setpriv
on Linux supports Landlock.
Another example:
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument --landlock-access fs
says that nothing is allowed.
--landlock-rule path-beneath:execute,read-file:/bin/ls-static
says that reading and executing that file is allowed. Itās a statically linked ls
program (not GNU ls).
--landlock-rule path-beneath:read-dir:/tmp
says that reading the /tmp
directory and everything below it is allowed.
The output of the ls-static
program is this line:
ārwārāārāāāāx 3000 200 07-12 09:19 22'491 ā /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do stat()
on it and everything, the little x
indicates that getting xattrs also worked.
3000
and 200
are user name and group name ā they are shown as numeric, because the program does not have access to /etc/passwd
and /etc/group
.
Adding --landlock-rule path-beneath:read-file:/etc/passwd
, for example, allows resolving users and yields this:
ārwārāārāāāāx cathy 200 07-12 09:19 22'491 ā /tmp/tmp/xorg.atom
hey! i asked this a while ago but i have to ask again ā is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but sheās unable to access my site for personal reasons. sheās really interested in seeing what yarn is about so if anyone is willing and able, let me know!
Okay, hereās a thing I like about Rust: Returning things as Option
and error handling. (Or the more complex Result
, but itās easier to explain with Option
.)
fn mydiv(num: f64, denom: f64) -> Option<f64> {
// (Letās ignore precision issues for a second.)
if denom == 0.0 {
return None;
} else {
return Some(num / denom);
}
}
fn main() {
// Explicit, verbose version:
let num: f64 = 123.0;
let denom: f64 = 456.0;
let wrapped_res = mydiv(num, denom);
if wrapped_res.is_some() {
println!("Unwrapped result: {}", wrapped_res.unwrap());
}
// Shorter version using "if let":
if let Some(res) = mydiv(123.0, 456.0) {
println!("Hereās a result: {}", res);
}
if let Some(res) = mydiv(123.0, 0.0) {
println!("Huh, we divided by zero? This never happens. {}", res);
}
}
You canāt divide by zero, so the function returns an āerrorā in that case. (Option
isnāt really used for errors, IIUC, but the basic idea is the same for Result
.)
Option
is an enum. It can have the value Some
or None
. In the case of Some
, you can attach additional data to the enum. In this case, we are attaching a floating point value.
The caller then has to decide: Is the value None
or Some
? Did the function succeed or not? If it is Some
, the caller can do .unwrap()
on this enum to get the inner value (the floating point value). If you do .unwrap()
on a None
value, the program will panic and die.
The if let
version using destructuring is much shorter and, once you got used to it, actually quite nice.
Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap()
or do destructuring or something, otherwise you canāt access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.
(In case of Result
, the compiler would warn you if you ignore the return value entirely. So something like doing write()
and then ignoring the return value would be caught as well.)
@bender@twtxt.net Yeah, well, itās a bit like twtxt. There is a Gopher community, but itās small. I actually donāt like that HTTP is so easily accessible. I donāt like it that much when people post links to my site on HackerNews or something like that. Too much exposure.
Gopher is a small world. Itās slow and cozy.
And much like twtxt, the protocol is simpleĀ®, so itās easier to tinker with it.
@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.
(If todayās tech wasnāt constantly trying to track and scam you, I might still be an early adopter.)
When I chose the MIT license for all of my software, I thought:
āShould I use GPL, which I donāt really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product ⦠and then what? Should I sue them to enforce the GPL? Iām not going to do that anyway, so Iāll just use the MIT license.ā
And now we have those LLM scrapers and now itās suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didnāt expect that back then.
GPL wouldnāt help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)
Iām honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.
(Yes, Anubis might help. Temporarily.)
Iām just tired.
Maybe youāll enjoy this as well:
I still have one of my first modems, a Creatix LC 144 VF:
I think this was the modem that I used when I first connected to the internet, but Iām not sure.
I plugged it in again and it still works:
The firmware appears to be from 1994, which sounds about right. I donāt think we had internet access before that. We certainly did use local mailboxes, though. (Or BBSās, as you might call them.)
I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Hereās a video:
Not spectacular, but the modem does answer after me entering ATA
.
I bought another cheap old modem on eBay and am now waiting for it to arrive. Once itās here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.
1 RPM
. This is a rather aggressive rate limit actually. This basically makes Github inaccessible and useless for basically anything unless you're logged in. You can basically kiss "pursuing" casually, anonymously goodbye.
