Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

hey! i asked this a while ago but i have to ask again – is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she’s unable to access my site for personal reasons. she’s really interested in seeing what yarn is about so if anyone is willing and able, let me know!

Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)

fn mydiv(num: f64, denom: f64) -> Option<f64> {
    // (Let’s ignore precision issues for a second.)
    if denom == 0.0 {
        return None;
    } else {
        return Some(num / denom);
    }
}

fn main() {
    // Explicit, verbose version:
    let num: f64 = 123.0;
    let denom: f64 = 456.0;
    let wrapped_res = mydiv(num, denom);
    if wrapped_res.is_some() {
        println!("Unwrapped result: {}", wrapped_res.unwrap());
    }

    // Shorter version using "if let":
    if let Some(res) = mydiv(123.0, 456.0) {
        println!("Here’s a result: {}", res);
    }

    if let Some(res) = mydiv(123.0, 0.0) {
        println!("Huh, we divided by zero? This never happens. {}", res);
    }
}

You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)

Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.

The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.

The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.

Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.

(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.

(If today’s tech wasn’t constantly trying to track and scam you, I might still be an early adopter.)

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

next up: authentication center / for both work & personal use.
for the work project, the customers (of my client) are unhappy with the account login flow and I need a fast & easy SSO for them.

for personal use: just a gateway to lock all the apps and provide access to friends.

i slowly realize the power of 1% everyday on what i am doing.

Maybe you’ll enjoy this as well:

I still have one of my first modems, a Creatix LC 144 VF:

Image

I think this was the modem that I used when I first connected to the internet, but I’m not sure.

I plugged it in again and it still works:

Image

Image

The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)

I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:

Image

Not spectacular, but the modem does answer after me entering ATA.

I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.

@prologic@twtxt.net that will not be a problem; as long as it doesn’t affect authenticated users it wouldn’t make a difference. But we are comparing apples and eggs here. I don’t access GitHub while unauthenticated, but I can see how others might. It comes across as anti-web in general.

@movq@www.uninformativ.de, “60 requests per hour”, eh? Was that a thing (that is, unauthenticated access to GitHub)?! I know I am on the minority, perhaps, as I rarely (or never) access GitHub unauthenticated.

Introducing the Meta AI App: A New Way to Access Your AI Assistant
Comments ⌘ Read more

Finding Things the Government Might Know About You
Comments ⌘ Read more

DeepMind releases Lyria 2 music generation model
Comments ⌘ Read more

Steam to highlight accessibility support for games on store pages
The Steam store and desktop client will soon be able to help players find games that feature accessibility support. If your game has accessibility features, you can now enter that information in the Steamworks ‘edit store’ section for your app. ↫ Steam announcements page I have a lot of criticism for the Steam client application – it’s a overly complex, unattractive, buggy, slow, top-heavy Chrome engi … ⌘ Read more

good morning friends. i don’t know what i’m gonna do today. perhaps work on my patreon and login wall more personal sites behind authelia that i could offer access to via patreon tier

is it like… ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because i’ve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk i’m trying to think of ways to support my server stuff but every time i come up with something it feels weird

@bender@twtxt.net Exactly. I suspect it was because of sqlitebrowser also accessing the database in parallel to debug the original issue.

So far, I have not found the exact reason why some replies don’t show up. When I do not filter for unread messages and show all, though, I actually see them. So, there’s that.

ActiveX disabled by default in Microsoft 365
ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks. Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification. ↫ Zaeem Patel at the Microsoft 365 Insider Blog Be ho … ⌘ Read more

Access to future AI models in OpenAI’s API may require a verified ID
Comments ⌘ Read more

Treasury’s OCC Says Hackers Had Access to 150k Emails
Comments ⌘ Read more

Then I cleaned up my shell history of all of the invocations I ever made of dkv rm ... to make sure I never ever have this so easily accessible in my shell history (^R):

$ awk '
  /^#/ { ts = $0; next }
  /^dkv rm/ { next }
  { if (ts) print ts; ts=""; print }
' ~/.bash_history > ~/.bash_history.tmp && mv ~/.bash_history.tmp ~/.bash_history && history -r

Doge Is Planning a Hackathon at the IRS. It Wants Easier Access to Taxpayer Data
Comments ⌘ Read more

Microsoft makes it even harder to use a local account on Windows 11
Do you want to install Windows 11 without internet access or without an online Microsoft Account? It seems Microsoft really doesn’t want you to, as it has removed a very common and popular way of bypassing this requirement. In the release notes for the latest builds from the Dev and Beta channels, the company notes: We’re removing the bypassnro.cmd script from the build to enhance security and use … ⌘ Read more

Manjaro Linux: Making Arch Linux More Accessible
Comments ⌘ Read more

How NixOS and reproducible builds could have detected the xz backdoor for the benefit of all
Some more light reading: While it was already established that the open source supply chain was often the target of malicious actors, what is stunning is the amount of energy invested by Jia Tan to gain the trust of the maintainer of the xz project, acquire push access to the repository and then among other perfectly legitimate contributions insert … ⌘ Read more

