@abucci@anthony.buc.ci I think you are talking the user side while @prologic@twtxt.net is talking protocol side, and that means you’re talking about wildly different things.

@prologic@twtxt.net Interesting. I think I interacted with that user today?

@lyse@lyse.isobeef.org I have no problem with opt-in telemetry at all. If you choose to share info with the developer, why not provide good tools to do it?

We won. https://research.swtch.com/telemetry-opt-in

@prologic@twtxt.net Awesome. We need to catch up. Hoping to make it tomorrow maybe.

@prologic@twtxt.net What’s your current plan/concept on this?

Haha, this is getting funny at this point… I’m here for this later call now. Just. Keep. Missing. It.

@prologic@twtxt.net We were on the road until right now and I am barely awake and am going to sleep.

@prologic@twtxt.net I mean, from a historical standpoint, probably no, but the fact that there’s actually two and now a proposed third variable you have to set to keep Google out of your dev tools is a continuing problem, especially since the second one doesn’t seem to be well-known.

@prologic@twtxt.net I mean my point is that people thought they were excluding Google from that info by turning the proxy off, so Google went and implemented another less known switch to get the same data.

@prologic@twtxt.net What info do they get via GOPROXY but not get through GOSUMDB? They’d get obviously your IP/connection plus all of the packages you are using, no?

@prologic@twtxt.net It basically gives them all the same data using GOPROXY does though, does it not?

@prologic@twtxt.net From Russ Cox: “note that if you set GOPROXY=direct, the go command still uses the checksum database to protect against supply chain attacks. If you really want the go command not to use servers, you also need to set GOSUMDB=off.”

lol it has no end

Whelp, @prologic, Google can’t help but be Google, and I shouldn’t have believed you… Russ Cox wants to build telemetry directly into the core Go tools: https://github.com/golang/go/discussions/58409

You can’t remove the Google stench from anything Google is involved in.

@prologic@twtxt.net Russian sites generally don’t care about US law, so you can feel free to say things on a relay there you could get in trouble for here. Of course, I’m confident Russia allows so much criminal Internet activity in their borders because it’s annoying to the West.

@prologic@twtxt.net I mean, I wouldn’t want a Russian server to ensure my free speech, but some of the free speech absolutists will take it anywhere they can get it.

@prologic@twtxt.net This is the downside of lacking notifications. Just saw this. I can’t get Firefox to prompt for audio access on this site.

@prologic@twtxt.net It literally calls itself dumb here: https://github.com/nostr-protocol/nostr (It’s a very readable readme)

Oh, shoot, it’s 13 UTC now? I just… got on the call… whoops. I knew the second call was 7 hours after the first one, and I didn’t actually look at the time of the first one in my calendar, and made a daylight savings-inspired screw-up.

Can we please get rid of daylight savings time as a thing?

Messages are signed with a keypair to verify who they came from. But there’s no blockchain strategy in use for them.

@prologic@twtxt.net It’s decentralized: You submit a copy of your messages to as many relays as you would like, and people can follow them from as many relays as they like. The relays act as the “server”, but your profile isn’t tied to any specific one.

@prologic@twtxt.net Haha, well I’m up so that’s reasonable.

@prologic@twtxt.net Yeah the protocol for it is pretty straightforward. It suggests relays should charge money for their services though, which is likely why Bitcoin payment integration may be common.

@prologic@twtxt.net I mean I ended up outright asleep.

@prologic@twtxt.net Nostr doesn’t have any blockchain features, it just has a community with a lot of crypto bros in it.

@prologic@twtxt.net I should try to come to the first one today, I have been a lapsed attendee for a bit here.

@prologic@twtxt.net We do, though technically what I’m blocked on is just re-organizing yarnd auth design.

Tonight I killed an eight year old issue report in Sandstorm’s WordPress package, so I am on a roll right now.

@prologic@twtxt.net I have not had a ton of desktop-based social media time lately, so every time I tried to check in here I slammmed into the expired app and went back to Mastodon. :P Missing the calls has just been me failing, a lot of cool stuff has happened.

@prologic@twtxt.net Staring at the app no longer available screen. 🫠

Wooo! I’m back! And the app has a new name!

@abucci@anthony.buc.ci A decade and a half of unchecked marketing that it’s the next thing.

@justamoment@twtxt.net @prologic@twtxt.net Written entirely in Go, of course.

@justamoment@twtxt.net @prologic@twtxt.net Heh, just had to go trace back and find out what issue was being discussed. Heh, interesting thread indeed. I swear James, though, you lean hard into “do everything everyone else is doing but NOT THAT WAY”, lol 😂🤣😂

@prologic@twtxt.net Working on fixing that! Some prototyping of doing Cap’n Proto capabilities instead!

@bender@twtxt.net @prologic@twtxt.net One of the big things Forgejo is working on is federation support, so you can contribute to projects on various code forge servers from your own. Forgejo is led by a bunch of Gitea contributors who were blindsided by the corporate push.

But right now it is a soft fork, so it is yet to be seen how much they will diverge in the near future.

Hey @prologic@twtxt.net, are you planning on switching git.mills.io over to Forgejo when it launches?

As per usual, I show up when you aren’t here. Ah well. Hope you recover quickly.

@abucci@anthony.buc.ci There are tens of thousands of Mastodon servers. I believe the hit is caused by the servers all checking the link at once, not the clients.

On the call we were talking about how Mastodon servers DDoS websites when they generate link previews: https://www.jwz.org/blog/2022/11/mastodon-stampede/ There’s some interesting questions about how to do this more efficiently without a bad user experience.

@prologic@twtxt.net I sorry, I fell asleep.

@mckinley@twtxt.net I grab pretty much all unmaintained Sandstorm app repos, in case they disappear, and then anything interesting related to copyrighted games. Like if you saw the Portal64 thing recently… really interesting but begs for a DMCA, so I took a copy.

@mckinley@twtxt.net What all makes the list? I have been archiving repos that matter to me too of late, though it’s a smaller list.

Switched my Sandstorm dev box from an Ubuntu machine to a Debian one this week. Night and day difference in performance, once you get past the part where Debian fresh installs broken in various subtle ways.

@mckinley@twtxt.net The fact that nothing on their website even mentions a business model and that their company’s values page is entirely about vision and not at all about privacy or user rights at all should drive everyone far, far, far away from this thing.

A point of pride to me is that in a single file of less than 50 lines of code: Dark mode is supported without a whole stylesheet and input is validated without JavaScript.

Wrote a new Sandstorm.io app tonight in less than an hour called Sum: https://apps.sandstorm.io/app/uw6vkwgwkeqv9fdkh94hqwt6nh4jfm02hzf3mkth1qfntkfx8cjh?experimental=true

It’s extremely simple (basically an old tape adding machine plus a memo field), but it’ll save me some time and make a process i do mobile friendly.

Image

@prologic@twtxt.net Not quite that bad, but imagine a system that let you keep all your Word docs. But could remove your Microsoft Office install at any time. You might be able to recover your data and use them with another app, but it won’t really be the same. And also Microsoft Office was a cloud service?

@prologic@twtxt.net So the problem with Solid is that the concept is to control your data, and merely allow apps to access that data. Aka, a significant downgrade from any selfhosting, because your apps can still disappear at any time.

The only reason this would make sense is if you really really were focused on enabling proprietary services while still giving lip service to owning your data.