Anyone using XMPP? Iāve been hearing a lot about how it is the OG messaging protocol. That G00gle Talk used to use it as a back-end, that FB messanger and w_hatsapp use some modified version of it or something; And that setting up a server (or even using a public one) would be a better alternative to the aforementioned apps, so I did. Now the question is: āWhere the Fu__ are my video calls at!!? š¤£ā ⦠The protocol supports videoconferencing and Iām yet to find a decent Desktop/Mobile client that implements it. I wish I knew enough Code-Fu to contribute/help implement some, somewhere.
It seems another Japanese person has arrived at Geminispace. But I was updating the NEX protocol now.
Actually, Iām stupid: Iām using the normal rsync on OpenBSD as well.
And regarding OpenRsyncās general usability:
https://marc.info/?l=openbsd-misc&m=178090751524547&w=2
Right now openrsync is limited in functionality and is primarily present
for rpki-client. The limited functionality makes it unusable for generic
use and so any diff or change like the above will not be considered since it
is simply not ready.First problem to solve is to remove the mmap usage in openrsync. After
that modern protocol versions need to be added. Once that is in place one
can start a discussion about using openrsync as a default on OpenBSD.
@itsericwoordward@itsericwoodward.com I just want to let you know that your mention completion seems to be broken. :-) The URL is duplicated with a comma in between. Actually, the protocols differ. I suspect that you extract all url metadata fields from the feed, not only the canonical one used for hashing (the first one) and join them. Iām not completely sure, I would need to read up on the specs (itās already past bed oāclock, though), but I guess that there is no explicit rule for picking the mention URL. Without having thought about it too much, I reckon the safest bet is to stick to the hashing URL when in doubt and the URL that was used to subscribe to the feed is not available for whatever reason. The URL from the subscription list is probably even better.
TIL that SSH actually stands for Secure Snake Home, a massively multiplayer snake game playable via the SSH protocol: ssh snakes.run
Of course, no one else was online when I was playing, soā¦

What do the Gopher Troopers think of the following? The Gopher protocol is a nearly-forgotten network protocol from the early 1990s, designed to serve and navigate text-based menus and documents over the Internet. While itĀs far less common than HTTP/HTTPS today, there are still some security risks associated with Gopher and Gopher space. LetĀs break them down carefully: 1. Lack of Encryption Problem: Gopher was designed long before widespread use of SSL/TLS. All dataĀincluding credentials, file transfers, and menu selectionsĀis transmitted in plaintext. Impact: Anyone intercepting traffic (e.g., via a network sniffer, public Wi-Fi, or a compromised router) can read sensitive information, including usernames and passwords. 2. No Authentication or Access Control Problem: Gopher servers rarely implement robust authentication; access control is usually limited or non-existent. Impact: Unauthorized users might browse sensitive directories or download private files, particularly if servers are misconfigured. 3. Server Software Vulnerabilities Problem: Modern OSes can still run legacy Gopher servers, but the software is often unmaintained. Impact: Old software may contain buffer overflows, directory traversal bugs, or command injection vulnerabilities that attackers could exploit. 4. Malicious Gopher Links Problem: Gopher menus can contain links that point to scripts or other servers, similar to hyperlinks in HTTP. A client following a malicious link could inadvertently: Download malware Access sensitive internal network resources (server-side request forgery) Impact: Could serve as a vector for attacks if a user opens content from untrusted sources. 5. Legacy Protocol Weaknesses Problem: Gopher lacks modern web security mechanisms like: Content security policies Same-origin policies Cross-site request forgery protection Impact: If Gopher is bridged to other services (like modern browsers via gateways), old vulnerabilities may be exposed. 6. Information Leakage Problem: Gopher servers often provide directory listings without restriction. Impact: Sensitive files, backup directories, and internal documents may be exposed unintentionally. 7. Bridging Risks Problem: Some modern browsers access Gopher via gateways (HTTP-to-Gopher proxies). These bridges may: Expose sensitive internal resources to the gateway Introduce logging or tracking that wouldnĀt exist on pure Gopher Impact: Attacks could occur indirectly through insecure intermediaries. Key Takeaways Gopher is inherently insecure due to its design in a pre-HTTPS era. Main threats: eavesdropping, unauthorized access, malware delivery, and exploitation of unpatched server software. Safe practice: Use Gopher only in isolated, trusted environments, or through secure HTTP(S) gateways with proper sanitization.
