@prologic@twtxt.net ‘Clownflare’ 🤣🤣🤣 Love it.

But yes the idea of a cheap VPS as a tunnel and keeping home network all local is a good one I reckon.

@lyse@lyse.isobeef.org I think it’s these lines of code: https://git.mills.io/yarnsocial/yarn/src/commit/5101ec240ddb0e5e39809bf8a7b847508b3ac298/internal/feed.go#L162-L166

It’s also (expectedly) in the feed file on disk:

2024-08-04T21:22:05+10:00	[foo][foo=][foo][foo=]

@lyse@lyse.isobeef.org Holy fucking shit! You’re right! You got me out of bed for this one, I spun my local dev instance and entered a Twt with [foo] and ended up with [foo][foo=][foo][foo=] wut da actual fuq?! 🤔

The reason I think this is some kind of attack is based on the repeated content and some of its uniqueness 🤔 This is so uncharacteristic if both victims 🤔

@stigatle@yarn.stigatle.no Nice one 🥳 Kooking really good! 👌

@lyse@lyse.isobeef.org I’m not sure this is a bug to be honest? What possible code could cause this?! 🤔

@lyse@lyse.isobeef.org Thank you! 🙏

Media upload works, light\dark theme enabled. Tested it on debian\windows - works out of the box, statusbar moved to bottom for cleaner UI. Next is working more on ui when it refreshes the timelines. .

Image

@lyse@lyse.isobeef.org Yes

How do the feeds look on disk? Do they already contain this bracketed text?

Because the handle just serves the Twtxt file directly.

@bender@twtxt.net / @mckinley@twtxt.net could you both please change your password immediately? I will also work on some other security hardening that I have a hunch about, but will not publicize for now.

Hmm I see it! It’s so obvious 🤦‍♂️ I smell an attack of some kind.

@lyse@lyse.isobeef.org No problems! Is it stils in the list when I redo this search, it’ll be gone 😅

@lyse@lyse.isobeef.org This is really weird. Do you have an example of this bracketed text? Re peers, I’m aware of all the peers, nothing surprising there.

@mckinley@twtxt.net That’s actually all I used it for myself 👌 All those other “bells ‘n whistles” are really just Traefik supporting lots of alternate setups and drivers for discovery, etc.

@bender@twtxt.net LOL 🤣

@bender@twtxt.net LOL 🤣

@bender@twtxt.net That’s great, actually, but it’s a shame you have to opt in to it.

@prologic@twtxt.net Ah yes, the other Go reverse proxy. Caddy seems simpler to me, more like Nginx with better defaults and a built-in ACME client. Traefik seems to have way more bells and whistles for all kinds of crazy setups when I only need to map domain names to containername:port pairs.

$ wc -l inactive.txt
152 inactive.txt

👋 At some point over the next day or two I will be deleting the following feeds/accounts:

https://gist.mills.io/prologic/ae61ae2bfba6401e8955a33394fd858b

If anyone spots anything on this list that shouldn’t be deleted, please let me know! 🙏

@lyse@lyse.isobeef.org@

We’ll kind of the backend fixes it or grid to 🤣

@movq@www.uninformativ.de@ does not hmmm

@prologic@twtxt.net works

The mobile autocomplete bug is something I can reproduce and likely fix soon™ – I think its happenning because I accidentally nuked this pod’s cache the other day (sorry!) 😢 – But it is also a bug 🐛

Like what was this meant to be anyway?

"[Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=]"

As for @mckinley@twtxt.net ’s odd Twt, I only see one instance of this:

2023-01-09T22:42:37Z	(#dusjj6a) @<lyse https://lyse.isobeef.org/twtxt.txt> As far as I know, they're still visible in the Web UI. Although, in the mobile app and youtube.com, I believe it tells you that the video isn't available without having to click on it. They don't tell you that in the RSS feed, and I agree; it gets annoying.

If we had a custom feed generator that hooks directly into the YouTube API, I'll bet we could find that information and put "[Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=]" in the title for premieres and remove it when the video is available.

And I have no fucking clue how this happened. I can’t imagine anything in the yarnd codebase would be responsible for this weirdness 🤣

@mckinley@twtxt.net Nah it wasn’t me, trust me 🤣 I actually use Traefik for my ingres.

I don’t think I’m smart enough to figure this out 😅

I can’t explain this. I’m leaning towards a peering pod being responsible for producing a different hash, and twtxt.net pulling that in from a peer. But that would only happen if my pod doesn’t have the Root Twt ans asked its peers for it. And that implies other pods are producing incorrect/different hashes “somehow”. So all of that seems highly unlikely tbh.

bsormva is not a hash found in @lyse@lyse.isobeef.org ’s feed at all according to yarnc debug which is printing the hash and corresponding Twt per line.

That is this one:

ta6uu5q 2024-08-03T19:30:00+02:00	(#puxvjcq) Hmmm, what is going on here? ...

