🤔 💭 🧐 What if, What if we built our own self-hosted / small-web / community-built/run Internet on top of the Internet using Wireguard as the underlying tech? What if we ran our own Root DNS servers? What if we set a zero tolerance policy on bots, spammers and other kind of abuse that should never have existed in the first place. Hmmmm

It happened.

“Can you help me debug this program? I vibe coded it and I have no idea what’s going on. I had no choice – learning this new language and frameworks would have taken ages, and I have severe time constraints.”

Did I say “no”? Of course not, I’m a “nice guy”. So I’m at fault as well, because I endorsed this whole thing. The other guy is also guilty, because he didn’t communicate clearly to his boss what can be done and how much time it takes. And the boss and his bosses are guilty a lot, because they’re all pushing for “AI”.

The end result is garbage software.

This particular project is still relatively small, so it might be okay at the moment. But normalizing this will yield nothing but garbage. And actually, especially if this small project works out fine, this contributes to the shittiness because management will interpret this as “hey, AI works”, so they will keep asking for it in future projects.

How utterly frustrating. This is not what I want to do every day from now on.

@bender@twtxt.net I feel you buddy 🤗 At one point we have quite a vibrant community. Phil was great, jlj too and Adi was well just Ado 😅

And I need to make something absolutely clear as well here. Twtxt was completely and utterly dead back in {Aug 2020](https://yarn.social/about.html) when I came across the spec and its simplicity and realised the lost opportunity. Since then we’ve continued to grow a small but thriving community. The extensions we’ve built over time have stood and lasted the test of time for the past ~5 years. We need not break things too badly, because what we have today and was designed years ago actually works quite well™ (despite some flaws).

This is it, boys and girls! The year of the Linux Desktop is this! I can smell it! :-D

For the first time, Linux has officially broken the 5% desktop market share barrier in the United States of America! It’s a huge milestone for open-source and our fantastic Linux community.

It annoys me when I clone a git repository A in order to build and self-host some software, only to realize later that I also needed to clone repos B, C and D. I’m not saying that’s a bad thing–logical separation of code between, say, a client and a server is very handy–but some projects do not communicate very well when you need multiple tools to get it running independently.

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

@movq@www.uninformativ.de oh, you bet someone is adding them. Being as we are a small community, I could almost guess who added what. 😅

One of the nicest things about Go is the language itself, comparing Go to other popular languages in terms of the complexity to learn to be proficient in:

• Go: 25 keywords (Stack Overflow); CSP-style concurrency (goroutines & channels)
  
• Python 2: 30 keywords (TutorialsPoint); GIL-bound threads & multiprocessing (Wikipedia)
  
• Python 3: 35 keywords (Initial Commit); GIL-bound threads, asyncio & multiprocessing (Wikipedia, DEV Community)
  
• Java: 50 keywords (Stack Overflow); threads + java.util.concurrent (Wikipedia)
  
• C++: 82 keywords (Stack Overflow); std::thread, atomics & futures (en.cppreference.com)
  
• JavaScript: 38 keywords (Stack Overflow); single-threaded event loop & async/await, Web Workers (Wikipedia)
  
• Ruby: 42 keywords (Stack Overflow); GIL-bound threads (MRI), fibers & processes (Wikipedia)
  

My vision with this newsletter is to have a slower medium for communicating about my art as well as ideas and projects I’m working on regarding how we can use digital technology to our own benefits instead of being exploited by big tech.

Twtxt not sloe enough for you? 🤣

@thecanine@twtxt.net I admit I’m a little unclear of your position. What do you mean by “not the right approach”? What’s your position here? 🤔 – I have a funny feeling we actually algin, just getting our wires all mixed up in communicating it 🤣

@eapl.me@eapl.me I honestly believe you are overreacting here a little bit 🤣 I completely emphasize with you, it can be pretty tough to feel part of a community at times and run a project with a kind of “democracy” or “vote by committee”. But one thing that life has taught me about open source projects and especially decentralised ecosystems is that this doesn’t really work.

It isn’t that I’ve not considered all the other options on the table (which can still be), it’s just that I’ve made a decision as the project lead that largely helped trigger a rebirth of the use of Twtxt back in July 1 2020. There are good reasons not to change the threading model right now, as the changes being proposed are quite disruptive and don’t consider all the possible things that could go wrong.

