[ANN] [CVE-2024-9680] Update Tor Browser & Firefox immediately

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.

Links:

• https://blog.torproject.org/new-release-tor-browser-1357/
  
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
  

n … ⌘ Read more

[WTS] [CA] [$15] Monero Stickers

5 stickers that you can place anywhere to market this private, untraceable money.

Link: https://xmrbazaar.com/listing/tDUb/

PaPaMorty (XMRBazaar) ⌘ Read more

[WTS] [US] [$95] ThinkPad T560

ThinkPad T560 - i7-6600U @ 2.60GHz - 8GB DDR3 RAM - 256GB SSD. Pop_OS! is installed, but I can put whatever distro you’d like. I can also load the Monero Blockchain on it if you wish. Comes with charger.

Link: https://xmrbazaar.com/listing/gHpx/

xmrRedux (XMRBazaar) ⌘ Read more

The 10 Best Apple Deals Under $100 for Prime Day
As Prime Day continues today, we’re highlighting all of the best Apple deals you can get for under $100 on Amazon. This includes Apple Pencil, AirTags, iPhone cases, USB-C chargers, and more.

Image

[WTS] XMR for your USD on Zelle or Venmo
Link: https://farside.link/nitter/rottenwheel1/status/1843346659641839937

rottenwheel.com ⌘ Read more

[ANN] Understanding Jamtis: A New Addressing Scheme for Monero

By simplifying how addresses are shared, speeding up wallet synchronization, and ensuring more reliable output detection, Jamtis represents a big leap forward in usability—without sacrificing Monero’s commitment to privacy and security.

Link: https://kewbit.org/understanding-jamtis-a-new-address-format-for-monero/

KewbitXMR (Github) ⌘ Read more

Alleged M4 MacBook Pro Unboxing Video Reveals These Four Upgrades
An alleged unboxing video for an unannounced 14-inch MacBook Pro with the M4 chip was uploaded to YouTube today by Russian channel Wylsacom. The video was later linked to on social media platform X by Bloomberg’s Mark Gurman.

Image

It is p … ⌘ Read more

[WTS] [EU/US] Famous Dutch Cheese
Link: https://xmrbazaar.com/listing/Pmfc/

TheDutchCheeseBoy (XMRBazaar) ⌘ Read more

[ANN] Please help test calc.revuo-xmr.com and share with friends! Couple updates recently deployed
Links:

• https://calc.revuo-xmr.com/
  
• https://farside.link/nitter/revuoxmr/status/1842451852157223089
  

rottenwheel.com ⌘ Read more

[ANN] Anyone notice more newborn Monero nodes recently?

I’ve perceived an increase in the number of newborn nodes syncing the blockchain from my nodes. Maybe after the Chainalysis video showed the privacy risks of using remote nodes over clearnet, more people are setting up their own nodes.

Link: https://lemmy.cafe/post/8489209

Rucknium (Github) ⌘ Read more

[ANN] Monero Meetup in Mexico City with Doug of MoneroTalk/Monerotopia on Sun, Oct 13th at 11AM!

Date/Time: Sun, Oct 13th at 11AM
Location: Cardinal Casa de Café (Córdoba 132, Roma Nte., Cuauhtémoc, 06100 Ciudad de México)

Link: https://farside.link/libreddit/r/Monerotopia/comments/1fw6q8t/

monerotalk.live ⌘ Read more

[AFH] [€20/hr] Data processing services by Python dev with 6 yrs of experience
Link: https://farside.link/libreddit/r/forhire/comments/1fv9qe2/

u/ILOTEbunny (Reddit) ⌘ Read more

@bender@twtxt.net yeah, that’s what I said, and linked. Want more?

this log can contain ips so im place it in secret path and send link via salty

Sharing the comments of the poll (anonymous so I have no idea whom the comments are from):

your poll should include questions about markdown. personally i think inline bits like style, links, images are yes. block quotes, code blocks, bullet lists are mid. but tables and footnotes are no.

