Definitely something going on with replies. This one was replying to the wrong twt and even when I got clever and pasted the right hash it didn’t work.

(#4tn7x4q) @lyse@lyse.isobeef.org I accidentally hit “post” on a twt I was drafting from days ago and it wouldn’t let me delete it so I replaced it with “a” and I hoped nobody would notice. I guess that backfired.

a

@movq@www.uninformativ.de Congratulations! That’s a real milestone.

@prologic@twtxt.net That is definitely possible on Java Edition but you have to fly the Jolly Roger.

@prologic@twtxt.net This is the original Java Edition which is only for PC and doesn’t use Xbox Live, though you do need to use a Microsoft account to play it legitimately and join most servers. There is another version, Bedrock Edition, which is on consoles and phones as well and it uses Xbox Live.

On Bedrock, you can just invite another player into your world, but there are dedicated servers as well and they’re relatively easy to host.

@bender@twtxt.net I have used https://docker-minecraft-server.readthedocs.io/en/latest/ for a group of friends. I like it because the server can be configured entirely using environment variables in your compose file. The only exception as far as I can tell is configuration for any plugins or mods you install. Version, server type (vanilla, paper, etc), Java options, ops, whitelist, anything in server.properties, it’s all in the environment variables.

I’ve also heard good things about https://craftycontrol.com/ if you want a Web UI.

@slashdot@feeds.twtxt.net This is some real old-school malware. Maybe it’s not such a good idea to let motherboard vendors run whatever code they want inside your operating system. Pro tip: This only happens in legacy operating systems.

@prologic@twtxt.net Merry Christmas!

I don’t plan on making that code public. This is purely a learning project for myself.

So, just a hobby. It won’t be big and professional like GNU, then?

Seriously, that’s very cool. I wish my bootloader was that excited about a successful boot.

@movq@www.uninformativ.de Right. It’s nice. I’ve had the same one through numerous router restarts and at least two 4-6 hour power outages. I’m definitely not paying for a wildly inflated business plan to self-host a few things. It was like that on my last ISP as well, although they only gave me about 20mbps up.

@prologic@twtxt.net It looks interesting; definitely a novel approach. I just don’t think I have any use for it right now. I’ve thought about joining one those pubnixes that are around but I don’t think I’d ever do anything with an account on someone else’s server.

@prologic@twtxt.net I guess the difference is that your self-hosted services are publicly accessible so it allows such a setup. For me, everything is over Wireguard. If that link breaks and I’m not at home I can’t resolve domain names, let alone do any kind of server administration. That’s what the hidden service is for.

Early on, I was thinking about WAN IP address changes as well but it hasn’t happened in ~2.5 years with this ISP.

@prologic@twtxt.net There’s no remote administration in the Mills DC? Not even through a VPN?

QOTD: Do you have a way to get back into your home network if you get locked out?

I have a Tor hidden service that lets me SSH into my server from anywhere. I never had to use it until last week. I was playing around with the port forwarding configuration on my router for Wireguard (migrating to a new server, very exciting), forgot to change it back, and found myself an hour away from home hoping to watch a show on Jellyfin. All it took to fix it was an SSH port forward through that hidden service to (very slowly) access my home router’s Web interface.

Does anyone else declare a computer dead after extensive testing, let it sit on a shelf for 2 weeks or a year, try it again, and have it work fine? It seems like that’s happened to me a lot more than it should.

@lyse@lyse.isobeef.org Haha, the dark background would have been printed before I added the media query. It’s unlikely that anyone will want to print one of my posts, but I figure it’s worth the extra line to conserve ink if someone does.

Context for those who don’t know: Epic Games is the company behind the hugely popular video game Fortnite. As far as I know, the core game is still free-to-play and supported by microtransactions. It’s available on Windows, consoles, and mobile platforms. They sued Apple a few years ago because they felt the 30% cut Apple takes for in-app purchases was unreasonable and that they should be allowed to distribute their software independently of the App Store. It didn’t turn out so well for them. https://en.wikipedia.org/wiki/Epic_Games_v._Apple

@slashdot@feeds.twtxt.net They must have spent such an ungodly amount in legal fees by now that I wonder if they’ll come out of this in the green if they get to keep all the money from in-app purchases. Don’t get me wrong, I’m glad they’re doing it, but I think there’s a reason why Epic Games is the only one fighting for app store neutrality.

