@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.

I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.

jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.

(And this is finally a strong argument for static linking.)

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

Pessoas da comunidade brasileira de #ProgramaçãoCriativa por muitos anos fizeram encontros sob o nome promovido pela Fundação Processing, os chamados #ProcessingCommunityDay, fizemos encontros em várias cidades e então depois de 2020, com a pandemia do COVID-19, fizemos três eventos nacionais muito inspiradores em 2021, 2022 e 2023 (vide https://compoetica.github.io/links/)

Ano passado não conseguimos fazer e este ano pretendemos retomar, só que usando outro nome: #Compoética. Vamos aos poucos divulgar mais sobre o encontro brasileiro de programação criativa em https://compoetica.github.io/CP2025/

Meus agradecimentos profundos ao @guilhermesv@guilhermesv que dedica generosamente um enorme esforço para organizar esses eventos da comunidade e cria o design e peças de comunicação sempre emocionantes de lindos.

Video

@movq@www.uninformativ.de Yeah, it’s a shitshow. MS overconfirms all my prejudices constantly.

Ignoring e-mail after lunch works great, though. :-)

Our timetracking is offline for over a week because of reasons. The responsible bunglers are falling by the skin of their teeth: https://lyse.isobeef.org/tmp/timetracking.png

1. The error message neither includes the timeframe nor a link to an announcement article.
   
2. The HTML page needs to download JS in order to display the fucking error message.
   
3. Proper HTTP status codes are clearly only for big losers.
   
4. Despite being down, heaps of resources are still fetched.
   

I find it really fascinating how one can screw up on so many levels. This is developed inhouse, I’m just so glad that we’re not a software engineering company. Oh wait. How embarrassing.

we should bring back XFN that is the cutest shit in the world i want to link to my friends and have the internet know they are my friends through the markup!!!!!!!!!!!

Thumbnail novo para a minha página sobre compreensão de listas… #Python

https://abav.lugaralgum.com/material-aulas/Processing-Python-py5/comprehension.html

(preciso dar uma melhoradinha na página, por umas imagens, arrumar links quebrados)

Image

@prologic@twtxt.net no, good man. Follow the link, follow eet! :-)

@kat@yarn.girlonthemoon.xyz i linked the normal length edit instead of the full 15 minute music video because i’m not gonna subject you all to that amount of my bullshit

(…15 minute version is a great watch though)

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

@quark@ferengi.one Ta. Hmm, what’s wrong with the blue text color? Is it too dark on the black background for you? :-?

Normal links are blue while images are teal. I thought I differentiate the two if I easily can. The underline of URLs comes from my terminal and is not tt’s fault.

Configuring colors is in the todo list. But of course, providing a sane default is definitely something I’d like to have.

@lyse@lyse.isobeef.org I cannot / could not imagine that, either – but if it’s publicly available on the internet and something links to it, they’ll eventually find, scrape it, use it. ☹️

hey @prologic@twtxt.net heads up - my pod is suddenly having weird 400 bad request errors on things like posting twts, new user registration, following, and more. it’s not just me because a friend is also having these issues as a new user and can’t post. i saw one exception in the logs but i’m not sure if it’s related, i’ll link it in a reply to this

@movq@www.uninformativ.de yes, I think:

<!--[if !IE]><!-->
<link rel="stylesheet" href="../simplicity.css”>
<!--<![endif]-->

Should work, but I haven’t tested it.

@prologic@twtxt.net it says in the linked page;)

@kat@yarn.girlonthemoon.xyz I FOUND ANOTHER ONE OF THESE TUX GUYS FROM THIS SAME SHOP ON EBAY, IT’S NOT THE SAME ONE I LINKED BUT I MADE AN OFFER, EVERYONE PRAY FOR ME I WANT A TUX ARMY

@eldersnake@we.loveprivacy.club awww ty! it’s mostly fun stuff and links to my friends :) the buttons have been revived by indie web folks and the people at neocities, it’s super fun!