Yes sorry about this, I wasn’t able to change much after publishing the poll 😅

(#2024-09-24T12:45:54Z) @prologic@twtxt.net I’m not really buying this one about readability. It’s easy to recognize that this is a URL and a date, so you skim over it like you would we mentions and markdown links and images. If you are not suppose to read the raw file, then we might a well jam everything into JSON like mastodon

#fzf is the new emacs: a tool with a simple purpose that has evolved to include an #email client. https://sr.ht/~rakoo/omail/

I’m being a little silly, of course. fzf doesn’t actually check your email, but it appears to be basically the whole user interface for that mail program, with #mblaze wrangling the emails.

I’ve been thinking about how I handle my email, and am tempted to make something similar. (When I originally saw this linked the author was presenting it as an example tweaked to their own needs, encouraging people to make their own.)

This approach could surely also be combined with #jenny, taking the place of (neo)mutt. For example mblaze’s mthread tool presents a threaded discussion with indentation.

@xuu@txt.sour.is I think it is more tricky than that.

https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en

“A company or entity …”

Also, as I understand it, “personal or household activity” (as you called it) is rather strict: An example could be you uploading photos to a webspace behind HTTP basic auth and sending that link to a friend. So, yes, a webserver is involved and you process your friend’s data (e.g., when did he access your files), but it’s just between you and him. But if you were to publish these photos publicly on a webserver that anyone can access, then it’s a different story – even though you could say that “this is just my personal hobby, not related to any job or money”.

If you operate a public Yarn pod and if you accept registrations from other users, then I’m pretty sure the GDPR applies. 🤔 You process personal data and you don’t really know these people. It’s not a personal/private thing anymore.

@prologic@twtxt.net Do you have a link to some past discussion?

Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I don’t think I have to honour that request, no matter how European they are.

I am really bothered by the idea that someone could force me to delete my private, personal record of my interactions with them. Would I have to delete my journal entries about them too if they asked?

Maybe a public-facing client like yarnd needs to consider this, but that also bothers me. I was actually thinking about making an Internet Archive style twtxt archiver, letting you explore past twts, including long-dead feeds, see edit histories, deleted twts, etc.

@quark@ferengi.one It does not. That is why I’m advocating for not using hashes for treads, but a simpler link-back scheme.

i feel like we should isolate a subset of markdown that makes sense and built it into lextwt. it already has support for links and images. maybe basic formatting bold, italic. possibly block quote and bullet lists. no tables or footnotes

@quark@ferengi.one No can do! I can’t see any of the replies to that thread, not even mine LOL. let me se if I can fetch @sorenpeter@darch.dk ’s feed with the https link.

@prologic@twtxt.net can’t one just link to a keyoxide profile with a link to their Twtxt feed for identity or something?

@xuu@txt.sour.is Thanks for the link. I found a pdf on one of the authors’ home pages: https://ahmadhassandebugs.github.io/assets/pdf/quic_www24.pdf . I wonder how the protocol was evaluated closer to the time it became a standard, and whether anything has changed. I wonder if network speeds have grown faster than CPU speeds since then. The paper says the performance is around the same below around 600 Mbps.

To be fair, I don’t think QUIC was ever expected to be faster for transferring a single stream of data. I think QUIC is supposed to reduce the impact of a dropped packet by making sure it only affects the stream it’s part of. I imagine QUIC still has that advantage, and this paper is showing the other side of a tradeoff.

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

Get Up to $500 Off M3 MacBook Pro at Best Buy and Amazon This Weekend
We’re tracking a collection of big discounts on the M3 MacBook Pro this weekend at Best Buy and Amazon, including the match of an all-time low price on the entry-level M3 512GB 14-inch MacBook Pro at $1,299.00, down from $1,599.00.

Image

its sad all the links off that page are broken.

Google’s James Manyika: ‘The Productivity Gains From AI Are Not Guaranteed’
Google executive James Manyika has warned that AI’s impact on productivity is not guaranteed [Editor’s note: the link may be paywalled], despite predictions of trillion-dollar economic potential. From the report: “Right now, everyone from my old colleagues at McKinsey Global Institute to Goldman Sachs are putting out these extra … ⌘ Read more

@mckinley@twtxt.net agevault uses age, allegedly very secure (aiming to replace pgp/gpg). Comparing it with gocryptfs, from the user perspective, agevault seems simpler, though CLI exclusive. As the repository states, “Like age, it features no config options, allowing for a straightforward secure flow”. It would also run in all major OS platforms out of the box.

