@movq@www.uninformativ.de Hahaha, great timing! :-D I love your article and agree with almost all your points.

On the AI changelog part, though, I’d rather recommend to just not have a changelog at all.

Another important thing for me is the deprecation notice section. What do I need to look out for in the future? Should I start to migrate to another API soon? Even right now? Or does it have time?

While going through these terrible GitHub release pages, I also found these “New Project Contributors” sections (yeah, for that, they found the time to make a section) annoying. Don’t get me wrong, sure, credit where credit is due. But come on. Soooooo much space for an inefficiently formatted (and also unsorted) list. At least it was easy enough to skip over it.

And then, there are also these changelogs or rather notice documents in general that are infested with multicolored emojis all over the place. My brain’s spam filter kicks in and shoves everything to /dev/null immediately. It’s especially a thing at work.

In my previous work project, we also used the Keep A Changelog Format. That was great. You wouldn’t believe how often I resorted back to that document. At least twice a week, often several times a day. I was very glad that we put in this effort. Of course, writing the changelog took its time, but it was worth every minute and more. Reading a many months old item, it was immediately clear. I was our best customer in that regard.

Now, it’s just the same auto shitshow with MR titles in a rolling date-versioned release scheme. It’s just our team who has to deal with that, though. I think I’m the only one who is not a fan of it.

Wow, as I anticipated, this is waaay out of my capabilities to really understand it. But I’m quite happy to just have spotted a mistake in an explanatory comment in section 4.5.2 “The icode Array”. Of course, it should be /e + tc + /i + ni + t\0. Let’s hope that my e-mail with the patch actually makes it into Briam’s inbox. I fear GMail just hides it in the spam folder.

@lyse@lyse.isobeef.org I even got spam on ICQ, back when ICQ was a thing. I see spam as an innate thing. 😅

Oh no, spam via Jabber is new for me. Fuck them!

@movq@www.uninformativ.de @bender@twtxt.net I’ll also start spamming from my upcoming Vietnam holiday (flying out this Friday) for a couple of soliday weeks 🤣

@bender@twtxt.net Once Advent of Code starts, I’ll start spamming, don’t worry. 😅

Spam classifier https://github.com/igomez10/nspammer

Android shopping list apps disappointed me too many times, so I went back to writing these lists by hand a while ago.

Here’s what’s more fun: Write them in Vim and then print them on the dotmatrix printer. 🥳

And, because I can, I use my own font for that, i.e. ImageMagick renders an image file and then a little tool converts that to ESC/P so I can dump it to /dev/usb/lp0.

(I have so much scrap paper from mail spam lying around that I don’t feel too bad about this. All these sheets would go straight to the bin otherwise.)

@prologic@twtxt.net @movq@www.uninformativ.de Same here, I give each service a dedicated e-mail address. It’s very interesting to see how e-mail addresses are transferred to other actors. Luckily, this only happens rarely. But it does happen. In surprising ways.

Aliases not only help to fight spam, but are also a great way to specify filter rules to sort e-mails.

@prologic@twtxt.net FWIW, I love the idea and I do the same with my email domains. It’s the most effective way to fight spam, IMO. 🥳

@bender@twtxt.net I think that’s where it sends the capture verification requests. It’s based on PoW, so it has to perform validation somehow. It actually looks pretty decent as far as a way to prevent spam/abuse of forms on the open web (e.g: Waitlist on SnipMail).

I had a looksie (just to be sure) at the database, and they were thankfully legit test events. But this did spark/trigger me to make sure I have some form of anti-spam measures in place. So I added some per-event / per-rsvp rate-limiting and honeypot(s).

The owner needs fucking ban that spamming piece of shit 2929b

@bender@twtxt.net Is dealing with spam fun though? DDoS attacks? DoS attacks? Scans for all kinds of stupid shit™? Malware? Advertising? Tracking? Spying? ..

I finally solved the loading issue in my WIP reader, TwtStrm (and apologies again to anyone that got spammed while I was diagnosing the issue).

After another round of coding this weekend, I’m happy to report that it now renders all the twts (with markdown parsing), complete with localstorage and server-based file caching.

@lyse@lyse.isobeef.org Thanks, I think I fixed it now. Sorry for the spam.

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

@kat@yarn.girlonthemoon.xyz Oh! A new place to spam dad jokes. 🥳

Here is just a small list of things™ that I’m aware will break, some quite badly, others in minor ways:

1. Link rot & migrations: domain changes, path reshuffles, CDN/mirror use, or moving from txt → jsonfeed will orphan replies unless every reader implements perfect 301/410 history, which they won’t.
   
2. Duplication & forks: mirrors/relays produce multiple valid locations for the same post; readers see several “parents” and split the thread.
   
3. Verification & spam-resistance: content addressing lets you dedupe and verify you’re pointing at exactly the post you meant (hash matches bytes). Location anchors can be replayed or spoofed more easily unless you add signing and canonicalization.
   
4. Offline/cached reading: without the original URL being reachable, readers can’t resolve anchors; with hashes they can match against local caches/archives.
   
