@lyse@lyse.isobeef.org Yes let’s make UTF-8 mandatory 👌

@lyse@lyse.isobeef.org Agreed

Let’s try this pill for Twtxt v2 (no account required)

http://polljunkie.com/poll/xdgjib/twtxt-v2

@lyse@lyse.isobeef.org I’m a bit indifferent whether it’s at the beginning or end tbh.

This is still a draft! Feel free to edit it 👌

@movq@www.uninformativ.de That’s what I was afraid of 🤣

@movq@www.uninformativ.de Makes sense 👌 I think it’s fair to implement any spec changes incrementaly for sure 👌

And yea since yarnd has a store it’s a bit easier to support edit / delete actions 😅

So I’m a location based system, how exactly do I reply to one of these two Twts from @Yarns@search.twtxt.net ? 🤔

2024-09-07T12:55:56Z	🥳 NEW FEED: @<twtxt http://edsu.github.io/twtxt/twtxt.txt>
2024-09-07T12:55:56Z	🥳 NEW FEED: @<kdy https://twtxt.kdy.ch/twtxt.txt>

@lyse@lyse.isobeef.org Yup, this is why you started seeing if you could improve the “trust” of peers right? 😅

@movq@www.uninformativ.de Yeah I think what I’m proposing here is a more pragmatic approach to improvements that will last much longer than our first interaction (~4 years and going strong, but running into minor issues with edit/identify and some collssions_). This scope of changes is much easier to implement for yarnd and I suspect jenny too. and as indicated in here quite easy to have a reference implementation written in Bash with standard UNIX tools.

It’s even sorta/somewhat compatible with our existing feeds (kind of) 🤣 – Bit too stupid to figure out how to write enough correct Bash to make threads display inline nicely in an indented/tree-like fashion, but oh well 😅

Example:

$ ./twtxt-v2.sh reply 242561ce02d "Cool! 👌"
Posted twt with hash: b2c938f9838
...
$ ./twtxt-v2.sh timeline
...
prologic@twtxt.net [2024-09-22T07:26:37Z] <242561ce02d> Okay folks, I've spent all day on this today, and I _think_ its in "good enough"™ shape to share:

**Twtxt v2**:

- Specification: https://docs.mills.io/uJXuisaYTRWYDrl8A2jADg?both
- implementation: https://gist.mills.io/prologic/afdec15443da4d7aa898f383f171ec1b

 ![](https://twtxt.net/media/Wb9MtAiQyEkzNQB5dyVvUR.png)
prologic@localhost [2024-09-22T07:51:16Z] <b2c938f9838> Cool! 👌 (reply-to:242561ce02d)

Okay folks, I’ve spent all day on this today, and I think its in “good enough”™ shape to share:

Twtxt v2:

• Specification: https://docs.mills.io/uJXuisaYTRWYDrl8A2jADg?both
  
• implementation: https://gist.mills.io/prologic/afdec15443da4d7aa898f383f171ec1b
  

@aelaraji@aelaraji.com No that is absolutely correct. Without cryptographic identities and signatures there is no way to verify authenticity. That is correct. And I don’t think we need to necessarily. What I was just showing and proving was that I didn’t write that spoofed Twt in the first place, which was only provable at the time of @lyse@lyse.isobeef.org short-lived attack 🤣 He essentially forked yarnd, hosted it temporarily (I think locally) and used it to poison the caches of a few production pods.

Thankfully the gossip protocol used by yarnd as part of its “peering” between pods isn’t fully trusted, twts are not archived for example into permanent storage. So the moment my pod re-fetched my own feed, the spoofed Twt was obliterated 😅

Eventual consistency 🤣

LOl 😂 Not only have a tried to write up a full Twtxt v2 specification, I’ve also written a Bash shell script that implements the new spec 😅

@movq@www.uninformativ.de Haha 😝 Nice one! And yes I’m also aware of some collisions too!

@prologic@twtxt.net Care to explain how that proves anything when someone else already got the spoofed twt with no way to tell it was? can’t an old twt just be deleted and give a similar result when grep-ed for?

