I came up with a few more questions.

1. Are you hosting your Jabber server yourself or are you using the hosted Snikket instance?
   
2. Does group texting work? The FAQ says it’s in beta. If so, how does it work? Is it just an MUC?
   

If any other JMP users see this, please chime in.

@abucci@anthony.buc.ci Are you still with jmp.chat? If so, are you still as happy as you were before? Have you experienced any reliability issues, especially with receiving phone calls?

This is the best way in my opinion, at least for small children. I wouldn’t trust any of the Algorithms with my children.

@prologic@twtxt.net Discord is awful and it’s a tragedy that so much information that used to be readily accessible on forums is now locked in a Discord group.

@prologic@twtxt.net Protocols using TLS could probably share ports via SNI multiplexing. If you’re using a plain text protocol or can’t use SNI for some reason, you might have the option to get exclusive use of a random port for an extra fee. You could maybe even request specific ports for a larger fee on a first come, first serve basis. One IPv4 address can go a long way.

Virtual hosting is another reason why it’s so cheap to run my website. NFS puts dozens of websites on each IPv4 address.

@prologic@twtxt.net I had to do some research for this one. The answer is yes, in theory, as long as the client or server supports XEP-0368. However, this seems like the kind of thing that would be skipped by lazy implementations. I would be interested to see how this looks in practice.

SRV records are used in the XMPP core specification to determine the domain and port to which clients and servers (for s2s connections) should connect. XEP-0368 is an extension to the spec detailing how servers and clients should handle SRV records in relation to TLS connections. It says that the “Client or server MUST set SNI TLS extension to the JID’s domain part.”

As an aside, SRV records alone can be used, in theory, to change the default port used in c2s or s2s connections. If the ports were assigned randomly from the hosting provider, they could be specified in the SRV records and everything would hopefully just work. Again, I don’t know how well this is supported in practice.

I might have a use for something like this right now, actually. I want to set up an XMPP server for a few people without giving out my home IP address. It would probably handle 20 messages per day on average. I really don’t have a use for a VPS beyond this and I would be paying for a lot more than I need.

How will ports be allocated? Web traffic can go through a reverse proxy to share ports 80 and 443, but what about other protocols? Will it be possible to request specific ports like 5222 and 5269 for XMPP?

@prologic@twtxt.net I’m glad I could help. You’re working on a service similar to NearlyFreeSpeech in its usage-based pricing model but built around docker containers instead? It seems very useful. How will you handle payment? Will there be privacy-friendly options like Monero or cash-by-mail?

To get such a low price, I am forgoing the ability to open a private support ticket. Any questions I’ve ever had were answered by the very thorough FAQ, but if one wanted that ability they could pay an additional $5 per month for a subscription membership.

I would also like to add that their entire Web portal works without JavaScript and it has all the features you would expect and more.

@prologic@twtxt.net I am on the “Non-Production Site” plan with NearlyFreeSpeech which means I’m limited to 1 GiB per day of bandwidth and am occasionally subjected to “low-risk tests and betas”. The implication is that there may be downtime on my site but I haven’t noticed any since April of 2020 when I began hosting with them. It’s 1 cent per day as a base cost for that plan.

I also pay $1 per gigabyte-month for storage and I am using 9.29 MiB which means I pay a little less than one cent per month. It used to be even less than that, but since I started using Git the complete Git history is stored on the server as well as the live copy of the site.

There is an additional charge of 1 cent per 44.64 “RAUs”, their measurement combining CPU and memory usage over time. On the Non-Production plan, only resources used by processes other than the Web server are counted. I don’t believe I have ever been charged for this.

Here is my billing report for 2023 so far.

@prologic@twtxt.net They clearly have no line. I’m asking the reader where his line is. Many people realize that Microsoft and friends are poison but choose to stick with them anyway for various reasons. I was there, too. It’s not a sustainable position.

@mckinley@mckinley.cc I had a few more words to say about this: How Microsoft’s Trickery Works

@prx@si3t.ch Nice, but I usually use https://icanhazip.com/ because it’s the only one I can remember.

@movq@www.uninformativ.de That memory usage rivals Electron, which runs an instance of Chromium for each program. What do you need shaders for, and why can’t you turn them off?

@lyse@lyse.isobeef.org I agree with you. I don’t think PDF is the right tool for the job, but it’s an interesting experiment. Even the homepage of lab6.com used to be a PDF.

