Got absolutely jack and sick of all the fucking useless bots, C&C and shit™ hitting my Git server tonight 🤬 So I sat down and built a lightweight version of Anubis, called caddy-pow. So now going forward, you’ll have to (sorry) have a HS-enabled browser to hit git.mills.io which will hopefully make most (if not all) bots just go the fuck away 🤦‍♂️ #Hostile #Web

@movq@www.uninformativ.de enjoy your vacation! A nice read here: https://web.archive.org/web/20260603173839/https://www.theatlantic.com/philosophy/2026/06/no-artificial-intelligence-is-not-conscious/687378/, if you get bored. :-P

@movq@www.uninformativ.de LOL. At least now you know your infrastructure and web server can handle some traffic. Consider it a test, in addition to the fleeting recognition. 🤣

Most of the time, I take a very very long time to do anything. If I say, for example, “I’ll build an IRC Web Client”, that may not happen for weeks, if not months, until my sub conscience has has time to process everything. It’s like basically a “feeling” of internal readiness. I never talk through it, never actively think about it, it just happens.

@movq@www.uninformativ.de I really like your style of writing, btw. It’s much calmer and less aggressive then mine. :-) When I turned my bullet points into paragraphs, I got a bit mad in the process.

Sure, feel free to include anything you want. Regarding citing, this is where twtxt falls short in my opinion. Especially with feed rotation, classic links die quickly. Message hashes only help so much. Nobody outside the twtxt universe knows how to deal with them. So, not perfect for inclusion on a web page. Linking to a thread or message on some yarnd instance might be the more user-friendly option. But the disadvantage is that it’s “just” a mirror, not the primary or original source. In all reality, this could be considered splitting hairs, though.

I should have probably written a proper article. That would have given me time to review the result more carefully, too. ;-) Perhaps that’s something for the future. But honestly, I’m not sure if I really want to waste my time and energy on that subject. So many other fun or useless things come to mind right away that I could do instead. 8-)

So, yeah, do whatever feels best to you. I don’t mind being cited or linked, but I also don’t mind not to be cited or not to be linked to. :-D Not a helpful answer, I know. Sorry. ;-) But anyway, thanks for asking, mate! I do appreciate it.

To finish my thought, linking to my frontpage is probably also useless, since I deliberatly do not have a table of contents there. In fact, my entire frontpage is rather silly.

@bender@twtxt.net Thanks for that as well, I’ve removed the extraneous letter and it now (correctly) points to https://www.itsericwoodward.com (I am a developer of webs, so I tend to have many webs in development at any given moment).

@rdlmda@rdlmda.me @prologic@twtxt.net The web is fucked. :-(

@rdlmda@rdlmda.me Yeah the “web” is pretty broken™ right? 😅

@prologic@twtxt.net so…

An isomorphic TypeScript library is a codebase, written in TypeScript, that can run in multiple JavaScript environments, most commonly both the web browser (client-side) and a server (like Node.js). The core idea is to share the exact same code across the frontend and backend, avoiding duplication and improving efficiency.

Vacation: Doing crazy things like C on DOS, lots of Rust, bare-metal assembly code, everything is fine.

Back at work: How the fuck do I move an email in this web mail program? Am I stupid? 😮‍💨

2025 end the year rewind:

Compared to only 3 new artworks in 2024 and next to no work, on other projects, this year I not only met the self-imposed goal of monthly pixelart, but exceeded it by 50%, with 18 additions in total.

Relicensed the majority of canine faction owned art and projects, under two less restrictive Creative Commons licensees*. This also applies retroactively, to everyone who used/archived our art and projects, back when the old license didn’t allow it.

Disappointed by the current state of the Internet and continued lack of competition among browsers, completely reworked the main website* and made Smol Drive** (a new image gallery project), both made to be compatible with as many web and Gemini browsers, as possible.