@lyse@lyse.isobeef.org If rsync is interrupted, it doesn’t delete any files that were transferred completely so it will “resume” from that last complete transfer. However, it does delete any partially transferred file. --partial keeps that partial file around on the destination machine so it can continue right where it left off.

I usually end up using -rtz because I’m usually not 100% sure all the permissions and ownership information are right and I hate littering directories with inconsistent permissions. For a big transfer, I’ll start with -rtvz --stats --dry-run and make sure it’s only transferring the files it should, then I’ll do -rtz --stats --info=progress2 --no-i-r to get one progress bar to watch for the whole transfer.

@slashdot@feeds.twtxt.net This is exciting news! Two of the most important privacy tools joining forces. Now, if we could get a Monero wallet included in Tails alongside Electrum, we’d really have something. :)

@aelaraji@aelaraji.com Rsync has a ton of options and I probably still haven’t scratched the surface, but I was able to memorize the options I actually need for day-to-day work in a relatively short time. I guess I’m the opposite of you, because I don’t know any scp(1) options.

@prologic@twtxt.net You’ve done extremely well for ~$125/month, but that’s not figuring in labor. I’m sure you’ve put a lot of hours into maintenance in the last 10 years.

Can anyone recommend a decent Android ROM that strips out as much of the spyware as possible? Is GrapheneOS a good option? I need to get a new phone anyway so I don’t mind buying within a supported device list as long as I can get one on the used market for $300-$400 or less.

If anyone could recommend some learning resources for this stuff I’d really appreciate it.

@sorenpeter@darch.dk All valid points. Maybe the correct way to do it should be to start a new feed at the new URL rather than move the feed and break all the hashes.

@aelaraji@aelaraji.com

switch a couple of twt timestamps

The hashes would change and your posts would become detached from their replies. Clients might still have the old one cached, so you might just create a duplicate without replies depending on an observer’s client.

add in 3 different twts manually with the same time stamp

The existing hash system should be able to keep them separate as long as the content is different. I’m not sure if there are additional implementation-related caveats there.

@prologic@twtxt.net @bender@twtxt.net As someone who likes cryptocurrencies for their utility as money instead of an investment, I’m glad to see the hype train start to move on to the next thing.

@falsifian@www.falsifian.org @prologic@twtxt.net @sorenpeter@darch.dk @lyse@lyse.isobeef.org I think, maybe, the way forward here is to combine an unchanging feed identifier (e.g. a public key fingerprint) with a longer hash to create a “twt hash v2” spec. v1 hashes can continue to be used for old conversations depending on client support.

@sorenpeter@darch.dk That could work. There are a few things that jump out at me.

1. Nicknames on twtxt have historically been set on the client end. The nick metadata field is an optional add-on to the spec. I’m not sure it should be in the reply tag because it could differ between clients.
   
2. URLs are safer to use, and we use them in the hash currently, but they can still change and we’re back to square 1. Feeds ought to have some kind of persistent identifier for this reason, which is why we’ve been discussing cryptographic keys and tag URIs in the first place.
   
3. The current twt hash spec mandates collapsing the timestamp to seconds precision. If those rules are kept, two posts made within the same second will not be separate when someone replies.

@falsifian@www.falsifian.org TLS won’t help you if you change your domain name. How will people know if it’s really you? Maybe that’s not the biggest problem for something with such low stakes as twtxt, but it’s a reasonable concern that could be solved using signatures from an unchanging cryptographic key.

This idea is the basis of Nostr. Notes can be posted to many relays and every note is signed with your private key. It doesn’t matter where you get the note from, your client can verify its authenticity. That way, relays don’t need to be trusted.

@falsifian@www.falsifian.org I agree completely about backwards compatibility.