A equivalent yarnc debug <url> only sees the 2nd hash

All the “magic” might be nice in the short term, but as it becomes the default it can paper over some really questionable decisions when it’s too late to change them. This can be applied to a number of things in computing but the best example I can think of is networking. (Side note: That’s one of my favorite blog posts ever.)

Things start out simple and got more complicated until someone figures out how to cover up the mess. Then, since nobody wants to get in there and fix it properly and everyone else has already moved on, we just ignore what’s behind the curtain and hope it all keeps working.

Computers aren’t meant to give me three different answers 🤣

@movq@www.uninformativ.de / @lyse@lyse.isobeef.org / @xuu@txt.sour.is any ideas wut da fuq is going on here?! 🤣

In fact I cannot produce eitehr of these hashes:

$ pbpaste | ./yarnc hash -u https://lyse.isobeef.org/twtxt.txt -t 2024-08-03T19:30:00+02:00 -
bsormva

What da fuq?!

$ bat https://twtxt.net/twt/7hraijq | jq -r '.text' | ./yarnc hash -u https://lyse.isobeef.org/twtxt.txt -t 2024-08-03T19:30:00+02:00 -
bsormva

Yeah, this looks like a hash collision to me right? Same twt, same timestamp, same twter, produces two different hashes? I’m not even sure how da fuq this is even possible?

$ diff <(bat https://twtxt.net/twt/7hraijq | jq '.') <(bat https://twtxt.net/twt/ta6uu5q | jq '.')
10c10
<   "hash": "7hraijq",
---
>   "hash": "ta6uu5q",

@lyse@lyse.isobeef.org (ahh auto-complete is broken only on Mobile?) @xuu@txt.sour.is is our hashing reached a point where it’s broken and needs to be dumped? 🤔

What da actual fuq?! They have the same timestamp too!

$ bat https://twtxt.net/twt/7hraijq | jq '.created'
"2024-08-03T19:30:00+02:00"
$ bat https://twtxt.net/twt/ta6uu5q | jq '.created'
"2024-08-03T19:30:00+02:00"

And the same Twter (URI)

Hm mm these are identical in content:

$ diff -Ndru <(bat https://twtxt.net/twt/7hraijq | jq -r '.text') <(bat https://twtxt.net/twt/ta6uu5q | jq -r '.text') | wc -l
0

@bender@twtxt.net Shy are those seem like dupes with different hashes?

Nope none that I can think of 🤔

Yeah okay I can reproduce that weird auto-complete bug

Hmm like @lyse@lyse.isobeef.org

Hmm I’m not sure either 🤔

Definitely something going on here. Cloudflare is my main suspect.

Geniatech Unveils a Raspberry Pi-like SBC with StarFive JH7110 RISC-V Processor at edgetech+west2024
Geniatech Unveils a Raspberry Pi-like SBC with StarFive JH7110 RISC-V Processor at edgetech+west2024
Last month in Japan, at the edgetech+west2024, Geniatech introduced their first RISC-V based single-board computer, designed to meet industrial standards and emulate the form factor and functionality of the popular Raspberry Pi. ⌘ Read more

@prologic@twtxt.net I thought you were one of the people telling me how great it was. It is a Go project, after all. What do you usually use? I always find myself spending a lot of time making Nginx do what I want and I don’t think I’ve ever had automatic certificate renewal work the first time.

Caddy just works. I have some self-hosted Web services with easy-to-remember subdomains that only exist on my Wireguard network with a valid Let’s Encrypt (wildcard) certificate so browsers don’t complain. It should be automatically renewed without my input but we’ll see what happens. It took shockingly little effort, even considering I need to customize the Docker image and create API keys so it can solve a DNS challenge using my provider.

I’m still not thrilled about using software that does magic for you (like Docker and Caddy) but it sure makes things easy.

@lyse@lyse.isobeef.org will be fixed, thanks!

I’ve been tricked! 🤣

@lyse@lyse.isobeef.org Of! It’s not real?! 😱

On my blog: Free Culture Book Club — Aether Age Codex - Helios, part 3 https://john.colagioia.net/blog/2024/08/03/helios-3.html #freeculture #bookclub

☻ I NEED MORE GOPHERs Ideas?

@movq@www.uninformativ.de I think you’re mistaking expectations for quality software 🤣 When have you ever seen quality software out of an enterprise? 😅

@movq@www.uninformativ.de Bahahaha 🤣

@movq@www.uninformativ.de So you gotta write your own TCP/IP stack right? 😅 Did that for an undergrad uni assignment, how hard can it. be 🤣

@movq@www.uninformativ.de Oh wow that’s a nice shot! 👌 Don’t think I’ve ever seen an Owl like this! What species of owl is it? 🤔

@movq@www.uninformativ.de And you thought it would be what exactly? 🤔 This is Meta we’re talking about 🤣

@lyse@lyse.isobeef.org Well we lost all three rounds 🤣 6-1 6-1 7-0 😱

@lyse@lyse.isobeef.org Hehe these are accounts that haven’t been used for over 800 days 🤣

SeeedStudio Debuts Low-Cost ReSpeaker Lite Voice Assistant Kit
SeeedStudio Debuts Low-Cost ReSpeaker Lite Voice Assistant Kit
This week, SeeedStudio introduced the ReSpeaker Lite Voice Assistant Kit, a budget-friendly device designed for advanced voice processing and audio playback. The kit features a dual microphone array, an XMOS XU-316 AI chip for audio processing, and a high-quality speaker. ⌘ Read more

@mckinley@mckinley.cc what makes it so great? 🤔

I finally gave in and tried out Caddy. It’s about as great as everyone says it is.