@movq@www.uninformativ.de OH SHIT I TOTALLY FORGOT LOL! thanks for telling me! they’re just frontends for ultimate guitar - so these links

https://tabs.ultimate-guitar.com/tab/fifty-fifty/cupid-twin-version-chords-4667768?no_redirect
https://tabs.ultimate-guitar.com/tab/chappell-roan/good-luck-babe-chords-5191149?no_redirect

Also spent the morning continuing to think about a new design for EdgeGuard’s WAF. I’m basically going to build an entirely new pluggable WAF that will be designed to only consider Rate Limiting, IP/ASN-based filtering, JavaScript challenge handling, Basic behavioral analysis and Anomaly detection.

The only part of this design I’m not 100% sure about is the Javascript-based challenge handling? 🤔 I’m also considering making this into a “proof of work” requirement too, but I also don’t want to falsely block folks that a) turn Javascript™ off or b) Use a browser like links, elinks or lynx for example.

Hmmm 🧐

@prologic@twtxt.net ah that’s alright! the banner is just for fun :] it might be easier to skip to the comments with this link if you want (it’s in the site view mode rather than my page’s theme) https://luckyzukky.dreamwidth.org/98451.html?style=site#comments

@ About the URL, since it no longer used for hashing there might be no need to change it. I agree that we keep all the parts that already are out there for the most parts. Instead of a contact field you could also just use links like: link = Email mailto:user@example.dk or link = Signal https://signal.me/sthF4raI5Lg_ybpJwB1sOptDla4oU7p[...]

@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
I’m still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.

@bender@twtxt.net Yes, you right. But is premium for more than that.
I use a feature I love a lot: customising different searches with different themes or links.
It’s easy to understand with an example. I have a search with the name “Django”. I set sources: Django documentation, stack overflow, topic “programming” and so on. It’s very quick to find Django solutions.
I also have another way to find my stuff: search my blog and repositories.
I had problems paying for the first mouths, now it’s a working tool for me.

Hmm not sure how that link is 404’kng for you 🧐 It doesn’t here 🤦‍♂️

@prologic@twtxt.net first we need to fix broken links. 😅

Andros’ feed is simply the direct link to submissions with at least 600 points. It doesn’t link to Hacker News, thus no comments.

@andros@twtxt.andros.dev One thing I really liked about the hacker news rss feeds is the link to the comments. Reckon you can add that to the feed? 🤔

@prologic@twtxt.net I won’t give you the link for the moment because I want to check how well it works! 😋

@andros@twtxt.andros.dev Ahh cool! I’ll try following it again 🤣 Mind @-mentioning/linking@twtxt.net the feed again? 🙏

This expands the usefulness of Twtxt / Yarn.social to:

• Sharing small posts
  
• Sharing links
  
• Sharing media
  
• Having long conversations
  
• Voting on topics, opinions or decisions
  
• RSVPing to virtual or physical events

Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔

sqlite> select * from twts where content like 'The web is such garbage these days%';
      hash = 37sjhla
  feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
   content = The web is such garbage these days 😔 Or is it the garbage search engines? 🤔
   created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
   subject = #37sjhla
  mentions = []
      tags = []
     links = []
sqlite>

@prologic@twtxt.net I don’t understand. I checked the feed, the twtxt file, and there are no duplicate links. I will follow the next articles 👁️👁️‍. Thank you!

@andros@twtxt.andros.dev Ahh I see 👌

@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.

@eapl.me@eapl.me When it is up and running, I promise to add it to the specification. I will also include some corrections.
The nature of twtxt does not allow us to selectively hide clients. It’s a problem not with DM, but with any extension.
@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.
@xuu@txt.sour.is It’s already much better than Mastodon :P . Maybe we can remove the sender and receiver references with an intermediary register.

well, I suggested that in https://eapl.me/timeline/conv/k2ob6bq

The idea was to help those following the spec in https://twtxt.dev/exts/directmessage.Html, to replicate the steps and validate whether your implementation gives the same result.

BTW, you could add a link to the spec in the echo web.

@prologic@twtxt.net I didn’t. Share a link? I would love to watch it!