@fe55c : Hi, which client do you use on Haiku? It seems to me that the protocol has been removed from WebPositive?
Okay, I had heard of āRiverā before but I was not aware of this:
https://codeberg.org/river/river
River defers all window management policy to a separate window manager implementing the river-window-management-v1 protocol. This includes window position/size, pointer/keyboard bindings, focus management, window decorations, desktop shell graphics, and more.
This sounds promising and it follows the old X11 model. River does all the nasty Wayland work and I can make just the WM? š¤š¤Æ
Sending this from the Lagrange Gemini Protocol Client!
Hello from Minnesota, birth place of the Gopher protocol!
Just a small update, on my birthday (on the 5th), I accidentally deleted the main page, of my website, so Iām using that as an opportunity, to try something new, at https://thecanine.smol.pub or gemini://thecanine.smol.pub - depending on your preferred protocol.
Any feedback is welcome!
@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:
1. The User Perspective (Untrustworthiness)The criticism of AI as untrustworthy is a problem of misapplication, not capability.
- AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
- The Rise of AI Literacy: Users must develop a new skillāAI literacyāto critically evaluate and verify AIās probabilistic output. This skill, along with improving citation features in AI tools, mitigates the āgaslightingā effect.
The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; itās skill evolution, not erosion.
- Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
- Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.
- Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced
robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.
I love it!
Giving the user multiple choices to do the same things is what is great about protocols in general.
Only plebeians and shabbos goyim care about politics, however. Naturally, the Jews would want you to sperg out about Trump in a hipster-protocol chat.
[2025/09/11 12:56:01.816] ā please set config.host when trying to run "bbycll". How to bypass that tiny hurdle?
Woot, thank you! Using a config.json like this:
{
"host": "localhost:31212",
"protocols": ["http"]
}
Indeed did the trick! I know it isnāt production ready, but I wanted to see with my own eyes, locally, how did it look. :-) I like where you are going! It is looking very nice, and polished. Canāt wait for an alpha, beta, and release!
[2025/09/11 12:56:01.816] ā please set config.host when trying to run "bbycll". How to bypass that tiny hurdle?
@bender@twtxt.net as the host (eg twtxt.net) determines the canonical url of the instance in generated feed url metadata as well as every hash of every post made on the instance internally, i added this error message to make sure people donāt accidentally set up their instance on localhost :p for testing i set it to localhost:31212 and protocols to ["http"], itās a recent addition that could definitely do with documenting in the getting started section
@dce@hashnix.club No worries š Itās all documented in our soecs, itās not such a common thing that weāve felt the great need to really solve, weāre aware folks want to sometimes have their feed on several protocols, and thatās totally fine⢠š
@dce@hashnix.club Ah, oh, well then. š„“
My client supports that, if you set multiple url = fields in your feedās metadata (the top-most one must be the āmainā URL, that one is used for hashing).
But yeah, multi-protocol feeds can be problematic and some have considered it a mistake to support them. š¤
Reading something spaghettycat wrote on tilde.green has got me looking into the xmpp protocol.
@lyse@lyse.isobeef.org They are optional dependencies and listed as such:
$ pacman -Qi pinentry
Name : pinentry
Version : 1.3.1-5
Description : Collection of simple PIN or passphrase entry dialogs which
utilize the Assuan protocol
Optional Deps : gcr: GNOME backend [installed]
gtk3: GTK backend [installed]
qt5-x11extras: Qt5 backend [installed]
kwayland5: Qt5 backend
kguiaddons: Qt6 backend
kwindowsystem: Qt6 backend
And itās probably a good thing that theyāre optional. I wouldnāt want to have all that installed all the time.
@movq@www.uninformativ.de Yeah, you gotta love when a ātotally real decentralized protocolā does that. How are they doing this and still pretending to be one, is beyond me.
The WM_CLASS Property is used on X11 to assign rules to certain windows, e.g. āthis is a GIMP window, it should appear on workspace number 16.ā It consists of two fields, name and class.
