@movq@www.uninformativ.de @prologic@twtxt.net Unfortunately, I had to review a coworker’s code that was also spewed out the same way. It was abso-fucking-lutely horrible. I didn’t know upfront, but then asked afterwards and got the proud (!) answer that it indeed was “assisted”. I bet this piece of garbage result was never checked or questioned the tiniest bit before submitting for review. >:-( It didn’t even do the right thing as a bonus.

What a giant shitshow. Things just have to burn to the ground several times.

I noticed Google put out this article: https://android-developers.googleblog.com/2025/09/lets-talk-security-answering-your-top.html it’s very current day Google, but the comments under the YouTube video are pretty on point and I saw a few familiar faces there. There is also, unexpectedly, ways to contact Google.

First a form for “teachers, students, and hobbyists”, that I filled politely, as someone who falls under their hobbyist category. It can be filled both anonymously, or with an e-mail attached, to be contacted by them (I chose the second option).

Also a general feedback and questions form, that I was not as polite in and used to send them the following message:

I have already provided some feedback, in the teacher, student and hobbyists form/questionaire, as well as an open letter I’ve recently sent to the European Commission digital markets act team, as I do believe your proposal might not even be legal, given the fact it puts privacy-focused alternative app stores at risk (https://f-droid.org/cs/2025/09/29/google-developer-registration-decree.html) and it was proposed this early, after Google lost in court to Epic Games, over similar monopoly concerns. Why should we trust Google to be the only authority for all developer signatures, right after the European courts labeled it a gatekeeper?

Assuming this gets passed, despite justified developer backlash and at best questionable legality, can you give us any guarantees, this will not be used to target legal malware-free mods, or user privacy enhancing patchers, like the ones used for applying the ReVanced patches? I have made a few mods myself, but I am in no way associated with the ReVanced team. I just share many peoples concerns, Google Chrome has been conveniently stripped of its manifest v2 support, that made many privacy protecting extensions possible and now you’re conveniently asking for the government IDs, of all the developers, who maintain these kinds of privacy protections (be it patches, or alternative open-source apps) on Android.

I was trying to say (badly):

That’s kind of my position on this. If we are going to make significant changes in the threading model, let’s keep content based addressing, but also improve the user experience. Answering your question, yes I think we can do some combination of both.

@alexonit@twtxt.alessandrocutolo.it Yhays kind of love you!! Stance and position on this. If we are going to make chicken changes in the threading model, let’s keep content based addressing, but also improve the use of experience. So in fact, in order to answer your question, I think yes, we can do some kind of combination of both.

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

@zvava@twtxt.net Good question. This is the spec, I think:

https://twtxt.dev/exts/metadata.html#nick

It doesn’t say much. 🤔

In the wild, I’ve only seen “traditional” nick names, i.e. ASCII 0x21 thru 0x7E.

My client removes anything but r'[a-zA-Z0-9]' from nick names.

at first i dismissed the idea of likes on twtxt as not sensible…like at all — then i considered they could just be published in a metadata field (though that field could get really unruly after a while)

retwts are plausible, as “RE: https://example.com/twtxt.txt#abcdefg”, the hash could even be the original timestamp from the feed to make it human readable/writable, though im extremely wary of clogging up timelines

i thought quote twts could be done extremely sensibly, by interpreting a mention+hash at the end of the twt differently to when placed at the beginning — but the twt subject extension requires it be at the beginning, so the clean fallback to a normal reply i originally imagined is out of the question — it could still be possible (reusing the retwt format, just like twitter!) but i’m not convinced it’s worth it at that point

is any of this in the spirit of twtxt? no, not in the slightest, lmao

@zvava@twtxt.net I reckon there’s currently nobody working on v2. Which timezone are you in? Just post your questions here or head over to #yarn.social at libera.chat for a more realtime conversation via IRC.

is there someone (ideally not in the opposite timezone to me) who’d be willing to let me bother them with technical questions abt twtxtv2 and/or yarn’s inner workings? :3

Is that really necessary? How hard is it to make a 32-bit build? 🤔 Honest question. https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/

@prologic@twtxt.net I’m not smart enough to answer that question. 😅 Certainly feels like unregulated capitalism. Governments being too slow and/or unwilling to intervene … It’s a mess.