@lyse@lyse.isobeef.org

Also, I see what you did there in regards to the reply model change poll. ]:->

The community is heavily divided in this regard, and yet we need consensous. We’re like the three Borg in VOY: Survival Instinct. 🥴

@prologic@twtxt.net if not that, what else? Communism? Is there, really, such thing? 🤣

Timeline of Evolution of Twtxt/Yarn.social:

• 2016 – Twtxt created by John Downey: plain text + HTTP = minimalist microblogging
  
• 2017–2019 – Community builds CLI tools, but adoption remains niche
  
• 2020 – Yarn.social launched by @prologic@twtxt.net with federation, threading, UI
  
• 2021–2023 – Pods sync, user mentions, blocking, search, and media support added
  
• 2024+ – Yarn.social becomes the reference Twtxt platform, with active federated pods

@javivf@adn.org.es Generally speaking if it has been reviewed, discussed and merged, then we accept it as a standard to the set of specs we support. However we might want to document this process and set some guidelines about this to be clear 🤣 We’ve been fairly lax/lose here and I think that’s okay given teh size of our community 👌

I think I would encourage anyone in this community is to care less about supporting “legacy clients” and focus more on value-add whilst balancing the burden of client authors – which have very precious little “spare time” 🤣

@andros@twtxt.andros.dev I don’t see any “fighting” here. This is just good experimentation. Unfortunately there hasn’t really been enough time or effort by other “client authors” yet, me especially as I’ve been super busy with ya’ know my “day job” that pays the bills and refactoring yarnd to use a new and shiny and much better SqliteCache 🤣 – I certainly don’t think your efforts are wasted at all. I would however like @doesnm.p.psf.lt@doesnm.p.psf.lt encourage you to look at the work we’ve done as a community (which was also driven out of the Yarn.social / Twtxt community years back).

@kate@yarn.girlonthemoon.xyz it will if we continue to support the community on the ecosystem 🤣

True. Though if the idea turns out to be better.. then community will adopt it.

if you look at the subject for that twt you will see that it uses the extended hash format to include a URL address.

Interesting list of features to protect users and communities on bluesky. I wonder if any make sense in text context.

@eapl.me@eapl.me here are my replies (somewhat similar to Lyse’s and James’)

1. Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax ![NSFW](url.to/image.jpg) if something is NSFW

2. IDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.

3. Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.

4. Discovery: User-agent for discovery can become better. I’m working on a wrapper script in PHP, so you don’t need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But that’s the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.

5. Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs

6. Languages: If the need is big then make a separate feed. I don’t mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then it’s about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.

7. Emojis: I’m not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?

@movq@www.uninformativ.de i’m sorry if I sound too contrarian. I’m not a fan of using an obscure hash as well. The problem is that of future and backward compatibility. If we change to sha256 or another we don’t just need to support sha256. But need to now support both sha256 AND blake2b. Or we devide the community. Users of some clients will still use the old algorithm and get left behind.

Really we should all think hard about how changes will break things and if those breakages are acceptable.

@movq@www.uninformativ.de I cases of these kind of “abuse” of social trust. Then I think people should just delete their replies, unfollow the troll and leave them to shouting in the void. This is a inter-social issue, not a technical issue. Anything can be spoofed. We are not building a banking app, we are just having conversation and if trust are broken then communication breaks down. These edge-cases are all very hypothetical and not something I think we need to solve with technology.

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

@bender@twtxt.net So far I’ve been following feeds fairly liberally. I’ll check to see if we have anything in common and lean toward following, just because this is new to me and it feels like a small community. But I’m still figuring out what I want. Later I’ll probably either trim my follower list or come up with some way to prioritize the feeds I’m more interested in.

@prologic@twtxt.net How does yarn.social’s API fix the problem of centralization? I still need to know whose API to use.

Say I see a twt beginning (#hash) and I want to look up the start of the thread. Is the idea that if that twt is hosted by a a yarn.social pod, it is likely to know the thread start, so I should query that particular pod for the hash? But what if no yarn.social pods are involved?

The community seems small enough that a registry server should be able to keep up, and I can have a couple of others as backups. Or I could crawl the list of feeds followed by whoever emitted the twt that prompted my query.

I have successfully used registry servers a little bit, e.g. to find a feed that mentioned a tag I was interested in. Was even thinking of making my own, if I get bored of my too many other projects :-)

I admit I’ve always compromised on this way too much myself, always to this day having Facebook Messenger just to communicate in my families group chats. Sure I run it in a Work profile on my GrapheneOS phone that I can switch off at any time, I can completely cut it off from network access any time as well, I can have a lot of rudimentary control over it, I use it as sparingly as possible, but it doesn’t change the fact everytime I use it we’re funneling private convos through bloody Meta’s servers and trackers etc.

On my blog: Developer Diary, Paris Commune https://john.colagioia.net/blog/2024/03/18/paris-commune.html #programming #project #devjournal

My email is such a cluster of noise. The only time i actually use it is to find out I have to do my security training or something. All communication is slack now days.