@anth@a.9srv.net Hahaha, for a second I thought that you implemented word splitting according to Swiss (.ch) rules. :-D

Btw, both manpage links string(2) and getields(2) (it’s missing an f) point into nothingness: http://a.9srv.net/src/wordwrap.2.html

I can’t help but notice line 9: http://a.9srv.net/src/wordwrap.c

And I reckon your finger slipped one key to the right for quore: http://a.9srv.net/src/litclock.1.html

Cool stuff! :-)

oh out of boredom yesterday i made my blog available via markdown files too so you can use charmbracelet/glow to read them in your terminal :)

basically i just set up a file directory on a path of my blog, organized the MD files by year, and so in theory you can navigate to that path and choose a folder, then copy a link to a markdown post and run this:

glow -p https://bubblegum.girlonthemoon.xyz/md/2025/2025-03-31%20premature%20reflections%20on%20sudden%20responsibility.md

and then as long as you have glow installed, you can read my posts from the terminal :D it’s so cool

@kat@yarn.girlonthemoon.xyz It’s very well hidden, it took me a while to find that. Go to “Settings” in the menu bar up top → “Profile and Privacy” (already selected) → on the right at “User Info” → “1 Muted” → click the link with the minus in the circle at the message you want to unmute.

Doesn’t look like it Hmmm

sqlite> select * from twts where content LIKE '%Linux installation%';
    hash = znf6csa
feed_url = https://www.uninformativ.de/twtxt.txt
 content = I wonder if my current Linux installation will actually make it to 20 years:

    $ head -n 1 /var/log/pacman.log
    [2011-07-07 11:19] installed filesystem (2011.04-1)

It’s not toooo far into the future.

It would be crazy … 20 years without reinstalling once … phew. 🥴
 created = 2025-04-07T19:59:51Z
 subject = (#znf6csa)
mentions = []
    tags = []
   links = []

@prologic@twtxt.net, from IRC:

1. Saving preferences is failing. Specifically trying to save “Open Links” on the same window. For sure it isn’t happening. Check errors on browser’s console.
   
2. Search results pagination is broken. Search for “twtxt.net” and see it. Also, picking oldest/newest makes no difference on that search query.

@arne@uplegger.eu I’m very glad I only rarely have to deal with .docx & Co. And when I have to, 99% is in read mode only. Even though, I don’t think that Markdown is the best choice, I use it on a daily basis. Some things, like links, in reStructuredText are better in my opinion.

Jira just resists to switch to Markdown and forces us to use its silly markup language.

For real typesetting, LaTeX is the way to go. But I very, very rarely do that.

@thecanine@twtxt.net My apologies, mate! :-( As @david@collantes.us pointed out, this was definitely not my intent at all.

For the easter egg hunt, I first looked for a hidden image map link on the pixel dog in the right lower corner itself. Maybe one giant pixel just links to somewhere else, I figured. But I couldn’t find any and then quickly moved on. Hence, I naturally viewed the HTML source. Because where else would be a good hiding place for easter eggs, right?

Next, I noticed the <font> tags. I thought I had read quite some time ago that they are not an HTML5 thing, but wasn’t entirely sure about it. So, I asked the W3C HTML validator. Sure enough. I thought I let you know about the violations. If somebody had found a mistake on my site, I’d love to hear about it, so I could fix it. I’m sorry that my chosen form of report didn’t resonate with you all that well. I reckoned you’ll also find it a bit funny, but I was clearly very wrong on that.

I actually followed the dog cow link to the video, so I ended up on the easter egg. However, I didn’t recognize it as such. ¯_(ツ)_/¯ Oh well.

Regarding my message about the browser quirks: I read your answer that you were arguing against the HTML validator findings. Of course, everybody can do with their sites whatever they likes.

For anyone following the proposals to improve replies and threads in twtxt, the voting period has started and will be open for a week.
https://eapl.me/rfc0001/

Please share the link with the twtxt community, and leave your vote on your preferred proposals, which will be used to gauge the perceived benefits.

Also, the conversation is open to discuss implementation concerns or anything aimed at making twtxt better.

@eapl.me@eapl.me Interesting! Two points stood right out to me:

1. Why the hell are e-mail newsletters considered a valid option in the first place? Just offer an Atom feed and be done with it! Especially for a blog of this very type. This doesn’t even involve a third party service. Although, in addition he also links to Feedburner, what the fuck!? No e-mail address or the like is needed and subject to being disclosed.

2. When these spam mailers want to prevent resubscribing, then for fuck’s sake, why don’t they use a hash of the e-mail address (I saw that in yarnd) for that purpose? Storing the e-mail address in clear text after unsubscribing is illegal in my book.