@movq@www.uninformativ.de I use https://www.html-tidy.org/

@lyse@lyse.isobeef.org I could probably get away with HTML 3.2. I think HTML 2 is much more limited, though, and I’d be forgoing CSS.

@lyse@lyse.isobeef.org Lab6 always delivers. You should check out some of their previous issues if you haven’t already. https://lab6.com/

@movq@www.uninformativ.de Thank you, I’ll have to follow your phlog’s Atom feed. I see you’re using tag URIs, nice. :)

That looks like a good system. Simple and effective. I ask because my current backup system is lacking and I’d like to do something about that. I don’t want to use cloud storage, so I’ll be moving hard drives around. I’m just not sure on what to do on the software side.

Solutions like Restic and Borg have many advantages, but the disadvantage is that your data is confined to that particular tool. I think I’m willing to make that trade to have snapshots, compression, deduplication, etc. I’m just on the fence about which one I should use.

@prologic@twtxt.net, why did you choose Restic? How do you like it so far? If you’ve had to restore from the backup, what was that like?

QOTD: How do you back up your files?

Announcing again on this feed for visibility

mckinley.cc is now available as a Tor hidden service: http://mckinley2nxomherwpsff5w37zrl6fqetvlfayk2qjnenifxmw5i4wyd.onion/

I don’t want ~27 hours generating keys to go to waste :)

What’s everyone up to this weekend?

@movq@www.uninformativ.de I reworked the paragraph about security and improved that sentence. Hopefully it’s a little more clear.

However, the key on the unencrypted partition is only valid for the time it takes to reboot, assuming we reboot as soon as the script completes.

@movq@www.uninformativ.de I get it. I wouldn’t set this up for anyone else. Systems that are on all the time don’t benefit as much from at-rest encryption, anyway. This is definitely an interesting solution, however, and it has worked well for me in the past 1-2 weeks. We’ll see how it goes in 1-2 years.

Rebooting a LUKS Encrypted System Without Typing The Passphrase: https://mckinley.cc/blog/20230526.html

@lyse@lyse.isobeef.org I didn’t know about fc either. It will definitely come in handy.

@movq@www.uninformativ.de You can also do sudo !! (or doas !!) if you’re using Bash.

@news@twtxt.net I guess the electric companies are the same everywhere.

What’s everyone been up to lately?

@adi@twtxt.net I remember talking about it, but I can’t find a link to a tool in my bookmarks or my twtxt feeds. Sorry, man. Look up “vanity QR codes”.

@prologic@twtxt.net I have thought briefly about this. I have no idea how this could be done with the current twtxt thread paradigm.

This twt is from a user you have muted.

@prologic@twtxt.net It’s significantly cheaper to open an exchange and get people to hold their money in a custodial wallet than it is to perform a 51% attack on an established cryptocurrency.

Monero in particular uses an algorithm that’s supposed to be ASIC resistant and, while it can be mined on a GPU, it’s more efficient to mine on a CPU. I’m curious if that makes it easier or harder for a hostile entity to perform a 51% attack.

Oh, I just saw the other thread. Don’t put your wallet on the VPS unless you have a specific reason to do so. If you do, make sure your keys are stored on a local machine. It’s fine to run a node there, but run the wallet locally and configure it to use your node if you can.

@adi@twtxt.net Surely you can configure the wallet to use a remote node. I’ve heard good things about Feather Wallet if you want something friendlier. https://github.com/feather-wallet/feather

I’m worried that Yarn will become just another ActivityPub frontend. This integration threatens to split the community in two. Users of Twtxt clients without ActivityPub support won’t want to follow Yarn users because they’ll be engaged in conversations that are inaccessible to standard Twtxt clients. It will only force the split deeper if ActivityPub is an option to be toggled by users or pod operators.

@slashdot@feeds.twtxt.net Tying all your Internet traffic to a Google account… What could go wrong?

@lyse@lyse.isobeef.org You should; it’s worse than you think.

@lyse@lyse.isobeef.org As far as I know, they’re still visible in the Web UI. Although, in the mobile app and youtube.com, I believe it tells you that the video isn’t available without having to click on it. They don’t tell you that in the RSS feed, and I agree; it gets annoying.

If we had a custom feed generator that hooks directly into the YouTube API, I’ll bet we could find that information and put “