But agevault is also very new. Though age has been around for a while now, I don’t see an “audited” link (neither on agevault, nor age).

@prologic@twtxt.net Yeah, I’ve noticed that as well when I hacked around. That’s a very good addition, ta! :-)

Getting to this view felt suprisingly difficult, though. I always expected my feeds I follow in the “Feeds” tab. You won’t believe how many times I clicked on “Feeds” yesterday evening. :-D Adding at least a link to my following list on the “Feeds” page would help my learning resistence. But that’s something different.

Also, turns out that “My Feeds” is the list of feeds that I author myself, not the ones I have subscribed to. The naming is alright, I can see that it makes sense. It just was an initial surprise that came up.

tvOS 18 to Let Apple TV Users Open Web Links on iPhone and iPad
Apple TV users will soon be able to AirDrop web links in the menu interface to their iPhone or iPad, thanks to a new feature included in the latest tvOS 18 developer beta.

Image

As Apple TV owners will know, it is not possible to browse the web on the set-top box, so web links are not something you traditionally come across in the tvOS interface. That … ⌘ Read more

Pretty cool. Got the timeline working, statuses separated, avatars loading, linked images in statuses works, can also post statuses from it.
Heh. will work on the remaining things the next days.
This will replace the current gtk4 client I wrote, I like this much better.
Will also make it into a appimage, and look into flatpak as well.

Image

The 9 Best Apple Deals Under $100 for Prime Day
As Prime Day continues today, we’re highlighting all of the best Apple deals you can get for under $100 on Amazon. This includes AirPods, Apple Pencil 2, AirTags, iPhone cases, USB-C chargers, and more.

Image

… ⌘ Read more

Apple Preparing Minor iOS 17.5.2 Update for iPhone
Apple is preparing to release a minor iOS 17.5.2 update for the iPhone, according to a post shared today by an anonymous leaker on X, formerly known as Twitter. The leaker has a private account, so we are not identifying it or linking to it, but they have proven to be a consistently accurate source for upcoming iOS updates.

Image

Nothing is known about iOS 17.5.2, … ⌘ Read more

Can anyone recommend and/or vouch for a Chrome/browser extension that lets me write rewrite rules for arbitrary links on a page? e.g: s/(www\.)?youtube.com\/watch?v=([^?]+)/tubeproxy.mills.io/play/\1 for example? 🤔

Fix “A software update is required to install macOS in a virtual machine” Error on Mac
Some Mac users who are attempting to install MacOS Sequoia beta into a virtual machine may run into an error message that states “A software update is required to install macOS in a virtual machine.” This error message then gives you three button options to “Learn More” (opens a web link), “Not Now” (cancel), or … [Read More](https://osxdaily.com/2024/ … ⌘ Read more

Top Stories: WWDC Recap With iOS 18, Apple Intelligence, and More
WWDC 2024 kicked off on Monday with a jam-packed keynote revealing iOS 18, macOS Sequoia, and more, all fueled by upcoming Apple Intelligence technology.

Image

We’ve highlighted the major announcements below, but be sure to check out our recap post that includes a video going over the highlights plus links … ⌘ Read more

Low Prices Hit Apple’s AirTag and Anker’s Bluetooth Trackers, Alongside Apple Pencil Deals
Amazon today has a few discounts across popular Apple accessories, including the AirTag and Apple Pencil. We’re also tracking a few discounts on Eufy’s own Bluetooth tracking accessories, the SmartTrack Link, which are slightly more affordable than the AirTag.

Image

I find good alternative for gopherspace.de - gopher://kamalatta.ddnss.de/1/links This is good servers alive serivce for me i think

forthworks searches always turn up dead links for me. They need to purge. it seems dead, honestly.

How to Search the Web (Minus AI Junk & Clutter) with Google on Safari for Mac
If you’re a Safari user, as many of us are, you might be interested in actually searching the web with Google and then seeing a list of actual web link results, without seeing any of the new AI junk, video and image recommendations, knowledge panels, related searches, suggested searches, or the other junky clutter that … [Read More](https://osxdaily.com/2024/05/24/search-web-google-no-ai-junk-clutter-saf … ⌘ Read more

Best Apple Deals of the Week: iPads and Apple Watches See Record Low Prices Alongside Samsung Monitors
This week began with a sitewide sale on Samsung that will continue through this Sunday, and continued with great discounts on the M4 iPad Pro, 10th generation iPad, Apple Watch SE, and Apple Watch Ultra 2.