@falsifian@www.falsifian.org tag:twtxt.net,2024-09-08:SHA256:23OiSfuPC4zT0lVh1Y+XKh+KjP59brhZfxFHIYZkbZs? :)

@falsifian@www.falsifian.org

Key rotation

Key rotation is useful for security reasons, but I don’t think it’s necessary here because it’s only used for verifying one’s identity. It’s no different (to me) than Nostr or a cryptocurrency. You change your key, you change your identity.

It makes maintaining a feed more complicated.

This is an additional step that you’d have to perform, but I definitely wouldn’t want to require it for compatibility reasons. I don’t see it as any more complicated than computing twt hashes for each post, which already requires you to have a non-trivial client application.

Instead, maybe…allow old urls to be rotated out?

That could absolutely work and might be a better solution than signatures.

HTTPS is supposed to do [verification] anyway.

TLS provides verification that nobody is tampering with or snooping on your connection to a server. It doesn’t, for example, verify that a file downloaded from server A is from the same entity as the one from server B.

feed locations [being] URLs gives some flexibility

It does give flexibility, but perhaps we should have made them URIs instead for even more flexibility. Then, you could use a tag URI, urn:uuid:*, or a regular old URL if you wanted to. The spec seems to indicate that the url tag should be a working URL that clients can use to find a copy of the feed, optionally at multiple locations. I’m not very familiar with IP{F,N}S but if it ensures you own an identifier forever and that identifier points to a current copy of your feed, it could be a great way to fix it on an individual basis without breaking any specs :)

My first thought when reading this was to go to my typical response and suggest we use Nostr instead of introducing cryptography to Twtxt. The more I thought about it, however, the more it made sense.

1. It solves the problem elegantly, because the feed can move anywhere and the twt hashes will remain the same.
   
2. It provides proof that a post is made by the same entity as another post.
   
3. It doesn’t break existing clients.
   
4. Everyone already has SSH on their machine, so anyone creating feeds manually could adopt this easily.
   

There are a couple of elephants in the room that we ought to talk about.

1. Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.
   
2. If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

@prologic@twtxt.net It’s pretty hard, actually. There will either be more friction than people will accept (BitTorrent) or it won’t be decentralized in practice (LBRY/Odysee).

@bender@twtxt.net , do you depend on first-party Bluesky servers for the client application?

@movq@www.uninformativ.de I was never aware of this. I see the utility but I’m glad they got rid of it.

@quark@ferengi.one Looks neat. How does this compare to gocryptfs? Same basic concept with a different backing file format?

@slashdot@feeds.twtxt.net Never connect a TV to the Internet and then it will work for even longer than 7 years.

@bender@twtxt.net The whole album, it’s pretty good. It’s available on YouTube but it’s missing from all the music streaming services (Spotify, Tidal, Qobuz, Deezer, etc). I especially like Tenth Avenue Breakdown.

@lyse@lyse.isobeef.org We have some native blackberry species but around here (Northern California) we have Himalayan blackberry bushes which are very invasive. They match your description but I don’t know much about the different species. If left unchecked in an area with plenty of sun, they’ll smother all the lower plants and expand until they can’t anymore.

@movq@www.uninformativ.de Right. I wonder if Usenet would have faded away earlier if it wasn’t for file sharing. It’s only still in use for that because the annoying parts have been papered over with easy-to-use software and the protocol offers unique characteristics that make it almost perfect for that sort of thing.

@abucci@anthony.buc.ci What did he do?

@movq@www.uninformativ.de There’s a lot going on on Usenet, but it’s all in alt.binaries and co.

@lyse@lyse.isobeef.org Nice. There’s a park here in town with giant blackberry bushes everywhere. They’re my favorite invasive species.

@slashdot@feeds.twtxt.net This is an arms race the Brazilian government (or any government, for that matter) can’t win unless they effectively disconnect their entire country from the Internet.

@prologic@twtxt.net Off the top of my head, I don’t know the differences between 1.1 and 2 but I know HTTP/3 is the one that uses QUIC.

@off_grid_living@twtxt.net I use absolute paths for my links so I use a local Web server. I use darkhttpd, which is much simpler than Apache and has just enough features for me. I don’t think I’ve ever run into encoding issues because I make sure everything is UTF-8 like @lyse@lyse.isobeef.org.

