Hello again everyone! A little update on my twtxt client.
I think itβs finally shaping a bit better now, butβ¦ βοΈ
As Iβm trying to put all the parts together, I decided to build multiple parallel UIs, to ensure I donβt accidentally create a structure that is more rigid than planned.
I already decided on a UI that I would want to use for myself, it would be inspired by moshidon, misskey and some other βsocial feedsβ mock-ups I found on dribbble.
I also plan on building a raw HTML version (for anyone wanting to do a full DIY client).
I would love to get any suggestions of what you would like to see (and possibly use) as a client, by sharing a link, app/website name or even a sketch made by you on paper.
I think Iβll pick a third and maybe a fourth design to build together with the two already mentioned.
For reference, the screens I think of providing are (some might be optional or conditionally/manually hidable):
- Global / personal timeline screen
- Profile screen (with timeline)
- Thread screen
- Notifications screen or popup (both valid)
- DM list & chat screens (still planning, might come later)
- Settings screen (itβll probably be a hard coded form, but better mention it)
- Publish / edit post screen or popup (still analysing some use cases, as some βenginesβ might not have direct publishing support)
I also plan on adding two optional metadata fields:
display_name: To show a human readable alternative for a nick, it fallback tonickif not defined
banner: Using the same format asavatarbut the image expected is wider, inspired by other socials around
I also plan on supporting any metadata provided, including a dynamically parsable regex rule format for those extra fields, this should allow anyone to build new clients that donβt limit themselves to just the social aspect of twtxt, hoping to see unique ways of using twtxt! π€
is the first url metadata field unequivocally treated as the canon feed url when calculating hashes, or are they ignored if theyβre not at least proper urls? do you just tolerate it if theyβre impersonating someone elseβs feed, or pointing to something that isnβt even a feed at all?
and if the first url metadata field changes, should it be logged with a time so we can still calculate hashes for old posts? or should it never be updated? (in the case of a pod, where the end user has no choice in how such events are treated) or do we redirect all the old hashes to the new ones (probably this, since it would be helpful for edits too)
I think Iβm just about ready to go live with my new blog (migrated from MicroPub). I just finished migrating all of the content over, fixing up metadata, cleaning up, migrating media, optimizing media.
The new blog for prologic.blog soon to be powered by zs using the zs-blog-template is coming along very nicely π It was actually pretty easy to do the migration/conversation in the end. The results are not to shabby either.
Before:
- ~50MB repo
- ~267 files
After:
- ~20MB repo
- ~88 files
↳
In-reply-to
»
https://zsblog.mills.io/ for anyone interested. I think I still have some small tweaking to do befor eI use this for realz.
β€ Read More
@bender@twtxt.net Ahh yes I see what you mean. no indicate of when the post was made right? That should be ideally displayed on the page somewhere? Would you expect it in the url as well, because not having /posts/yyyy/mm/dd/.... was actually intentional. But yeah I should figure out where to put some additional metadata on the page.
↳
In-reply-to
»
is there consensus on what characters should(n't) be allowed in
β€ Read More
nicks? i remember reading somewhere whitespace should not be allowed, but i don't see it in the spec on twtxt.dev β in fact, are there any other resources on twtxt extensions outside of twtxt.dev?
@zvava@twtxt.net Good question. This is the spec, I think:
https://twtxt.dev/exts/metadata.html#nick
It doesnβt say much. π€
In the wild, Iβve only seen βtraditionalβ nick names, i.e. ASCII 0x21 thru 0x7E.
My client removes anything but r'[a-zA-Z0-9]' from nick names.
at first i dismissed the idea of likes on twtxt as not sensibleβ¦like at all β then i considered they could just be published in a metadata field (though that field could get really unruly after a while)
retwts are plausible, as βRE: https://example.com/twtxt.txt#abcdefgβ, the hash could even be the original timestamp from the feed to make it human readable/writable, though im extremely wary of clogging up timelines
i thought quote twts could be done extremely sensibly, by interpreting a mention+hash at the end of the twt differently to when placed at the beginning β but the twt subject extension requires it be at the beginning, so the clean fallback to a normal reply i originally imagined is out of the question β it could still be possible (reusing the retwt format, just like twitter!) but iβm not convinced itβs worth it at that point
is any of this in the spirit of twtxt? no, not in the slightest, lmao
↳
In-reply-to
»
@movq Yeah, we've seen how this plays out in practice π€£ @dce My advice, do what @movq has hinted at and don't change the 1st
β€ Read More
# url = field in your feed. I'm not sure if you had already, but the first url field is kind of important in your feed as it is used as the "Hashing URI" for threading.