@prologic@twtxt.net that will not be a problem; as long as it doesnāt affect authenticated users it wouldnāt make a difference. But we are comparing apples and eggs here. I donāt access GitHub while unauthenticated, but I can see how others might. It comes across as anti-web in general.
@movq@www.uninformativ.de, ā60 requests per hourā, eh? Was that a thing (that is, unauthenticated access to GitHub)?! I know I am on the minority, perhaps, as I rarely (or never) access GitHub unauthenticated.
good morning friends. i donāt know what iām gonna do today. perhaps work on my patreon and login wall more personal sites behind authelia that i could offer access to via patreon tier
is it like⦠ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because iāve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk iām trying to think of ways to support my server stuff but every time i come up with something it feels weird
@bender@twtxt.net Exactly. I suspect it was because of sqlitebrowser
also accessing the database in parallel to debug the original issue.
So far, I have not found the exact reason why some replies donāt show up. When I do not filter for unread messages and show all, though, I actually see them. So, thereās that.
Then I cleaned up my shell history of all of the invocations I ever made of dkv rm ...
to make sure I never ever have this so easily accessible in my shell history (^R
):
$ awk '
/^#/ { ts = $0; next }
/^dkv rm/ { next }
{ if (ts) print ts; ts=""; print }
' ~/.bash_history > ~/.bash_history.tmp && mv ~/.bash_history.tmp ~/.bash_history && history -r
@kat@yarn.girlonthemoon.xyz Using full-blown Cloud services is good for old people like me who donāt want to do on-call duty when a disk fails. š I like sleep! š
Jokes aside, I like IaaS as a middle ground. There are IaaS hosters who allow you to spin up VMs as you wish and connect them in a network as you wish. You get direct access to all those Linux boxes and to a layer 2 network, so you can do all the fun networking stuff like BGP, VRRP, IPSec/Wireguard, whatever. And you never have to worry about failing disks, server racks getting full, cable management, all that. š
Iām confident that we will always need people who do bare-bones or ālow-levelā stuff instead of just click some Cloud service. I guess that smaller companies donāt use Cloud services very often (because itās way too expensive for them).
@prologic@twtxt.net oh yeah itās absolutely epic i love how fast it is. it would be extra peak if it sent a message to every bot that it denies access to that just says āget fuckedā or something idk
I have applied your comments, and I tried to add you as an editor but couldnāt find your email address. Please request editing access if you wish.
Also, could you elaborate on how you envision migrating with a script? You mean that the client of the file owner could massively update URLs in old twts ?
wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i donāt know how!!!!! i keep drifting towards hosting panels but i donāt exactly have fresh linux servers for those nor do i like the level of access they require. so iām like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or somethingā¦. but then what about the dynamic sites!!!!!!! UGH
granted i doubt iād get much interest in dynamic sites but iād like to do this old school where i can offer people isolated mySQL databases or something for some project (iām thinking PHP based fanlistings), which means i could do it the old school way of⦠people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isnāt happening
I make a Emacs theme with a contrast ready for colour blind or visually impaired people.
https://github.com/tanrax/thankful-eyes-theme.el
Enjoy!
#emacs #accessibility
@prologic@twtxt.net Iām speculating, but if I had to guess Iād say itās probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic⢠⦠you could try with a different password manager to avoid said scenario.
Also, passkeys UX sucks.
Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, itās not a good idea.
However, itās an AMAZING technology. I want to start playing with it.
Iām continuing my tt
rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I donāt wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.
The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.euās TwtxtReader, Iām not able to include the original timestamp, though. I donāt have it in its original form in the database. :-/
Next up is a URL view.
Itās really cool how my local public libraryās membership includes digital access to thousands of magazines and newspapers.
@sorenpeter@darch.dk It depends on your requirements. If you just want to put your code somewhere for yourself, simply push it over SSH on a server and call it good. Thatās what I do with lots of repos. If you want an additional web UI for read access for the public, cgit comes to mind (a mate uses that). Prologic runs Gitea, which offers heaps more functionality like merge requests.
@lyse@lyse.isobeef.org The one in question is more like the javascript version for unwrapping errors when accessing methods.
const value = some?.deeply?.nested?.object?.value
but for handling errors returned by methods. So if you wanted to chain a bunch of function calls together and if any error return immediately. It would be something like this:
b:= SomeAPIWithErrorsInAllCalls()
b.DoThing1() ?
b.DoThing2() ?
