@quark@ferengi.one wow everybody loves @prologic@twtxt.net

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

@mckinley@twtxt.net He’s signed up three times now even though I keep deleting the account, which is enough for me to permaban this person. I don’t technically want open registrations on my pod but up till now I’ve been too lazy to figure out how to turn them off and actually do that, and there hasn’t been a pressing need. I may have to now.

USENET, the OG social network, rises again like a text-only phoenix

The USENET management committee has reconvened and there are green shoots of growth in the original, pre-World Wide Web social network.

@lyse@lyse.isobeef.org oh wow nice, I got it running with no trouble:

     |
     |
     |                             .
     |                             |     |
     |                             |     |
     |                             |     |
     |__________                   |     |
     /          |   _,..----.      |     /     ,Y-o..
    .|          ,-''        |      /    .'    /      ' .
    ||          [   --.....-      |     |     |         `.
    ||          |".........__     |     |     \          |
     b          |            '    |    |       \         |
                |                |     |        `.    _,'
                |                |     '          `'''



                     ,        ,   .       .
           \        .'|   ,-'\V   d---.   |...
           \.      ,'|   /   |/   |       /  |
            ` ...,' ,'   `..,Y   /       /    |
                   _/        |           |    |
                  ,'         |
        -._______/

@xuu@txt.sour.is “yet”? It’s supported ipv6 for like 6 years now.

I never paid a lot of attention to Ben Shapiro before, but what he says is so transparently asinine it boggles the senses. You really have to have a Fox-addled mind to believe that the search for the submersible was completely faked and that the powers-that-be knew the entire time that it had imploded. To believe that a vast conspiracy among hundreds, thousands (?) of people from several countries and spanning several days was orchestrated to lie to the public in order to…..uh, achieve what exactly? “Undermine institutional credibility”? What does that even mean?

This is “the moon landing was faked” levels of conspiracy theory.

Image

How Ukraine’s dam collapse could become the country’s ‘Chernobyl’ | Time

Chernobyl is in Ukraine you assholes 😆

Russia blowing up the Nova Kakhovka dam is an incomprehensible war crime. Among other things, it drains water from the Zaporizhzhia nuclear power plant, water that is needed for cooling. They are trying to generate a widespread disaster.

They must be stopped, immediately, without hesitation. This is unacceptable behavior, crossing every red line we have no matter our politics, without any doubt.

Image

This guy is just such an idiot lol.

• There’s no such mass migration to “the south”. Tons of people are leaving Mississippi, Louisiana, Virginia, and New Mexico for instance. I don’t know enough about the states with net influxes like Texas and Florida but I suspect they have policies that make it attractive for people to move there
  
• Not everybody is able to take account of long-term trends when they make housing decisions. There are financial reasons, family reasons, educational reasons, etc that impact such decisions
  
• But of course, most laughably, cheap energy is fast becoming a thing of the past, and so the problem isn’t “solved” by cheap energy, it’s just kicked down the road. And ffs, cheap energy is literally causing the very heating that he pretends air conditioning will “solve”–like “solving” your drinking problem by staying drunk all the time
  

This oversimplification to drive some kind of political point is so embarrassing coming from someone who pretends to be a university professor. It sounds like a teenage doofus from a 1980s movie talking. He well knows all these things, but he decides to present these views anyway.

I may have misspoken in my haste/anguish. I don’t know of any examples of Ben Shapiro advocating rape. I do know them of Jordan Peterson. He’s known for that, but I’ve seen it myself. So, to be clear, I don’t know if Ben Shapiro is a rape apologist and have no evidence of that. Wouldn’t surprise me frankly because the set of ideas he does talk about tends to include being A-OK with crimes against women, but anyway.

@prologic@twtxt.net omg yes! They are both ultra-right-wing assholes! The worst of the worst! Please tell me you don’t listen to these guys’ brain poison?

Like, check it out. That link to DRY? It doesn’t render as a link in the webapp. However, it does render as a link, and works fine, in Goryon. I’ve seen before that Markdown tables render fine in Goryon but not in the webapp. They ought to behave as similarly as possible, right? So just in this small interaction there are three discrepancies between how the mobile app and webapp render Markdown.

@prologic@twtxt.net @movq@www.uninformativ.de this is the default behavior of pass on my machine:

Image

I add a new password entry named example and then type pass example. The password I chose, “test”, is displayed in cleartext. This is very bad default behavior. I don’t know about the other clis you both mentioned but I’ll check them out.

The browser plugin browserpass does the same kind of thing, though I have already removed it and I’m not going to reinstall it to make a movie. Next to each credential there’s an icon to copy the username to the clipboard, an icon to copy the password to the clipboard, and then an icon to view details, which shows you everything, including the password, in cleartext. The screencap in the Chrome store is out of date; it doesn’t show the offending link to show all details, which I know is there because I literally installed it today and played with it.