@prologic@twtxt.net @movq@www.uninformativ.de My metadata only has my HTTPS URL. I didnβt consider having multiple. I was talking about my config.yaml. Jenny sounds like a good client, so I might give that a try.
↳
In-reply-to
»
It might just be my client, but it seems that I cannot track multiple URLs at once. As such, all three of my twtxt URLs will work for following, but mentions will only reach me at my HTTPS URL (https://hashnix.club/~dce/twtxt.txt). If there is a client that can cope with twtxt mirrors, I would love to know about it.
β€ Read More
@dce@hashnix.club Ah, oh, well then. π₯΄
My client supports that, if you set multiple url = fields in your feedβs metadata (the top-most one must be the βmainβ URL, that one is used for hashing).
But yeah, multi-protocol feeds can be problematic and some have considered it a mistake to support them. π€
↳
In-reply-to
»
The lack of suckless-like simple, hackable software these days is appalling.
β€ Read More
@prologic@twtxt.net Yeah, this really could use a proper definition or a βmanifestβ. π Many of these ideas are not very wide spread. And I havenβt come across similar projects in all these years.
Letβs take the farbfeld image format as an example again. I think this captures the βspiritβ quite well, because this isnβt even about code.
This is the entire farbfeld spec:
farbfeld is a lossless image format which is easy to parse, pipe and compress. It has the following format:
ββββββββββ€ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Bytes β Description β
β βββββββββͺββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β 8 β "farbfeld" magic value β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β 4 β 32-Bit BE unsigned integer (width) β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β 4 β 32-Bit BE unsigned integer (height) β
ββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ’
β [2222] β 4x16-Bit BE unsigned integers [RGBA] / pixel, row-major β
ββββββββββ§ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The RGB-data should be sRGB for best interoperability and not alpha-premultiplied.
(Now, I donβt know if your screen reader can work with this. Let me know if it doesnβt.)
I think these are some of the properties worth mentioning:
- The spec is extremely short. You can read this in under a minute and fully understand it. That alone is gold.
- There are no βknobsβ: Itβs just a single version, itβs not like thereβs also an 8-bit color depth version and one for 16-bit and one for extra large images and one that supports layers and so on. This makes it much easier to implement a fully compliant program.
- Despite being so simple, itβs useful. Iβve used it in various programs, like my window manager, my status bars, some toy programs like βtuxeyesβ (an Xeyes variant), or Advent of Code.
- The format does not include compression because it doesnβt need to. Just use something like bzip2 to get file sizes similar to PNG.
- It doesnβt cover every use case under the sun, but it does cover the most important ones (imho). They have discussed using something other than RGBA and decided itβs not worth the trouble.
- They refrained from adding extra baggage like metadata. It would have needlessly complicated things.
How to Clear CoreSpotlight Metadata on Mac When Taking Up Large Amounts of Storage
Spotlight is the powerful search engine built into MacOS that allows you to quickly find any file or data on your Mac disk drives. Part of what makes Spotlight so fast is that it uses caches and temporary files during indexing to quickly refer to data on your Mac, but sometimes those Spotlight files can β¦ Read More β Read more
↳
In-reply-to
»
@andros maybe create a separate, completely distinct feed for DM? That way, clients do not need to do anything, only those wanted to "talk in private" follow themselves, using their very special
β€ Read More
dm-only.txt feeds. π
by commenting out DMs are you giving up on simplicity? See the Metadata extension holding the data inside comments, as the client doesnβt need to show it inside the timeline.
I donβt think that commenting out DMs as we are doing for metadata is giving up on simplicity (itβs a feature already), and it helps to hide unwanted DMs to clients that will take months to add itβs support to something namedβ¦ an extension.
For some other extensions in https://twtxt.dev/extensions.html (for example the reply-to hash #abcdfeg or the mention @ < example http://example.org/twtxt.txt >) is not a big deal. The twt is still understandable in plain text.
For DM, itβs only interesting for you if you are the recipient, otherwise you see an scrambled message like 1234567890abcdef=. Even if you see it, youβll need some decryption to read it. Iβve said before that DMs shouldnβt be in the same section that the timeline as itβs confusing.
So my point stands, and as Iβve said before, we are discussing it as a community, so letβs see what other maintainers add to the convo.
↳
In-reply-to
»
@eapl.me When it is up and running, I promise to add it to the specification. I will also include some corrections.