5. Ecosystem churn: all existing clients, archives, and tools that assume content-derived IDs need migrations, mapping layers, and fallback logic. Expect long-lived threads to fracture across implementations.

@alexonit@twtxt.alessandrocutolo.it I took it down mostly because of continued abuse and spam:l. I intend to fix I and improve the drive and its sister at Summer point 🤞

Apologies if I’ve been spamming anyone out there in twtxt-land today.

I’ve been working on a couple of twtxt-related projects, and one of them is a reader (tentatively called twtstrm) written in JS. I used dummy data for the first few stages of development, but now I’m at the point where I need some real data, and that meant hitting up my actual following list.

Of course, it didn’t help that I had a typo in my If-Modified-Since headers, but all that has since been resolved.

Anyways, if I accidentally spammed you with requests today, I am sorry, and it shouldn’t happen anymore.

We thank you for your patience, and apologize for the inconvenience.

Apologies if I’ve been spamming anyone out there in twtxt-land today.

I’ve been working on a couple of twtxt-related projects, and one of them is a reader (tentatively called twtstrm) written in JS. I used dummy data for the first few stages of development, but now I’m at the point where I need some real data, and that meant hitting up my actual following list.

Of course, it didn’t help that I had a typo in my If-Modified-Since headers, but all that has since been resolved.

Anyways, if I accidentally spammed you with requests today, I am sorry, and it shouldn’t happen anymore.

We thank you for your patience, and apologize for the inconvenience.

Someone please ban 2929b’s autistic spamming ass.

Why is this idiot spamming the same shitty site?

this is spam

I have a Python script that transforms the original YouTube channel Atom feed into a more useful Atom feed by removing the spam description and replacing it with the video duration, filtering out videos by title, duration, etc. I just updated it to exclude the damn Shorts garbage more efficiently. Finally, YouTube updated their Atom feed generation, so that the video URL contains /short/ if it’s of this useless kind. Never thought that they ever actually will improve their Atom feeds. Thank you, much appreciated!

Please, someone ban this bots. I’m tired of this garbage. Some bastards started spamming in gopherspace. I’m so tired of them.

Sooo many new spam feeds to mute in the twtxt.net discovery view. :-( The RSS/Atom to Twtxt feed bridge was a mistake, I believe. I guess I just have to abandon that altogether and rely on my subscriptions to interact with new feeds in order to discover legitimate new ones. Not sure if that works, sounds like a chicken-‘n’-egg problem.

Definitely open to taking on users 👌I only have open registrations turned off because of spam accounts and my pod being the most popular amongst spammers 🤣

@eapl.me@eapl.me Interesting! Two points stood right out to me:

1. Why the hell are e-mail newsletters considered a valid option in the first place? Just offer an Atom feed and be done with it! Especially for a blog of this very type. This doesn’t even involve a third party service. Although, in addition he also links to Feedburner, what the fuck!? No e-mail address or the like is needed and subject to being disclosed.

2. When these spam mailers want to prevent resubscribing, then for fuck’s sake, why don’t they use a hash of the e-mail address (I saw that in yarnd) for that purpose? Storing the e-mail address in clear text after unsubscribing is illegal in my book.

@bender@twtxt.net Don’t panic. I’ve just been testing my implementation. The great advantage of Twtxt is it’s openness, I think. So DM spamming would contradict to this feature I like. ❤

reviewing logs this morning and found i have been spammed hard by bots not respecting the robots.txt file. only noticed it because the OpenAI bot was hitting me with a lot of nonsensical requests. here is the list from last month:

• (810) bingbot
  
• (641) Googlebot
  
• (624) http://www.google.com/bot.html
  
• (545) DotBot
  
• (290) GPTBot
  
• (106) SemrushBot
  
• (84) AhrefsBot
  
• (62) MJ12bot
  
• (60) BLEXBot
  
• (55) wpbot
  
• (37) Amazonbot
  
• (28) YandexBot
  
• (22) ClaudeBot
  
• (19) AwarioBot
  
• (14) https://domainsbot.com/pandalytics
  
• (9) https://serpstatbot.com
  
• (6) t3versionsBot
  
• (6) archive.org_bot
  
• (6) Applebot
  
• (5) http://search.msn.com/msnbot.htm
  
• (4) http://www.googlebot.com/bot.html
  
• (4) Googlebot-Mobile
  
• (4) DuckDuckGo-Favicons-Bot
  
• (3) https://turnitin.com/robot/crawlerinfo.html
  
• (3) YandexNews
  
• (3) ImagesiftBot
  
• (2) Qwantify-prod
  
• (1) http://www.google.com/adsbot.html
  
• (1) http://gais.cs.ccu.edu.tw/robot.php
  
• (1) YaK
  
• (1) WBSearchBot
  
• (1) DataForSeoBot
  

i have placed some middleware to reject these for now but it is not a full proof solution.

@prologic@twtxt.net Yes, C has it. I even thought that C invented it, but it seems to stem from CPL.

The closest to get to if expressions at the moment is to use a lambda:

foo := func() {
    if bar {
        return "spam"
    }
    return "eggs"
}()

But that’s also not elegant at all.

