@bender@twtxt.net Wild. The twts look garbled. Like The Thing.

@bender@twtxt.net Drugs.

@bender@twtxt.net What is happening?

@bender@twtxt.net What even is this post?

@prologic@twtxt.net I haven’t been tracking these changes or conversation. Can you link me to something so that I can catch up?

Today I learned that Jordan Peterson got his start as a public figure answering questions on Quora 😆

@bender@twtxt.net I’m hoping my little one makes it that long; it’s possible! Unless some medical miracle occurs I’ll be long ago converted to dust by then.

Apple has agreed to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then sold to third parties for targeted ads.

From Siri “unintentionally” recorded private convos; Apple agrees to pay $95M https://arstechnica.com/tech-policy/2025/01/apple-agrees-to-pay-95m-delete-private-conversations-siri-recorded/

I’m not sure I’m convinced Apple is really that much better than the other big tech companies when it comes to this kind of thing. Their reputation is better and they do seem to be better about things like on-device encryption, but then stories like this come out.

This year is a perfect square: 2025 = 45². Most of us reading this at time of posting won’t be alive next time that happens since 46² = 2116, 91 years from now. This has been bouncing around the internet but for some reason I felt compelled to record it here!

@New_scientist@feeds.twtxt.net No for f*#$’s sake stop pushing this hype

@bender@twtxt.net Given that I haven’t posted in so long, my lines of twtxt per unit time average is probably lower than most! I’m a bursty twtxter.

OpenAI, Google, Anthropic admit they can’t scale up their chatbots any further

Once you’ve trained your large language model on the entire written output of humanity, where do you go?

https://pivot-to-ai.com/2024/11/14/openai-google-anthropic-admit-they-cant-scale-up-their-chatbots-any-further/

So we’re going to destroy the environment for AI slop that isn’t fit for purpose now and, if you believe the above post, never will be.

@New_scientist@feeds.twtxt.net No they don’t.

Silicon Valley and Wall Street invent collateralized GPU obligations. Surely this will work out fine

https://pivot-to-ai.com/2024/11/04/silicon-valley-and-wall-street-invent-collateralized-gpu-obligations-surely-this-will-work-out-fine/

Blackstone, Pimco, Carlyle, and BlackRock have so far lent $11 billion to GPU cloud companies — now apparently called “neoclouds” — such as CoreWeave, Crusoe, and Lambda Labs. The loans are collateralized by the neoclouds’ Nvidia GPUs.

Look ma, new asset bubble!

@New_scientist@feeds.twtxt.net Hallucinating invisible pedestrians, great application!

@Phys_org@feeds.twtxt.net …which will be entirely ignored when the 💩 hits the 🪭

“Interest grows in geoengineering” because pursuing the obvious, clearest, most direct solution–reducing fossil fuel use–is for some reason off the table. That is already an unethical arrangement. Pasting an ethical framework on top doesn’t change the rotten situation at its core.

@New_scientist@feeds.twtxt.net Pusher can detect own product. Film at 11.

@New_scientist@feeds.twtxt.net Make sense–if a clown murders the child they don’t need to go to the hospital.

@quark@ferengi.one wow everybody loves @prologic@twtxt.net

@quark@ferengi.one Check out this thread if you haven’t already: https://mastodon.social/@sundogplanets/112464533481477428

I think we already know It’s likely to be a disaster.

@New_scientist@feeds.twtxt.net It’s great that US regulators have approved launching 40,000 satellites with a 5-year lifespan before we had this kind of information about what’s likely to happen when they start falling out of orbit at a rate of several per hour.

@prologic@twtxt.net My pod, which is running the same commit you are, does not return an error like that. It returns the same HTML it always has. Try it. I nuked my cache before restarting.

Edit: Oh wait, the plot thickens. I do get an error if I use curl or if I use a web browser that isn’t logged in. That’s good!

@prologic@twtxt.net I’m not sure what this update does, but

https://twtxt.net/external?uri=https://google.com&nick=lovetocode999

still exhibits the same problem, on your pod and on mine, after the latest update.

@prologic@twtxt.net OK, I just updated to commit 77d527, which looks to be the same one you’re running right now. I forgot to blow away my cache before restarting, so I just deleted the cache file and restarted.

Had to disable support functions because I’ve received three spammy support emails today. Thanks for that feature @prologic@twtxt.net

@bender@twtxt.net Hey, want to go in halfsies on one?

@bender@twtxt.net Oh look at that, the same problem is still happening on twtxt.net too. I tested a different link but that one gave an error. Maybe that means my pod isn’t behaving different from twtxt.net after all.

A stopgap setting that would let me stop all calls to /external matching a particular pattern (like this damn lovetocode999 nick) would do the job. Given the potential for abuse of that endpoint, having more moderation control over what it can do is probably a good idea.

@prologic@twtxt.net I deleted a file named cache in my yarn data and restarted. Problem persists.

@prologic@twtxt.net “Refresh cache in Poderator Settings”

Is there some other way to do that?

@prologic@twtxt.net What? I compiled, updated, and restarted. If you check what my pod reports, it gives that 7a… SHA. I don’t know what that other screenshot is showing but it seems to be out of date. That was the SHA I was running before this update.

@prologic@twtxt.net Here’s a log entry:

Aug 27 15:59:43 buc yarnd[1200580]: [yarnd] 2024/08/27 15:59:43 (IP_REDACTED) "GET /external?nick=lovetocode999&uri=https://URL_REDACTED HTTP/1.1" 200 35442 14.554763ms

HTTP 200 status, not 404.