The nature of twtxt does not allow us to selectively hide clients. It's a problem not with DM, but with any extension.
@prologic Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.
@xuu It's already much better than Mastodon :P . Maybe we can remove the sender and receiver references with an intermediary register.
β€ Read More
I think that having a dm-only.txt, twtxt-dm.txt or any other name for an alternative file is the most sensible approach. The name could be specified in the metadata.
↳
In-reply-to
»
Oh well. I've gone and done it again! This time I've lost 4 months of data because for some reason I've been busy and haven't been taking backups of all the things I should be?! π€ Farrrrk π€¬
β€ Read More
@prologic@twtxt.net Spring cleanup! Thatβs one way to encourage people to self-host their feeds. :-D
Since Iβm only interested in the url metadata field for hashing, I do not keep any comments or metadata for that matter, just the messages themselves. The last time I fetched was probably some time yesterday evening (UTC+2). I cannot tell exactly, because the recorded last fetch timestamp has been overridden with todayβs by now.
I dumped my new SQLite cache into: https://lyse.isobeef.org/tmp/backup.tar.gz This time maybe even correctly, if youβre lucky. Iβm not entirely sure. It took me a few attempts (date and time were separated by space instead of T at first, I normalized offsets +00:00 to Z as yarnd does and converted newlines back to U+2028). At least now the simple cross check with the Twtxt Feed Validator does not yield any problems.
↳
In-reply-to
»
@xuu I had a lot of trouble figuring out how to do this too π
β€ Read More
hmm i need to start storing feed preambles so i can capture metadata like that
↳
In-reply-to
»
I am working on this: https://dm-echo.andros.dev/
More news coming soon.
#twtxt
β€ Read More
@eapl.me@eapl.me I think the benefits do not outweigh the disadvantages. Clients would have to read and merge the information from 2 txt and a new metadata would have to be added with the address of this file.
Also, it is very easy to filter or ignore it.
Introducing rpi-image-gen for customized Raspberry Pi images
Raspberry Pi has
announced rpi-image-gen,
a tool to create custom software images for its devices.
rpi-image-gen is a Bash orientated scripting engine capable of
producing software images with different on-disk partition layouts,
file systems and profiles using collections of metadata and a defined
flow of execution. It provides the means to create a hig β¦ β Read more
lang=en @xuu@txt.sour.is gotcha!
From that PR #17 I think it was reverted? We could discuss about metadata later this month, as it seems that Iβm the only person using it.
Iβve added a [lang=en] to this twt to see current yarn behaviour.
↳
In-reply-to
»
@eapl.me There are several points that I like, but I want to highlight number 7. https://text.eapl.mx/a-few-ideas-for-a-next-twtxt-version #twtxt
β€ Read More
For point 1 and others using the metadata tags. we have implemented them in yarnd as [lang=en][meta=data]
↳
In-reply-to
»
I would like to drop Onedrive for Proton Drive and WhatsApp for Threema - I just need to convince my whole family to follow me with that.
β€ Read More
@doesnm@doesnm.p.psf.lt Threema is also known to be crippled to state actors and the five eyes. It has known crypto protocol weaknesses that can leak metadata.
↳
In-reply-to
»
I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension
β€ Read More
I havenβt read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesnβt make sense to me. It of course depends on the threat model, but wouldnβt one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)
↳
In-reply-to
»
What say you @movq @lyse @eapl.mx / @darch @andros (new client author)? π€ Shall I PR this up?
β€ Read More
although I agree that it helps, I donβt see completely correct to leave the nick definition to the source .txt. It could be wrong from the start or outdated with the time.
Iβd rather prefer to get it from the mentioned .txt nick metadata (could be cached for performance).
So my vote would to make it mandatory to follow @<name url> but only using that name/nick if the URL doesnβt contain another nick.
A main advantage is that when the destination URL changes the nick, itβll be automagically updated in the thread view (as happens with some other microblogging platforms, following the Jakobβs Law)
Iβm still making progress with the Emacs client. Iβm proud to say that the code that is responsible for reading the feeds is almost finished, including: Twt Hash Extension, Twt Subject Extension, Multiline Extension and Metadata Extension. Iβm fine-tuning some tests and will soon do the first buffer that displays the twts.
Lol, seems yarn do not display metadata on @terron@duque-terron.cat
↳
In-reply-to
»
What should the advantage be to
β€ Read More
nick = _compared to just not defining a nick and let the client use the domain as the handle?