@prologic@twtxt.net Hmm, good question. I haven’t checked the market, I got mine from someone I know. But to be honest, I’d suspect that buying a used one is actually your best shot, because there is virtually no market for these devices anymore, meaning new ones are very, very expensive. 🫤

FWIW, I have an OKI Microline 3390eco. Good thing is, you can still buy new cartridges for it.

If you want to buy a new device, check if it supports the “ESC/P” standard. That’s very widely supported.

@kat@yarn.girlonthemoon.xyz @movq@www.uninformativ.de Sorry, I neither finished it nor in time. :-( That’s as good as it’s gonna get for the moment: https://git.isobeef.org/lyse/gelbariab/-/tree/master/rss-proxys?ref_type=heads

The README should hopefully provide a crude introduction. The example configuration file is documented fairly well, I believe (but maybe not). You probably still have to consult and maybe also modify the source code to fit your needs.

Let me know if you run into issues, have questions, wishes etc.

Thanks @bender@twtxt.net! Yeah, so super cute. I couldn’t pet them, though. Despite very curious, they were also very restless.

I persuaded my dad to check out the fireflies with me tonight. He only wanted to go for a short trip, so we came just across a couple hundred of them. Otherwise, the thousands mark would have been exceeded in no time. He was super glad I talked him into that. :-)

It was also my first time to see them over the meadows. Those numbers don’t compare to the ones inside the forest, no question, but we probably saw 60 or so. Haven’t come across them there before, I only heard and read about that.

Note to future-Lyse next year: Leaving at 21:45 seems like a good time. We left earlier and had to wait just a few more minutes for them to come out in masses.

Too bad it’s impossible to share photos or videos. My camera isn’t made for that at all, not even close.

@lyse@lyse.isobeef.org

They’re all talks, not real hands-on trainings like you did.

I love listening to good, well-structured talks. Problem is, not everybody is a good speaker and many screw it up. 🥴 I’m certainly not a great speaker, which is why I gravitate more towards “workshops”, in the hopes that people ask questions and discussions arise. Doesn’t always work out. 🤣 At the very least, I almost always have some other person connect to the projector/beamer/screenshare and then they do the stuff – this avoids me being wwwwaaaaaaaaayyyy too fast.

We are usually drowned in stress and tight deadlines, hence events like today are super rare … We used to do it more often until ~10 years ago.

Once a year the security guys organize a really great hacking event, though.

Oh dear, I’d love to participate in that. 🤯 That sounds like a lot of fun. (Why don’t we do this?!)

@bender@twtxt.net Both Gopher and Mastodon are a way for me to “babble”. 😅 I basically shut down Gopher in favor of Mastodon/Fedi last year. But the Fediverse doesn’t really work for me. It’s too focused on people (I prefer topics) and I dislike the addictive nature of likes and boosts (I’m not disciplined enough to ignore them). Self-hosting some Fedi thing is also out of the question (the minimalistic daemons don’t really support following hashtags, which is a must-have for me).

I’ll probably keep reading Fedi stuff, I just won’t post that much, I think.

One of the nicest things about Go is the language itself, comparing Go to other popular languages in terms of the complexity to learn to be proficient in:

• Go: 25 keywords (Stack Overflow); CSP-style concurrency (goroutines & channels)
  
• Python 2: 30 keywords (TutorialsPoint); GIL-bound threads & multiprocessing (Wikipedia)
  
• Python 3: 35 keywords (Initial Commit); GIL-bound threads, asyncio & multiprocessing (Wikipedia, DEV Community)
  
• Java: 50 keywords (Stack Overflow); threads + java.util.concurrent (Wikipedia)
  
• C++: 82 keywords (Stack Overflow); std::thread, atomics & futures (en.cppreference.com)
  
• JavaScript: 38 keywords (Stack Overflow); single-threaded event loop & async/await, Web Workers (Wikipedia)
  
• Ruby: 42 keywords (Stack Overflow); GIL-bound threads (MRI), fibers & processes (Wikipedia)
  

@kat@yarn.girlonthemoon.xyz I only listened to you while going through my photos, so I did not pay very close attention. :-)

Since you have a proper server – haha, not just one – and hence are not limited, I suggest you learn a real programming language and don’t waste your time with this PHP mess. It might have improved a wee bit since I was a kid, but it felt like some hacked together shit. The defaults also were questionable at best, it was easier to hold it wrong than right. This stands testament to bad design and is especially terrible from a security point of view.