FOSS infrastructure is under attack by AI companies
What do SourceHut, GNOME’s GitLab, and KDE’s GitLab have in common, other than all three of them being forges? Well, it turns out all three of them have been dealing with immense amounts of traffic from “AI” scrapers, who are effectively performing DDoS attacks with such ferocity it’s bringing down the infrastructures of these major open source projects. Being open source, and thus publicly accessible, means these scrapers have … ⌘ Read more

@kat@yarn.girlonthemoon.xyz Using full-blown Cloud services is good for old people like me who don’t want to do on-call duty when a disk fails. 😂 I like sleep! 😂

Jokes aside, I like IaaS as a middle ground. There are IaaS hosters who allow you to spin up VMs as you wish and connect them in a network as you wish. You get direct access to all those Linux boxes and to a layer 2 network, so you can do all the fun networking stuff like BGP, VRRP, IPSec/Wireguard, whatever. And you never have to worry about failing disks, server racks getting full, cable management, all that. 😅

I’m confident that we will always need people who do bare-bones or “low-level” stuff instead of just click some Cloud service. I guess that smaller companies don’t use Cloud services very often (because it’s way too expensive for them).

@prologic@twtxt.net oh yeah it’s absolutely epic i love how fast it is. it would be extra peak if it sent a message to every bot that it denies access to that just says “get fucked” or something idk

I have applied your comments, and I tried to add you as an editor but couldn’t find your email address. Please request editing access if you wish.

Also, could you elaborate on how you envision migrating with a script? You mean that the client of the file owner could massively update URLs in old twts ?

wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i don’t know how!!!!! i keep drifting towards hosting panels but i don’t exactly have fresh linux servers for those nor do i like the level of access they require. so i’m like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or something…. but then what about the dynamic sites!!!!!!! UGH

granted i doubt i’d get much interest in dynamic sites but i’d like to do this old school where i can offer people isolated mySQL databases or something for some project (i’m thinking PHP based fanlistings), which means i could do it the old school way of… people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isn’t happening

I make a Emacs theme with a contrast ready for colour blind or visually impaired people.
https://github.com/tanrax/thankful-eyes-theme.el
Enjoy!
#emacs #accessibility

Short summary of Project2025 and Trump’s plans for the US:

• Abolish the Federal Reserve
  Why? To end what is seen as an unelected, centralized body that exerts too much influence over the economy and monetary policy, replacing it with a more transparent, market-driven approach.

• Implement a national consumption tax
  Why? To replace the current federal income tax system, simplify taxation, and increase government revenue through a broader base that includes all consumers.

• Lower corporate tax rates
  Why? To promote business growth, increase investment, and stimulate job creation by reducing the financial burden on companies.

• Deregulate environmental policies
  Why? To reduce government intervention in the economy, particularly in energy and natural resources sectors, and to foster a more business-friendly environment.

• Restrict abortion access
  Why? To align with conservative pro-life values and overturn or limit abortion rights, seeking to restrict the practice at a federal level.

• Dismantle LGBTQ+ protections
  Why? To roll back protections viewed as promoting LGBTQ+ rights in areas like employment and education, in line with traditional family values.

• Eliminate diversity, equity, and inclusion (DEI) programs
  Why? To end policies that are seen as divisive and to promote a merit-based system that prioritizes individual achievements over group identity.

• Enforce stricter immigration policies, including mass deportations and detentions
  Why? To prioritize border security, reduce illegal immigration, and enforce existing laws more aggressively, as part of a broader strategy to safeguard U.S. sovereignty.

• Eliminate the Department of Education
  Why? To reduce federal control over education and shift responsibilities back to local governments and private sectors, arguing that education decisions should be made closer to the community level.

• Restructure the Department of Justice
  Why? To ensure the department aligns more closely with the administration’s priorities, potentially reducing its scope or focus on areas like civil rights in favor of law-and-order policies.

• Appoint political loyalists to key federal positions
  Why? To ensure that government agencies are headed by individuals who are committed to advancing the administration’s policies, and to reduce the influence of career bureaucrats.

• Develop training programs for appointees to execute reforms effectively
  Why? To ensure that political appointees are equipped with the knowledge and skills necessary to implement the proposed changes quickly and effectively.

• Provide a 180-day transition plan with immediate executive orders
  Why? To ensure that the incoming administration can swiftly implement its agenda and make major changes early in its term without delay.

Do y’all agree with any/all/some of these poliices? Hmmm 🤔

#Project2025 #US #Trump

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

ArcaOS 5.1.1 released
It’s been two years since the release of ArcaOS 5.1, which was a hugely important release because it brought UEFI support to this continuation of IBM’s OS/2, ensuring longevity for the project for years to come. Since I don’t think much is known about what, exactly, Arca Noae, and eComStation before it, has access to within the licensing agreement with IBM, it’s difficult to ascertain just how much room they actually have to make changes to the code at the core of the old OS/2. Regardles … ⌘ Read more

Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, it’s not a good idea.
However, it’s an AMAZING technology. I want to start playing with it.

