a domain makes room for new ones. Just yesterday I made a spontaneous purchase of another .de domain: jan-lukas.de, to go along with janlukas.de, which I already own and sometimes use for emails. ⌘ Read more

JMP: Newsletter: JMP at SeaGL, Cheogram now on Amazon
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free a … ⌘ Read more

JMP: Newsletter: Year in Review, Google Play Update
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as … ⌘ Read more

@eapl.me@eapl.me why not https://domain.com/.well-known/twtxt/:domain/:user ?

the business card test is this can you write it on your business card and have someone you give it to be able to figure it out without added context?

• phone number: yes because everyone knows what a phone number is.
  
• email address: yes, everyone knows an email and their aol or prodigy will let them email.
  
• twitter/x/insta/pintrest handle: no, whats a twitter? do i need to sign up?
  
• domain name: yes its simple and you just type it in a browser right?
  
• twtxt url: kinda? its a bit long and is that a forward slash? or a backward slash?

One benefit with bluesky is your username is also a website. And not a clunky URL with slashes and such. I wish twtxt adopted that. I have advocated for webfinger to for twtxt to let us do something like it with usernames. Nostr has something like it

By default the bsky.social urls all redirect to their feeds like: hmpxvt.bsky.social
Many custom urls will redirect to some kind of linktree or just their feed cwebonline.com or la.bonne.petite.sour.is or if you are a major outlet just to your web presence like https://theonion.com‬ or https://netflix.com

Its just good SEO practice

Do all nostr addresses take you to the person if typed into a browser? That is the secret sauce.
No having to go to some random page first. no accounts. no apps to install. just direct to the person.

How to Lock iPhone / iPad Apps with Face ID or Passcode
A handy app-specific security feature is available for iPhone and iPad that requires authentication with Face ID or a passcode before a chosen app can be launched. Essentially this lets you lock any iPhone or iPad app with Face ID or a passcode, and this lock applies even if your iPhone or iPad is already … Read More ⌘ Read more

Let’s Get Containerized: Simplifying Complexity for Modern Businesses
Adapt to rising tech costs with containers, enabling consistent, efficient app deployment across cloud and hybrid environments. ⌘ Read more

[ANN] Privacy and Anonymity in Monero

I have a written a blog post on how Monero uses Cryptography (ECDH, Pedersen Commitments, Schnorr Signatures, Ring Signatures etc) to add privacy & anonymity on the blockchain. I have covered most of the cryptography used except for RangeProofs (Bulletproofs) which I plan to cover later in a separate post. Do let me know if you find any mistakes or if something isn’t clear.

Link: https://risencrypto.github.io/Monero/

risensteam0 (at) protonmail (do … ⌘ Read more

Why I’d never switch to an 🍎 iPhone
Recently, Kev announced he’s switching back to Android, and judging by his first impressions, he seems to be enjoying it. Coincidentally, I came across a video from Linus Tech Tips, where Linus shared his thoughts after using an iPhone for 30 days – and let’s just say, he wasn’t impressed. ⌘ Read more

Second Stage
⌘ Read more

Second Stage
⌘ Read more

John-Doggett creates public XMR node setup script
John-Doggett1 has created a Bash script2 that helps users to automatically configure public Monero nodes with support for HTTPS on Debian:

It uses Caddy to create a public website on your node, as well as renewing LetsEncrypt certificates. [..] Let me know what you all think

Image

Usage instructions are available on GitHub2.

Note: inspect the code4 before running the script.

1. https:/ … ⌘ Read more

@eapl.me@eapl.me here are my replies (somewhat similar to Lyse’s and James’)

1. Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax ![NSFW](url.to/image.jpg) if something is NSFW

2. IDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.

3. Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.

4. Discovery: User-agent for discovery can become better. I’m working on a wrapper script in PHP, so you don’t need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But that’s the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.

5. Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs

6. Languages: If the need is big then make a separate feed. I don’t mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then it’s about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.

7. Emojis: I’m not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?

Unstoppable Domains introduces personalized .XMR onchain domains
Unstoppable Domains 1 has announced2 the launch of personalized .XMR 3 onchain domains that can be used instead of long wallet addresses, seemingly in collaboration with Cake Wallet and the Monero project:

In partnership with @monero and @cakewallet, we’re making $XMR payments more secure and private. [..] .XMR domains let you transact securely on Monero and streamline payments in … ⌘ Read more

Let it sink in how the richest person on the planet was EXTREMELY directly involved in getting his preferred candidate in the US presidency seat.

JMP: Newsletter: JMP at SeaGL, Cheogram now on Amazon
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as … ⌘ Read more

** Broughlike **
The Roguelike Celebration happened this weekend. Every year I think about participating, and every year I let it slip me by. In honor of it, though, this weekend I made a Broughlike…which I’ve creatively named “Eli’s Broughlike.”