You are right: no advantage. Also your method can make backward compatible to feeds which doesnβt implement metadata extension
Introducing Annotated Logger: A Python package to aid in adding metadata to logs
Weβre open sourcing Annotated Logger, a Python package that helps make logs searchable with consistent metadata.
The post [Introducing Annotated Logger: A Python package to aid in adding metadata to logs](https://github.blog/developer-skills/programming-languages-and-frameworks/introducing-annotated-logger-a-python-package-to-aid-in-a β¦ β Read more
↳
In-reply-to
»
@<@chyrp.doesnm.cc https://chyrp.doesnm.cc/twtxt.txt> this is broken in jenny too, I figure. No nick breaks things.
β€ Read More
Lol, metadata extension should be optional for backward-compability
↳
In-reply-to
»
I've been thinking of a few improvements for the next generation of twtxt spec, let me know if these are useful or interesting :) https://text.eapl.mx/a-few-ideas-for-a-next-twtxt-version
β€ Read More
@eapl.me@eapl.me Neat.
So for twt metadata the lextwt parser currently supports values in the form [key=value]
https://git.mills.io/yarnsocial/go-lextwt/src/branch/main/parser_test.go#L692-L698
↳
In-reply-to
»
Righto, @eapl.me, ta for the writeup. Here we go. :-)
β€ Read More
@eapl.me@eapl.me here are my replies (somewhat similar to Lyseβs and Jamesβ)
Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax
if something is NSFWIDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.
Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.
Discovery: User-agent for discovery can become better. Iβm working on a wrapper script in PHP, so you donβt need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But thatβs the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.
Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs
Languages: If the need is big then make a separate feed. I donβt mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then itβs about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.
Emojis: Iβm not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?
↳
In-reply-to
»
I've been thinking of a few improvements for the next generation of twtxt spec, let me know if these are useful or interesting :) https://text.eapl.mx/a-few-ideas-for-a-next-twtxt-version
β€ Read More
Righto, @eapl.me@eapl.me, ta for the writeup. Here we go. :-)
Metadata on individual twts are too much for me. I do like the simplicity of the current spec. But I understand where youβre coming from.
Numbering twts in a feed is basically the attempt of generating message IDs. Itβs an interesting idea, but I reckon it is not even needed. Iβd simply use location based addressing (feed URL + β#β + timestamp) instead of content addressing. If one really wanted to, one could hash the feed URL and timestamp, but the raw form would actually improve disoverability and would not even require a richer client. But the majority of twtxt users in the last poll wanted to stick with content addressing.
yarnd actually sends If-Modified-Since request headers. Not only can I observe heaps of 304 responses for yarnds in my access log, but in Cache.FetchFeeds(β¦) we can actually see If-Modified-Since being deployed when the feed has been retrieved with a Last-Modified response header before: https://git.mills.io/yarnsocial/yarn/src/commit/98eee5124ae425deb825fb5f8788a0773ec5bdd0/internal/cache.go#L1278
Turns out etags with If-None-Match are only supported when yarnd serves avatars (https://git.mills.io/yarnsocial/yarn/src/commit/98eee5124ae425deb825fb5f8788a0773ec5bdd0/internal/handlers.go#L158) and media uploads (https://git.mills.io/yarnsocial/yarn/src/commit/98eee5124ae425deb825fb5f8788a0773ec5bdd0/internal/media_handlers.go#L71). However, it ignores possible etags when fetching feeds.
I donβt understand how the discovery URLs should work to replace the User-Agent header in HTTP(S) requests. Do you mind to elaborate?
Different protocols are basically just a client thing.
I reckon itβs best to just avoid mixing several languages in one feed in the first place. Personally, I find it okay to occasionally write messages in other languages, but if that happens on a more regularly basis, Iβd definitely create a different feed for other languages.
Isnβt the emoji thing βjustβ a client feature? So, feed do not even have to state any emojis. As a user Iβd configure my client to use a certain symbol for feed ABC. Currently, I can do a similar thing in tt where I assign colors to feeds. On the other hand, what if a user wants to control what symbol should be displayed, similar to the feedβs nick? Hmm. But still, my terminal font doesnβt even render most of emojis. So, Unicode boxes everywhere. This makes me think it should actually be a only client feature.
↳
In-reply-to
»
I wonder how long does Yarn caches a
β€ Read More
description header. Or rather, how often it re-fetches it.
So, @prologic@twtxt.net, Yarn isnβt rendering the metadata as described on the format documentation. That is, ux2028 is ignored when Yarn renders the description metadata.
↳
In-reply-to
»
@prologic would you please check my web interface? is that a normal thing or am I missing something?