The Mastodon admins say that it’s probably because of the size of my account (~600 MB), so the export process times out. And I understand that. Here on twtxt, I always use auto-expiring links when I post images or videos. It just gets too much data otherwise. I think I’ll just set my Mastodon account to auto-delete posts after ~180 days or something like that. Nobody cares about old posts anyway.

@kat@yarn.girlonthemoon.xyz Pointers can be a bit tricky. I know it took me also quite some time to wrap my head around them. Let my try to explain. It’s a pretty simple, yet very powerful concept with many facets to it.

A pointer is an indirection. At a lower level, when you have some chunk of memory, you can have some actual values sitting in there, ready for direct use. A pointer, on the other hand, points to some other location where to look for the values one’s actually after. Following that pointer is also called dereferencing the pointer.

I can’t come up with a good real-world example, so this poor comparison has to do. It’s a bit like you have a book (the real value that is being pointed to) and an ISBN referencing that book (the pointer). So, instead of sending you all these many pages from that book, I could give you just a small tag containing the ISBN. With that small piece of information, you’re able to locate the book. Probably a copy of that book and that’s where this analogy falls apart.

In contrast to that flawed comparision, it’s actually the other way around. Many different pointers can point to the same value. But there are many books (values) and just one ISBN (pointer).

The pointer’s target might actually be another pointer. You typically then would follow both of them. There are no limits on how long your pointer chains can become.

One important property of pointers is that they can also point into nothingness, signalling a dead end. This is typically called a null pointer. Following such a null pointer calls for big trouble, it typically crashes your program. Hence, you must never follow any null pointer.

Pointers are important for example in linked lists, trees or graphs. Let’s look at a doubly linked list. One entry could be a triple consisting of (actual value, pointer to next entry, pointer to previous entry).

  _______________________
 /               ________\_______________
↓               ↓         |              \
+---+---+---+   +---+---+-|-+   +---+---+-|-+
| 7 | n | x |   | 23| n | p |   | 42| x | p |
+---+-|-+---+   +---+-|-+---+   +---+---+---+
      |         ↑     |         ↑
       \_______/       \_______/

The “x” indicates a null pointer. So, the first element of the doubly linked list with value 7 does not have any reference to a previous element. The same is true for the next element pointer in the last element with value 42.

In the middle element with value 23, both pointers to the next (labeled “n”) and previous (labeled “p”) elements are pointing to the respective elements.

You can also see that the middle element is pointed to by two pointers. By the “next” pointer in the first element and the “previous” pointer in the last element.

That’s it for now. There are heaps ;-) more things to tell about pointers. But it might help you a tiny bit.

@eapl.me@eapl.me I looked at the first few puzzles and they are pretty cool so far! I haven’t actually implemented any of them, but I’m fairly certain about how I’d solve them properly. I went through some linked reference articles yesterday, they’re also really good. I will recommend this to some workmates. :-)

@andros@twtxt.andros.dev Hm, looks correct to me. The image to be displayed is a thumbnail and this links to the full-sized image. The thumbnail (JPG) is auto-generated from the full image (PNG), hence the two extensions.

What does look strange, though, is that your client came up with the hash pqsmcka, while it should have been te5quba. 🤔

I’d need to think about it deeply, but at a first sight, nanoblogging would be a simple text (like the original twtxt spec, aimed for TUIs), and microblogging (like Twitter was a few years ago), would be about sharing texts, images, videos, GIFs, links, and perhaps Markdown styling.

Why? You have shorter messages than in a blog, but you may add almost anything you could do in a blog.
Buuut… who knows?

Du brauchst schon fast keine AfD mehr, wenn du Medien (ÖR!) hast, die so die Interviews führen: https://www.deutschlandfunk.de/interview-mit-bodo-ramelow-linke-ex-ministerpraesident-thueringen-zur-wahl-100.html

@prologic@twtxt.net Looks great with the new logo.

Image

The Americans are spreading links to sites with European alternatives for popular services, yet here I am, scheduling appointments with the construction workers over WhatsApp.

well, Gemini clients like Lagrange allow to show inline images when you click on an image link. Text based clients, like Amfora, usually allow to watch the image in another ‘window’.