Wayland (or rather, the XDG shell protocol ā core Wayland knows nothing about this) only has a single field called app_id.
When you run X11 programs under Wayland, you use XWayland, which is baked into most compositors. Then you have to deal with all three fields.
Some compositors map name to app_id, others map class to app_id, and even others directly expose the original name and class.
Apparently, there is no consensus.
Happy 6th birthday, Gemini protocol!
@bender@twtxt.net Yeah, well, itās a bit like twtxt. There is a Gopher community, but itās small. I actually donāt like that HTTP is so easily accessible. I donāt like it that much when people post links to my site on HackerNews or something like that. Too much exposure.
Gopher is a small world. Itās slow and cozy.
And much like twtxt, the protocol is simpleĀ®, so itās easier to tinker with it.
Gopher server is back online and Iāll be phasing out Mastodon.
gopher://uninformativ.de
(No, I wonāt do multi-protocol twtxt again. š )
When I chose the MIT license for all of my software, I thought:
āShould I use GPL, which I donāt really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product ⦠and then what? Should I sue them to enforce the GPL? Iām not going to do that anyway, so Iāll just use the MIT license.ā
And now we have those LLM scrapers and now itās suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didnāt expect that back then.
GPL wouldnāt help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)
Iām honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.
(Yes, Anubis might help. Temporarily.)
Iām just tired.
if we got gopher holes, we need a protocol named ass, for assholes.
@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
Iām still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.
@movq@www.uninformativ.de @kat@yarn.girlonthemoon.xyz @quark@ferengi.one In 2014 one person created protocol ii. Later it forked in IDEC. Why i said this? Because itās simple āfederatedā forum-like protocol where from your station fetch another every 5-10 minutes. Stations has topic-based channels like idec.talks, linux.16, haiku.os, zx.spectrum. In short itās FIDO but.. more modern? Documentation: https://github.com/idec-net/new-docs (mostly Russian, but you can use translator, also protocol already translated to english)
Confession:
Iāve never found microblogging like twtxt or the Fediverse or any other āmodernā social media to be truly fulfilling/satisfying.
The reason is that it is focused so much on people. You follow this or that person, everybody spends time making a nice profile page, the posts are all very āego-centricā. Seriously, it feels like everybody is on an ego-trip all the time (this is much worse on the Fediverse, not so much here on twtxt).
I miss the days of topic-based forums/groups. A Linux forum here, a forum about programming there, another one about a certain game. Stuff like that. That was really great ā and it didnāt even suffer from the need to federate.
Sadly, most of these forums are dead now. Especially the nerds spend a lot of time on the Fediverse now and have abandoned forums almost completely.
On Mastodon, you can follow hashtags, which somewhat emulates a topic-based experience. But itās not that great and the protocol isnāt meant to be used that way (just read the snac2 docs on this issue). And the concept of ālikesā has eliminated lots of the actual user interaction. ā¹ļø
7 to 12 and use the first 12 characters of the base32 encoded blake2b hash. This will solve two problems, the fact that all hashes today either end in q or a (oops) š
And increasing the Twt Hash size will ensure that we never run into the chance of collision for ions to come. Chances of a 50% collision with 64 bits / 12 characters is roughly ~12.44B Twts. That ought to be enough! -- I also propose that we modify all our clients and make this change from the 1st July 2025, which will be Yarn.social's 5th birthday and 5 years since I started this whole project and endeavour! š± #Twtxt #Update
that said, and reading to @sorenpeter@darch.dk and @andros@twtxt.andros.dev I have new thoughts. I assume that this wonāt change anyoneās opinions or priorities, so it makes no harm sharing them.
Itās always tempting to use something that already exists (like X, Masto, Bsky, etc.) rather that building anything through effort and disagreement until reaching to something useful and valuable together. A āsocial serviceā is only useful if people is using it.
Iāll add that I havenāt lost interest on the āhackyā part of twtxt about developing tools, protocols, and extensions as a community. Itās the appealing part! Itās a nice hobby to have, shared with random people across the world.