β€ Read More
Web interface is deleted in https://git.mills.io/saltyim/saltyim/commit/376de2702319686c902ec03b8ca1e17b020fc639 but seems incorrectly (in source i see git lfs metadata). Can be builded if you grab https://git.mills.io/saltyim/saltyim/src/commit/15a64de82829/internal/web/app.wasm and place it in source (go directory has cached source) and rebuild
↳
In-reply-to
»
New post (mostly follow-up on the previous with a few new points) on the twtxt v2 discussion. http://a.9srv.net/b/2024-10-08
β€ Read More
@2024-10-08T19:36:38-07:00@a.9srv.net Thanks for the followup. I agrees with most of it - especially:
Please nobody suggest sticking the content type in more metadata. π
Yes, URL can be considered ugly, but they work and are understandable by both humans and machines. And its trivial for any client to hide the URLs used as reference in replies/treading.
Webfinger can be an add-on to help lookup people, and it can be made independent of the nick by just serving the same json regardless of the nick as people do with static sites and a as I implemented it on darch.dk (wf endpoint). Try RANDOMSTRING@darch.dk on http://darch.dk/wf-lookup.php (wf lookup) or RANDOMSTRING@garrido.io on https://webfinger.net
↳
In-reply-to
»
More thoughts about changes to twtxt (as if we haven't had enough thoughts):
β€ Read More
Yes, that is exactly what I meant. I like that collection and βtwtxt v2β feels like a departure.
Maybe thereβs an advantage to grouping it into one spec, but IMO that shouldnβt be done at the same time as introducing new untested ideas.
See https://yarn.social (especially this section: https://yarn.social/#self-host) β It really doesnβt get much simpler than this π€£
Again, I like this existing simplicity. (I would even argue you donβt need the metadata.)
That page says βFor the best experience your client should also support some of the Twtxt Extensionsβ¦β but it is clear you donβt need to. I would like it to stay that way, and publishing a big long spec and calling it βtwtxt v2β feels like a departure from that. (I think the content of the document is valuable; Iβm just carping about how itβs being presented.)
↳
In-reply-to
»
This is only first draft quality, but I made some notes on the #twtxt v2 proposal. http://a.9srv.net/b/2024-09-25
β€ Read More
Good writeup, @anth@a.9srv.net! I agree to most of your points.
3.2 Timestamps: I feel no need to mandate UTC. Timezones are fine with me. But I could also live with this new restriction. I fail to see, though, how this change would make things any easier compared to the original format.
3.4 Multi-Line Twts: What exactly do you think are bad things with multi-lines?
4.1 Hash Generation: I do like the idea with with a new uuid metadata field! Any thoughts on two feeds selecting the same UUID for whatever reason? Well, the same could happen today with url.
5.1 Reply to last & 5.2 More work to backtrack: I do not understand anything youβre saying. Can you rephrase that?
8.1 Metadata should be collected up front: I generally agree, but if the uuid metadata field were a feed URL and no real UUID, there should be probably an exception to change the feed URL mid-file after relocation.
↳
In-reply-to
»
@prologic Do you have a link to some past discussion?
β€ Read More
@david@collantes.us Thanks, thatβs good feedback to have. I wonder to what extent this already exists in registry servers and yarn pods. I havenβt really tried digging into the past in either one.
How interested would you be in changes in metadata and other comments in the feeds? Iβm thinking of just permanently saving every version of each twtxt file that gets pulled, not just the twts. It wouldnβt be hard to do (though presenting the information in a sensible way is another matter). Compression should make storage a non-issue unless someone does something weird with their feed like shuffle the comments around every time I fetch it.
↳
In-reply-to
»
@falsifian TLS won't help you if you change your domain name. How will people know if it's really you? Maybe that's not the biggest problem for something with such low stakes as twtxt, but it's a reasonable concern that could be solved using signatures from an unchanging cryptographic key.
β€ Read More
() @falsifian@www.falsifian.org You mean the idea of being able to inline
# url =changes in your feed?
Yes, that one. But @lyse@lyse.isobeef.org pointed out suffers a compatibility issue, since currently the first listed url is used for hashing, not the last. Unless your feed is in reverse chronological order. Heh, I guess another metadata field could indicate which version to use.
Or maybe url changes could somehow be combined with the archive feeds extension? Could the url metadata field be local to each archive file, so that to switch to a new url all you need to do is archive everything youβve got and start a new file at the new url?
I donβt think itβs that likely my feed url will change.