You’re right, programming is like any other craft. You only truly learn by actually doing it. And this just takes time. Very long time to master it. Or as close to as it gets. The more you know, the more you realize what else you don’t know (yet). It’s a never ending process. So, take it easy, don’t get discouraged, happy hacking and enjoy the endeavor! :-)

Nobody want to be a shitty programmer. The question is: Do you do anything not to not be one?
Reading blogs or social media and watching YouTube videos is fun. After them, your code may be a little better, of course. But you need a lot. You need to study! Read good books and study the code of other programmers, for example. Maybe work with a new language, architectures and paradigms. You need break the routine.

If you know Object-oriented programming, you learn functional programming.
If you know Model-View-Controller, you learn Model-View-ViewModel.
If you don’t know anything about architectures, you learn Clean Architecture, Hexagonal Architecture, etc.
If you know Python, you learn Ruby or Go.
If you know Clojure or Lisp… you don’t need to learn anything else. You are already a good programmer. Just kidding. You can learn Elixir or Scala.

Be a good programmer my friend.

@movq@www.uninformativ.de Oooooohhhhhh, I see. Hmmmm.

To answer your question: Ideally, you would have replied directly to my reply. :-) The flat conversation model always felt unnatural to me. I just yielded to the community’s way of doing it.

@prologic@twtxt.net done! hey i got a question, you got any clue why my feeds aren’t updating? maybe it has to do with the new cache flag but i messed with that a bit and didn’t notice a difference. basically it’s like i have to manually restart yarnd to see new posts it’s really weird lol

Why Even Try If You Have A.I.?
Comments ⌘ Read more

What Is “Induced Atmospheric Vibration”?
Comments ⌘ Read more

@movq@www.uninformativ.de You better push new code sooner!!

As @bender@twtxt.net says, that sounds like a bot. I’d just block the IP address, hoping it doesn’t change all the time. But then you know for sure that it’s the AI fuckwits.

Also, the devil in me thinks it’s funny to swap out the repo in question for something entirely different. :-D

Je voudrais synchroniser 2 disques : l’un contient des musiques au format .opus, il faut les convertir sur le second disque au format mp3. J’utilise déjà beets pour importer les musiques sur le premier disque. Comment vous feriez ça? Merci! #question

@lyse@lyse.isobeef.org oh wow! That would be something I would print, frame, and hang somewhere very visible, with the image in question in it, of course. Soooo hot!

Where did the false “equal transit-time” explanation of lift originate from?
Comments ⌘ Read more

@andros@twtxt.andros.dev Good question, besides that, is there any place where all of them get listed?

I only know these ones:

• https://twtxt.envs.net
  
• https://twtxt.tilde.institute
  
• https://registry.twtxt.org

“Here’s what we do know: After their meeting ended and Vice President Vance left the room, the pope was still alive. We can deduce that he was alive, because he was heard asking an assistant, “Ho appena incontrato il volto del diavolo?” which roughly translates to, “Have I just encountered the face of the devil?” It’s a very common question that has been asked in many languages after encounters with JD Vance.”

I couldn’t help but chuckling a bit while reading.

@bender@twtxt.net This story just reminds me of the couple of times we’ve paid for things in cash 💰 💲 and the stupid banks with the ridiculous “scam alert policy” ask you all kind of dumb ass questions about what you need the cash for 🤦‍♂️ One of these days I need an excuse to buy something that costs a few $k just so I can answer when asked, “what do you need the cash for?” to which my response will be “drugs and hookers of course!” 🤣

‘Immediate red flags’: questions raised over ‘expert’ much quoted in UK press
Comments ⌘ Read more

@movq@www.uninformativ.de That is a good question, I’ve been on v0.17.3 for some time. In the past there has been one scheme update that I remember and the there was no issue. Maybe this next week I will try out v0.18 and post back.