*see https://thecanine.smol.pub
**see https://thecanine.smol.pub/smolbox

Searching the web a bit brings up lots of threads where people hate WebP. The problem being that browsers support WebP but other programs tend to be problematic … ? 🤔

I have to say. A well designed Hypermedia Driven Web Application such as yarnd‘ using HTMX is just as good, i'd not better, than one written in React.

Speaking of WAF(s) / Web Applicaiton Firewalls – I actually had forgotten that not only have I designed a new WAF from scratch, but I’ve actually implemented it already, and done some local testing. I just haven’t put it into production yet… What od you think @aelaraji@aelaraji.com ? 🤔 https://git.mills.io/prologic/caddy-waf

@prologic@twtxt.net The main thing that I tought of is that whomever is abusing your services must be a well known actor (by range/set of IPs) that got reported by other Crowdsec users. So to my simpleton’s understanding, your reverse-proxy/web server passes the requests by crowdsec for processing, they get banned for $N hours if the source has already been blacklisted by the community or violates any of a set of behavior base rules (and even more hours for repeat offenders); otherwise the requests/responses go as per usual. Not sure if I got things right but this might help paint a better picture of the process.

Tired to re-enable the Ege route to git.mills.io today (after finishing work) and this is what I found 🤯 Tehse asshole/cunts are still at it !!! 🤬 – So let’s instead see if this works:

$ host git.mills.io 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

git.mills.io is an alias for fuckoff.mills.io.
fuckoff.mills.io has address 127.0.0.1

PS: Would anyone be interested if I started a massive global class action suit against companies that do this kind of abusive web crawling behavior, violate/disregards robots.txt and whatever else standards that are set in stone by the W3C? 🤔

At this point I’m considering starting a class action lawsuit for all the self-hostess and little-web folks that want to host a small thing or two and sue these fucking inconsiderate fucking corporate giants, hopefully win, and make them respect others on the web.

This looks like a botnet, to be honest. The IPs are all over the place. Ethopia, Brazil, Kenya, Lebanon, Netherlands, … I mean, that’s the logical thing to do, isn’t it? Do your web crawling on infected PCs. Nobody will block those, because those are the same IP ranges as legitimate requests. And obviously you don’t have to pay for computing time.

… and they all send invalid HTTP requests, all answered with HTTP 400 … How silly.

@bender@twtxt.net I think that’s where it sends the capture verification requests. It’s based on PoW, so it has to perform validation somehow. It actually looks pretty decent as far as a way to prevent spam/abuse of forms on the open web (e.g: Waitlist on SnipMail).

@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:

The criticism of AI as untrustworthy is a problem of misapplication, not capability.

• AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
  
• The Rise of AI Literacy: Users must develop a new skill—AI literacy—to critically evaluate and verify AI’s probabilistic output. This skill, along with improving citation features in AI tools, mitigates the “gaslighting” effect.
  

The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; it’s skill evolution, not erosion.

• Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
  
• Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
  

The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.

• Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.

Java’s Swing is allegedly in “maintenance mode”, so I doubt it’s a good idea to use it for new programs. For example, I very much doubt that it will ever support Wayland.

The replacement is supposed to be JavaFX, but that’s not included in JREs – anymore! It used to be, now it’s not, even though it’s well over 15 years old now.

This whole thing (“Java GUIs”) appears to have stagnated a lot. Probably because everything is web stuff these days …

https://www.oracle.com/java/technologies/javafx/faq-javafx.html#6

@movq@www.uninformativ.de Yeah, give it a shot. At worst you know that you have to continue your quest. :-)

Fun fact, during a semester break I was actually a little bored, so I just started reading the Qt documentation. I didn’t plan on using Qt for anything, though. I only looked at the docs because they were on my bucket list for some reason. Qt was probably recommended to me and coming from KDE myself, that was motivation enough to look at the docs just for fun.