↳
In-reply-to
»
On the Subject of Feed Identities; I propose the following:
β€ Read More
@prologic@twtxt.net Some criticisms and a possible alternative direction:
Key rotation. Iβm not a security person, but my understanding is that itβs good to be able to give keys an expiry date and replace them with new ones periodically.
It makes maintaining a feed more complicated. Now instead of just needing to put a file on a web server (and scan the logs for user agents) I also need to do this. What brought me to twtxt was its radical simplicity.
Instead, maybe we should think about a way to allow old urls to be rotated out? Like, my metadata could somehow say that X used to be my primary URL, but going forward from date D onward my primary url is Y. (Or, if you really want to use public key cryptography, maybe something similar could be used for key rotation there.)
Itβs nice that your scheme would add a way to verify the twts you download, but https is supposed to do that anyway. If you donβt trust https to do that (maybe you donβt like relying on root CAs?) then maybe your preferred solution should be reflected by your primary feed url. E.g. if you prefer the security offered by IPFS, then maybe an IPNS url would do the trick. The fact that feed locations are URLs gives some flexibility. (But then rotation is still an issue, if I understand ipns right.)
↳
In-reply-to
»
@bender Sorry, trust was the wrong word. Trust as in, you do not have to check with anything or anyone that the hash is valid. You can verify the hash is valid by recomputing the hash from the content of what it points to, etc.
β€ Read More
@bender@twtxt.net Yes, they do π€£ Implicitly, or threading would never work at all π Nor lookups π€£ They are used as keys. Think of them like a primary key in a database or index. I totally get where youβre coming from, but there are trade-offs with using Message/Thread Ids as opposed to Content Addressing (like we do) and I believe we would just encounter other problems by doing so.
My money is on extending the Twt Subject extension to support more (optional) advanced βsubjectsβ; i.e: indicating you edited a Twt you already published in your feed as @falsifian@www.falsifian.org indicated π
Then we have a secondary (bure much rarer) problem of the βidentityβ of a feed in the first place. Using the URL you fetch the feed from as @lyse@lyse.isobeef.org βs client tt seems to do or using the # url = metadata field as every other client does (according to the spec) is problematic when you decide to change where you host your feed. In fact the spec says:
Users are advised to not change the first one of their urls. If they move their feed to a new URL, they should add this new URL as a new url field.
See Choosing the Feed URL β This is one of our longest debates and challenges, and I think (_I suspect along with @xuu@txt.sour.is _) that the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feedβs unique identity that never changes.
All this hash breakage made me wonder if we should try to introduce βmessage IDsβ after all. π
But the great thing about the current system is that nobody can spoof message IDs. π€ When you think about it, message IDs in e-mails only work because (almost) everybody plays fair. Nothing stops me from using the same Message-ID header in each and every mail, that would break e-mail threading all the time.
In Yarn, twt hashes are derived from twt content and feed metadata. That is pretty elegant and Iβd hate see us lose that property.
If we wanted to allow editing twts, we could do something like this:
2024-09-05T13:37:40+00:00 (~mp6ox4a) Hello world!
Here, mp6ox4a would be a βpartial hashβ: To get the actual hash of this twt, youβd concatenate the feedβs URL and mp6ox4a and get, say, hlnw5ha. (Pretty similar to the current system.) When people reply to this twt, they would have to do this:
2024-09-05T14:57:14+00:00 (~bpt74ka) (<a href="https://txt.sour.is/search?q=%23hlnw5ha">#hlnw5ha</a>) Yes, hello!
That second twt has a partial hash of bpt74ka and is a reply to the full hash hlnw5ha. The author of the βHello world!β twt could then edit their twt and change it to 2024-09-05T13:37:40+00:00 (~mp6ox4a) Hello friends! or whatever. Threading wouldnβt break.
Would this be worth it? Itβs certainly not backwards-compatible. π
↳
In-reply-to
»
@falsifian You need an Avatar π
β€ Read More
@prologic@twtxt.net Fair enough! I just added some metadata.
