@slashdot@feeds.twtxt.net This is some real old-school malware. Maybe it’s not such a good idea to let motherboard vendors run whatever code they want inside your operating system. Pro tip: This only happens in legacy operating systems.

@prologic@twtxt.net Merry Christmas!

I don’t plan on making that code public. This is purely a learning project for myself.

So, just a hobby. It won’t be big and professional like GNU, then?

Seriously, that’s very cool. I wish my bootloader was that excited about a successful boot.

@movq@www.uninformativ.de Right. It’s nice. I’ve had the same one through numerous router restarts and at least two 4-6 hour power outages. I’m definitely not paying for a wildly inflated business plan to self-host a few things. It was like that on my last ISP as well, although they only gave me about 20mbps up.

@prologic@twtxt.net It looks interesting; definitely a novel approach. I just don’t think I have any use for it right now. I’ve thought about joining one those pubnixes that are around but I don’t think I’d ever do anything with an account on someone else’s server.

@prologic@twtxt.net I guess the difference is that your self-hosted services are publicly accessible so it allows such a setup. For me, everything is over Wireguard. If that link breaks and I’m not at home I can’t resolve domain names, let alone do any kind of server administration. That’s what the hidden service is for.

Early on, I was thinking about WAN IP address changes as well but it hasn’t happened in ~2.5 years with this ISP.

@prologic@twtxt.net There’s no remote administration in the Mills DC? Not even through a VPN?

QOTD: Do you have a way to get back into your home network if you get locked out?

I have a Tor hidden service that lets me SSH into my server from anywhere. I never had to use it until last week. I was playing around with the port forwarding configuration on my router for Wireguard (migrating to a new server, very exciting), forgot to change it back, and found myself an hour away from home hoping to watch a show on Jellyfin. All it took to fix it was an SSH port forward through that hidden service to (very slowly) access my home router’s Web interface.

Does anyone else declare a computer dead after extensive testing, let it sit on a shelf for 2 weeks or a year, try it again, and have it work fine? It seems like that’s happened to me a lot more than it should.

@lyse@lyse.isobeef.org Haha, the dark background would have been printed before I added the media query. It’s unlikely that anyone will want to print one of my posts, but I figure it’s worth the extra line to conserve ink if someone does.

Context for those who don’t know: Epic Games is the company behind the hugely popular video game Fortnite. As far as I know, the core game is still free-to-play and supported by microtransactions. It’s available on Windows, consoles, and mobile platforms. They sued Apple a few years ago because they felt the 30% cut Apple takes for in-app purchases was unreasonable and that they should be allowed to distribute their software independently of the App Store. It didn’t turn out so well for them. https://en.wikipedia.org/wiki/Epic_Games_v._Apple

@slashdot@feeds.twtxt.net They must have spent such an ungodly amount in legal fees by now that I wonder if they’ll come out of this in the green if they get to keep all the money from in-app purchases. Don’t get me wrong, I’m glad they’re doing it, but I think there’s a reason why Epic Games is the only one fighting for app store neutrality.

@lyse@lyse.isobeef.org If rsync is interrupted, it doesn’t delete any files that were transferred completely so it will “resume” from that last complete transfer. However, it does delete any partially transferred file. --partial keeps that partial file around on the destination machine so it can continue right where it left off.

I usually end up using -rtz because I’m usually not 100% sure all the permissions and ownership information are right and I hate littering directories with inconsistent permissions. For a big transfer, I’ll start with -rtvz --stats --dry-run and make sure it’s only transferring the files it should, then I’ll do -rtz --stats --info=progress2 --no-i-r to get one progress bar to watch for the whole transfer.

@slashdot@feeds.twtxt.net This is exciting news! Two of the most important privacy tools joining forces. Now, if we could get a Monero wallet included in Tails alongside Electrum, we’d really have something. :)

@aelaraji@aelaraji.com Rsync has a ton of options and I probably still haven’t scratched the surface, but I was able to memorize the options I actually need for day-to-day work in a relatively short time. I guess I’m the opposite of you, because I don’t know any scp(1) options.

@prologic@twtxt.net You’ve done extremely well for ~$125/month, but that’s not figuring in labor. I’m sure you’ve put a lot of hours into maintenance in the last 10 years.