@xuu@txt.sour.is yeah, I know less about ISO27k (in part because you have to pay for access to the complete standards documents!!!), but I figured it was similar.

And in the latest “don’t store your passwords in the cloud” news, NortonLifeLock warns that hackers breached Password Manager accounts

@xuu@txt.sour.is that doesn’t seem to fit the spirit of the spec, at least by my read (I could be wrong obv). The example on Wikipedia’s webfinger page,

{
	"subject": "acct:bob@example.com",
	"aliases": [
		"https://www.example.com/~bob/"
	],
	"properties": {
		"http://example.com/ns/role": "employee"
	},
	"links": [{
			"rel": "http://webfinger.example/rel/profile-page",
			"href": "https://www.example.com/~bob/"
		},
		{
			"rel": "http://webfinger.example/rel/businesscard",
			"href": "https://www.example.com/~bob/bob.vcf"
		}
	]
}

and then the comparison with how mastodon uses webfinger,

{
    "subject": "acct:Mastodon@mastodon.social",
    "aliases": [
        "https://mastodon.social/@Mastodon",
        "https://mastodon.social/users/Mastodon"
    ],
    "links": [
        {
            "rel": "http://webfinger.net/rel/profile-page",
            "type": "text/html",
            "href": "https://mastodon.social/@Mastodon"
        },
        {
            "rel": "self",
            "type": "application/activity+json",
            "href": "https://mastodon.social/users/Mastodon"
        },
        {
            "rel": "http://ostatus.org/schema/1.0/subscribe",
            "template": "https://mastodon.social/authorize_interaction?uri={uri}"
        }
    ]
}

suggests to me you want to leave the subject/acct bit as is (don’t add prefixes) and put extra information you care to include in the links section, where you’re free to define the rel URIs however you see fit. The notion here is that webfinger is offering a mapping from an account name to additional information about that account, so if anything you’d use a "subject": "acct:SALTY ACCOUNT_REPRESENTATION" line in the JSON to achieve what you’re saying if you don’t want to do that via links.

Fomu | Crowd Supply

An FPGA board that fits inside your USB port

Whoa 🤯

Oof, LastPass suffered a major breach

@prologic@twtxt.net I started to write a snarky twt about Kafka and then deleted it because I didn’t want to be too negative 😆

git-bug

Distributed, offline-first bug tracker embedded in git, with bridges

Interesting!

What is NATS - NATS Docs

Might play with this at work next week.

I guess Google Hangouts is finally dead.

Why is Google such a mess at making messaging apps? This has more or less been a solved problem for decades. Google Talk worked well enough, and since it was based on XMPP and Jingle it was perfectly suited to become a large-scale text/voice/video messaging system. If they’d run with that they’d have been able to dominate that space, I think. Instead, they’ve created and shitcanned half a dozen messaging apps and platforms, flailing around copying someone else’s app (now they’re trying to copy Slack I guess).

@jlj@twt.nfld.uk @xuu@txt.sour.is hello! @prologic@twtxt.net and I were chatting about the question of globally deleting twts from the yarn.social network. @prologic@twtxt.net noted that he could build the tools and endpoints to delete twts, but some amount of cooperation from pod operators would be necessary to make it all work together. He asked me to spawn a discussion of the subject here, so here we are!

I don’t have enough technical knowledge of yarn.social to say with any credibility how it all should work, but I can say that I think it ought to be possible and it’d be good to do for those rare times when it’s needed.

I was inclined to let this go so as not to stir anything up, but after some additional thought I’ve decided to call it out. This twt:

Image

is exactly the kind of ad hominem garbage I came to expect from Twitter™, and I’m disappointed to see it replicated here. Rummaging through someone’s background trying to find a “gotcha” argument to take credibility away from what a person is saying, instead of engaging the ideas directly, is what trolls and bad faith actors do. That’s what the twt above does (falsely, I might add–what’s being claimed is untrue).

If you take issue with something I’ve said, you can mute me, unfollow me, ignore me, use TamperMonkey to turn all my twts into gibberish, engage the ideas directly, etc etc etc. There are plenty of options to make what I said go away. Reading through my links, reading about my organization’s CEO’s background, and trying to use that against me somehow (after misinterpreting it no less)? Besides being unacceptable in a rational discussion, and besides being completely ineffective in stopping me from expressing whatever it is you didn’t like, it’s creepy. Don’t do that.

@xuu@txt.sour.is proof of stake = people with money get more money. It accelerates the wealth inequality problems that are already plaguing us. Crypto has even worse wealth inequality than fiat currency systems, which is 100% predictable.

@brasshopper@twtxt.net bitcoin 🤮 that’s a hard no from me

I just resurrected a laptop that had been off for about six months and it needs 585 package updates.

Stumbled on WebID today. Besides being confusing, it doesn’t work on the site I tinkered with and it seems to be mostly abandoned?