Image

How to Search Google Without AI Rubbish & Clutter
Remember when you used to use Google search and it would only return a list of links for web results, letting you easily find what you’re looking for? Google was once the best way to search the web, but as almost all Google users have noticed, the web search engine has become less of an … Read More ⌘ Read more

Diggie dog can’t download archives from gopher, he writes: “It’s too long link.”

Make a Website Your Mac Wallpaper with Plash
A unique third party Mac app allows you to turn any web page, including YouTube videos and links to animated GIFs, into your Mac desktop wallpaper. Sound like fun? Well it definitely is, and depending on how creative you want to be, you can accomplish some really fascinating wallpaper experiences on the Mac with this … Read More ⌘ Read more

its a notebook tool like evernote. @sorenpeter@darch.dk linked it above: https://joplinapp.org/

See Who Sent You a Link in Safari on iPhone, Mac, iPad
The latest versions of Safari for Mac, iPhone, and iPad, support a handy feature that allows you to quickly identify who sent you a particular link or webpage that you have open in the browser. This ‘sent from’ link feature is useful if you engage in a lot of exchanging of URLs between friends, coworkers, … Read More ⌘ Read more

Beau Lamarre-Condon: ‘Blood’ found near home linked to alleged killer cop
Police searching for the bodies of a TV star and his boyfriend Luke Davies and Jesse Baird have found blood near a home linked to alleged cop killer Beau Lamarre-Condon. ⌘ Read more

BLOOD FOUND IN BUSHLAND: Oval roped off in hunt for bodies
Detectives have roped off a section of an oval near a home linked to alleged cop killer Beau Lamarre-Condon after a dog walker spotted blood in the bushland. ⌘ Read more

Could the ‘Middle Corridor’ offer a secure trade route that bypasses the Red Sea?
The so-called “Middle Corridor”, a trade route that would link Chinese and European markets through Central Asia and the Caucasus, was the focus of the 5th Balkans and Black Sea Forum held on Thursday 15th of February. Delegates at the conference promoted the Middle Corridor as an opportunity for a stable trade route amid escalating tensions … ⌘ Read more

IOL HAT: Enhancing Smart Sensor Integration for Raspberry Pi and Industrial Applications.
Pinetek Networks is set to launch the IOL HAT on Crowdsupply soon, a versatile solution designed for integrating industrial sensors into single-board computer-based projects, such as the Raspberry Pi. This device facilitates data exchange with smart SDCI sensors and actuators, adhering to the IEC 61131-9 standards, commonly referred to as IO-Link. There will be two [… … ⌘ Read more

Twtxt spec enhancement proposal thread 🧵

Adding attributes to individual twts similar to adding feed attributes in the heading comments.

https://git.mills.io/yarnsocial/go-lextwt/pulls/17

The basic use case would be for multilingual feeds where there is a default language and some twts will be written a different language.

As seen in the wild: https://eapl.mx/twtxt.txt

The attributes are formatted as [key=value]

They can show up in the twt anywhere it is not enclosed by another element such as codeblock or part of a markdown link.

@sorenpeter@darch.dk this makes sense as a quote twt that references a direct URL. If we go back to how it developed on twitter originally it was RT @nick: original text because it contained the original text the twitter algorithm would boost that text into trending.

i like the format (#hash) @<nick url> > "Quoted text"\nThen a comment
as it preserves the human read able. and has the hash for linking to the yarn. The comment part could be optional for just boosting the twt.

The only issue i think i would have would be that that yarn could then become a mess of repeated quotes. Unless the client knows to interpret them as multiple users have reposted/boosted the thread.

The format is also how iphone does reactions to SMS messages with +number liked: original SMS

I’m also more in favor of #reposts being human readable and writable. A client might implement a bottom that posts something simple like: #repost Look at this cool stuff, because bla bla [alt](url)

This will then make it possible to also “repost” stuff from other platforms/protocols.