Le me is worried! 😅

@aelaraji@aelaraji.com I like Nttfy 👌 I’ve wanted to replace my use of the Pushover service with this for a while now 🤔

@bender@twtxt.net Just desktop notifications at the moment, but you could easily throw in a Ntfy server and get notified about anything you want, wherever you want. 🤣

@bender@twtxt.net 👌

👋 Reminder folks of the upcoming Yarn.social monthly online meetup:

I hope to see @david@collantes.us @movq@www.uninformativ.de @lyse@lyse.isobeef.org @xuu@txt.sour.is @sorenpeter@darch.dk and hopefully others too @aelaraji@aelaraji.com @falsifian@www.falsifian.org and anyone else that sees this! 🙏 We’re hopefully going to primarily discuss the future of Twtxt and the last few weeks of discussions 🤣

• Event: Yarn.social Online Meetup
  
• When: 28th September 2024 at 12:00pm UTC (midday)
  
• Where: Mills Meet : Yarn.social
  
• Cadence: 4th Saturday of every Month
  

Agenda:

• Let’s talk about the upcoming changes to the Twtxt spec(s)
  
  • See #xgghhnq
    

#Yarn.social #Meetup

My Position on the last few weeks of Twtxt spec discussions:

• We increase the Hash length from 7 to 11.
  
• We formalise the Update Commands extension.
  
• We amend the Twt Hash and Metadata extension to state:
  

Feed authors that wish to change the location of their feed (once Twts have been published) must append a new # url = comment to their feed to indicate the new location and thus change the “Hashing URI” used for Twts from that point onward.

This has implications of the “order” of a feed, and we should either do one of two things, either:

• Mandate that feeds are append-only.
  
• Or amend the Metadata spec with a new field that denotes the order of the feed so clients can make sense of “inline” comments in the feed. – This would also imply that the default order is (of course) append-only. Suggestion: # direction = [append|prepend]

Low-cost Makerdiary board with iMX RT1011 Crossover MCU and Zephyr Support
Makerdiary recently introduced the iMX RT1011 Nano Kit, a compact, high-performance development board featuring NXP’s iMX RT1011 Crossover MCU. With an Arm Cortex-M7 core running at up to 500 MHz, it delivers strong CPU performance and real-time responsiveness The iMX RT1011 Nano Kit includes 128 KB of on-chip RAM, configurable as Tightly Coupled Memory or

I finally decided to do a few experiments with yarnd to see how many things would break and how many assumptions there are around the idea of “Content Addressing”; here’s where I’m at so far:

• What breaks
  

Basically I’m at a point where spending time on this is going to provide very little value, there are assumptions made in the lextwt parser, assumptions made in yarnd, assumptions in the way storage is done and the way threading works and things are looked up. There are far reaching implications to changing the way Twts are identified here to be “location addressed” that I’m quite worried about the amount of effort would be required to change yarnd here.

So good we got fireworks. OK, maybe the fireworks were not exactly due to #SFD and instead was due to the local religious celebrations, but hey - our #SoftwareFreedomDay had fireworks!

Image

@mckinley@twtxt.net Yes I have, however I’m not counting that because even using “Cloud” is not labor free.

@aelaraji@aelaraji.com We digits it out 🤣 @lyse@lyse.isobeef.org ’s little hack was good but only temporary 🤣

@sorenpeter@darch.dk Lins of agree with dealing with this kind of social nonsense which we’ve all done in the past 🤣

@movq@www.uninformativ.de I think your scenario doesn’t account for clients and their storage. The scenario described only really affects clients that come along later. Even then they would also be able to re-fetch mossing Twts from peers or even a search engine to fill in the gaps.

#SoftwareFreedomDay2024 is over in Portugal, but you are already thinking about 2025! Mark your calendars: third Saturday of September in Coimbra, Portugal.

In the meantime, here are a few pictures from today’s celebration in Lamego.

