@bender@twtxt.net Thanks. That pulley is just to hang back up the telephone wire (on the ground in 16) for that farm and restaurant in 04 once they finish logging. Hahahahahaaahaaaa, I didn’t see the nails on top of the pole. :-D

Yup, these ice crystals are just lovely. :-)

@bender@twtxt.net Don’t even think that was on the cards I’m afraid 😳 But yes I’ve said that in a message to the recruiter.

@lyse@lyse.isobeef.org @bender@twtxt.net Pfft, they want folks to relocate to Sydney. Fuck that 🤣 Sydney is a bit like San Francisco, I’m not actually sure which is worse. Fuck’n expensive as hell, the only palce you’d be able to afford to buy or rent is at least ~2hrs out of the city by public transport (i.e: train) and by that time you’ve just pissed your life down the toilet, because you’d be expected ot work a 9-10hr day + 2-3hrs of travel each way, buy the time you factor in having to wake up super early to get ready to travel in to work, you basically have zero time for anything else, let alone your ufamily,

Fuck that.

17, 21, and 22 are my favourites. Thank you for sharing! On 17, the pulley might be dangerously hanging, but if you manage to make it work, you will have a couple of nails to use! :-D

Cloudflare Rewrote Their Core in Rust, Then Half of the Internet Went Down
53 days after Cloudflare announced that their service was now “more secure” because they had ported it to Rust… ⌘ Read more

@prologic@twtxt.net I couldn’t have phrased it any better than @bender@twtxt.net. :-)

Twice or three times the money as before sounds a bit suspicious to me. Of course, I could be wrong, but I always was under the impression, that your last jobs weren’t all that badly salaried. If the new offer is really paid this highly, it might be a shit job. For me, money isn’t everything, I’d rather opt for a lower income where the job is fun than hating to go to work every day. But if the new job ticks all boxes, go for it. :-)

Also: Consult your pillow, don’t rush it.

I was looking at some ancient code and then thought: Hmm, maybe it would be a good idea to see more details in this error message. Which of the values don’t line up. On the other hand, that feature isn’t probably used anyway, because it’s a bit ugly to use (historically evolved). And on top of that, most teams need something slightly different, if they deal with that sort of thing.

I still told my workmates about it, so they could also have a look at it and we can decide tomorrow what to do about it. Speaking of the devil, no kidding, not even half an hour later, a puzzled tester contacted me. She received exactly that rather useless error message. Looks like I had an afflatus. ;-)

It’s interesting, though, that in all those years, nobody stumbled across this before. At least we now know for sure that this is not dead code. :-)

I had no meetings this arvo, so I made an appointment with the woods in my extended lunch break. The 6°C warm sun was out all day long and there was only a very light breeze. So, a very nice autumn day.

When I stopped to take a photo in the forest, a deer behind me took off into the woodland. I didn’t see it before. Also, I came across one or the other clearing. Sadly, it’s all commercial timberland here. Luckily, in a year or so, when nature slowly took over and reclaimed some spots, the apocalyptic sites are then looking a bit more decent again.

Cleaning of the ruin walls on my backyard mountain slowly takes shape. They made some progress and moved on to the other section. The flag on top is halfway disintegrated again, all the yellow half is completely gone. I’m wondering if they just stop replacing it at some point in time. But probably not.

Enjoy! https://lyse.isobeef.org/waldspaziergang-2025-11-19/

@prologic@twtxt.net you take a look at it, see if it is a good fit, ask the headhunter more details about it, and the company they represent for this hire, bring the results clearly, simply stated, but without missing any information to your CFO (AKA wife), and then arrive at a decision as a family.

Don’t let the temptation of more compensation be the driving factor.

D.va training to get even stronger (Orapunch) [Overwatch] ⌘ Read more

To everyone previously asking, what my (and other developers) endless complaining about Google, to both every EU body, with a form on their website and every relevant team at Google accomplished…
WE FUCKING WON!!!
“While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps.”
-source

I was also able to work with my new webhost, to bring back “🐕.fr.to” - everyones favorite vanity redirect domain, for my site, Googles changes to SSL warnings in Chrome, killed at the beginning of this year.