The reader part of a client, can then render a preview of the link, which we talked about would be a nice (optional) feature to have in yarnd.

Fix Step Count in Health App Updating Slowly on iPhone
If you’re the type of person who likes to keep track of their daily step count by using iPhone as a step counter, it is frustrating when the iPhone Health app step counter does not update as frequently as you’d like. Additionally, there are some challenges that are linked to specific step counts, and many … Read More ⌘ Read more

Isto é phishing de nível! Joguei Runescape na faculdade e apesar de não ter tido interesse por mais de 20 anos, veio-me o reflexo de impedir imediatamente clicando no botão. Felizmente vi o link fajuto a tempo.

Image

Cost-efficient $39.90 Travel Router with Dual GbE Ports and Flexible Storage Options
Recently, SeeedStudio introduced the LinkStar-H28K-0408, a compact, pocket-sized router that offers advanced connectivity options. This device is equipped with Dual Gigabit Ethernet ports for high-speed internet access and includes a versatile USB Type-C port with Power Delivery support, enhancing its usability and convenience for various applications. Differing from the LinkS … ⌘ Read more

How to Delete a Threads Account Without Leaving Instagram
When Threads debuted from Meta (FaceBook), it was intricately linked to Instagram, and initially when you went to delete or deactivate a Threads account, it had the unfortunate side effect of also deleting the related Instagram account. But that is no longer the case. Now you can choose to delete a Threads account without impacting … [Read More](https://osxdaily.com/2023/12/31/how-to-delete-a-threads-account-without-le … ⌘ Read more

Happy Twixmas everyone (new word I just learned 2 min ago)

I have finally gotten around to implementing a gallery feature to timeline.

Image

There is still some hiccups, like the limited caching is making it difficult to make links back to older posts not working. Maybe @eapl.me@eapl.me you can help me with that?

Nintendo потребовала удалить неофициальный ПК-порт The Legend of Zelda: Link‘s Awakening DX
Его страница на itch.io уже недоступна.

Image

Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.

The post Securing our home labs: Frigate code review appeared first on The GitHub Blog. ⌘ Read more

It is a pleasure to work with the help system of Borland’s Turbo C++ 3.0 on DOS. The descriptions are clear and concise. There are short and simple examples. Pretty much every help page is cross-refenced and those links can be clicked.

Okokok, I added my twtxt link on my sites social media icon section

I just realised my redirection on oh.mg shows me as link.storjshare.io so I fixed that

How to Download a Mac App from Github?
A ton of open source software is available on Github, and many Mac applications are often available to download for free through the Github service as well. And if you read websites like this one and many others in the Apple and tech world, you’ll often find links to neat software projects on Github. One … Read More ⌘ Read more

How to Download a Mac App from Github?
A ton of open source software is available on Github, and many Mac applications are often available to download for free through the Github service as well. And if you read websites like this one and many others in the Apple and tech world, you’ll often find links to neat software projects on Github. One … Read More ⌘ Read more

Today I’ve been working on something that I’ve really missed, and that is clickable links in the desktop client, finally figured out how they work. So now you can click on them and it opens the browser. I need to clean it up before I commit it.

Image

o Playwright é maravilhoso e fez exactamente o que eu precisava à primeira ✨ (tinha um ficheiro com links e precisava de screenshots de todos)

obrigado pela pista @medecau@medecau e @raf@raf <3

I need to do a big rewrite on how the yarn desktop client handles the status widgets, this is because I want links and such, and to do that I have to rewrite the status message code, it takes a bit if time to do it, but I kinda know what to do - I just need to dive in and get it done. Been thinking about it for a while, I think it’s time to get started on it. Also makes the code much cleaner then what it is now.

Just in case you can find it here https://link.storjshare.io/raw/jvudpn43kuegfuzhuyrmsiiflk4a/twtxt/twtxt.txt

This whole twitter thing got me motivated to code on the yarn desktop client.
Currently working on adding support for links in the post, so that you can open and view the links that are in the statuses.

An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

@prologic@twtxt.net They have some markdown support that you can use, but I have not looked into that yet, I might check on that for clickable links in label.
I now just get all the attached links in each post, check for direct links to images, download them and show them as in the screenshot.