For example here: gemini://text.eapl.mx/en-making-a-tic-tac-toe-variant and there https://text.eapl.mx/en-making-a-tic-tac-toe-variant

I agree that some topics require images to make it easier to explain.

yes it is! although, I’ve only used it to send files and links back and fourth between devices xD none of my relatives wanted to give it a try, which is kinda fair enough (I wouldn’t use WhatsApp if they asked) xD

Here’s a twt from @andros@twtxt.andros.dev ’s new version of Twtxt-el 🥳 It feels WAaaaaY better! although it freezes on me as soon as I navigate to the next page complaining about some bad url, but the chronological sorting of the feed as well as the navigation buttons (links?) are a great addition. Looking forward to the next update already! 😁 🥳🥳🥳

@doesnm.p.psf.lt@doesnm.p.psf.lt Thank you for the bug. It is a remnant of my desperate attempt to get a nice looking jump-link scrolling within the conversations. So I just removed scroll-snap-stop: always;.

@prologic@twtxt.net Just in case… the git link is missing a c in prologic

@prologic@twtxt.net I say we should find a way to support mentions with only url, no nick, as per the original spec.

• For @<nick url> we already got support
  
• For @<nick> the posting client should expand it to @<nick url>, if not then the reading client should just render it as @nick with no link.
  
• For @<url> the sending client should try to expand it to @<nick url>, if not then the reading client should try to find or construct a nick base on:
  
  1. Look in twtxt.txt for a nick =
     
  2. Use (sub)domain from URL
     
  3. Use folder or file name from URL

Hello @movq@uninformativ.de . Did you fixed jenny bug which causes fetching long ids from yarn instances on feeds like https://ciberlandia.pt/@marado.txt ? I’m asking because i want to store links in brackets on some of my posts and don’t want to confuse jenny users

The link is public!

messing with gemini again, this time a static site generator called gssg - https://git.sr.ht/~gsthnz/gssg

my capsule is linked in my profile but just in case it’s over at gemini://lazuli.sayitditto.net

@prologic@twtxt.net maybe you meant to specify twtxt as a type similar to ActivityPub’s application/activity+json in https://webfinger.net/lookup/?resource=sorenpeter@norrebro.space

    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://norrebro.space/users/sorenpeter"
    },

Then it would also make sense to define a Link Relations but should that then link to something like https://twtxt.dev/webfinger.html where we can describe the spec?

after thinking and researching about it, yep, I agree that WebFinger is a good idea.

For example reading here: https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
I wasn’t considering some scenarios, like multiple accounts for a single domain (See ‘How can I set and manage multiple subdomain handles?’ in the link above)

Google Drive? Can he give direct link? Idk about he but twtxt feed can he hosted in s3!

I’m giving a shot talk about twtxt/yarn/timeline tommow around noon CET at Piksel Festival in Norway. More info and link for live stream at: https://24.piksel.no
(So I will most likely not be joining the call)

Seems Hallway link in https://indieweb.org/twtxt is broken and redirects to main page. Is it abandoned?

@bender@twtxt.net yeah, that’s what I said, and linked. Want more?

this log can contain ips so im place it in secret path and send link via salty

(#2024-09-24T12:45:54Z) @prologic@twtxt.net I’m not really buying this one about readability. It’s easy to recognize that this is a URL and a date, so you skim over it like you would we mentions and markdown links and images. If you are not suppose to read the raw file, then we might a well jam everything into JSON like mastodon

#fzf is the new emacs: a tool with a simple purpose that has evolved to include an #email client. https://sr.ht/~rakoo/omail/

I’m being a little silly, of course. fzf doesn’t actually check your email, but it appears to be basically the whole user interface for that mail program, with #mblaze wrangling the emails.

I’ve been thinking about how I handle my email, and am tempted to make something similar. (When I originally saw this linked the author was presenting it as an example tweaked to their own needs, encouraging people to make their own.)

This approach could surely also be combined with #jenny, taking the place of (neo)mutt. For example mblaze’s mthread tool presents a threaded discussion with indentation.

@prologic@twtxt.net Do you have a link to some past discussion?

Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I don’t think I have to honour that request, no matter how European they are.

I am really bothered by the idea that someone could force me to delete my private, personal record of my interactions with them. Would I have to delete my journal entries about them too if they asked?

Maybe a public-facing client like yarnd needs to consider this, but that also bothers me. I was actually thinking about making an Internet Archive style twtxt archiver, letting you explore past twts, including long-dead feeds, see edit histories, deleted twts, etc.