But this is not the right way for me, and makes me feel that Iām unwelcome to propose something different (after watching replies to my previous twt). Feels like āIf you donāt agree, you are free to leave, weāll miss you.ā Naah, not cool. Iāve lived that many times before, and nowadays I donāt have enough spare time and energy for a hobby like that.
Letās see what happens next with the micro-community!
Nobody writes emails by hand using RFC 5322 anymore, nor do we manually send them through telnet and SMTP commands. The days of crafting emails in raw format and dialing into servers are long gone. Modern email clients and services handle it all seamlessly in the background, making email easier than ever to send and receiveāwithout needing to understand the protocols or formats behind it! #Email #SMTP #RFC #Automation
i feel like iāve stumbled upon an alternative internet universe, gemini protocol, the small internet and a counter-cultural world!
Iām thinking of building a hardened peering protocol for Yarn.socialās yarnd: pods establish cryptographic identities, exchange signed /info and /twt payloads with signature verification, ensuring authenticity, integrity, and spoof-proof identity validation across the distributed network.
irc.mills.io running behind Caddy Layer 4. However I don't terminate TLS at the edge in this case.
@prologic@twtxt.net OH SHIT using this for a protocol like gopher is smart! might have to try that for gemini so i donāt have to keep a port open for that
@prologic@twtxt.net @aelaraji@aelaraji.com It depends! If you are working with rsync and scp with the same protocol⦠I want to know! š
@aelaraji@aelaraji.com What protocol do you use?
exwm: Emacs X Windows Manager
EXWM (Emacs X Window Manager) is a full-featured tiling X window manager for Emacs built on top of XELB. ā« exwm GitHub page It supports both tiling and stacking windows, dynamic workspaces, RandR, a system tray, and a lot more. XELB stands for X protocol Emacs Lisp Binding, and itās a āpure Elisp implementation of X11 protocol based on the XML description files from XCB projectā. ā Read more
@prologic@twtxt.net twtxt DM is not a serious DM protocol.
Fascinating read on the emerging Model Context Protocol ā a new standard for integrating LLMs with agents and tools.
@bender@twtxt.net thinked about Gemini protocol. Why corporations shit this name with cryptocurrency and LLMs?
well, I assume by syntax you mean Gemtext (which I like a lot, my personal blog is built on top of it), so I think it might work for twtxt clientsā¦
I knew of twtxt in Gemini Antenna, so at least the 2017 spec might work on that protocol. I think the main issue with extensions is that they werenāt designed with many URLs and protocols in mind.
Also I have to admit that the Gemini community significantly reduced in the last few years. I donāt know how worth it is to add support for Gemini now.
@eapl.me@eapl.me I agree. The syntax is weird inside Gemini and twtxt is made with the http protocol in mind and Gemini doesnāt work with some extensions.
well⦠it has been an opportunity to build an artisanal microblogging client on top of a minimalist protocol. I agree on the hacker toy part.
And of course itās about being part of a niche community which is (mostly) amazing, and nurturing. As there is almost no one writing in my native spanish, it has been an interesting challenge to share my thoughts in english, as well.
I couldnāt say itās a āsocial networkā per se, I think it lack many engagement things usually associated with social networks, although it has a social part of igniting discussions, learnings and behavioral changes, which is the meaning of social for me.
What would happen if we didnāt use TCP or UDP?
At some point, I wonderedāwhat if I sent a packet using a transport protocol that didnāt exist? Not TCP, not UDP, not even ICMPāsomething completely made up. Would the OS let it through? Would it get stopped before it even left my machine? Would routers ignore it, or would some middlebox kill it on sight? Could it actually move faster by slipping past common firewall rules? No idea. So I had to try. ā« Hawzen Okay so the end result is that i ⦠ā Read more
12 years of incubating Wayland color management
The Wayland color-management protocol extension has landed on Feb 13th, 2025, in upstream wayland-protocols repository in the staging directory. It was released with wayland-protocols 1.41. The extension enables proper interactions between traditional (sRGB), Wide Color Gamut (WCG), and High Dynamic Range (HDR) image sources and displays once implemented in Wayland compositors and used in applications. Of course, a protocol is just a la ⦠ā Read more
@prologic@twtxt.net All the URL are missing the protocol part (https://) and my markdown parser does not know how to handle but I see yarnd does it just fine.