@prologic@twtxt.net Do you really need FUSE for that? I think that could be done with a process watching a directory on a regular filesystem and deleting the oldest files as the combined size reaches that cap. I’m sure someone’s done that already.

@bender@twtxt.net They must be statically compiling all those Haskell libraries on Ubuntu. This seems to be how it is with every Haskell package on Arch. Pandoc has 180 of its own un-shared dependencies on my system.

@bender@twtxt.net Shellcheck is great but I hope you don’t care about a low package count for screenshots like some people.

This one got me. I try to stick to POSIX sh so I’m not super familiar with the behavior of [[]]. I definitely should have gotten -eq, though.

@bender@twtxt.net If anything was going to be an NFT, a domain name would probably make the most sense, but I don’t think that system would be any better than the current one and it would make domain squatting even worse.

@falsifian@www.falsifian.org I do on my other feed, @mckinley@mckinley.cc, but it’s too hard to keep it under 140 characters when you’re using mentions.

@movq@www.uninformativ.de We’ve had .home.arpa for a while but it just doesn’t feel natural to type. I’ve been using .internal.

Side note: I didn’t realize the .box TLD was finally live. Looks like domains are super expensive and also NFTs for some reason. Shame. https://my.box/

@slashdot@feeds.twtxt.net I’m surprised this took so long to become standardized.

@prologic@twtxt.net No cloud at all. Healthchecks, which does have a hosted offering, is definitely designed for more serious organizations than “McKinley Labs”. It has separate users, permissions, all kinds of crazy features I don’t need at all. I definitely wouldn’t be using it if there wasn’t a linuxserver.io image and I’d like to use something simpler but I don’t know of anything else that’s completely self hosted.

@bender@twtxt.net The status of the disks and the backup jobs from Scrutiny and Healthchecks respectively. Green means everything is fine, red or orange means it needs my attention.

I recently installed Scrutiny for disk health monitoring and Healthchecks for cron job monitoring. They both have nice Web UIs and alert functionality, but I hacked together a little status report that runs whenever I log into my server using their APIs.

@bender@twtxt.net That’s great, actually, but it’s a shame you have to opt in to it.

@prologic@twtxt.net Ah yes, the other Go reverse proxy. Caddy seems simpler to me, more like Nginx with better defaults and a built-in ACME client. Traefik seems to have way more bells and whistles for all kinds of crazy setups when I only need to map domain names to containername:port pairs.

All the “magic” might be nice in the short term, but as it becomes the default it can paper over some really questionable decisions when it’s too late to change them. This can be applied to a number of things in computing but the best example I can think of is networking. (Side note: That’s one of my favorite blog posts ever.)

Things start out simple and got more complicated until someone figures out how to cover up the mess. Then, since nobody wants to get in there and fix it properly and everyone else has already moved on, we just ignore what’s behind the curtain and hope it all keeps working.

Definitely something going on here. Cloudflare is my main suspect.

@prologic@twtxt.net I thought you were one of the people telling me how great it was. It is a Go project, after all. What do you usually use? I always find myself spending a lot of time making Nginx do what I want and I don’t think I’ve ever had automatic certificate renewal work the first time.

Caddy just works. I have some self-hosted Web services with easy-to-remember subdomains that only exist on my Wireguard network with a valid Let’s Encrypt (wildcard) certificate so browsers don’t complain. It should be automatically renewed without my input but we’ll see what happens. It took shockingly little effort, even considering I need to customize the Docker image and create API keys so it can solve a DNS challenge using my provider.

I’m still not thrilled about using software that does magic for you (like Docker and Caddy) but it sure makes things easy.

@bender@twtxt.net What are you doing with it?

The end-to-end encryption means very little if you have your messages backed up in iCloud because the encryption keys are also stored with the messages in iCloud according to this FBI document. If that’s the case, Apple can definitely read your messages as well as (obviously) any government agency who can make a legal request to Apple.

@movq@www.uninformativ.de Group chat is still pretty rough around the edges, especially if you want encryption. I don’t use it with my friends. If you need group chat, it’s probably better to use something else.