@quark@ferengi.one It does not. That is why I’m advocating for not using hashes for treads, but a simpler link-back scheme.

i feel like we should isolate a subset of markdown that makes sense and built it into lextwt. it already has support for links and images. maybe basic formatting bold, italic. possibly block quote and bullet lists. no tables or footnotes

@xuu@txt.sour.is Thanks for the link. I found a pdf on one of the authors’ home pages: https://ahmadhassandebugs.github.io/assets/pdf/quic_www24.pdf . I wonder how the protocol was evaluated closer to the time it became a standard, and whether anything has changed. I wonder if network speeds have grown faster than CPU speeds since then. The paper says the performance is around the same below around 600 Mbps.

To be fair, I don’t think QUIC was ever expected to be faster for transferring a single stream of data. I think QUIC is supposed to reduce the impact of a dropped packet by making sure it only affects the stream it’s part of. I imagine QUIC still has that advantage, and this paper is showing the other side of a tradeoff.

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

its sad all the links off that page are broken.

@mckinley@twtxt.net agevault uses age, allegedly very secure (aiming to replace pgp/gpg). Comparing it with gocryptfs, from the user perspective, agevault seems simpler, though CLI exclusive. As the repository states, “Like age, it features no config options, allowing for a straightforward secure flow”. It would also run in all major OS platforms out of the box.

But agevault is also very new. Though age has been around for a while now, I don’t see an “audited” link (neither on agevault, nor age).

its a notebook tool like evernote. @sorenpeter@darch.dk linked it above: https://joplinapp.org/

Twtxt spec enhancement proposal thread 🧵

Adding attributes to individual twts similar to adding feed attributes in the heading comments.

https://git.mills.io/yarnsocial/go-lextwt/pulls/17

The basic use case would be for multilingual feeds where there is a default language and some twts will be written a different language.

As seen in the wild: https://eapl.mx/twtxt.txt

The attributes are formatted as [key=value]

They can show up in the twt anywhere it is not enclosed by another element such as codeblock or part of a markdown link.

@sorenpeter@darch.dk this makes sense as a quote twt that references a direct URL. If we go back to how it developed on twitter originally it was RT @nick: original text because it contained the original text the twitter algorithm would boost that text into trending.

i like the format (#hash) @<nick url> > "Quoted text"\nThen a comment
as it preserves the human read able. and has the hash for linking to the yarn. The comment part could be optional for just boosting the twt.

The only issue i think i would have would be that that yarn could then become a mess of repeated quotes. Unless the client knows to interpret them as multiple users have reposted/boosted the thread.

The format is also how iphone does reactions to SMS messages with +number liked: original SMS

I’m also more in favor of #reposts being human readable and writable. A client might implement a bottom that posts something simple like: #repost Look at this cool stuff, because bla bla [alt](url)

This will then make it possible to also “repost” stuff from other platforms/protocols.

The reader part of a client, can then render a preview of the link, which we talked about would be a nice (optional) feature to have in yarnd.

Isto é phishing de nível! Joguei Runescape na faculdade e apesar de não ter tido interesse por mais de 20 anos, veio-me o reflexo de impedir imediatamente clicando no botão. Felizmente vi o link fajuto a tempo.

Image

o Playwright é maravilhoso e fez exactamente o que eu precisava à primeira ✨ (tinha um ficheiro com links e precisava de screenshots de todos)

obrigado pela pista @medecau@medecau e @raf@raf <3

An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

I’m not super a fan of using json. I feel we could still use text as the medium. Maybe a modified version to fix any weakness.

What if instead of signing each twt individually we generated a merkle tree using the twt hashes? Then a signature of the root hash. This would ensure the full stream of twts are intact with a minimal overhead. With the added bonus of helping clients identify missing twts when syncing/gossiping.

Have two endpoints. One as the webfinger to link profile details and avatar like you posted. And the signature for the merkleroot twt. And the other a pageable stream of twts. Or individual twts/merkle branch to incrementally access twt feeds.