Introducing npm package provenance
How to verifiably link npm packages to their source repository and build instructions. ⌘ Read more

I’m not super a fan of using json. I feel we could still use text as the medium. Maybe a modified version to fix any weakness.

What if instead of signing each twt individually we generated a merkle tree using the twt hashes? Then a signature of the root hash. This would ensure the full stream of twts are intact with a minimal overhead. With the added bonus of helping clients identify missing twts when syncing/gossiping.

Have two endpoints. One as the webfinger to link profile details and avatar like you posted. And the signature for the merkleroot twt. And the other a pageable stream of twts. Or individual twts/merkle branch to incrementally access twt feeds.

I will release the sourcecode for the desktop client tonight. I will put it on github (sorry to anyone who prefer other places), but the reason is that I do not want my own git to be open for public. So I’ll put it on github where I have all my other public projects. I have to write the readme, then add some info on the login page (link to source etc), then it’s ready to release with the current features. I then hope others will give it a try and use it if they want :) I also have many other features I need to implement, but all the main features that makes it usable has been implemented, so I’m very pleased with it (And I use it all the time now).

@prologic@twtxt.net Yeah, good point. I will see if I can selfhost it in a good way, I’ll think about it for the next days, I’ll also create a subdomain on my website where I can put some info and git links and what not, nice to have a info page to link back to from the application.

** week notes **
Some things of note, links mostly:

First and foremost, I found a suitable pinboard replacement in link hut! Shout outs to my buddy Bruno for the tip.

Here’s a bookmarklet I wrote to make it a bit more ergonomic for how I like to roll,

 javascript
javascript:(<span class="hljs-function"><span class="hljs-keyword">function</span> (<span class="hljs-params"></span>) </span>{
  <span class="hljs-keyword">const</span> tags = prompt(<span class="hljs-string">'A space separated list of tags.' ... ⌘ [Read more](https://eli.li/2023/03/31/week-notes)

The direct link is here : https://redacted.id/kUY0z

Just finished writing my doc on how I’m using Parabola to export LJ to Plume https://ouvaton.link/F0KxT5

I documented how I’ve been using the #Plume API to create posts, hopefully somebody might find it useful https://ouvaton.link/bGTcdV

I have cleaned up the timeline a bit, I like this much more.
I use the markdown text now, instead of the ‘text’ field in the json file, looks much cleaner.
I can work with this. One thing that I want to sort out next is the way the nicknames and url is shown.
Also links in posts should be clickable - not sure if the current labels support that, but I’ll try and figure it out somehow. Anyways - latest screenshot is attached here.. :)

Image

I’ve been a bit busy https://ouvaton.link/GOwomc

Did some more work on the timeline stuff today, now I have added parsing of each status, so that I can get the data I need from each status (user, image url, text, links - all that stuff I need).

@prologic@twtxt.net short version: context is a linked list that is passed down a call stack that can share timeout, cancellation, or other data as needed by lower functions in the call stack.

Like, check it out. That link to DRY? It doesn’t render as a link in the webapp. However, it does render as a link, and works fine, in Goryon. I’ve seen before that Markdown tables render fine in Goryon but not in the webapp. They ought to behave as similarly as possible, right? So just in this small interaction there are three discrepancies between how the mobile app and webapp render Markdown.

H3: Instead of C3
[Updated with correct Gemlog link.]

A version of this was posted on on 2023-01-06 but I thought it might
also fit here. Go to my gemlog for somewhat more personal takes and
see what I publish first. IPv6 only!

gemini://gem.hack.org/mc/log/

As long-time readers know I have participated in the Chaos
Communication Congress (C3) in Germany every year since 2008.

Since C3 was cancelled this year I thought I’d arrange a very small
conference of my own. I would at least try to gather some friends and
acquaintances … ⌘ Read more

@prologic@twtxt.net @movq@www.uninformativ.de this is the default behavior of pass on my machine:

Image

I add a new password entry named example and then type pass example. The password I chose, “test”, is displayed in cleartext. This is very bad default behavior. I don’t know about the other clis you both mentioned but I’ll check them out.