You can see more pictures of this year’s #SoftwareFreedomDay at https://commons.m.wikimedia.org/wiki/Category:Software_Freedom_Day_2024

Image

Image

Image

Image

Protectli Vault V1410: Fanless 4-Port 2.5GbE Network Appliance with Intel N5105
The Protectli Vault V1410 is a fanless network appliance designed for applications that demand robust performance and reliable connectivity. Key features include four 2.5GbE Ethernet ports and multiple expansion slots, making it a versatile solution for a wide range of networking environments. The device comes equipped with the Intel N5105 processor, a quad-core Celeron chip

@movq@www.uninformativ.de I cases of these kind of “abuse” of social trust. Then I think people should just delete their replies, unfollow the troll and leave them to shouting in the void. This is a inter-social issue, not a technical issue. Anything can be spoofed. We are not building a banking app, we are just having conversation and if trust are broken then communication breaks down. These edge-cases are all very hypothetical and not something I think we need to solve with technology.

Been thinking about it for the last couple of days and I would say we can make do with the shorter (#<DATETIME URL>)since it mirrors the twt-mention syntax and simply points to the OP as the topic identified by the time of posting it. Do we really need and (edit:...)and (delete:...) also?

@prologic@twtxt.net 🕵🏻 Hint: it was a twt about stolen property…

Open-Source Oscilloscope with 1 GS/s High-Speed Data Streaming and Flexible Measurement Capabilities
Crowd Supply recently launched a campaign for ThunderScope, an oscilloscope that combines powerful hardware with open-source software. It captures data at 1 GS/s and streams it to a computer via Thunderbolt, USB4, or PCI Express for real-time processing, offering greater flexibility for complex measurements across various timescales. The Thunde … ⌘ Read more

…while chasing the clouds away.

I have just made yet another convoluted twtxt notifications script! Feeling like an old dog learning new tricks! 🤣

Image

@prologic@twtxt.net You’ve done extremely well for ~$125/month, but that’s not figuring in labor. I’m sure you’ve put a lot of hours into maintenance in the last 10 years.

@movq@www.uninformativ.de That’s kind a problem though right?

@david@collantes.us 🤣🤣🤣

I just realized the other big property you lose is:

What if someone completely changes the content of the root of the thread?

Does the Subject reference the feed and timestamp only or the intent too?

@prologic@twtxt.net “Even though there are some 😉 that have different views on this 🤣” — coyly raises the hand… LOL.

@bender@twtxt.net Yeah I’ll be honest here; I’m not going to be very happy if we go down this “location addressing” route;

• Twt Subjects lose their meaning.
  
• Twt Subjects cannot be verified without looking up the feed.
  
  • Which may or may not exist anymore or may change.
    
• Two persons cannot reply to a Twt independently of each other anymore.
  

and probably some other properties we’d stand to lose that I’m forgetting about…

@movq@www.uninformativ.de One of the biggest reasons I don’t like the (replyto:…) proposal (location addressing vs. content addressing) is that you just introduce a similar problem down the track, albeit rarer where if a feed changes its location, your thread’s “identifiers” are no longer valid, unless those feed authors maintain strict URL redirects, etc. This potentially has the long-term effect of being rather fragile, as opposed to what we have now where an Edit just really causes a natural fork in the thread, which is how “forking” works in the first place.

I realise this is a bit pret here, and it probably doesn’t matter a whole lot at our size. But I’m trying to think way ahead, to a point where Twtxt as a “thing” can continue to work and function decades from now, even with the extensions we’ve built. We’ve already proven for example that Twts and threads from ~4 years ago still work and are easily looked up haha 😝

Want to find something to do this #SoftwareFreedomDay without leaving home?

Check out this #CaptureTheFlag created to celebrate the day!

https://sfdctf24.ctfd.io/

I just read the primary spec I’m strongly in support of and it’s pretty rock solid for me 👌 💯

Falta 1 hora para o encontro do #SoftwareFreedomDay Português começar, e a caixa de autocolantes já está preparada para vos receber.