Can anyone recommend a decent Android ROM that strips out as much of the spyware as possible? Is GrapheneOS a good option? I need to get a new phone anyway so I don’t mind buying within a supported device list as long as I can get one on the used market for $300-$400 or less.

If anyone could recommend some learning resources for this stuff I’d really appreciate it.

@sorenpeter@darch.dk All valid points. Maybe the correct way to do it should be to start a new feed at the new URL rather than move the feed and break all the hashes.

@aelaraji@aelaraji.com

switch a couple of twt timestamps

The hashes would change and your posts would become detached from their replies. Clients might still have the old one cached, so you might just create a duplicate without replies depending on an observer’s client.

add in 3 different twts manually with the same time stamp

The existing hash system should be able to keep them separate as long as the content is different. I’m not sure if there are additional implementation-related caveats there.

@prologic@twtxt.net @bender@twtxt.net As someone who likes cryptocurrencies for their utility as money instead of an investment, I’m glad to see the hype train start to move on to the next thing.

@falsifian@www.falsifian.org @prologic@twtxt.net @sorenpeter@darch.dk @lyse@lyse.isobeef.org I think, maybe, the way forward here is to combine an unchanging feed identifier (e.g. a public key fingerprint) with a longer hash to create a “twt hash v2” spec. v1 hashes can continue to be used for old conversations depending on client support.

@sorenpeter@darch.dk That could work. There are a few things that jump out at me.

1. Nicknames on twtxt have historically been set on the client end. The nick metadata field is an optional add-on to the spec. I’m not sure it should be in the reply tag because it could differ between clients.
   
2. URLs are safer to use, and we use them in the hash currently, but they can still change and we’re back to square 1. Feeds ought to have some kind of persistent identifier for this reason, which is why we’ve been discussing cryptographic keys and tag URIs in the first place.
   
3. The current twt hash spec mandates collapsing the timestamp to seconds precision. If those rules are kept, two posts made within the same second will not be separate when someone replies.

@falsifian@www.falsifian.org TLS won’t help you if you change your domain name. How will people know if it’s really you? Maybe that’s not the biggest problem for something with such low stakes as twtxt, but it’s a reasonable concern that could be solved using signatures from an unchanging cryptographic key.

This idea is the basis of Nostr. Notes can be posted to many relays and every note is signed with your private key. It doesn’t matter where you get the note from, your client can verify its authenticity. That way, relays don’t need to be trusted.

@falsifian@www.falsifian.org I agree completely about backwards compatibility.

@falsifian@www.falsifian.org tag:twtxt.net,2024-09-08:SHA256:23OiSfuPC4zT0lVh1Y+XKh+KjP59brhZfxFHIYZkbZs? :)

@falsifian@www.falsifian.org

Key rotation

Key rotation is useful for security reasons, but I don’t think it’s necessary here because it’s only used for verifying one’s identity. It’s no different (to me) than Nostr or a cryptocurrency. You change your key, you change your identity.

It makes maintaining a feed more complicated.

This is an additional step that you’d have to perform, but I definitely wouldn’t want to require it for compatibility reasons. I don’t see it as any more complicated than computing twt hashes for each post, which already requires you to have a non-trivial client application.

Instead, maybe…allow old urls to be rotated out?

That could absolutely work and might be a better solution than signatures.

HTTPS is supposed to do [verification] anyway.

TLS provides verification that nobody is tampering with or snooping on your connection to a server. It doesn’t, for example, verify that a file downloaded from server A is from the same entity as the one from server B.

feed locations [being] URLs gives some flexibility

It does give flexibility, but perhaps we should have made them URIs instead for even more flexibility. Then, you could use a tag URI, urn:uuid:*, or a regular old URL if you wanted to. The spec seems to indicate that the url tag should be a working URL that clients can use to find a copy of the feed, optionally at multiple locations. I’m not very familiar with IP{F,N}S but if it ensures you own an identifier forever and that identifier points to a current copy of your feed, it could be a great way to fix it on an individual basis without breaking any specs :)

My first thought when reading this was to go to my typical response and suggest we use Nostr instead of introducing cryptography to Twtxt. The more I thought about it, however, the more it made sense.