The more I read, the more hooked I got. The documentation was extremely well written, something I’ve never seen before. The structure was very well thought out and I got the impression that I understood what the people thought when they actually designed Qt.

A few days in I decided to actually give it a real try. Having never done anything in C++ before, I quickly realized that this endeavor won’t succeed. I simply couldn’t get it going. But I found the Qt bindings for Python, so that was a new boost. And quickly after, I discovered that there were even KDE bindings for Python in my package manager, so I immediately switched to them as that integrated into my KDE desktop even nicer.

I used the Python KDE bindings for one larger project, a planning software for a summer camp that we used several years. It’s main feature was to see who is available to do an activity. In the past, that was done on a large sheet of paper, but people got assigned two activities at the same time or weren’t assigned at all. So, by showing people in yellow (free), green (one activity assigned) and red (overbooked), this sped up and improved the planning process.

Another core feature was to generate personalized time tables (just like back in school) and a dedicated view for the morning meeting on site.

It was extended over the years with all sorts of stuff. E.g. I then implemented a warning if all the custodians of an activitiy with kids were underage to satisfy new the guidelines that there should be somebody of age.

Just before the pandemic I started to even add support for personalized live views on phones or tablets during the planning process (with web sockets, though). This way, people could see their own schedule or independently check at which day an activity takes place etc. For these side quests, they don’t have to check the large matrix on the projector. But the project died there.

Here’s a screenshot from one of the main views: https://lyse.isobeef.org/tmp/k3man.png

This Python+Qt rewrite replaced and improved the Java+Swing predecessor.

@lyse@lyse.isobeef.org To be fair, I’m not convinced of the web design / user interface decisions either. I just hacked this together over a couple of days. I’m not sold on any of the UI/UX thus far. Open to suggestions, improvements, hell even a complete CSS rewrite 🤣 UI/UX nor CSS is my strong suite 😂

@bender@twtxt.net Kaboom! Hahaha, I did not think of that at all, thanks for pointing it out, mate! :‘-D

But let me clarify just in case: I honestly do not want to bash this project. In fact, it’s a great little invention. It’s just that I’m not conviced by the current user interface decisions. Anyway, web design isn’t right up my alley. I just wanted to add some fun. And luckily, at least someone liked it so far. :-)

@aelaraji@aelaraji.com yeah, it looks tedious because it is. LOL. I can twt no matter where I am because a) with Yarn is as easy as opening a web browser, and b) with jenny is as easy at SSHing to my VPS. But, the keyword is fun. That’s what matters!

@movq@www.uninformativ.de I wouldn’t consider this a “dark web”, no. It’d just be a new web on top of an already existing “physical” infrastructure, where the web that grew out of that is total garbage.

@prologic@twtxt.net I’m pretty sure that’s going to happen at some point or has already happened. 😃 Is this “the dark web”? 😅

🤔 💭 🧐 What if, What if we built our own self-hosted / small-web / community-built/run Internet on top of the Internet using Wireguard as the underlying tech? What if we ran our own Root DNS servers? What if we set a zero tolerance policy on bots, spammers and other kind of abuse that should never have existed in the first place. Hmmmm

@movq@www.uninformativ.de I submitted it via the form on their website (https://digital-markets-act.ec.europa.eu/contact-dma-team_en) and got the following response:

Dear citizen,

Thank you for contacting us and sharing your concerns regarding the impact of Google’s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties.

As you may be aware, the Digital Markets Act (‘DMA’) obliges gatekeepers like Google to effectively allow the distribution of apps on their operating system through third party app stores or the web. At the same time, the DMA also permits Google to introduce strictly necessary and proportionate measures to ensure that third-party software apps or app stores do not endanger the integrity of the hardware or operating system or to enable end users to effectively protect security.

We have taken note of your concerns and, while we cannot comment on ongoing dialogue with gatekeepers, these considerations will form part of our assessment of the justifications for the verification process provided by Google.