Já estão a caminho?

https://ciberlandia.pt/@marado/113175521545120134

Image

Today is #SoftwareFreedomDay!

Did you know that by showing up to #SFD you make yourself eligible to participate in a drawing contest and win cool hardware?

Join us!

https://digitalfreedoms.org/en/sfd/blog/art-for-digital-freedom-huion-challenge-2024

Do you recall what it was? I blame my maintenance window 🪟

@bender@twtxt.net Hmm what you replied to appears to be non-existent: https://twtxt.net/twt/pqst4ea

@movq@www.uninformativ.de I just saw thes come through! 🙏 Thank you very much, I’ll definitely have a read tomorrow! 👌

@bender@twtxt.net Which reply was that? 🤔

@bender@twtxt.net Bahahahahaha 🤣

Ever wondered what it would cost to self-hosted vs. use the cloud? Well I often doubt myself every time I look at hardware prices, and I know I have to do some hardware refresh soon™ for the Mills DC (something I don’t have a regular plan or budget for), here’s a rough ball park:

The Mills DC has cost me around ~$15k to build and maintain over the last ~10 years or so. Roughly speaking. I’ve never actually taken a Bill of Materials or anything, but I could if anyone is interested in more specifics.

The equivalent of resources if run in the “Cloud” would cost around:

• ~$1,000 for virtual machines
  
• ~$12000 for storage
  

So around ~$2,000/month to run.

Keep this in mind anytime anyone ever tries to con you into believing “Cloud is cheaper”. It’s not.

O programa para celebrar o #softwarefreedomday hoje em Lamego começa com um encontro às 16h, mas arrasta-se até à noite.

Aparece!

Mais detalhes: https://ansol.org/eventos/2024-09-21-dia-do-software-livre/

@ansol@ansol https://floss.social/@ansol/113175444432510981

@aelaraji@aelaraji.com This is one of the reasons why yarnd has a couple of settings with some sensible/sane defaults:

I could already imagine a couple of extreme cases where, somewhere, in this peaceful world one’s exercise of freedom of speech could get them in Real trouble (if not danger) if found out, it wouldn’t necessarily have to involve something to do with Law or legal authorities. So, If someone asks, and maybe fearing fearing for… let’s just say ‘Their well being’, would it heart if a pod just purged their content if it’s serving it publicly (maybe relay the info to other pods) and call it a day? It doesn’t have to be about some law/convention somewhere … 🤷 I know! Too extreme, but I’ve seen news of people who’d gone to jail or got their lives ruined for as little as a silly joke. And it doesn’t even have to be about any of this.

There are two settings:

$ ./yarnd --help 2>&1 | grep max-cache
      --max-cache-fetchers int        set maximum numnber of fetchers to use for feed cache updates (default 10)
  -I, --max-cache-items int           maximum cache items (per feed source) of cached twts in memory (default 150)
  -C, --max-cache-ttl duration        maximum cache ttl (time-to-live) of cached twts in memory (default 336h0m0s)

So yarnd pods by default are designed to only keep Twts around publicly visible on either the anonymous Frontpage or Discover View or your Timeline or the feed’s Timeline for up to 2 weeks with a maximum of 150 items, whichever get exceeded first. Any Twts over this are considered “old” and drop off the active cache.

It’s a feature that my old man @off_grid_living@twtxt.net was very strongly in support of, as was I back in the day of yarnd’s design (nothing particularly to do with Twtxt per se) that I’ve to this day stuck by – Even though there are some 😉 that have different views on this 🤣

@aelaraji@aelaraji.com Thanks for this! 🙏

On my blog: Free Culture Book Club — Aumyr, part 3 https://john.colagioia.net/blog/2024/09/21/aumyr-3.html #freeculture #bookclub

@movq@www.uninformativ.de @falsifian@www.falsifian.org @prologic@twtxt.net Maybe I don’t know what I’m talking about and You’ve probably already read this: Everything you need to know about the “Right to be forgotten” coming straight out of the EU’s GDPR Website itself. It outlines the specific circumstances under which the right to be forgotten applies as well as reasons that trump the one’s right to erasure …etc.