@prologic@twtxt.net Which one? I don’t mind the ternary operator at all. In fact, I often find myself missing it in Go. I don’t find the two alternatives particularly elegant:

foo := "eggs"
if bar {
    foo = "spam"
}

Or:

var foo string
if bar {
    foo = "spam"
} else {
    foo = "eggs"
}

To my eye, this just would look a lot nicer:

foo := bar ? "spam" : "eggs"

Or at least as the Pythons do it:

foo = "spam" if bar else "eggs"

The ternary operator especially shines with relatively short expressions.

Ok, it’s really spam account: https://twtxt.net/twt/xu3u7zq . Damn spammers. Can you delete this?

Is it spam bot or just innocent citizen? But nickname looks suspious

I made a draft of an “encrypted public messenger”, which was basically a Feed for an address derivate from the public ket, let’s say ‘abcd..eaea’

Anyone could check, “are there any messages for my address?” and you get a whole list of timestamps and encrypted stuff.

Inside the encrypted message is a signature from the sender. That way you ‘could’ block spam.

Only the owner of the private key could see who sent what, and so…

And even with that my concussion was that users expectations for a private IM might be far away from my experiment.

Google begins requiring JavaScript for Google Search
Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users. The spokesperson noted that, with … ⌘ Read more

Google Begins Requiring JavaScript For Google Search
Google says it has begun requiring users to turn on JavaScript, the widely-used programming language to make web pages interactive, in order to use Google Search. From a report: In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the over … ⌘ Read more

ILITA (russian network in i2p) get spammed very often (including dms and channels). Now i forgot password and can’t join in +r channels :(

@prologic@twtxt.net sure! I don’t know if this is what you need but, let me give it a try.

• I have Timeline installed, which has an endpoint to process #webmentions. Mine for example is https://aelaraji.com/timeline/webmention which you can find by querying https://aelaraji.com/.well-known/webfinger.
  
• If you mention someone from #Timeline itself, it takes care of querying that and sending in the mention for you.
  
• Otherwise (what I personally do) you could just:
  

curl -i -d 'source=https://twtxt.net/user/prologic/twtxt.txt#:~:text=2024-12-09T01:22:37Z' -d 'target=https://aelaraji.com/twtxt.txt' https://aelaraji.com/timeline/webmention

basically what @sorenpeter@darch.dk mentioned in his article Here.

Afterwards, the mentions are stored in their own mentions.txt feed. The one from the example above looks like this on my Timeline :

Feel free to spam my endpoint if you’d like to give things a try. 👍

[P.S: personally, I don’t seem to get the mentions if I add the Text fragment part to my target]

Gopherholes come and go. It’s normal. Got no answer to my mail (No garantee that it’s not sitting in a spam folder).

@eapl.me@eapl.me here are my replies (somewhat similar to Lyse’s and James’)

1. Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax ![NSFW](url.to/image.jpg) if something is NSFW

2. IDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.

3. Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.

4. Discovery: User-agent for discovery can become better. I’m working on a wrapper script in PHP, so you don’t need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But that’s the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.

5. Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs

6. Languages: If the need is big then make a separate feed. I don’t mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then it’s about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.

7. Emojis: I’m not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?

That’s very sad… Btw twtxt is more hardly to spam because of bad discovery. So you can only spam to your followers. Did you really want abandon best method of microblogging?

so this path has been trod and its bad lmao https://web.archive.org/web/20230926192451/https://gemini.spam.works/~emery/sigil-report.gmi

I guess it got rid of all the dead spam bot accounts at least 🤣

💡 Does anyone have any ideas for how to combat SPAM submissions to feeds.twtxt.net – An RSS/Atom -> Twtxt feed conversation service. Hmm? 🧐

I’ve been thinking of how to notify someone else that you’ve replied to their twts.

Is there something already developed, for example on yarn.social?

Let’s say I want to notify https://sour.is/tiktok/America/Denver.txt that I’ve replied to some twt. They don’t follow me back, so they won’t see my reply.

I would send my URL to, could be, https://sour.is/tiktok/replies?url=MY_URL and they’ll check that I have a reply to some of their twts, and could decide to follow me back (after seeing my twtxt profile to avoid spam)

Another option could be having a metadata like
follow-request=https://sour.is/tiktok/America/Denver.txt TIMESTAMP_IN_SECONDS
that the other client has to look for, to ensure that the request comes from that URL (again, to avoid spam)
This could be deleted after the other .txt has your URL in the follow list, or auto-expire after X days to clean-up old requests.

What do you think?

Hoy entre a Usenet (con Thunderbird) y fue algo extraño.
Un montón de spam en alt. Y foros abandonados en 2017, que a su vez ya habían sido abandonados en 2012. Es como entrar a un pueblo abandonado donde alguna vez existió gente.

Hoy entre a Usenet (con Thunderbird) y fue algo extraño.
Un montón de spam en alt. Y foros abandonados en 2017, que a su vez ya habían sido abandonados en 2012. Es como entrar a un pueblo abandonado donde alguna vez existió gente.