I really don’t mess with it being on a cron so tend to forget until I need it :-)

“I bought a Mac”
Yep. I regret to inform you all that, as of January 2025, I am a Mac user: I bought a Mac. I have betrayed the penguin. So, how did such an icon of early 2000s Apple fall into my grubby hands? Well, it all started with the Wii U. I’m not joking. ↫ Loganius That’s one heck of an excuse to get a PowerPC G4 – needing to do Linux kvm hacking to fix a bug. While getting the PowerMac G4 they bought all set up and working properly for development purposes, someone else fixed the bug in question in the mean … ⌘ Read more

There are now two (recentish) quotes I really like these days:

The smartest person in the room is not the one with all the answers—it’s the one who’s brave enough to ask the dumb questions

and

The kindest person in the room is often the smartest

@prologic@twtxt.net is that a rhetorical question? :-D

Great Question (YC W21) Is Hiring Applied AI Engineers
Comments ⌘ Read more

How big is VMS?
This question was asked during my Boot Camp presentation last fall in Boston, and over the past 35 years dozens of times people have asked, how big is VMS? That translates into “how many lines of code are in VMS”? I thought it was time to at least make a stab at pursuing some insight into the answer. I wrote some command procedures to count the number of source lines in .B32, .B64, .C, .MAR, .M64, and .S files. Not counted are blank lines and lines beginning with the standard comment characters and m … ⌘ Read more

A hike to the highest mountain in the Odenwald, the Katzenbuckel, lit. cat hillock. It was very windy and the sun very rarely showed its face, so it was quite chilly. Nice scenery, nevertheless. Surprisingly, this ski-jumping hill is still in operation. I’ve never expected this in a hundred years, judging by its state. https://lyse.isobeef.org/katzenbuckel-2025-03-29/

Greek Language Question
Comments ⌘ Read more

Asking Good Questions Is Harder Than Giving Great Answers
Comments ⌘ Read more

@bender@twtxt.net I taught the whole ecosystem 😁
@prologic@twtxt.net @eapl.me@eapl.me The question I was asked the most was: How do I discover people?
Someone came up with a fantastic idea, instead of adding the new twt at the end of the feed, do it at the beginning. So you can paginate by cutting the request every few lines.

Rock Identification
⌘ Read more

You can find the #twtxt-el channel in Libera IRC to talk about the twtxt.el client, I will keep my connection open so you can ask me questions. Thank you!

Google, DuckDuckGo massively expand “AI” search results
Clearly, online search isn’t bad enough yet, so Google is intensifying its efforts to continue speedrunning the downfall of Google Search. They’ve announced they’re going to show even more “AI”-generated answers in Search results, to more people. Today, we’re sharing that we’ve launched Gemini 2.0 for AI Overviews in the U.S. to help with harder questions, starting with coding, advanced math and multimodal queries, with mor … ⌘ Read more

@prologic@twtxt.net @david@collantes.us Good question, was this on live TV? I think it was? 🤔

Mozilla deletes promise not to sell Firefox users’ data
The hits just keep on coming. Mozilla not only changed its Privacy Notice and introduced a Terms of Use for Firefox for the first time with some pretty onerous terms, they also removed a rather specific question and answer pair from their page with frequently asked questions about Firefox, as discovered by David Gerard. The following question and answer were removed: Does Firefox sell your personal data? Nope. Never have, … ⌘ Read more

Question to the twtxt veterans, are we experiencing an explosion of clients or is this a regular occurrence?

Mozilla is going to collect a lot more data from Firefox users
I guess my praise for Mozilla’s and Firefox’ continued support for Manifest v2 had to be balanced out by Mozilla doing something stupid. Mozilla just published Terms of Use for Firefox for the first time, as well as an updated Privacy Notice, that come into effect immediately and include some questionable terms. The Terms of Use state: When you upload or input information through Firefox, you hereby grant u … ⌘ Read more

Microsoft is paywalling features in Notepad and Paint
There’s some bad news for Windows users who want to use all of the built-in features of the operating system and its integrated apps. Going forward, Microsoft is restricting features in two iconic apps, which you’ll need to unlock with a paid subscription. The two apps in question? Notepad and Paint. Windows Insiders were previously able to use these app features free of charge. However, Microsoft is now making it necessary … ⌘ Read more

trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);