// Though its not in the threads I assume one could do like this to chain.
b.Chain1()?.Chain2()?.End()?
I am however infavor of having a sort of ternary ?
in go.
PS. @prologic@twtxt.net for some reason this is eating my response without throwing an error :( I assume it has something to do with the CSRF. Can i not have multiple tabs open with yarn?
@movq, @prologic@twtxt.net when navigating to a Yarn. If the head twt is missing then the whole thread is not accessible. It only returns an error. so i have no way to view any of the replies within the thread other than the end twt.
I mean bug where jenny donāt know about these idās and tried to request from twtxt.net (prologic sent access logs)
@kat@yarn.girlonthemoon.xyz i also like the separation inherent with using dedicated devices. like i have a DAP, a fiio X1 ii from 2019, and itās still going strong. itās perfect for on the go music listening and i never have to worry about like going somewhere with no reception and the music drops out. itās all local AND the battery lasts longer because iām not using wi-fi or bluetooth or data. also i can directly access the file system and just add files anytime. this goes for my point & shoot and other devices too. i love this shit iām such a nerd
Getting my knowledge refreshed on web accessibility through a course on deque university.
Yes it work: 2024-12-01T19:38:35Z twtxt/1.2.3 (+https://eapl.mx/twtxt.txt; @eapl)
:D
The .log is just a simple append each request. The idea with the .cvs is to have it tally up how many request there have been from each client as a way to avoid having the log file grow too big. And that you can open the .cvs as a spreadsheet and have an easy overview and filtering options.
Access to those files are closed to the public.
@lyse@lyse.isobeef.org One person had came access it before, but no tried it
I mean sure if i want to run it over on my tooth brush why not use something that is accessible everywhere like md5? crc32? It was chosen a long while back and the only benefit in changing now is āi cant find an implementation for xā when the down side is it breaks all existing threads. soā¦
how to parse caddy access log with useragent tool? seems it dont detect anything in json
HTTPS is supposed to do [verification] anyway.
TLS provides verification that nobody is tampering with or snooping on your connection to a server. It doesnāt, for example, verify that a file downloaded from server A is from the same entity as the one from server B.
I was confused by this response for a while, but now I think I understand what youāre getting at. You are pointing out that with signed feeds, I can verify the authenticity of a feed without accessing the original server, whereas with HTTPS I canāt verify a feed unless I download it myself from the origin server. Is that right?
I.e. if the HTTPS origin server is online and I donāt mind taking the time and bandwidth to contact it, then perhaps signed feeds offer no advantage, but if the origin server might not be online, or I want to download a big archive of lots of feeds at once without contacting each server individually, then I need signed feeds.
feed locations [being] URLs gives some flexibility
It does give flexibility, but perhaps we should have made them URIs instead for even more flexibility. Then, you could use a tag URI,
urn:uuid:*
, or a regular old URL if you wanted to. The spec seems to indicate that theurl
tag should be a working URL that clients can use to find a copy of the feed, optionally at multiple locations. Iām not very familiar with IP{F,N}S but if it ensures you own an identifier forever and that identifier points to a current copy of your feed, it could be a great way to fix it on an individual basis without breaking any specs :)
Iām also not very familiar with IPFS or IPNS.
I havenāt been following the other twts about signatures carefully. I just hope whatever you smart people come up with will be backwards-compatible so it still works if Iām too lazy to change how I publish my feed :-)
@bender@twtxt.net and I saw some conspiracy theory that he knew he was going to be arrested. He was working with French intelligence on a plea deal to defect. And now Russia is freaking out that Ukraine allies can have war comms access.
Yikes! If only they had salty.im!
Even AI coding machines will need to rotate their access credentials every 90 days.
in the matter of political voice in the US money is speech and therefore companies use their āfree speechā to donate and gain access to politicians. Therefore companies are people. Thanks a lot ācitizens unitedā
@lyse@lyse.isobeef.org its a hierarchy key value format. I designed it for the network peering tools i use.. I can grant access to different parts of the tree to other users.. kinda like directory permissions. a basic example of the format is:
@namespace
# multi
# line
# comment
root :value
# example space comment
@namespace.name space-tag
# attribute comments
attribute attr-tag :value for attribute
# attribute with multiple
# lines of values
foo :bar
:bin
:baz
repeated :value1
repeated :value2
each @
starts the definition of a namespace kinda like [name]
in ini format. It can have comments that show up before. then each attribute is key :value
and can have their own #
comment lines.