I’m continuing my tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don’t wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.

The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.eu’s TwtxtReader, I’m not able to include the original timestamp, though. I don’t have it in its original form in the database. :-/

Next up is a URL view.

It’s really cool how my local public library’s membership includes digital access to thousands of magazines and newspapers.

@sorenpeter@darch.dk It depends on your requirements. If you just want to put your code somewhere for yourself, simply push it over SSH on a server and call it good. That’s what I do with lots of repos. If you want an additional web UI for read access for the public, cgit comes to mind (a mate uses that). Prologic runs Gitea, which offers heaps more functionality like merge requests.

@lyse@lyse.isobeef.org The one in question is more like the javascript version for unwrapping errors when accessing methods.

 const value = some?.deeply?.nested?.object?.value

but for handling errors returned by methods. So if you wanted to chain a bunch of function calls together and if any error return immediately. It would be something like this:

b:= SomeAPIWithErrorsInAllCalls()
b.DoThing1() ?
b.DoThing2() ?

// Though its not in the threads I assume one could do like this to chain.
b.Chain1()?.Chain2()?.End()?

I am however infavor of having a sort of ternary ? in go.

PS. @prologic@twtxt.net for some reason this is eating my response without throwing an error :( I assume it has something to do with the CSRF. Can i not have multiple tabs open with yarn?

OpenAI Says It Has Evidence DeepSeek Used Its Model To Train Competitor
OpenAI says it has evidence suggesting Chinese AI startup DeepSeek used its proprietary models to train a competing open-source system through “distillation,” a technique where smaller models learn from larger ones’ outputs.

The San Francisco-based company, along with partner Microsoft, blocked suspected DeepSeek accounts from accessing … ⌘ Read more

SDL 3.2.0 released
SDL, the Simple DirectMedia Layer, has released version 3.2.0 of its development library. In case you don’t know what SDL is: Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valve‘s award winning catalog and many Humble Bundle games. ↫ SDL website This new release has a lot of impr … ⌘ Read more

@movq, @prologic@twtxt.net when navigating to a Yarn. If the head twt is missing then the whole thread is not accessible. It only returns an error. so i have no way to view any of the replies within the thread other than the end twt.

Right to root access
I believe consumers, as a right, should be able to install software of their choosing to any computing device that is owned outright. This should apply regardless of the computer’s form factor. In addition to traditional computing devices like PCs and laptops, this right should apply to devices like mobile phones, “smart home” appliances, and even industrial equipment like tractors. In 2025, we’re ultra-connected via a network of devices we do not have full control over. Much of this has t … ⌘ Read more

@kat@yarn.girlonthemoon.xyz Only scp/rsync for me. :-) But I remember there is one server that only provides SFTP access. :-/

I mean bug where jenny don’t know about these id’s and tried to request from twtxt.net (prologic sent access logs)

How in da fuq do you actually make these fucking useless AI bots go way?

proxy-1:~# jq '. | select(.request.remote_ip=="4.227.36.76")' /var/log/caddy/access/mills.io.log | jq -s '. | last' | caddy-log-formatter -
4.227.36.76 - [2025-01-05 04:05:43.971 +0000] "GET /external?aff-QNAXWV=&f=mediaonly&f=noreplies&nick=g1n&uri=https%3A%2F%2Fmy-hero-ultra-impact-codes.linegames.org HTTP/2.0" 0 0
proxy-1:~# date
Sun Jan  5 04:05:49 UTC 2025

😱

I just banned 41 bad user agents from accessing any of my services. 😱

@kat@yarn.girlonthemoon.xyz i also like the separation inherent with using dedicated devices. like i have a DAP, a fiio X1 ii from 2019, and it’s still going strong. it’s perfect for on the go music listening and i never have to worry about like going somewhere with no reception and the music drops out. it’s all local AND the battery lasts longer because i’m not using wi-fi or bluetooth or data. also i can directly access the file system and just add files anytime. this goes for my point & shoot and other devices too. i love this shit i’m such a nerd

Once again I glimpsed at my twtxt feed access log. Now I’m wondering: is there a twtxt client named xt out there? Does anyone know? I did not find anything for “xt/0.0.1”.

@emmanuel@wald.ovh Btw I already figured out why accessing your web server is slow:

$ host wald.ovh
wald.ovh has address 86.243.228.45
wald.ovh has address 90.19.202.229

wald.ovh has 2 IPv4 addresses, one of which is dead and doesn’t respond.. That’s why accessing your website is so slow as depending on client and browser behaviors one of two things may happen 1) a random IP is chosen and ½ the time the wrong one is picked or 2) both are tried in some random order and ½ the time its slow because the broken one is picked.

If you don’t know what 86.243.228.45 is, or it’s a dead backup server or something, I’d suggest you remove this from the domain record.