The browser plugin browserpass does the same kind of thing, though I have already removed it and I’m not going to reinstall it to make a movie. Next to each credential there’s an icon to copy the username to the clipboard, an icon to copy the password to the clipboard, and then an icon to view details, which shows you everything, including the password, in cleartext. The screencap in the Chrome store is out of date; it doesn’t show the offending link to show all details, which I know is there because I literally installed it today and played with it.

so in effect it would look something like this:

---
subject: acct:me@sour.is
aliases:
  - salty:me@sour.is
  - yarn:xuu@ev.sour.is
  - status:xuu@chaos.social
  - mailto:me@sour.is
---
subject: salty:me@sour.is
aliases:
  - acct:me@sour.is
links:
  - rel:    self
    type:   application/json+salty
    href:   https://ev.sour.is/inbox/01GAEMKXYJ4857JQP1MJGD61Z5
    properties:
        "http://salty.im/ns/nick":    xuu
        "http://salty.im/ns/display": Jon Lundy
        "http://salty.im/ns/pubkey":     kex140fwaena9t0mrgnjeare5zuknmmvl0vc7agqy5yr938vusxfh9ys34vd2p
---
subject: yarn:xuu@ev.sour.is
links:
  - rel: https://txt.sour.is/user/xuu
    properties:
        "https://sour.is/rel/redirect": https://txt.sour.is/.well-known/webfinger?resource=acct%3Axuu%40txt.sour.is
---    
subject: status:xuu@chaos.social
links:
   - rel: http://joinmastodon.org#xuu%40chaos.social
     properties:
        "https://sour.is/rel/redirect": https://chaos.social/.well-known/webfinger?resource=acct%3Axuu%40chaos.social
---
subject: mailto:me@sour.is
...

@xuu@txt.sour.is that doesn’t seem to fit the spirit of the spec, at least by my read (I could be wrong obv). The example on Wikipedia’s webfinger page,

{
	"subject": "acct:bob@example.com",
	"aliases": [
		"https://www.example.com/~bob/"
	],
	"properties": {
		"http://example.com/ns/role": "employee"
	},
	"links": [{
			"rel": "http://webfinger.example/rel/profile-page",
			"href": "https://www.example.com/~bob/"
		},
		{
			"rel": "http://webfinger.example/rel/businesscard",
			"href": "https://www.example.com/~bob/bob.vcf"
		}
	]
}

and then the comparison with how mastodon uses webfinger,

{
    "subject": "acct:Mastodon@mastodon.social",
    "aliases": [
        "https://mastodon.social/@Mastodon",
        "https://mastodon.social/users/Mastodon"
    ],
    "links": [
        {
            "rel": "http://webfinger.net/rel/profile-page",
            "type": "text/html",
            "href": "https://mastodon.social/@Mastodon"
        },
        {
            "rel": "self",
            "type": "application/activity+json",
            "href": "https://mastodon.social/users/Mastodon"
        },
        {
            "rel": "http://ostatus.org/schema/1.0/subscribe",
            "template": "https://mastodon.social/authorize_interaction?uri={uri}"
        }
    ]
}

suggests to me you want to leave the subject/acct bit as is (don’t add prefixes) and put extra information you care to include in the links section, where you’re free to define the rel URIs however you see fit. The notion here is that webfinger is offering a mapping from an account name to additional information about that account, so if anything you’d use a "subject": "acct:SALTY ACCOUNT_REPRESENTATION" line in the JSON to achieve what you’re saying if you don’t want to do that via links.

@prologic@twtxt.net That was exactly my thought at first too. but what do we put as the rel for salty account? since it is decentralized we dont have a set URL for machines to key off. so for example take the standard response from okta:

# http GET https://example.okta.com/.well-known/webfinger  resource==acct:bob
{
    "links": [
        {
            "href": "https://example.okta.com/sso/idps/OKTA?login_hint=bob#",
            "properties": {
                "okta:idp:type": "OKTA"
            },
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "titles": {
                "und": "example"
            }
        }
    ],
    "subject": "acct:bob"
}

It gives one link that follows the OpenID login. So the details are specific to the subject acct:bob.

Mastodons response:

{
  "subject": "acct:xuu@chaos.social",
  "aliases": [
    "https://chaos.social/@xuu",
    "https://chaos.social/users/xuu"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://chaos.social/@xuu"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://chaos.social/users/xuu"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe"
    }
  ]
}

it supplies a profile page and a self which are both specific to that account.