@movq@www.uninformativ.de I don’t have much family and I talk to them on the phone but I’ve been there on two occasions with friends and Jabber.

They attribute unrelated things to it, like “I can’t send messages to you, I don’t reach you! It doesn’t work!”

This scenario has played out the same way for me multiple times. It’s uncanny.

I have some friends on Jabber now but it took time to make that happen. It helps that Conversations on Android is really good. I just hand them $5 cash and have them buy it on the Play Store so I don’t have to answer questions about F-Droid and APK files.

On iOS, I recommend Siskin IM which works most of the time but I need to set it up for them because it doesn’t handle captcha registration very well (fields are shown that shouldn’t be and it’s confusing) and it doesn’t enable OMEMO by default (iirc).

I also used to refer to it as “XMPP”, but I think that made it worse for me. “Jabber” is much less technical-sounding and some people remember hearing others talk about it.

@slashdot@feeds.twtxt.net Great, now your car can slam the brakes randomly in addition to jerking the steering wheel randomly, i.e. lane keep assist. All these “safety features” add a fun new challenge to driving. You need to constantly be aware of your car’s computer misinterpreting something and respond to its reaction or you’re going to end up in a ditch or in the front of a 10 car pileup.

mitmproxy is not un-escaping for readability:

I swear I copied a URL from an address bar one time and I noticed it was percent encoded on the clipboard when the text in the box wasn’t. It was showing me something easy to read, but when I was going to use that URL for something else it was properly encoded so it wouldn’t cause exactly this type of problem.

Do browsers not percent-encode URLs automatically? They did in the past, right? For some reason I thought they still did, but they showed the original URL in the bar for readability.

I just used mitmproxy and pasted that URL and it didn’t escape it at all.

One more point, not necessarily for @bender@twtxt.net but for anyone else reading this. If you don’t want to use the command line, Arch probably isn’t for you. Linux Mint is much closer to a command-line-free distribution. Don’t be afraid of the command line, though. The command line is good for you.

@bender@twtxt.net Yes, that one. It’s not a big deal unless you use Arch on a remote machine. You can expect some minor issues like this, but the Arch team does a good job of smoothing these things over with prompt updates and announcements like that if they can’t.

EndeavourOS is alright, better than Manjaro in my opinion. If you’re going to use an Arch based distribution, I would recommend just installing regular Arch. They have an install script now that makes the installation very easy if you want an average setup, but the manual installation isn’t that hard if you want something more specialized.

The Arch manual installation also gives you valuable knowledge on how to fix the system if it breaks.

@eldersnake@we.loveprivacy.club That would be really useful. I can’t train myself to do yay -Syuw and I don’t like having one package name on each line when confirming the upgrade.

@movq@www.uninformativ.de I actually had to hook a monitor and a keyboard up to my server. This is the instability they talk about on Arch, which I’ve been experiencing a little more lately.

@prologic@twtxt.net Regardless, Sentz looks really sketchy to me and I wouldn’t trust it at all. I think it would probably function properly; they probably aren’t going to outright steal your money (for now), but I have reservations about the confidentiality of transactions and what might happen to the ecosystem in the long-term.

Any “cryptocurrency” created by a for-profit company cannot be trusted. Plus, I’m not seeing a link to any source code from the home page either.

It reminds me of this episode of It’s Always Sunny in Philadelphia: https://www.youtube.com/watch?v=NHYX0HFJoG4

@prologic@twtxt.net Looks like any other payment service except it’s intermingled with some sketchy cryptocurrency. I would just bypass all that and use Monero instead.

@prologic@twtxt.net I use Redirector by Einar Egilsson. It works great. You can even import and export your rules with JSON files.

• https://addons.mozilla.org/en-US/firefox/addon/redirector/
  
• https://chromewebstore.google.com/detail/redirector/ocgpenflpmgnfapjedencafcfakcekcd

@eldersnake@we.loveprivacy.club A huge effort. Andreas Kling is the lead of the SerenityOS project and he makes great videos on his YouTube channel. It’s mostly been monthly updates lately on SerenityOS and Ladybird but he also has a lot of programming videos where you get to see his process, fixing a bug or adding a feature from start to finish. I highly recommend his channel.