The lesson: I NEED TO COMPLAIN MORE

@prologic@twtxt.net yeah, all eggs in one basket has never been a sensible approach. Sadly, even without that, this outage is affecting many due to the interconnected nature of services these days.

Boi am I glad I made the decision to get off of Clownflare back in Jan of this yaer 🤣

Python Launches DEI Marketing Campaign
First Python refused to stop discriminatory policies & turned down $1.5 Million from the US Government. ⌘ Read more

Miku’s Holes Are Free To Be Used (to bari) [Vocaloid] ⌘ Read more

** Gundam is just the same as Jane Austen but happens to include giant mech suits **
A friend recently asked how to get started watching Gundam, and as I tripped all over myself, equal parts excitement and not wanting to sound like a lunatic, I fumbled around for a good answer.

What I landed at was inelegant and I eventually panicked and found a watch list online. BUT! BUT! What is a blog for if not do overs!? Also, what follows has literally no i … ⌘ Read more

Zinnia wants to fight! (hantachi) [Pokémon] ⌘ Read more

@lyse@lyse.isobeef.org wow, 31 is truly a telling! Interesting facade on that building on 10! And that roof on 51, oh my! The golden Jesus and tower on 7 are something else too.

I miss Europe like hell, mate! A lot of things around here are younger than me. I don’t feel history, I am history. 😅

On “family day”, I was expecting to see more pictures with people in it. All lovely, nevertheless. Thanks, as always, for the mini-vacation! 🙈

@bender@twtxt.net I knew it was supposed to be a lowercase “t”, but it reminded me of a tiny umbrella.

@lyse@lyse.isobeef.org @bender@twtxt.net that’s also what Yarn.social’s logo is, and just happens to be the yarnd default. Hmmm figured times for a change? 🤔

The gold saga on @quark@ferengi.one’s thoughts continues with https://netbros.com/1750974122. That’s without any doubt the most beautiful 404 page I’ve ever come across in my entire life. What an overall master piece of art. Well done, mate! <3

https://netbros.com/some-rubbish-just-to-see-the-new-birds-on-the-404-page

@movq@www.uninformativ.de I think I now remember having similar problems back then. I’m pretty sure I typically consulted the Qt C++ documentation and only very rarely looked at the Python one. It was easy enough to translate the C++ code to Python.

Yeah, the GIL can be problematic at times. I’m glad it wasn’t an issue for my application.

FTR, I see one (two) issues with PyQt6, sadly:

1. The PyQt6 docs appear to be mostly auto-generated from the C++ docs. And they contain many errors or broken examples (due to the auto-conversion). I found this relatively unpleasent to work with.
   
2. (Until Python finally gets rid of the Global Interpreter Lock properly, it’s not really suited for GUI programs anyway – in my opinion. You can’t offload anything to a second thread, because the whole program is still single-threaded. This would have made my fractal rendering program impossible, for example.)

@prologic@twtxt.net Hm, same startup delay. (Go is not an option for me anyway.)

It’s hard to tell why all this is so slow. Maybe in this particular case it has something to do with fonts: strace shows the program loading the fontconfig configs several times, and that takes up a bulk of the startup time. 🤔 (Qt6 or Java don’t do that, but they’re still slow to start up – for other reasons, apparently.)

To be fair, it’s “just” the initial program startup (with warm I/O caches). Once it’s running, it’s fine. All toolkits I’ve tried are. But I don’t want to accept such delays, not in the year 2025. 😅 Imagine every terminal window needing half a second to appear on the screen … nah, man.

Natsuki just wanted to be loved DDLC ⌘ Read more

Truly amazing and I agree with @quark@ferengi.one, more people need to know about Thomas Dambo’s wooden trolls: https://netbros.com/1750512577/ So beautiful! :-)

@movq@www.uninformativ.de unison seems pretty fast for me, and quite nice looking on my macOS desktop. It’s bsed on GLFW, but it seems to work quite well 🤔

Be it Java with Swing or PyQt6, it takes ~300 ms until a basic window with a treeview and a listbox appears. That is a very noticeable delay.