Values can be multi line.. and also repeated..
the namespaces and values can also have little meta data tags added to them.
the service can define webhooks/mqtt topics to be notified when the configs are updated. That way it can deploy the changes out when they are updated.
Qnapās Hybridmount feature makes it possible for me to access the files on OneDrive as if they were available from a local network drive on my Fedora PC. Pretty neat (when everything works).
Having fun with React - yet again. A large part of my job entails (re)learning technologies - luckily I have access to some good resources in the form of training- and tutorial sites, all provided by my employer.
An official FBI document dated January 2021, obtained by the American association āProperty of Peopleā through the Freedom of Information Act.
This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (āPen Registerā) or connection data retention law (ā18 USC§2703ā). Here, in essence, is the information the FBI says it can retrieve:
Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.
Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).
Signal: date and time of account creation and date of last connection.
Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.
Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.
Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).
WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.
WhatsApp: the targeted personās basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (āPen Registerā); message content can be retrieved via iCloud backups.
Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.
TL;DR Signal is the messaging system that provides the least information to investigators.
They havenāt written the federation code yet. Its literally run on the staging instance. People are paying to access the alpha. Though if you want a code to see what all the fuss is about there are a few with invites around here.
Iām not super a fan of using json. I feel we could still use text as the medium. Maybe a modified version to fix any weakness.
What if instead of signing each twt individually we generated a merkle tree using the twt hashes? Then a signature of the root hash. This would ensure the full stream of twts are intact with a minimal overhead. With the added bonus of helping clients identify missing twts when syncing/gossiping.
Have two endpoints. One as the webfinger to link profile details and avatar like you posted. And the signature for the merkleroot twt. And the other a pageable stream of twts. Or individual twts/merkle branch to incrementally access twt feeds.
@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didnāt have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.
Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.
MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you donāt. You are for sure going to have an outlet in every room of the house by code.
Huh⦠Nope.
HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/calendar
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Permissions-Policy: interest-cohort=()
Content-Security-Policy: default-src 'none'; sandbox
Referrer-Policy: same-origin
Vary: Authorization
BEGIN:VCALENDAR
VERSION:2.0;2.0
PRODID:SandCal
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTAMP:20220822T180903Z
UID:bb63bfbd-623e-4805-b11b-3181d96375e6
DTSTART;TZID=America/Chicago:20220827T000000
CREATED:20220822T180903Z
LAST-MODIFIED:20220822T180903Z
LOCATION:https://meet.jit.si/Yarn.social
SUMMARY:Yarn Call
RRULE:FREQ=WEEKLY
DTEND;TZID=America/Chicago:20220827T010000
END:VEVENT
END:VCALENDAR
tried to figure out how to use university springer access to download a textbook, gave up after two minutes and just used libgen. lmao
New subscription plan for Apple Music: Voice Plan. Available for many countries. Using Siri to access songs. Meh.
Words I cannot type rightly at the first attempt: testimonial, accessibility, successful
@vain@www.uninformativ.de I have seen it pop up on a few feeds around and adopted it into the new parser I built.
The format I have followed has been '# ' :whitespace: :key-name: :whitespace: '=' :whitespace: :value:
keys can be repeated and accessed like an array of values.
@prologic@twtxt.net yep. it actually extracts everything at parse time. like mentions/tags/links/media. so they can be accessed and manipulated without additional parsing. it can then be output as MarkDown
finally finished all the initial ugen documentation. everything now has a sentence or two. the generated page can be accessed from the ugen wiki page [[/proj/monolith/wiki/ugens]] #updates #monolith
randoma11y is a color generator that generates two colors and scores them using WCAG system for accessibility: [[https://randoma11y.com/]] #links #color
Love it we have a ācontractā developer but he is not in the right group to push commits to the code repo. When I suggested that he be added to the right group one of the other developers was like that will give him access to everything. Iām sorry but what is everything? Itās not like he can pull from any of the repos as it is. Right now he just canāt commit.
@mdom@domgoergen.com @kas@enotty.dk thanks! I was checking access logs on nginx and noticed a bunch of 404s to my twtxt url, so I decided to pick it back up.