@quark@ferengi.one Hmmmm, threads with unread messages are always un-collapsed here. 🤔 I can’t even collapse them on purpose, mutt doesn’t let me.

Maybe that’s a mutt vs. neomutt thing?

Maybe the @yarn_police@twtxt.net can take this case, and shed some light.

I wonder what ever happened to “jlj”. All about him pretty much disappeared from the net.

Collapsed threads, that is. If I un-collapse a thread, new/unread messages show on the intended new colour, but while the thread is in collapsed state, there is no highlight.

@quark@ferengi.one this is how it shows:

Screenshot of jenny/neomutt with thread joined

@bender@twtxt.net, cool, so I can join the threads, but your edit to the original will never show at my end. Will have @bender@twtxt.net show the screenshot.

OK. @quark@ferengi.one did not see this update, but should see this reply now, as broken.

@bender@twtxt.net, let’s break it!

Testing this. I will break this thread purposely, to see how to handle it under neomutt. I have now edited this one. Let’s go!

For the mutt/neomutt users out here, what’s the trick to highlight threads with new messages? No user interaction, just upon opening, or while opened, have threads with new, unread messages in it highlighted. Thanks!

@abucci@anthony.buc.ci appreciate it if you find the time to update again 🙏

Now that’s rolling out, I think that’s it. The only final way I can improve that /external endpoint/view is to refactor how it works a bit and add some HTMX magic™ so it has a nice snappy UX to it as it dynamically tries to validate the feed and provide useful feedback to the user, that way I can avoid injecting it into the cache unnecessarily in the first place!

@bender@twtxt.net Yeah but I found another bug and just squished that. CD pipeline is gonna roll this pod soon™ – Basically wasn’t handling feeds that redirect properly. e.g: https://google.com => https://www.google.com (though it’s not a feed 🤣)

@prologic@twtxt.net while authenticated continues to “work”, but not without authentication (and a 404 is received then). That’s good!

Hmm I see this in the cache again 🤦‍♂️ Not sure how tbh – Job for me later.

@bender@twtxt.net https://google.com has been removed from the cache (without nuking the entire cache) @abucci@anthony.buc.ci if you need to selectively do this for some reason, there’s a script in the tools directory for this:

$ ./tools/cache_delete_feed.sh 'https://google.com'

Anyway, that’s gone. This is much much harder to exploit now, even if you’re an authenticated user.

Time for work™, But I quickly hacked together a bit of a better solution here. Rolling it out to my pod so we’ll see how it actually goes. Still possible to abuse if you’re a logged in user, etc, but at least now we delete the invalid/bad feed afterwards if it a) was not even a text//plain content-type or b) it errored out and was a new fetch of a HTTP feed.

Yeah okay.

@bender@twtxt.net Not possible 🤣

See here again. “Open it while logged in, or logged out, it doesn’t matter”.

@prologic@twtxt.net I wasn’t logged in, and I could do it. 😩

@abucci@anthony.buc.ci I mean it’s only suppose to do one thing really. What are you thinking here?

Yeah I was afraid of this. Technically can still be abused by “logged in” users. Hmmm

So we really not trust ourselves? 🤣🙄

@abucci@anthony.buc.ci No worries! 😅

Had to disable support functions because I’ve received three spammy support emails today. Thanks for that feature @prologic@twtxt.net

@abucci@anthony.buc.ci hahahahaha! I wish! I can’t afford the electricity that baby will consume, less the cost of itself. 🙈

Wow, these are nice machines! https://tinygrad.org/

The twtxt.txt is a link to Google. I think that could be abused, and it shouldn’t be allowed.

@prologic@twtxt.net see: https://twtxt.net/external?uri=https://google.com&nick=abucci (open it while logged in, or logged out, it doesn’t matter.

@slashdot@feeds.twtxt.net Never connect a TV to the Internet and then it will work for even longer than 7 years.

A stopgap setting that would let me stop all calls to /external matching a particular pattern (like this damn lovetocode999 nick) would do the job. Given the potential for abuse of that endpoint, having more moderation control over what it can do is probably a good idea.

But this is super weird, should behave the same as my pod 🤦‍♂️

@abucci@anthony.buc.ci nuke the cache file before starring

How did you nuke your cache?

@abucci@anthony.buc.ci Hmmm weird 🤔

@abucci@anthony.buc.ci You don’t actually appear to be running that sha hmmm? 🤔

Hmmm

It appears to be working to 👌

silly bots 🙄

@abucci@anthony.buc.ci Bo worries! If you curl it too it’ll return a proper 494 👌 Should make bots go away 🤞

@abucci@anthony.buc.ci Blah my cache was poisoned 🤦‍♂️ it’s fine now! And this is no monger possible to do now.

@bender@twtxt.net Did they win though? Did they?! 🤣

@prologic@twtxt.net they won! :-) I mean, I know that support form was mostly (mainly, exclusively?) used to spam you, but still.

@abucci@anthony.buc.ci This is already in place. It will error, return 404 Feed Not Found for non-browsers and external feeds are never fetched (unless you are an authenticated/valid user of the pod) – I patched that hole a while ago, because I already picked up it was being abused by bots 🤖

Support (and thus abuse reports) are now disabled on this pod. There’s now a new setting in Settings -> Poderator Settings called “Disable Support”.

This happens again today. This is twice just today alone. Hmm I’m reconsidering this feature entirely, rarely used and if it’s just going to be abused by spammer, I don’t see the value in it. I’m certainly not going to try to build some kind of “anti-spam” filters or anything, sounds cool, I’d learn a lot, but smells of effort and time I simply don’t have 😢 #spam #sucks

@slashdot@feeds.twtxt.net OMG! 😦 What da hell is going on here?! I used to have a friend that came from North Carolina, this is terrible (attacking power grids) 🤬 wtf are these people smoking?! 🚬

Far-Right ‘Terrorgram’ Chatrooms Are Fueling a Wave of Power Grid Attacks
An anonymous reader quotes a report from Bloomberg: People in a quiet neighborhood in Carthage, a town in Moore County, North Carolina, heard a series of six loud pops a few minutes before 8:00 p.m. on Dec. 3, 2022. A resident named Michael Campbell said he ducked at the sound. Another witness told police they thought they were he … ⌘ Read more

Like why does spammers even bother?! Don’t they realize how fucking futile and useless it is to be abuse something like a support form? I mean clearly nothing is going to come of this, except it’s going to be clearly ignored and toss in the bin. 🤣

Wow! My god spammers really try hard song they? 🤣 Geez 🤦‍♂️

Do we need to make the captcha harder? 🙄

@lyse@lyse.isobeef.org to be fair the settings that you can change in the user interface are persisted to the settings YAML file and yes override any environmental command online options. This is always made sense to me because there are subset of settings that can be changed dynamically at runtime without requiring any restart.