Is it unrealistic to expect faster startup times these days? 🤔

Once the program is running, a new second window (in the same process) appears very quickly. So it’s all just the initialization stuff that takes so long. I could, of course, do what “fat” programs have done for ages: Pre-launch the process during boot, windowless. But I was hoping that this wasn’t needed. 😞 (And it’s a bad model anyway. When the main process crashes, all windows crash with it.)

@prologic@twtxt.net no, I really meant small. I only have a handful of GiBs left of storage. If you can wait until mid-December, then no probleml. Right now it is kind of running on fumes. For testing, and to do not disturb anyone timelines, I recommend you run a small test instance. Running GtS is easier than running Yarn, by the way. Word.

Someone, on the Bridge, this is meant to have sent @manton@bridge.twtxt.net a “Follow Request” via Activity Pub hmmm 🧐

Anyone run a Mastodon serve rI can have an account on to help test the Twtxt <-> Activity Pub bridge? 🙏

@prologic@twtxt.net we are not going to get far by blaming the other side. 😅😂

** SQL Injection: Listing Database Contents on Non-Oracle Databases**

Image

UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…

[Continue reading on I … ⌘ Read more

I need some test Activity Pub / Mastodon users to test with 🤔

WOW LOL

fetch https://weaknotes.com/users/david: status 500 Internal Server Error

First real test failed trying to lookup / follow @david@weaknotes.com

For those curious, the new Twtxt <-> ActivityPub bridge I’m building (bidirectional) simply requires three things:

1. You register your Twtxt feed to the bridge: https://bridge.twtxt.net
   
2. You verify that you in fact own/control the feed by putting the verification code somewhere on/in your feed (doesn’t matter where or how)
   
3. You proxy/forward requests for /.well-known/webfinger to the Bridge bridge.twtxt.net.
   

I’m still testing through and ironing out bugs 🐛 Please be patient! 🙏

@lyse@lyse.isobeef.org LOL, that one was too good to pass, right? I am glad you are enjoying my little notes in a bottle!

@lyse@lyse.isobeef.org then it was, most likely, space debris—which, sadly, make up for 98% of all space anomalies these days. And thought they have applied to the Grant Wishes Council, they are yet to be approved. Keep playing, though. 😅

@lyse@lyse.isobeef.org I hope you were prepared to cram those wishes in 3 seconds. I am always prepared for that eventuality. You don’t have to mutter a word, nor clearly think much about it—that is, you don’t need to think your wish(es) word-by-word. As long as you stay within the wish(es) main goal(s), you should be fine, and it/they shall be granted, of course.

@kiwu@twtxt.net is it almost over, or just got closer to the next one? 🧩

Privilege Escalation From Guest To Admin ⌘ Read more

How to Find P1 Bugs using Google in your Target — (Part-2)

Image

Earn rewards with this simple method.

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?sour … ⌘ Read more

Stack Overflow Co-Founder to DHH: You Should be Afraid of Me
Jeff Atwood (co-founder of Stack Overflow & Discourse), appears to make a public threat against Omarchy & Ruby on Rails founder, DHH. ⌘ Read more

4chan’s Lawyer Talks to Lunduke
Preston Byrne, the attorney representing both 4chan and Kiwi Farms, talks with Lunduke about Ofcom and the United Kingdom’s censorship campaign against Americans. ⌘ Read more

@movq@www.uninformativ.de Haha, you were spot on! It took me a bit to figure this out on my own. I’m actually very surprised to have gotten this wrong. Oh well.

No, I was using an empty hash URL when the feed didn’t specify a url metadata. Now I’m correctly falling back to the feed URL.

@lyse@lyse.isobeef.org Yeah, I noticed that too. I haven’t double-checked my code, though. Maybe it has something to do with selecting the correct URL? I mean, these feeds don’t have any # url = fields, so maybe that’s it?

