🤣🤣🤣😂🤣😂🤣
@bender@twtxt.net Yup!
Btw anyone can put up PR(s) 🙃
@falsifian@www.falsifian.org Agreed
@sorenpeter@darch.dk I think this is a rype will fix!
@lyse@lyse.isobeef.org Maybe you’re right: Let’s pause this while edit/delete discussions.
@bender@twtxt.net Good point! 👌 I’ll make it so 👌
iirc in twtxt v2 it starts prohibited
This is not true. There are no issues supporting fetching feeds via Gemini/Gopher. This is totally fine. What will likely happen is “recommendations” and “drawbacks of using Gemini/Gopher”
Really you stopped 22hrs ago? https://twtxt.net/twt/iaautmq
Hmm da fuq?! @tiktok@feeds.twtxt.net ?
@bender@twtxt.net I see it here hmm 🤔 Dis you accidentally mute your own Twt?
@movq@www.uninformativ.de Hmmm 🤔 Intuitively I say “No they’re not the same”; but let me sleep on it 🙏😴
@bender@twtxt.net Just once I tell ya:
Ah, 16°C… what dreams are made of! 😍
I’d like it to be a nice cool 16°C here 🤣
Personally I don’t see it as a problem. I didn’t even really see edits as a problem either tbh, but this is just an incremental improvement I think.
It’s no worse than what we have now, it’s better. But yes caveats still apply.
twt
probably isn't the best client I'm afraid. It doesn't really cache twts by their key (hash) to display threads properly. Jenny however does 👌
@doesnm@doesnm.p.psf.lt I think it’s a good idea to fork twet
and continue to improve it. It’s an “okay” Twtxt cli client, but it needs a bit more work 👌
twt
probably isn't the best client I'm afraid. It doesn't really cache twts by their key (hash) to display threads properly. Jenny however does 👌
@doesnm@doesnm.p.psf.lt Sorry I meant twet
🤦♂️
@lyse@lyse.isobeef.org See @movq@www.uninformativ.de ’s undersanding. Now this had some edge cases that we agreed probably aren’t worth solving for.
@lyse@lyse.isobeef.org Pretty nice views 👌 I enjoyed reading this. It was though I were there in the morning walking with you guys up to the summit man those mushrooms really are quite some aren’t they? 🙃
@movq@www.uninformativ.de Yes! Basically @david@collantes.us points out that if we mandate that authors should retain the original timestamp in their feed when adjusting content, making fixes, etc, that they retain the original timestamp and leave it unaltered. We already do this anyway, we just need to say so.
Now we have a situation where folks participating in a “conversation” (thread) with appropriate clients can automatically detect edits with almost 100% accuracy by mere fact that the next time they fetch a feed that contains an edit, they now see two versions of the Twt with two different hashes, but identical timestamps.
You can use the fetch time to approximate a “version number” and deal with the display (UX) appropriately.
I can’t believe I didn’t think of this before 🤦♂️
@doesnm@doesnm.p.psf.lt I will have something up soon™ 🤞
@doesnm@doesnm.p.psf.lt twt
probably isn’t the best client I’m afraid. It doesn’t really cache twts by their key (hash) to display threads properly. Jenny however does 👌
Here’s what I’ve got so far…
@doesnm@doesnm.p.psf.lt Thanks! I’ve almost come up with my own theme already 🤣 I actually don’t really want to use Hugo at all, I find it too complicated. But it is pretty popular so I thought maybe I’d rip-off a nice theme… Hmmm 🧐
Anyway, What I really normally use for a lot of my static sites is zs
I’m looking to develop a static site for twtxt.dev – A domain I own and have wanted to use for developer and specification docs for Twtxt.
Can anyone recommend a few Hugo themes you like?
All of the dev.twtxt.net content would move over as well.
Cya y’all again next month (2nd Sat in Oct) 🤞
👋 Thanks for joining us on our Sept monthly Yarn.social meetup today y’all 🙇♂️ We had @david@collantes.us @sorenpeter@darch.dk @doesnm@doesnm.p.psf.lt @falsifian@www.falsifian.org and @xuu 💪 Nice turn out! (not all at once of course, as we normally run this over 4 hours as we span many time zones!)
Things we talked about:
- Decentralised vs. Distributed
- Use of SHA256 for Twt Hash(es)
- We solved Edits! 🥳
- UUID(s) probably won’t work! (susceptible to sppofing)
- Helped @sorenpeter@darch.dk write some PHP to process/parse
User-Agent
and service his feed via a custom PHP script 😅
- @falsifian@www.falsifian.org introduced himself 👌
- Talked about Merkle Trees 🌳
Did I miss anything? 🤔
yarnd
and WebSub Media
And here’s a dashy of the no. of notify requests (from WebSub)
@sorenpeter@darch.dk well edits can be detected with either approach really
Summary of Discussions (as best I can):
- @lyse@lyse.isobeef.org and @sorenpeter@darch.dk express simplicity. Both Lyse and Sorenpeter support location-based addressing.