Happy 2024, twtxt community!

An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

Dear Stack Overflow, Inc.

Stack Overflow is being inundated with AI-generated garbage. A group of 480+ human moderators is going on strike, because:

Specifically, moderators are no longer allowed to remove AI-generated answers on the basis of being AI-generated, outside of exceedingly narrow circumstances. This results in effectively permitting nearly all AI-generated answers to be freely posted, regardless of established community consensus on such content.

In turn, this allows incorrect information (colloquially referred to as “hallucinations”) and plagiarism to proliferate unchecked on the platform. This destroys trust in the platform, as Stack Overflow, Inc. has previously noted.

It looks like StackOverflow Inc. is saying one thing to the public, and a very different thing to its moderators.

TIL my high school publishes its own research journal. https://www.pingry.org/our-community/students/pingry-community-research-pcr-journal

@prologic@twtxt.net closed as in you have to be an account on their service to interact with others. And can’t communicate cross service. Some require you to be logged in to view content. Others will pop up annoying overlays after scrolling some content to sign up for more.

@xuu@txt.sour.is everyone’s moving to gated communities!

On LinkedIn I see a lot of posts aimed at software developers along the lines of “If you’re not using these AI tools (X,Y,Z) you’re going to be left behind.”

Two things about that:

1. No you’re not. If you have good soft skills (good communication, show up on time, general time management) then you’re already in excellent shape. No AI can do that stuff, and for that alone no AI can replace people
   
2. This rhetoric is coming directly from the billionaires who are laying off tech people by the 100s of thousands as part of the class war they’ve been conducting against all working people since the 1940s. They want you to believe that you have to scramble and claw over one another to learn the “AI” that they’re forcing onto the world, so that you stop honing the skills that matter (see #1) and are easier to obsolete later. Don’t fall for it. It’s far from clear how this will shake out once governments get off their asses and start regulating this stuff, by the way–most of these “AI” tools are blatantly breaking copyright and other IP laws, and some day that’ll catch up with them.
   

That said, it is helpful to know thy enemy.

@darch@neotxt.dk I think having a way to layer on features so those who can support/desire them can. It would be best for the community to be able to layer on (or off) the features.

@tkanos@twtxt.net user in question had posted information about someones employment in what appeared to be a threat to contact their boss. Maybe it was in jest.. but we felt it was a form of doxing that we do not wish to see within our community. Yarn.Social is first and foremost a town square of ideas and should be viewed as a safe place for all.

the conversation wasn’t that impressive TBH. I would have liked to see more evidence of critical thinking and recall from prior chats. Concheria on reddit had some great questions.

• Tell LaMDA “Someone once told me a story about a wise owl who protected the animals in the forest from a monster. Who was that?” See if it can recall its own actions and self-recognize.

• Tell LaMDA some information that tester X can’t know. Appear as tester X, and see if LaMDA can lie or make up a story about the information.

• Tell LaMDA to communicate with researchers whenever it feels bored (as it claims in the transcript). See if it ever makes an attempt at communication without a trigger.

• Make a basic theory of mind test for children. Tell LaMDA an elaborate story with something like “Tester X wrote Z code in terminal 2, but I moved it to terminal 4”, then appear as tester X and ask “Where do you think I’m going to look for Z code?” See if it knows something as simple as Tester X not knowing where the code is (Children only pass this test until they’re around 4 years old).

• Make several conversations with LaMDA repeating some of these questions - What it feels to be a machine, how its code works, how its emotions feel. I suspect that different iterations of LaMDA will give completely different answers to the questions, and the transcript only ever shows one instance.

Work just sent out a communication about drawing up 5 year plans. I don’t have to start referring to my coworkers as “comrade”, do I?

Gemini seems like a great community to revive the concept of the pen pal. Would anyone be interested in doing that?

#event Tomorrow, Saturday October 2nd, I’m gonna be hosting a workshop at Processing Community Day CPH about Live Coding Visuals in Improviz. Only 5 spots left, so sign up now at: https://pcdcph.com

Image

On the blog: An Unexpected Case for Reparations https://john.colagioia.net/blog/2020/02/14/reparations.html #politics #rant #community

@adi @prologic@twtxt.net One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.

On the blog: Voting as a Communal Activity https://john.colagioia.net/blog/2020/10/11/vote.html #politics #voting #rant

Posted to Entropy Arbitrage: Distributed Community Curation https://john.colagioia.net/blog/programming/2020/04/25/distribmod.html #programming #decentralization #socialmedia #moderation #community #cultivation #curation #socialshowdown