This looks like a botnet, to be honest. The IPs are all over the place. Ethopia, Brazil, Kenya, Lebanon, Netherlands, … I mean, that’s the logical thing to do, isn’t it? Do your web crawling on infected PCs. Nobody will block those, because those are the same IP ranges as legitimate requests. And obviously you don’t have to pay for computing time.

… and they all send invalid HTTP requests, all answered with HTTP 400 … How silly.

Reacher out to Mike on BlueSky.

Ukinami Yuzuha asked to come inside (kukiyuusha) [zenless zone zero] ⌘ Read more

@lyse@lyse.isobeef.org nginx allows logging per user, via using defined variables on configuration. Not sure, though, if a Tilde would be willing to go to those “extremes”.

@bender@twtxt.net Sounds about right.

I had a brainfart yesterday, though. For whatever reason I thought of subdomains, which are modeled with server entries in nginx. So, each could define its own access_log location. However, there are no subdomains in place! Searching around, I didn’t find any solution to give each user their own access log file.

One way would be a cronjob, aeh, systemd timer as I learned the other day, that greps the main access log and writes all user access log files with only the relevant stuff.

@lyse@lyse.isobeef.org was it? Hmm, am I back to square one? 😅 Contacting one tilde could be a step ahead, but there are so many…!

Ignite Realtime Blog: First release candidate of Smack 4.5 published
The Smack developers are happy to announce the availability the first release candidate (RC) of Smack 4.5.0.

The upcoming Smack 4.5 release contains many bug fixes and improvements. Please consider testing this release candidate in your integration stages and report back any issues you may found. The more people are actively testing release candidates, the less issues will remain in the actual release.

Smac … ⌘ Read more

@bender@twtxt.net Wasn’t that transferred to somebody else?

My goodness, a new level of stupidity.

The bots are now doing things like this:

GET http://uninformativ.de/projects/lariza/feednotify/datenstrahler/slinp/countty HTTP/1.1

1. That URL does not exist.
   
2. By including http://uninformativ.de in that request, this instructs the webserver to do an HTTP proxy request. Of course, this isn’t allowed on my webserver (and shouldn’t by allowed on any normal webserver), resulting in HTTP 400. And even if it were, the target would be the exact same server, making a proxy request unnecessary.
   

And of course, it’s not just 50 hits like this or 100 or 1’000 or 10’000. No, it’s over 150’000 in the last 2 days. All from vastly different IP ranges of different cloud hosters.

This almost looks like a DDoS attack, but it’s just completely stupid. This feels more like some idiot vibe coded a crawler.

I used Gemini (the Google AI) twice at work today, asking about Google Workspace configuration and Google Cloud CLI usage (because we use those a lot). You’d think that it’d be well-suited for those topics. It answered very confidently, yet completely wrong. Just wrong. Made-up CLI arguments, whatever. It took me a while to notice, though, because it’s so convincing and, well, you implicitly and subconsciously trust the results of the Google AI when asking about Google topics, don’t you?

Will it get better over time? Maybe. But what I really want is this:

• Good, well-structured, easy-to-read, proper documentation. Google isn’t doing too bad in this regard, actually, it’s just that they have so much stuff that it’s hard to find what you’re looking for. Hence …
  
• … I want a good search function. Just give me a good fuzzy search for your docs. That’s it.
  

I just don’t have the time or energy to constantly second-guess this stuff. Give me something reliable. Something that is designed to do the right thing, not toy around with probabilities. “AI for everything” is just the wrong approach.

@lyse@lyse.isobeef.org Well, they say you have to build up stocks, don’t they? 😅

The font is fiamf3 (scaled up 2x, it would be too small when printed). It’s the same one that I use in my terminal and the status bars. 😃

I spent a few mins on teh tilde website, and for the life of me I can’t find a way to contact anyone responsible/accountable for this wonderful little service 🤣

Is it worth me reaching out to the operator and helping build some solution for their userbase to detect followers? 🧐

@movq@www.uninformativ.de Wow, that’s a hell lot of food! If it doesn’t spoil, it’s easily enough for the rest of your life and all your neighbors and surrounding cities, probably more. :-D

That’s a great font. I like it. It just suits the print style incredibly well. No offence, to the absolute contrary, I would not have thought that you actually designed that. It looks just so right. Hats off! :-)

@movq@www.uninformativ.de Have we reached peak enshittification yet?