It runs in the browser. It should work on most anything with a keyboard, or with a touchscreen — the about page ha … ⌘ Read more

Introducing Organization Access Tokens
Docker organization access tokens let customers manage access that each token has, instead of managing users and their placement within the organization. ⌘ Read more

‘Let it rip’? The multimillion-dollar tomato fight between farmers and government
Tomato growers placed into quarantine after the discovery of the tomato brown rugose virus say authorities should have been better prepared for the arrival of the virus. ⌘ Read more

BrandyJSon releases Feather Atomic v1.2
BrandyJSon1 has released Feather Atomic 2 version 1.23 with a temporary fix for the dead rendezvous points issue4:

[..] lets a user force a swaptool to query rendezvous points over clearnet. Does not completely solve the issue as it stems from comit xmr<->btc using an outdated libp2p version.

The full changelog, sources and SHA256sums can be found on Github3.

This project is a Feather Wallet 5 fork w … ⌘ Read more

Leading the way: 10 projects in the Open Source Zone at GitHub Universe 2024
Let’s take a closer look at some of the stars of the Open Source Zone at GitHub Universe 2024 🔎

The post Leading the way: 10 projects in the Open Source Zone at GitHub Universe 2024 appeared first on The GitHub Blog. ⌘ Read more

A conversation about the Future of Internal Developer Portals (IDPs)
Community post by Abby Bangser, Christophe Fargette, Piotr Kliczewski, Valentina Rodriguez Sosa Let’s define what is an IDP (Internal Developer Portal)  The term IDP can be confusing, as some of the industry refers to Internal Developer Portals and… ⌘ Read more

JMP: Newsletter: SMS Routes, RCS, and more!
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; … ⌘ Read more

JMP: Newsletter: eSIM Adapter (and Google Play Fun)
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as i … ⌘ Read more

Erlang Solutions: Erlang Concurrency: Evolving for Performance
Some languages are born performant, and later on tackle concurrency. Others are born concurrently and later build on performance. C or Rust system’s programming are examples of the former, Erlang’s Concurrency is an example of the latter.

A mistake in concurrency can essentially let all hell loose, incurring incredibly hard-to-track bugs and even security vulnerabilities, and a mistake in performance can leave a product tr … ⌘ Read more

@prologic@twtxt.net Thanks for writing that up!

I hope it can remain a living document (or sequence of draft revisions) for a good long time while we figure out how this stuff works in practice.

I am not sure how I feel about all this being done at once, vs. letting conventions arise.

For example, even today I could reply to twt abc1234 with “(#abc1234) Edit: …” and I think all you humans would understand it as an edit to (#abc1234). Maybe eventually it would become a common enough convention that clients would start to support it explicitly.

Similarly we could just start using 11-digit hashes. We should iron out whether it’s sha256 or whatever but there’s no need get all the other stuff right at the same time.

I have similar thoughts about how some users could try out location-based replies in a backward-compatible way (append the replyto: stuff after the legacy (#hash) style).

However I recognize that I’m not the one implementing this stuff, and it’s less work to just have everything determined up front.

Misc comments (I haven’t read the whole thing):

• Did you mean to make hashes hexadecimal? You lose 11 bits that way compared to base32. I’d suggest gaining 11 bits with base64 instead.

• “Clients MUST preserve the original hash” — do you mean they MUST preserve the original twt?

• Thanks for phrasing the bit about deletions so neutrally.

• I don’t like the MUST in “Clients MUST follow the chain of reply-to references…”. If someone writes a client as a 40-line shell script that requires the user to piece together the threading themselves, IMO we shouldn’t declare the client non-conforming just because they didn’t get to all the bells and whistles.

• Similarly I don’t like the MUST for user agents. For one thing, you might want to fetch a feed without revealing your identty. Also, it raises the bar for a minimal implementation (I’m again thinking again of the 40-line shell script).

• For “who follows” lists: why must the long, random tokens be only valid for a limited time? Do you have a scenario in mind where they could leak?

• Why can’t feeds be served over HTTP/1.0? Again, thinking about simple software. I recently tried implementing HTTP/1.1 and it wasn’t too bad, but 1.0 would have been slightly simpler.

• Why get into the nitty-gritty about caching headers? This seems like generic advice for HTTP servers and clients.

• I’m a little sad about other protocols being not recommended.

• I don’t know how I feel about including markdown. I don’t mind too much that yarn users emit twts full of markdown, but I’m more of a plain text kind of person. Also it adds to the length. I wonder if putting a separate document would make more sense; that would also help with the length.

@prologic@twtxt.net Do you have a link to some past discussion?

Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I don’t think I have to honour that request, no matter how European they are.

I am really bothered by the idea that someone could force me to delete my private, personal record of my interactions with them. Would I have to delete my journal entries about them too if they asked?

Maybe a public-facing client like yarnd needs to consider this, but that also bothers me. I was actually thinking about making an Internet Archive style twtxt archiver, letting you explore past twts, including long-dead feeds, see edit histories, deleted twts, etc.

Hmm, this didn’t work, because I made a mistake. Now I have corrected it, let’s see how it goes now.