1. It solves the problem elegantly, because the feed can move anywhere and the twt hashes will remain the same.
   
2. It provides proof that a post is made by the same entity as another post.
   
3. It doesn’t break existing clients.
   
4. Everyone already has SSH on their machine, so anyone creating feeds manually could adopt this easily.
   

There are a couple of elephants in the room that we ought to talk about.

1. Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.
   
2. If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

@prologic@twtxt.net It’s pretty hard, actually. There will either be more friction than people will accept (BitTorrent) or it won’t be decentralized in practice (LBRY/Odysee).

@bender@twtxt.net , do you depend on first-party Bluesky servers for the client application?

@movq@www.uninformativ.de I was never aware of this. I see the utility but I’m glad they got rid of it.

@quark@ferengi.one Looks neat. How does this compare to gocryptfs? Same basic concept with a different backing file format?

@slashdot@feeds.twtxt.net Never connect a TV to the Internet and then it will work for even longer than 7 years.

@bender@twtxt.net The whole album, it’s pretty good. It’s available on YouTube but it’s missing from all the music streaming services (Spotify, Tidal, Qobuz, Deezer, etc). I especially like Tenth Avenue Breakdown.

@lyse@lyse.isobeef.org We have some native blackberry species but around here (Northern California) we have Himalayan blackberry bushes which are very invasive. They match your description but I don’t know much about the different species. If left unchecked in an area with plenty of sun, they’ll smother all the lower plants and expand until they can’t anymore.

@movq@www.uninformativ.de Right. I wonder if Usenet would have faded away earlier if it wasn’t for file sharing. It’s only still in use for that because the annoying parts have been papered over with easy-to-use software and the protocol offers unique characteristics that make it almost perfect for that sort of thing.

@abucci@anthony.buc.ci What did he do?

@movq@www.uninformativ.de There’s a lot going on on Usenet, but it’s all in alt.binaries and co.

@lyse@lyse.isobeef.org Nice. There’s a park here in town with giant blackberry bushes everywhere. They’re my favorite invasive species.

@slashdot@feeds.twtxt.net This is an arms race the Brazilian government (or any government, for that matter) can’t win unless they effectively disconnect their entire country from the Internet.

@prologic@twtxt.net Off the top of my head, I don’t know the differences between 1.1 and 2 but I know HTTP/3 is the one that uses QUIC.

@off_grid_living@twtxt.net I use absolute paths for my links so I use a local Web server. I use darkhttpd, which is much simpler than Apache and has just enough features for me. I don’t think I’ve ever run into encoding issues because I make sure everything is UTF-8 like @lyse@lyse.isobeef.org.

@prologic@twtxt.net Do you really need FUSE for that? I think that could be done with a process watching a directory on a regular filesystem and deleting the oldest files as the combined size reaches that cap. I’m sure someone’s done that already.

@bender@twtxt.net They must be statically compiling all those Haskell libraries on Ubuntu. This seems to be how it is with every Haskell package on Arch. Pandoc has 180 of its own un-shared dependencies on my system.

@bender@twtxt.net Shellcheck is great but I hope you don’t care about a low package count for screenshots like some people.

This one got me. I try to stick to POSIX sh so I’m not super familiar with the behavior of [[]]. I definitely should have gotten -eq, though.

@bender@twtxt.net If anything was going to be an NFT, a domain name would probably make the most sense, but I don’t think that system would be any better than the current one and it would make domain squatting even worse.

@falsifian@www.falsifian.org I do on my other feed, @mckinley@mckinley.cc, but it’s too hard to keep it under 140 characters when you’re using mentions.

@movq@www.uninformativ.de We’ve had .home.arpa for a while but it just doesn’t feel natural to type. I’ve been using .internal.

Side note: I didn’t realize the .box TLD was finally live. Looks like domains are super expensive and also NFTs for some reason. Shame. https://my.box/

@slashdot@feeds.twtxt.net I’m surprised this took so long to become standardized.

@prologic@twtxt.net No cloud at all. Healthchecks, which does have a hosted offering, is definitely designed for more serious organizations than “McKinley Labs”. It has separate users, permissions, all kinds of crazy features I don’t need at all. I definitely wouldn’t be using it if there wasn’t a linuxserver.io image and I’d like to use something simpler but I don’t know of anything else that’s completely self hosted.