YouTube is completely broken for me for a week or more. The player doesn’t even load anymore. Trying to limit the search results to real videos doesn’t do shit, etc. It’s useless. But downloading the videos with yt-dlp still works like a dream.

It is harder to regain ownership of an IRC channel than crossing the Mexico/US border. 😅

@movq@www.uninformativ.de Actually, @threatcat@tilde.club popped up in my own access log first. That’s how I discovered the feed. :-) So I figured that this feed author actually sees my reply. The hope is that with the next mention of my feed in threatcat’s feed, the other tilde users, who are following threatcat, are then also informed of my existence. :-)

I don’t know how tilde.club is set up. But it should be relatively easy to give all users access to their nginx access logs. Not sure if somebody already requested that or not. But I’d encourage tilde users to ask for that. Maybe also just for twtxt.txt and/or in a custom, reduced log format.

Lol, YouTube supports increasing the playback speed, but when you want to go to 4x, they want you to pay extra:

https://movq.de/v/a1c79485fb/s.png

DHH Talks to Lunduke
David Heinemeier Hansson (aka “DHH”, the creator of Ruby on Rails & Omarchy Linux), talks with Lunduke about Linux “selling out”, what a “distro” is, & the attacks from activists within Open Source. ⌘ Read more

@lyse@lyse.isobeef.org There’s a couple of new users on https://tilde.club, but since this is a shared host, I doubt that they have access to their access.log files. Hence they’ll never see followers, unless we notify them out of band. 🫤

Android shopping list apps disappointed me too many times, so I went back to writing these lists by hand a while ago.

Here’s what’s more fun: Write them in Vim and then print them on the dotmatrix printer. 🥳

And, because I can, I use my own font for that, i.e. ImageMagick renders an image file and then a little tool converts that to ESC/P so I can dump it to /dev/usb/lp0.

(I have so much scrap paper from mail spam lying around that I don’t feel too bad about this. All these sheets would go straight to the bin otherwise.)

Image

@lyse@lyse.isobeef.org Yeah, I’m glad I’m not the only one who didn’t get this right. 😅 You never had to configure a systemd timer? Lucky. 😅

ProcessOne: On Signal Protocol and Post-Quantum Ratchets

Image

Signal improved its protocol to prepare encrypted messaging for the quantum era.

They call the improvement “Triple Ratchet” (or SPQR = Signal Post-Quantum Ratchet).

[Signal Protocol and Post-Quantum Ratchets\
\
We are excited to announce a significant advancement in the security … ⌘ Read more

** Timber **

Image

Timber, I’m not gonna lie, I kinda hated you. At the same time I am surprised to find how gutted I am now … ⌘ Read more

Thousands of people in Ukraine engaged in efforts to stabilize power system – Zelensky ⌘ Read more

@bender@twtxt.net No plus-aliases, just aliases. The mailserver runs on my OpenBSB box and is managed using BundleWrap (we use that at work), so to create a new alias, I push a new BundleWrap config to the server.

@movq@www.uninformativ.de what do you use? Is it plus-aliased emails? I am curious to know how others are accomplishing this. I am currently using the “Hide my Email” feature, from iCloud.

Not too important, but an item on a wish list: add support for WebP? I had to convert the animated WebP to GIF.

Listening to #Bernstein’s #WestSideStory 🎵

I really like it, but (and?) it makes me very nostalgic. It reminds me of my father, he introduced it to me.