95-year-old keeps garden dream alive as flower festival gets underway after beloved wife’s passing
Les Stephson is not letting his age get in the way of maintaining his “pride and joy” — his garden, where he goes to remember his wife who died a year ago. ⌘ Read more

Release Date for iOS 18, macOS Sequoia, iPadOS 18, is September 16
In all of the hubbub about the new iPhone 16 series and release candidate builds for macOS Sequoia, iOS 18, and iPadOS 18, you might have missed when Apple announced what the official release dates will be for all of their new operating systems. Let’s clear that up right now so that you can be … Read More ⌘ Read more

JMP: Newsletter: eSIM Adapter Launch!
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; … ⌘ Read more

JMP: Newsletter: eSIM Adapter Launch!
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; … ⌘ Read more

Beginner’s guide to GitHub: Setting up and securing your profile
As part of the GitHub for Beginners guide, learn how to improve the security of your profile and create a profile README. This will let you give your GitHub account a little more personality.

The post Beginner’s guide to GitHub: Setting up and securing your profile appeared first on [The … ⌘ Read more

Where the Eder flows into the Fulda
Just in time before it gets cold and rainy again next week, I took advantage of today to go for a short bike ride. Upstream along the Fulda, over to the Eder and then to where the Eder flows into the Fulda. This was the short (49 km) of the two versions I had planned for this. The longer version is almost 90 kilometers long. Let’s see if I can still do it this year… ⌘ Read more

@movq@www.uninformativ.de @prologic@twtxt.net Another option would be: when you edit a twt, prefix the new one with (#[old hash]) and some indication that it’s an edited version of the original tweet with that hash. E.g. if the hash used to be abcd123, the new version should start “(#abcd123) (redit)”.

What I like about this is that clients that don’t know this convention will still stick it in the same thread. And I feel it’s in the spirit of the old pre-hash (subject) convention, though that’s before my time.

I guess it may not work when the edited twt itself is a reply, and there are replies to it. Maybe that could be solved by letting twts have more than one (subject) prefix.

But the great thing about the current system is that nobody can spoof message IDs.

I don’t think twtxt hashes are long enough to prevent spoofing.

@lyse@lyse.isobeef.org 31°C here, feels like 33°C, with a lovely 75% of humidity. It has been raining, on and off (to make matter “better”) the whole day until now. No horses here, but if you go outside you will smell the same smell of farm animals (like goats, or pigs). That’s because two or three kilometres from here there are private farms, and when the wind blows in such way, well, we are reminded of their existence.

I haven’t left the house, so it feels well under air conditioning. In two more hours I will call it quits from the work day, and will have to dash to the grocery to get supplies for tonight’s meal (arroz con gandules). I will let you know how it truly feels out there then. :-D

For those swollen fingers, nothing better than a mildly cold shower! Oh, and paws off the keyboard! :-P

** Constants, variable assignment, and pointers **
After reading my last post, a friend asked an interesting question that I thought would also be fun to write about!

They noted that in the reshape function I declared the variable result as a constant. They asked if this was a mistake? Because I was resigning the value iteratively, shouldn’t it be declared using let?

What is happening there is that the constant is being declared as an array, so the reference … ⌘ Read more

@movq@www.uninformativ.de I think I have got it, but need to test upon receiving further posts. I added:

set uncollapse_new     = yes  # open threads when new mail
set uncollapse_jump    = yes  # jump to unread message when uncollapse
set collapse_unread    = no   # don't collapse threads with unread mails

Let’s see how it goes.

@bender@twtxt.net, let’s break it!

A stopgap setting that would let me stop all calls to /external matching a particular pattern (like this damn lovetocode999 nick) would do the job. Given the potential for abuse of that endpoint, having more moderation control over what it can do is probably a good idea.

@prologic@twtxt.net I believe you are not seeing the problem I am describing.

Hit this URL in your web browser:

https://twtxt.net/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

That’s your pod. I assume you don’t have a user named lovetocode999 on your pod. Yet that URL returns HTTP status 200, and generates HTML, complete with a link to https://socialmphl.com/story19510368/doujin, which is not a twtxt feed (that’s where the twtxt.txt link goes if you click it). That link could be to anything, including porn, criminal stuff, etc, and it will appear to be coming from your twtxt.net domain.

What I am saying is that this is a bug. If there is no user lovetocode999 on the pod, hitting this URL should not return HTTP 200 status, and it should definitely not be generating valid HTML with links in it.

Edit: Oops, I misunderstood the purpose of this /external endpoint. Still, since the uri is not a yarn pod, let alone one with a user named lovetocode999 on it, I stand by the belief that URLs like this should be be generating valid HTML with links to unknown sites. Shouldn’t it be possible to construct a valid target URL from the nick and uri instead of using the pod’s /external endpoint?

@prologic@twtxt.net sounds fair. Let’s see how it works for @abucci@anthony.buc.ci. Speedy fix, that’s awesome! :-)

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.