Trying to wrap my head around webfinger..

my first thoughts about it were that a subject of acct:me@sour.is would have a listing of rel’s for the different accounts that are related to me (ie. yarn, salty, twitter, mastodon, etc…)

but maybe my thinking is at the wrong level.. that each of those accounts would be on a subject level and the rels are describing different aspects of that account. so i would have salty:acct:xuu@sour.is, twitter:acct:xuu, mastodon:acct:xuu@chaos.social, yarn:acct:xuu@ev.sour.is and then i could have a main acct:me@sour.is that links them together as aliases.

I found okta will do something similar with its accounts to show as okta:acct:user@domain so maybe I am on to something?

Anyone know what this might be about?

[1134036.271114] ata1.00: exception Emask 0x0 SAct 0x4 SErr 0x880000 action 0x6 frozen
[1134036.271478] ata1: SError: { 10B8B LinkSeq }
[1134036.271829] ata1.00: failed command: WRITE FPDMA QUEUED
[1134036.272182] ata1.00: cmd 61/20:10:e0:75:6e/00:00:11:00:00/40 tag 2 ncq 16384 out
                          res 40/00:01:00:4f:c2/00:00:00:00:00/00 Emask 0x4 (timeout)
[1134036.272895] ata1.00: status: { DRDY }
[1134036.273245] ata1: hard resetting link
[1134037.447033] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
[1134038.747174] ata1.00: configured for UDMA/133
[1134038.747179] ata1.00: device reported invalid CHS sector 0
[1134038.747185] ata1: EH complete

Pleroma’s gopher server barfs if you arrive to it using domain.tld/1/ so it means I can’t link to it from here, but if you just enter domain.tld it works

I couldn’t access the Pleroma link.

I have updated my WWW page with the twtxt link.

Twting to see if it will update my links list.

analogue players link https://www.youtube.com/watch?v=WB3Oj00p83Q

@mckinley@twtxt.net Thank you! I didn’t even know about signing and encrypting XML documents. Right, RSS is a little bit messy.

Unfortunately, the autodiscovery document in one of your linked resources does not exist anymore. What annoys me in Atom is the distinction between <id> and <link>. I always want my URL also to be my ID, so I have to duplicate that – unnecessarily in my opinion.

Also, never found a good explanation why I should add <link rel="self" … /> to my feeds. I just do, but I don’t understand why. The W3C Feed Validation Service says:

[…] This value is important in a number of subscription scenarios where often times the feed aggregator only has access to the content of the feed and not the location from which the feed was fetched.

This just sounds like a very questionable bandaid to bad software architecture. Why would the feed parser need access to the feed URL at this stage? And if so, why not just pass down the input source? Just doesn’t make sense to me.

Also, I just noticed that I reference the http://purl.org/rss/1.0/modules/syndication/ namespace, but don’t use it in most of my feeds. Gotta fix that. Must have copied that from my yfav feed without paying attention what I’m doing.

Your article made me reread the Atom spec and I found out, that I can omit the <author> in the <entry> when I specify a global <author> at <feed> level. Awesome! Will do that as well and thus reduce the feed size.

I was inclined to let this go so as not to stir anything up, but after some additional thought I’ve decided to call it out. This twt:

Image

is exactly the kind of ad hominem garbage I came to expect from Twitter™, and I’m disappointed to see it replicated here. Rummaging through someone’s background trying to find a “gotcha” argument to take credibility away from what a person is saying, instead of engaging the ideas directly, is what trolls and bad faith actors do. That’s what the twt above does (falsely, I might add–what’s being claimed is untrue).

If you take issue with something I’ve said, you can mute me, unfollow me, ignore me, use TamperMonkey to turn all my twts into gibberish, engage the ideas directly, etc etc etc. There are plenty of options to make what I said go away. Reading through my links, reading about my organization’s CEO’s background, and trying to use that against me somehow (after misinterpreting it no less)? Besides being unacceptable in a rational discussion, and besides being completely ineffective in stopping me from expressing whatever it is you didn’t like, it’s creepy. Don’t do that.