Zelenskyy vows to prevent Russia from selling oil to Hungary ⌘ Read more

Thank you for the encouragement and love and kind words, @lyse@lyse.isobeef.org @movq@www.uninformativ.de @bender@twtxt.net @doesnm@doesnm.p.psf.lt and others along the way I’m not sure of their feed uris 💕 I’ll keep at it, but for the time being I will keep my distance, mostly off IRC, because I don’t have the energy to spare in that kind of engagement (what//if the worst happens, it’s so draining). I need to remember what I ever did any of this for, it was back in ~2020 and I wanted really to build small interconnected communities that any non “tech savvy” person (more or less) could also benefit from ane enjoy. Even if there are aspects of the specs we’ve built/extended over time that aren’t “perfect”™, they’re “good enough”™ that they’ve last 5+ years (I believe this is 6 years running now). I want to spend a bit of time going back to why I did any of this in the the first place, and get a little micro-SaaS offering going (barely covering running costs) so encourage more folks to run pods, and thus twtxt feeds and grow the community ever so slightly. Other than that, I plan to get the specs “in order” to a point (with @movq@www.uninformativ.de and @lyse@lyse.isobeef.org’s help) where I hope they’ll stand the test of time – like SMTP.

Thank you all ! 🙏

Thank you for https://www.uninformativ.de/blog/postings/2025-11-09/0/POSTING-en.html, @movq@www.uninformativ.de! I never configured systemd timers, but I would have gotten it wrong, too. Good to know when I eventually stumble across that in the future. I’m still using cron. Yeah, its field order sucks and I always have to look it up (because I don’t deal with that all that often). Indeed, systemd’s order sounds more reasonable.

I should work on my client again and add some new features. Like adding a new feed directly in the client and not having to go to the config first. And showing a preview of a feed before actually adding it. Also, a search would be something to add. And finally combining my User-Agent analyzer with my subscription list to spot new feeds automatically.

UK military to help protect Belgium after drone incursions ⌘ Read more

Welcome to the party, @threatcat@tilde.club! I reckon it’s totally fine what you’re doing. Over time, message counts naturally drop anyway. :-D And this is fine, too.

@prologic@twtxt.net @movq@www.uninformativ.de Same here, I give each service a dedicated e-mail address. It’s very interesting to see how e-mail addresses are transferred to other actors. Luckily, this only happens rarely. But it does happen. In surprising ways.

Aliases not only help to fight spam, but are also a great way to specify filter rules to sort e-mails.

From Wooden Ducks to Digital Flags: My First v1t CTF OSINT Challenge ⌘ Read more

**How I Used AI to Become Someone Else (And Why Your Face Is No Longer Your Password) **

Image

Free Link 🎈

[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-used-ai-to-b … ⌘ Read more

Time-of-check Time-of-use (TOCTOU) Race Condition Leads to Broken Authentication | Critical Finding ⌘ Read more

How I turned Membership into a Paycheck

Image

Hacking leaderboard on chess.com to get paid

Continue reading on InfoSec Write-ups » ⌘ Read more

Account Takeover via IDOR: From UserID to Full Access ⌘ Read more

Israel says Hamas violated ceasefire by refusing to return body of fallen IDF officer ⌘ Read more

China suspends ban on exports of gallium, germanium, antimony to U.S. ⌘ Read more

Zuckerberg, Chan shift bulk of philanthropy to science, focusing on AI and biology to curb disease ⌘ Read more

French lawmakers vote to tax American retirees who freely benefit from social security ⌘ Read more

PR to clean up some unwanted specs and cleanup some invalid/bad references. 🙏

@prologic@twtxt.net nothing to be sorry about. It gave me time to watch TV with kids! 🤭

Iran to cut water to Tehran, weigh evacuations as it faces worst drought in decades ⌘ Read more

UK looking at Denmark model to cut illegal migration ⌘ Read more

Somebody managed to piss @prologic@twtxt.net off, and it looks like he took twtxt.net down with it. Oh dear…

is there an etiquette to twtxt’ing? am i flooding?

Japan eyes nuclear subs after U.S. gives OK to S. Korea ⌘ Read more

@movq@www.uninformativ.de Yeah ! 👍 I’m trying to build my first micro-SaaS and get more lay-people to protect their own inboxes and identify 🤣 – Hopefully it all works out 💪