@prologic@twtxt.net short version: context is a linked list that is passed down a call stack that can share timeout, cancellation, or other data as needed by lower functions in the call stack.

so in effect it would look something like this:

---
subject: acct:me@sour.is
aliases:
  - salty:me@sour.is
  - yarn:xuu@ev.sour.is
  - status:xuu@chaos.social
  - mailto:me@sour.is
---
subject: salty:me@sour.is
aliases:
  - acct:me@sour.is
links:
  - rel:    self
    type:   application/json+salty
    href:   https://ev.sour.is/inbox/01GAEMKXYJ4857JQP1MJGD61Z5
    properties:
        "http://salty.im/ns/nick":    xuu
        "http://salty.im/ns/display": Jon Lundy
        "http://salty.im/ns/pubkey":     kex140fwaena9t0mrgnjeare5zuknmmvl0vc7agqy5yr938vusxfh9ys34vd2p
---
subject: yarn:xuu@ev.sour.is
links:
  - rel: https://txt.sour.is/user/xuu
    properties:
        "https://sour.is/rel/redirect": https://txt.sour.is/.well-known/webfinger?resource=acct%3Axuu%40txt.sour.is
---    
subject: status:xuu@chaos.social
links:
   - rel: http://joinmastodon.org#xuu%40chaos.social
     properties:
        "https://sour.is/rel/redirect": https://chaos.social/.well-known/webfinger?resource=acct%3Axuu%40chaos.social
---
subject: mailto:me@sour.is
...

@prologic@twtxt.net That was exactly my thought at first too. but what do we put as the rel for salty account? since it is decentralized we dont have a set URL for machines to key off. so for example take the standard response from okta:

# http GET https://example.okta.com/.well-known/webfinger  resource==acct:bob
{
    "links": [
        {
            "href": "https://example.okta.com/sso/idps/OKTA?login_hint=bob#",
            "properties": {
                "okta:idp:type": "OKTA"
            },
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "titles": {
                "und": "example"
            }
        }
    ],
    "subject": "acct:bob"
}

It gives one link that follows the OpenID login. So the details are specific to the subject acct:bob.

Mastodons response:

{
  "subject": "acct:xuu@chaos.social",
  "aliases": [
    "https://chaos.social/@xuu",
    "https://chaos.social/users/xuu"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://chaos.social/@xuu"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://chaos.social/users/xuu"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe"
    }
  ]
}

it supplies a profile page and a self which are both specific to that account.

Trying to wrap my head around webfinger..

my first thoughts about it were that a subject of acct:me@sour.is would have a listing of rel’s for the different accounts that are related to me (ie. yarn, salty, twitter, mastodon, etc…)

but maybe my thinking is at the wrong level.. that each of those accounts would be on a subject level and the rels are describing different aspects of that account. so i would have salty:acct:xuu@sour.is, twitter:acct:xuu, mastodon:acct:xuu@chaos.social, yarn:acct:xuu@ev.sour.is and then i could have a main acct:me@sour.is that links them together as aliases.

I found okta will do something similar with its accounts to show as okta:acct:user@domain so maybe I am on to something?

Twting to see if it will update my links list.

analogue players link https://www.youtube.com/watch?v=WB3Oj00p83Q

Look at you all using naked links!
Try https://twtxt.net!

non-linked & linked back footnotes in pdfs are annoying

@fastidious@arrakis.netbros.com the things Gemini has going for it are mutual TLS and lack of JavaScript. Which makes for a secure albeit boring experience (much like gopher). The fake markdown is a bit of a drag.

A render mode for Gemini probably wouldnt be too hard. There are markdown to Gemini libs out there.

With Web3 the whole trust a 3rd party browser ext + high fees + env impact for compute and storage are serious no gos for me.. I have heard one too many horror stories about clicking the wrong link and some script draining your metamask wallet.

Fossil Repo containing a version of the TH1 scripting language [[https://fossil.wanderinghorse.net/repos/th1-sgb/index.cgi/wiki/th1-sgb]] #links

the bright sessions. a science fiction podcast [[https://www.thebrightsessions.com/season-one]] #links

fake english word generation for Go and CLI: [[https://github.com/nwtgck/go-fakelish]] #links

a zero dependency shell script that makes it really simple to manage your text notes [[https://github.com/nickjj/notes]] #links

Ask HN: most interesting, mildly impractical, well-written books on software? [[https://news.ycombinator.com/item?id=29306651]] #links

old school dinner rolls [[https://smittenkitchen.com/2021/10/old-school-dinner-rolls/]] #links #food