DFI RPP051: A 2.5″ Pico-ITX Single Board Computer Featuring 13th Gen Intel Core Processors
DFI RPP051: A 2.5” Pico-ITX Single Board Computer Featuring 13th Gen Intel Core Processors
The DFI RPP051 is a compact 2.5-inch Pico-ITX board equipped with the latest 13th Generation Intel Core Processors, making it suitable for space-constrained applications in digital signage, IoT and more. Its small form factor combined with powerful multi-core capabilities offe … ⌘ Read more

@shreyan@twtxt.net Haha my criteria is being inactive for over two years 🤣

I plan to not be cleaned up 😅

On my blog: Toots 🦣 from 07/29 to 08/02 https://john.colagioia.net/blog/2024/08/02/week.html #linkdump #mastodon #socialmedia #week

If every Yarn pod had a good ~10 or so friends/family/co-workers/colleagues and we grew Yarn.social one pod at a time, I’d be very happy 😊

Interesting stats here. My pod has some ~250 accounts/feeds, of which only ~10 are actually actively used. Just doing some “house cleaning” here, and since the good ‘ol days of “oh wow this is cool, new and shiny!”, well that’s gone, and since then I’ve turned off open registration, so most of this is just garbage and spam. 😅

FYI: I will be deleting the following 57 inactive (dead?) users on this pod today:

henseegeek fundor333 westbam onlyfansreview mabdalrahman retronav crunched deebs tca qwe234 pfefferle razetime kayos marguesto john yale slackjeff kodaira313a denisovich mlctrez jcrawford l3db3tt3r crunch homer mjy testdrive neoboard svendowideit palash k0rr stxh nirmal_kumar jan6 bram frankiem cvshumake qazsx apoorv10 duriny_test heyjude asepaned testest kevin natascha_e papz anvis spammer lonfas kamme dooven aatikakhan enochthec aman justinakers pc dai superyarn

If you wish to keep your account/feed, please login immediately. You have ~12 hours from this post (as I’ll be out playing table-tennis 🎾)

@tkanos@twtxt.net Thanks!

@prologic@twtxt.net good luck

Pretty sure those peaks and troughs are the feed fetchers, which one of these days I’ll trry to optimize and smooth out. 😅

This pod is consistently using ~200MB of memory and ~2-5% of CPU. – I keep trying to make improvements and optimizations as I come across them over time 😅

@bender@twtxt.net Thank you! 🙏

Big day, hell big weekend! Got Table Tennis 🏓 tournament 🏟️ where I’m the team captain of a team of two young players aged 9 and 10 called Spin Kings 🤣 The competition looks really tough, I’m not really sure how we’ll go to be honest, but we’ll try out best 😅

@lyse@lyse.isobeef.org Pretty cool looking huts 🛖 One of those structures kinda looks like the gallows 🤣

@aelaraji@aelaraji.com Ahh it might very well be a Clownflare thing as @lyse@lyse.isobeef.org eluded to 🤣 One of these days I’m going to get off Clownflare myself, when I do I’ll share it with you. My idea is to basically have a cheap VPS like @eldersnake@we.loveprivacy.club has and use Wireguard to tunnel out. The VPS becomes the Reverse Proxy that faces the internet. My home network then has in inbound whatsoever.

@lyse@lyse.isobeef.org my gosh! 😅 I hope @iolfree@iolfree is okay 👌

@bender@twtxt.net Cool! 😎

Current flutter source has been pushed - https://github.com/stig-atle/YarnDesktopClient , flutter source is in main branch. The GTK4 version is in it’s own branch (just wanted to keep a copy of that too).
Keep in mind it’s early version. But it does have the basics implemented.

Got all 3 timelines in, so you can switch between them.
Need to add some kind of refresh feature as well, then I’ll get it cleaned up and put the source out, and continue from there - also the UI is not final, now I’m just focusing on features. The UI will be cleaned up as well.

Image

Note to self, don’t park on a hill in neutral with handbrake off

@prologic@twtxt.net I’m using CF Tunnel on a raspberry pi, can’t do direct at the moment.

Mais alguém estudou na primária com os manuais do Papu?

É uma personagem da cultura nacional que não me lembro de ter visto recordada algures

This ☝️

@aelaraji@aelaraji.com yes it’s because of the advertised nickname in the feed. The spec actually doesn’t allow this and ysrnd implements the spec pretty closely really.

# Nick 		= Grumpy G.