- @falsifian@www.falsifian.org believes we should continue to develop ideas and extensions progressively over time like we’ve always done.
- @david@collantes.us @quark@ferengi.one and @bender@twtxt.net would like a better user experience, especially when threads break due to edits, deletions or feed location changes.
- @anth@a.9srv.net would like to see utf-8 mandated, and the threading model remain largely the same as it is today, which is primarily based on the convention of a Twt Subject anyway, Twt Hash(es) just make the threading “more precise”. Anth also states that format, client and server specification/recommendations should be kept separate.
- @movq@www.uninformativ.de @xuu@txt.sour.is sorry you two haven’t said too much really, so I’m not too sure?
Overall, the 22 votes we’ve had on the poll from the community (if you can call it a community?) have clearly shown that:
- We continue to support content-based addressing. (65/35)
- We think about formally supporting edits/deletes (60/40)
- We do not increase the use of cryptography (thworing things like authenticity and identity out the window) (70/30)
And overall the NPS (net promoter score) of “Would I recommend Twtxt to a friend” is a whopping 7/10 (which is crazy! 🤯)
Let’s have our monthly catch up soon™ (1hr) and discuss together. My own take on the direction we should take at this point is as follows:
- We continue to use hashing for the threading model.
- We think about changing this to SHA-256 for simplicity.
- We think about changing this to SHA-256 for simplicity.
- We either adopt @anth@a.9srv.net’s UUID approach or @lyse@lyse.isobeef.org Dynamic URL approach.
- We continue to incrementally/progressively improve things over time as @falsifian@www.falsifian.org suggested.
- We think about mandating utf-8 as @anth@a.9srv.net suggests which makes things so much easier for everyone.
- We further discuss the merits/ideas of supporting formal Edit/Delete requests or other ways to better support this in some way.
@lyse@lyse.isobeef.org Got time now before you head off?
@xuu Oh geez! Is this anywhere near you?
@falsifian@www.falsifian.org Thank you! 🙏
If we want this though (or some of us do) I will probably have to make the hard decision here to just fork from Twtxt entirely and define a completely new spec. If we care about the UX we need a few properties (some of which we have, some of which we don’t have and some of which are “weak”):
- Authenticity
- Integrity
PrecisionVersioning
The last one involves actually supporting the notion of “Edits” and “Deletes” IMO more formally. Without this it would be quite hard to support a strong/good UX. Another way to think about this is “Versioned Twts”.
I think the only legit way of preventing this kind of “spoofing attack” would be:
Digitally Sign Twts: Each Twt could be digitally signed using a private key associated with the UUID. The signature would be calculated over the concatenation of the UUID, timestamp, and content. The public key could be published along with the feed so anyone can verify the authenticity of the Twt by checking the signature. This approach ensures that only the true owner of the UUID (and the corresponding private key) can produce valid hashes.
Which leads us to more Cryptography. Something which y’all voted against.
@bender@twtxt.net This is sadly where you need two things:
- A
/twtxt.txt.sig
(detached signauture)
- Or a way to sign the
# uuid =
with a key that can be verified.
Hmmm and as I write this actually, I think this doesn’t work either, because you can still just copy it regardless. Hmmm @xuu help me out here? How do we prevent “spoofing”? 🤔
That page says “For the best experience your client should also support some of the Twtxt Extensions…” but it is clear you don’t need to. I would like it to stay that way, and publishing a big long spec and calling it “twtxt v2” feels like a departure from that. (I think the content of the document is valuable; I’m just carping about how it’s being presented.)
It’s for this reason I’d like to try changing the Twt Hash extension to use SHA-256 which is a far more common tool available pretty much everywhere. I think the effort involved in “precise threading” (using content addressing) becomes much easier to “author” (note that participating in an existing thread has always been trivial, just copy the Twt Subject in your Twt).
Again, I like this existing simplicity. (I would even argue you don’t need the metadata.)
I argue you do. It’s nice to have a “@nick@domain` a feed author prefers to be called by, rather than you just making shit™ up haha 😝
It’s also quite nice to have a visual representation of the feed too. description can be optional.
Without this, feeds are a bit too “bland” IMO.`
@falsifian@www.falsifian.org Yeah I agree with this actually (introducing too many changes at once is often a bad idead):
but IMO that shouldn’t be done at the same time as introducing new untested ideas
@bender@twtxt.net Bahahahahahahaha 🤣
This is why we need “authenticity” 🤣 Yes if you copied my feed’s UUID, then you’d end up generating identical hashes to me if we posted at identical times with identical timestamps. Not good 😌
Also, was the dot after the timestamp intended?
No, sorry.
For example a v2 spec might just simply mandate the following as a starting point:
cat <<EOF
# nick = $USER
# avatar = https://example.com/$USER.png
# description = Hi 👋 I'm Bob!
# uuid = 7E9BC039-4969-4296-9920-4BACDBA8ED5C
2024-09-28T11:19:25+10:00 Hello World!
EOF > ~/public_html/twtxt.txt
And:
- Serve your file with
Content-type: text/plain; charset=utf-8