@prologic@twtxt.net This does not seem to fix the problem for me, or I’ve done something wrong. I did the following:

1. Pull the latest version from git (I have commit 7ad848, same as on twtxt.net I believe).
   
2. make build and make install
   
3. Restart yarnd
   
4. Refresh cache in Poderator Settings
   

Yet I still see these bogus /external things on my pod when I hit URLs like the one I sent you recently. When I hit such a URL with curl I think it’s giving an error? But in a web browser, the (buggy) response is the same as it was before I updated.

So, this problem is not fixed for me.

@prologic@twtxt.net Aha, now it gives an error. OK I’m updating to this to see if it fixes the issue on my pod! Thank you.

@prologic@twtxt.net I believe you are not seeing the problem I am describing.

Hit this URL in your web browser:

https://twtxt.net/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

That’s your pod. I assume you don’t have a user named lovetocode999 on your pod. Yet that URL returns HTTP status 200, and generates HTML, complete with a link to https://socialmphl.com/story19510368/doujin, which is not a twtxt feed (that’s where the twtxt.txt link goes if you click it). That link could be to anything, including porn, criminal stuff, etc, and it will appear to be coming from your twtxt.net domain.

What I am saying is that this is a bug. If there is no user lovetocode999 on the pod, hitting this URL should not return HTTP 200 status, and it should definitely not be generating valid HTML with links in it.

Edit: Oops, I misunderstood the purpose of this /external endpoint. Still, since the uri is not a yarn pod, let alone one with a user named lovetocode999 on it, I stand by the belief that URLs like this should be be generating valid HTML with links to unknown sites. Shouldn’t it be possible to construct a valid target URL from the nick and uri instead of using the pod’s /external endpoint?

@prologic@twtxt.net @bender@twtxt.net I partially agree with bender on this one I think. The way this person is abusing the /external endpoint on my pod seems to be to generate legitimate-looking HTML content for external sites, using a username that does not exist on my pod. One “semantically correct” thing to do would be to error out if that username does not exist on the pod. It’s not unlike having a mail server configured as an open relay at this point.

It would also be very helpful to give the pod administrator control over what’s being fetched this way. I don’t want people using my pod to redirect porn sites or whatever. If I could have something as simple as the ability to blacklist URLs that’d already help.

@lyse@lyse.isobeef.org Interesting. The yarnd --help currently says (for me):

  -R, --open-registrations            whether or not to have open user registgration

meaning it doesn’t give the default setting or warn you that you need to use -R=false and not -R false. It also leaves unclear whether --open-registrations false would work or if you need to do --open-registrations=false. It’s also unclear whether the setting change in the user interface is overridden by the command line arguments, overrides the command line arguments, is persisted across restarts.

Maybe all this is worth posting an issue for additional documentation on the git repo if there isn’t one already.

“registgration” is misspelled that way in the help by the way.

@lyse@lyse.isobeef.org Ha, sweet thanks for this! For some reason I thought you had to do this with an environmental variable or command-line option and I didn’t think to check the settings. 🤦‍♂

@prologic@twtxt.net Ah nice, thank you! Do you think this fix is ready for me to test it or do you think I should wait til you poke at it?

For some reason this nick lovetocode999 is frequently present in my log entries.

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

@mckinley@twtxt.net He’s signed up three times now even though I keep deleting the account, which is enough for me to permaban this person. I don’t technically want open registrations on my pod but up till now I’ve been too lazy to figure out how to turn them off and actually do that, and there hasn’t been a pressing need. I may have to now.

@support@anthony.buc.ci No. Try this again and I nuke your IP.

I stumbled on this today: Open Source Game Clones

This site tries to gather open-source or source-available remakes of great old games in one place.

@support@anthony.buc.ci Nope.

@prologic@twtxt.net I don’t think it’s your code. As you said in one of your commit comments, the internet is a hostile place! That’s partly why I reacted the way I did: all things considered it’s usually better to react quickly and clean up the mess later, then it is to wait and risk further damage. Anyway it sucks @xuu@txt.sour.is got caught up in it. Hopefully it’s all good now.

@xuu@txt.sour.is I hope everything is sorted out with your ISP. Please let me know if there’s anything I can do to help. I sincerely did not mean to cause you any trouble.

@stigatle@yarn.stigatle.no @xuu@txt.sour.is @lyse@lyse.isobeef.org “Not cool”? I was receiving many broken (HTTP 400 error) requests per second from an IP address I didn’t recognize, right after having my VPS crash because the hard drive filled up with bogus data. None of this had happened on this VPS before, so it was a new problem that I didn’t understand and I took immediate action to get it under control. Of course I reported the IP address to its abuse email. That’s a 100% normal, natural, and “cool” thing to do in such a situation. At the time I had no idea it was @xuu@txt.sour.is .

The moment I realized it was @xuu@txt.sour.is and definitely a false alarm, I emailed the ISP and told them this was a false positive and to not ban or block the IP in question because it was not abusive traffic. They haven’t yet responded but I do hope they’ve stopped taking action, and if there’s anything else I can do to certify to them that this is not abuse then I will do that.

I run numerous services on that VPS that I rely on, and I spent most of my day today cleaning up the mess all this has caused. I get that this caused @xuu@txt.sour.is a lot of stress and I’m sincerely sorry about that and am doing what I can to rectify the situation. But calling me “not cool” isn’t necessary. This was an unfortunate situation that we’re trying to make right and there’s no need for criticizing anyone.

@prologic@twtxt.net Yes, I can do that.

@stigatle@yarn.stigatle.no @prologic@twtxt.net my /tmp is also fine now! Thanks for your help @prologic@twtxt.net!