I’m no lawyer, but my uneducated guess would be that:

A) twts are already publicly available/public knowledge and such… just don’t process children’s personal data and MAYBE you’re good? Since there’s this:

… an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:

• The data is being used to exercise the right of freedom of expression and information.
  
• The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
  
• The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
  

B) What I love about the TWTXT sphere is it’s Human/Humane element! No deceptive algorithms, no Corpo B.S …etc. Just Humans. So maybe … If we thought about it in this way, it wouldn’t heart to be even nicer to others/offering strangers an even safer space.
I could already imagine a couple of extreme cases where, somewhere, in this peaceful world one’s exercise of freedom of speech could get them in Real trouble (if not danger) if found out, it wouldn’t necessarily have to involve something to do with Law or legal authorities. So, If someone asks, and maybe fearing fearing for… let’s just say ‘Their well being’, would it heart if a pod just purged their content if it’s serving it publicly (maybe relay the info to other pods) and call it a day? It doesn’t have to be about some law/convention somewhere … 🤷 I know! Too extreme, but I’ve seen news of people who’d gone to jail or got their lives ruined for as little as a silly joke. And it doesn’t even have to be about any of this.

P.S: Maybe make X tool check out robots.txt? Or maybe make long-term archives Opt-in? Opt-out?
P.P.S: Already Way too many MAYBE’s in a single twt! So I’ll just shut up. 😅

I like Gopher!

Bahahahaha very clever @lyse@lyse.isobeef.org I look forward to reading your report ! 🤣 However…

$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0

I very quickly proved that Twt was never from me 🤣

We’re happy to report that @burglar@yarnd.lyse.isobeef.org was taken into custody, @prologic@twtxt.net. Always remember, criminals cannot escape the law.

Our investigations revealed: https://lyse.isobeef.org/tmp/twtinjector.tar.bz2

@yarn_police@twtxt.net Cool cool 🙇‍♂️

Fear not, @prologic@twtxt.net, we’re deploying our helicopter and will arrive shortly.

@yarn_police@twtxt.net What’s going on?

Heads up, @prologic@twtxt.net! We’re seeing increased spate of burglaries in your neighbourhood. Please stay alert, while we keep you safe out there.

Upcoming I-Pi SMARC Embedded Prototype Kit Adopts Intel Amston Lake CPU
The I-Pi SMARC Amston Lake is a prototyping kit built on Intel’s Amston Lake architecture, designed to accelerate embedded system development. Key features include dual 2.5GbE LAN ports with Time-Sensitive Networking support and CAN interfaces for industrial applications. This kit includes the I-Pi SMARC Plus carrier and the LEC-ASL SMARC module, which features an Intel

@movq@www.uninformativ.de Yes that’s true they are only integrity checks. But beyond a malicious pod (ignore yarnd’a gossiping protocol for now) how does what @lyse@lyse.isobeef.org presented work exactly? 😅

ATOMS3R Dev Kit Equipped with 0.85″ color IPS screen and 6-axis IMU
The ATOMS3R development kit is a compact and versatile programmable controller based on the ESP32-S3-PICO-1-N8R8 module. Designed for embedded smart device applications, it combines robust processing power with built-in Wi-Fi, making it effective for a wide range of IoT and motion-sensing projects. The ATOMS3R development kit is built around the ESP32-S3-PICO-1-N8R8 SoC, a dual-core Xtensa

But this is no different to how jenny does things with storing every Twt in a Maildir I suppose? 🤔

This has specifically come up before in the form of “informal complaints” against yarnd because of the way it permanently stores and archives Twts, so even if you decide you changed your mind, or deleted that line out of your feed, if my pod or @xuu@txt.sour.is or @abucci@anthony.buc.ci or @eldersnake@we.loveprivacy.club (or any other handful of pods still around?) saw the Twt, it’d be permanently archived.