@stigatle@yarn.stigatle.no / @abucci@anthony.buc.ci My current working theory is that there is an asshole out there that has a feed that both your pods are fetching with a multi-GB avatar URL advertised in their feedβs preamble (metadata). Iβd love for you both to review this PR, and once merged, re-roll your pods and dump your respective caches and share with me using https://gist.mills.io/
↳
In-reply-to
»
I've gathers my ideas about mentions for twtxt/yarn here: Webmentions vs. custom mentions spec for twtxt/yarn - HedgeDoc
You are welcome to edit and comment in the doc, so our ideas are not fragment into a bunch of treads
β€ Read More
Thanks for your feedback @lyse@lyse.isobeef.org. For some reason i missed it until now. For now I have implemented endpoint discovery for #webmentions as a metadata field in the twtxt.txt like this:
# webmention = http://darch.dk/timeline/webmention
Linus Torvalds Has βRobust Exchangesβ Over Filesystem Suggestion on Linux Kernel Mailing List
Linus Torvalds had βsome robust exchangesβ on the Linux kernel mailing list with a contributor from Google. The subject was inodes, notes the Register, βwhich as Red Hat puts it are each βa unique identifier for a specific piece of metadata on a given filesystem.ββ
Inodes have been the subj β¦ β Read more
Iβve been thinking of how to notify someone else that youβve replied to their twts.
Is there something already developed, for example on yarn.social?
Letβs say I want to notify https://sour.is/tiktok/America/Denver.txt that Iβve replied to some twt. They donβt follow me back, so they wonβt see my reply.
I would send my URL to, could be, https://sour.is/tiktok/replies?url=MY_URL and theyβll check that I have a reply to some of their twts, and could decide to follow me back (after seeing my twtxt profile to avoid spam)
Another option could be having a metadata like
follow-request=https://sour.is/tiktok/America/Denver.txt TIMESTAMP_IN_SECONDS
that the other client has to look for, to ensure that the request comes from that URL (again, to avoid spam)
This could be deleted after the other .txt has your URL in the follow list, or auto-expire after X days to clean-up old requests.
What do you think?
An official FBI document dated January 2021, obtained by the American association βProperty of Peopleβ through the Freedom of Information Act.
This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (βPen Registerβ) or connection data retention law (β18 USCΒ§2703β). Here, in essence, is the information the FBI says it can retrieve:
Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.
Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).
Signal: date and time of account creation and date of last connection.
Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.
Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.
Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).
WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.
WhatsApp: the targeted personβs basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (βPen Registerβ); message content can be retrieved via iCloud backups.
Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.
TL;DR Signal is the messaging system that provides the least information to investigators.
Dependabot relieves alert fatigue from npm devDependencies
A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives. β Read more
π‘ Quick βn Dirty prototype Yarn.social protocol/spec:
If we were to decide to write a new spec/protocol, what would it look like?
Hereβs my rough draft (back of paper napkin idea):
- Feeds are JSON file(s) fetchable by standard HTTP clients over TLS
- WebFinger is used at the root of a userβs domain (or multi-user) lookup. e.g:
prologic@mills.io->https://yarn.mills.io/~prologic.json
- Feeds contain similar metadata that weβre familiar with: Nick, Avatar, Description, etc
- Feed items are signed with a ED25519 private key. That is all βpostsβ are cryptographically signed.
- Feed items continue to use content-addressing, but use the full Blake2b Base64 encoded hash.
- Edited feed items produce an βEditedβ item so that clients can easily follow Edits.
- Deleted feed items produced a βDeletedβ item so that clients can easily delete cached items.
GitHub Security Lab audited DataHub: Hereβs what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platformβs authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform. β Read more
↳
In-reply-to
»
@prologic (re: Just discovered ...) On the one hand, twtxt has become more popular thanks to Yarn.social. On the other hand, subject and hashtag extensions took away the simplicity of the protocol. For example, it is impossible to understand which conversation (#base32hash) a tweet refers to or to reply to a tweet without going to a yarn.social pod. Compare with re: in this tweet which can be written without using any client at all
β€ Read More
@prologic@twtxt.net: I understand the benefits of using hashes, itβs much easier to implement client applications (at the expense of ease of use without the proper client). I must say that I like the way the metadata extension is done. Simple and elegant! Itβs hard to design simple things!
Just reading in-depth and trying to understand the security model of Delta.Chat a bit moreβ¦ Thereβs a few things that really concern me about how Delta.Chat which relies on Autocrypt work:
- There is no Perfect Forward Secrecy
- No verification of keys
- Is therefore susceptible to Man-in-the-Middle attacks
- Is therefore susceptible to Man-in-the-Middle attacks
- Metadata is a BIG problem with Delta.Chat:
- The
ToandFromandDateare trackable by your Mail provider (amongst many other headers)
- The
Hmmm π€ cc @deebs@twtxt.net
@movq@www.uninformativ.de
I would recommend a longer rotation, perhaps? The way I see it, you are proposing a monthly one. That can make metadata huge too. Maybe yearly, or every 6 months?