Kind regards,
The DMA Team

@itsericwoodward@itsericwoodward.com No worries, all good, mate! We all have to start somewhere. Other software requests my feed several orders of magnitude more often.

I can confirm, the User-Agent header appears to be fixed. \o/

Two other things I noticed, though:

1. There’s now an OPTIONS request for my feed coming from something that claims to be Firefox, pointing to your feed URL in the query. No clue what this is about. In any case, it’s rejected with a 405 Method Not Allowed.

2. Not that these few requests bother me at all, but you might wanna implement caching next with either the If-Modified-Since or If-None-Match request headers. This way, if the feed hasn’t changed, the web server can reply with a 304 Not Modified and no body at all, saving unnecessary traffic. But again, this is really not an issue for me at all. I just wanted to make sure you’re aware of it, that’s all. It might be even already on your agenda. Or you might decide to never do anything about it, which is also fine for me. :-)

@prologic@twtxt.net That zs looks pretty cool! I love simple static site generators, and look forward to trying it on my next web site project. Kudos!

Hi everyone, here’s a little introduction of my twtxt client (still WIP).

The client I’m developing is a single tenant project that runs entirely in the browser (it might use an optional backend).

It’s entirely based on native web-components and vanilla JS, it is designed to act closer to a toolkit than a full-fledged client, allowing users to “DIY” their own interface with pure html or plain javascript functions.

Users can also build their own engines by including a global javascript object that implement the defined internal API (TBD).

I’m planning to build a system that is easy enough to build and use with any skill level, using only pure html (with a homebrew minimal template engine) or via plain JS (I’ll be also providing some pre-made templates too).

Everything can be self-hosted on any static hosting provider, this allows to spread twtxt within communities like Neocities and similarly hosted websites (basically any Indieweb/Smallweb/Digital garden website and any of the common GitHub/Lab/Berg/lify Pages).

It will be probably named something like TxtCraft or craf.txt but I’m not really sure yet… 🤔 (Maybe some suggestions could help)

I’m still in the experimental phase, so there’s no decent source-code to share yet, but it will soon enough!

@thecanine@twtxt.net With a progressive web app (PWA) you can have a native like experience without having to trouble yourself with building a second project that act as a client.

You can even “wrap” it into a packaged installation and publish it on stores, theres even projects to streamline it https://www.pwabuilder.com/.

@zvava@twtxt.net Not much of a known fact these days, but thereused to be a Yarn phone app (https://git.mills.io/yarnsocial/app), last version released 5 or so years ago, but it still suggests, it has to be somewhat feasable, to make another one. I don’t think anyone tried since, because the web version works well on phones, but I’m still hoping, we get a more native phone experience, one day.

@thecanine@twtxt.net it should work everywhere. It is a web application.

@prologic@twtxt.net im unsure how i feel about the hash v2 proposal, given it is completely backward incompatible with hash v1 it doesn’t really solve any of the problems with it. it only delays collisions, and still fragments threads on post edits

i skimmed through discussions under other the proposals — i agree humans are very bad at keeping the integrity of the web in tact, but hashes in done in this way make it impossible even for systems to rebuild threads if any post edits have occurred prior to their deployment

Thanks to a blog post by ~solderpunk and the presence of ImageMagick on my pubnix, all of my weirdcore art (apart from the animated works) is now under 32K in size! Honestly, I’d say the lower JPEG quality actually adds to the vibe of the images: something from the early web, taken permanently out of context and long forgotten.

@thecanine@twtxt.net I’d expect especially power users not to use the web frontend. Unfortunately, in order to submit MR reviews that’s very often just the only option.

Dear dev.alessandrocutolo.it, do you really need to fetch my twtxt feed every 20-30 seconds? 😅 Not that it’s posing a problem, but I feel like this could be optimized. For example, how about using the if-modified-since request header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/If-Modified-Since

@bender@twtxt.net Cool, the PDF doesn’t have the navigation links between each section, that’s indeed a tad nicer. Thanks!