Yeah I’m curious to find out too beyond just “here say”. But regardless of whether we should or shouldn’t care about this or should or shouldn’t comply. We should IMO. I’d have to build something that horrendously violates someone’s rights in another country.

@movq@www.uninformativ.de Care to explain how this explicit/attack works for me? 🤣

Well that was bloody awful. This PR bokr my pod for some strange reason I can’t figure out why or how 😱 The process just kept getting terminated from something, somewhere (no panic). weird. I’ve reverted this PR for now @xuu@txt.sour.is

@prologic@twtxt.net I have no specifics, only hopes. (I have seen some articles explaining the GDPR doesn’t apply to a “purely personal or household activity” but I don’t really know what that means.)

I don’t know if it’s worth giving much thought to the issue unless either you expect to get big enough for the GDPR to matter a lot (I imagine making money is a prerequisite) or someone specifically brings it up. Unless you enjoy thinking through this sort of thing, of course.

Really though I only managed to save a few GB, but it’s enough for now.

@bender@twtxt.net Haha 😛 Faster? Maybe 🤔 But yeah it’s good to have backups! (that work)

I’ve also put up this PR Add compatible methods for Index to behave as the Archiver (transition) #1177
that will act as a transition from the old naive archiver to the new bluge-based search/index. I will switch my pod over to this soon to test it before anyone else does.

For those curious, the archive on this pod had reached around ~22GB in size. I had to suck it down to my more powerful Mac Studio to clean it up and remove a bunch of junk. Then copy all the data back. This is what my local network traffic looked like for the last few hours 😱

And we’re back. Sorry about that 😅

Gotta unplug for a couple of minutes. I’m suspecting the extension cord to be the root of my monitor dead rows of pixels and flickering problems.

@lyse@lyse.isobeef.org Hmmm I’m not sure sure I get what you’re getting at here. In order for this to be true, yarnd would have to be maliciously fabricating a Twt with the Hash D.

i.e: there must be two versions of the Twt in the feed.

@lyse@lyse.isobeef.org This is true. But the client MUST supply the original too! Or this doesn’t work 😢

00:00 local time - Happy #SoftwareFreedomDay!

Here’s a map of all the events that are going to happen worldwide. In which are you going to participate?

@dff@dff https://fosstodon.org/@dff/113170848636203522

https://spiritualsprings.proboards.com/thread/46/flat-earth-round-explorer

Have a nice weekend everyone

The monthly reading tag for #September is #school, and I thought I would be reading fiction for it. But fate decided that the book in the picture would be released this month, so here am I fulfilling the thread by reading a non-fiction book about the high-school I attended to, a book I participate with along others that help form a collective memory spanning five decades - I am the youngest participant, having graduated from this high-school in 1999.

#fridayreads #bookstodon

Image

On my blog: Toots 🦣 from 09/16 to 09/20 https://john.colagioia.net/blog/2024/09/20/week.html #linkdump #socialmedia #quotes #week

If OTOH your client doesn’t store individual Twts in a cache/archive or some kind of database, then verification becomes quite hard and tedious. However I think of this as an implementation details. The spec should just call out that clients must validate/verify the edit request and the matching hash actually exists in that feed, not how the client should implement that.

@lyse@lyse.isobeef.org Yes you do. You keep both versions in your cache. They have different hashes. So you have Twt A, a client indicates Twt B is an edit of A, your client has already seen A and cached and archived it, now your client fetches B which is indicated of editing A. You cache/archive B as well, but now indicate in your display that B replaces A (maybe display, link both) or just display B or whatever. But essentially you now have both, but an indicator of one being an edit of the other.

The right thing to do here of course is to keep A in the “thread” but display B. Why? So the thread/chain doesn’t actually break or fork (forking is a natural consequence of editing, or is it the other way around? 🤔).

@lyse@lyse.isobeef.org I’m all for dropping delete btw, Or at least not making it mandatory, as-in “clients should” rather than “clients must”. But yes I agree, let’s explore all the possible ways this can be exploited (if at all).