@xuu@txt.sour.is Btwβ¦ I noticed your pod has some changed Iβm not familiar with, for example you seem to have added metadata to the top of feeds. Can you enumerate the improvements/changes youβve made and possibly letβs discuss contributing them back upstream? :D
Metadata: Judoing the Dunning-Kruger effect: the βsurprisingly-popular optionβ strategy for crowdsourcing https://muratbuffalo.blogspot.com/2018/11/judoing-dunning-kruger-effect.html
GitHub - jimkang/random-internet-archive: Gets a random Internet Archive resource, in URL form with some metadata. https://github.com/jimkang/random-internet-archive
@mdom@domgoergen.com metadata is there now. I was one commit behind.
@sdk@codevoid.de Great! Though i donβt see any metadata on your feed?
@sdk@codevoid.de Great! Though i donβt see any metadata on your feed?
@mdom@domgoergen.com Thatβs interesting. So does txtnish read that metadata? or would an end user just look at the file to see it? Is the meta data going to be the standard?
@mdom@domgoergen.com what metadata feature is that?
New feature for txtnish: After setting add_metadata to 1, txtnish will, uhm, add metadata to your twtfile. Currently i only add followings, client and your gpg fingerprint. See my file for an example.
New feature for txtnish: After setting add_metadata to 1, txtnish will, uhm, add metadata to your twtfile. Currently i only add followings, client and your gpg fingerprint. See my file for an example.
The workflow app on iOS is magic. I now have a button that asks me to select a picture, then converts it to png, resizes it, strips the metadata, scps it to my jumphost, scps it further to my gopher jail and into my paste directory, constructs the http proxy URL and opens it in safari. All without user-interaction. Now I can share my mobile life with you guys! Prepare for cat pictures!
updated metadata on twtxt.txt file
Metadata: Paper review. IPFS: Content addressed, versio⦠http://muratbuffalo.blogspot.com/2018/02/paper-review-ipfs-content-addressed.html
@reednj@twtxt.xyz I think this would be the first time two clients implement the same #metadata format.
@reednj@twtxt.xyz I think this would be the first time two clients implement the same #metadata format.
Iβll take another swing at #metadata for #twtxt. You can check my feed for an example. The headers arenβt important, only # key = value
Iβll take another swing at #metadata for #twtxt. You can check my feed for an example. The headers arenβt important, only # key = value
Maybe we shouldnβt add time sensitive metadata. Maybe # following = https://domgoergen.com/twtxt/mdom.txt https://enotty.dk/twtxt.txt β¦
Maybe we shouldnβt add time sensitive metadata. Maybe # following = https://domgoergen.com/twtxt/mdom.txt https://enotty.dk/twtxt.txt β¦
@kas@enotty.dk, @benaiah@benaiah.me Should metadata always be at the start of the file or can it be interspersed with tweets?
@kas@enotty.dk, @benaiah@benaiah.me Should metadata always be at the start of the file or can it be interspersed with tweets?
@mdom@domgoergen.com, @kas@enotty.dk re: metadata, Iβm (obviously) in favor of my suggestion for metadata-in-comments, but I donβt think we should have comments in comments.
@kas@enotty.dk The amount of whitespace around the equal sign shouldnβt matter. Wouldnβt be a comment above the line not enough? <# nick = mdom # my nick> looks weird.
@kas@enotty.dk The amount of whitespace around the equal sign shouldnβt matter. Wouldnβt be a comment above the line not enough? <# nick = mdom # my nick> looks weird.
I would love to add metadata to the spec, but someone would have to hack it into twtxt #issue48 @buckket@buckket.org? :)
I would love to add metadata to the spec, but someone would have to hack it into twtxt #issue48 @buckket@buckket.org? :)
#txtnix and #roster now support the new metadata syntax ts#metadata. Now time will tell if somebody will use it.
#txtnix and #roster now support the new metadata syntax ts#metadata. Now time will tell if somebody will use it.
This would be a good use case for metadata. @kas@enotty.dk could ask clients to refetch less, eg with /refetch 10m
This would be a good use case for metadata. @kas@enotty.dk could ask clients to refetch less, eg with /refetch 10m
#txtnix new subcommand will dump all available metadata for a feed. Until a decision is made it uses my // suggestion.
#txtnix new subcommand will dump all available metadata for a feed. Until a decision is made it uses my // suggestion.
How should metadata about a twtxt feed be stored? Weigh in @ https://github.com/buckket/twtxt/issues/48