@kat@yarn.girlonthemoon.xyz Oh dear, nobody needs bot attacks. :-( Luckily, the web server responding a hell lot quicker today than the last two days.

Now that’s interesting. Some of these bots start crawling at URLs like this:

https://uninformativ.de/projects/lariza/NetTracer-Scenes/GPUTracer/multipass/xlonitor/http-collect/getpw

That is obviously completely wrong. But I can explain it. Some years ago, I screwed up my nginx rewrite rules, and that’s how these broken URLs came to be.

It all redirects to /git now, which is why that endpoint sees so much traffic lately.

But what does that mean? Why do they start there? I can only speculate that this company bought an old database of web links and they use that to start crawling. And it was probably a cheap one, because these redirects have been fixed for quite a long time now.

@movq@www.uninformativ.de I heard about a defence against badly-behaved crawlers a while ago: an HTML zip bomb. This post explains how to do it. Essentially, web servers can serve compressed versions of webpages and, with a little trickery, one can replace the compressed page with a different file. After that, any bot that tries to crawl the page will instead download and unpack a zip bomb that will cause it to crash.

UNIX: A History and a Memoir by Brian Kernighan

https://www.youtube.com/watch?v=WEb_YL1K1Qg

I could listen to him all day.

@movq@www.uninformativ.de having to go to a gopher proxy to see a text document better served on readily available web servers… 🤭, but I digress. Verbatim text:

What's Missing from "Retro"
~softwarepagan
------------------------------------------------------------------
You know, often, when I say I miss older ways of computing or
connecting online, people tell me "there's nothing stopping you
from doing that now!" and they are technicay correct in most cases
(though I can't, for example, chat with friends on MSN ever
again...) However, let me explain that while this type of thing can
*sort of* fill that hole in my heart, it isn't *the same.*

Say, for example, I wanted to connect with others over a BBS. This
wouldn't offer the same types of connections it used to. While
there are BBSes around with active users, they're no longer there
to discuss movies, Star Trek, D&D, games, etc. They're there to
discuss *BBSes.* The same can be said for Gopher, old-school forums
and all sorts of revival projects (such as Escargot, Spacehey,
etc.) Retrocomputing enthusiasts, while they have a variety of
interests, are often in these spaces to discuss the medium itself
and not other topics. This exists at a stark contrast from how
things were in the past, where a non-tech-inclined person may learn
the tech to connect with likeminded others (as I did as a
Zelda-obsessed kid.)

The same can be said of old media. People will say "well, nobody is
stopping you from watching old shows/movies now!" Again, they are
technically correct. I can go home right now and watch *Star Trek:
The Next Generation* to my heart's content. It will never again,
however, be current, or new. When something is new, it serves as a
shared cultural experience. Remember how "Game of Thrones* felt in
the mid-to-late 2010s? Yeah, that.

It's sad. I sustain myself on a mixed diet of old things, new
things, and new things intended for old millenials like me who like
old things. It can be bittersweet. 

Spiders are the only web developers that enjoy finding bugs.

@lyse@lyse.isobeef.org you will have to agree, though, that Yarn has contributed to make it possible to mass adopt (with its many glitches, bugs, and all) because, still, the web is king.

i signed up for omg.lol and i’m really liking it. such a cozy and fun little community with a suite of fun web things. i wish the financial barrier to entry was a bit lower though (maybe like $5 for a few months on it or something) just so i could recommend it to my broke friends more, but i totally get why it’s priced the way it is (solo dev!!!)

@lyse@lyse.isobeef.org A web app called Floor Plan Creator

working on a new astroJS based site and i hate being shit at web design because like i have the media for it ready (it’s for my fandom creations which are all done and ready to be shared here lol) but i keep agonizing over the design T__T

@lyse@lyse.isobeef.org I know web server which reject request with Referrer header