@prologic@twtxt.net There is JavaScript, but not everything is implemented (properly). They’re writing everything including the JavaScript engine from scratch.

It worked! I can’t reply to a message (this was posted from the conversation view) and the hamburger menu when the screen is narrow doesn’t work, but it’s getting much closer.

If you’re reading this, it is now possible to post on twtxt.net using Ladybird!

@jsreed5@jsreed5.org I had a public network block my personal Wireguard connections on port 51820 but my VPN service using Wireguard on port 1637 wasn’t blocked. I don’t know what they think they’re accomplishing. It was at a hotel, where people might feasibly need to connect to a VPN for work.

To everyone reading this, please make sure the elderly people in your life know to be very skeptical of unsolicited messages from companies, banks, government institutions, and pop-ups that say their computer is infected.

I would recommend getting them the hell off of Windows as well if you can, installing uBlock Origin in their browser, and disabling all browser notifications. Linux Mint is a great distribution for non-technical people. Just tell them to only install software from the Software Manager application and to think of it like the app store on their phone.

@bender@twtxt.net These sorts of scams are a huge problem and gift cards are an easy way to move money around anonymously. There are a few different common types of scams, but they usually involve someone logging into the victim’s computer using a remote desktop utility like TeamViewer and asking him for money under some false pretense. If the victim won’t pay, the scammer will sometimes lock down the computer so they can’t use it.

Usually, it’s nothing a reinstall won’t fix but if they can change the password/recovery of the Microsoft account and the disk is encrypted (which is the default if you sign in to a Microsoft account on Windows 11) it can be impossible to get their data back without the help of Microsoft support, who will treat you as if you’re the one trying to steal the account. It is important to remember that the people running these types of scams don’t have much deep technical knowledge (if they did, they could get a real job) so I’ve never heard of that happening but it is a serious risk.

It’s been known for some time that AI actually stands for “A lot of Indians”.

@prologic@twtxt.net No

@muayboranacademy@twtxt.net Huh, a twtxt feed hosted on Google Drive.

A careless rm -rf just got me, big time. I realized what had happened and stopped it in less than a second, but it had already deleted ~3000 (70 GiB) of files I didn’t want to delete. Luckily I had backups in Restic.

Fun fact: This is the first time I’ve had to restore more than a file or two from any of my Restic repositories.

@bender@twtxt.net I see you host your own relay. Which implementation are you using, and how did it go setting it up?

@bender@twtxt.net Maybe I’ll get back into it at some point. I think it would be a little excessive to have a standard twtxt, a rich twtxt, and a Nostr feed, not to mention a regular blog and a separate “notes” section on my website.

@bender@twtxt.net I don’t have one. When I was looking into Nostr, I couldn’t find a client I liked so I put it on the back burner. Which one are you using?

@prologic@twtxt.net No pain here. There’s no important data on them, and the first portion of the drives work reliably enough that there weren’t any issues before I had to shelf it. This is just for fun. I don’t even think I’d consider it a war game.

@mckinley@mckinley.cc It booted. I was going to do more but I had actual work to do so I shelved it. Maybe I’ll come back to it another time. These drives are in really bad shape, though. They hold up udev by 30-60 seconds on every boot, even when booting the Arch install ISO, covering the console with lots of SATA errors and timeouts I don’t really understand.

Badblocks via mkfs.ext4 -cc was taking too long on the full 1+1 TB array so I made new 250 GB partitions and neither drive had bad blocks in that range so it was just a waste of time. Maybe if I come back to it I’ll do the full array and have the EFI system partition in RAID 1 just for fun. I didn’t know that worked with software RAID.

The key part is to use –metadata 1.0 in order to keep the RAID metadata at the end of the partition, otherwise the firmware will not be able to access it.

I had the ESP on a USB stick for simplicity’s sake.

@prologic@twtxt.net I can’t really commit to that. Don’t plan anything around me.

@shreyan@twtxt.net Same here. I work relatively late so I’m never up that early.

@prologic@twtxt.net Nice! Save some marshmallows for me.

@prologic@twtxt.net Any of the above