@kindrobot@tilde.town Iâm totally joining it
↳
In-reply-to
»
This is the GraphQL compiler complaining right? đ€
†Read More
@prologic@twtxt.net it is from the generator. But in the actual go implementation methods are represented with a unsigned short. So 65k is the hard limit in go.
↳
In-reply-to
»
Oof.
†Read More
@eldersnake@we.loveprivacy.club apparently someone that generates graphql endpoints for a biiiig app
↳
In-reply-to
»
Sometimes being in a webinar with Googleâą engineers makes you feel quite dumb and that you just realise how much you don't know đ€Ł
†Read More
@prologic@twtxt.net @prologic@twtxt.net this description is applicable. As with PH.D so with this hyper focus.
Cada vez que veo proyectos donde hay algĂșn reto en el âonboardingâ de autenticaciĂłn, recuerdo que implementĂ© una prueba de concepto en https://eapl.mx/twtxt/
Y me dan ganas de ver que tanto podrĂamos pasarlo a producciĂłn con algĂșn proyecto pĂșblico
Cada vez que utilizo los 2FA/TOTP recuerdo que este twt se alimenta con la pĂĄgina que fue una prueba para WebAuthn. Me sorprende que sigue sin usarse como una forma masiva de password-less auth.
Si quieres probar la implementaciĂłn acĂĄ: https://eapl.mx/twtxt
↳
In-reply-to
»
On the topic of Programming Languages and Telemetry. I'm kind of curious... Do any of these programming language and their toolchains collect telemetry on their usage and effectively "spy" on your development?
†Read More
@prologic@twtxt.net I get the worry of privacy. But I think there is some value in the data being collected. Do I think that Russ is up there scheming new ways to discover what packages you use in internal projects for targeting ads?? Probably not.
Go has always been driven by usage data. Look at modules. There was need for having repeatable builds so various package tool chains were made and evolved into what we have today. Generics took time and seeing pain points where they would provide value. They werenât done just so it could be checked off on a box of features. Some languages seem to do that to the extreme.
Whenever changes are made to the language there are extensive searches across public modules for where the change might cause issues or could be improved with the change. The fs embed and strings.Cut come to mind.
I think its good that the language maintainers are using what metrics they have to guide where to focus time and energy. Some of the other languages could use it. So time and effort isnât wasted in maintaining something that has little impact.
The economics of the âspyingâ are to improve the product and ecosystem. Is it âspyingâ when a municipality uses water usage metrics in neighborhoods to forecast need of new water projects? Or is it to discover your shower habits for nefarious reasons?
↳
In-reply-to
»
Understanding Contexts in Go in 5(-ish?) Minutes - YouTube
†Read More
@prologic@twtxt.net short version: context is a linked list that is passed down a call stack that can share timeout, cancellation, or other data as needed by lower functions in the call stack.
↳
In-reply-to
»
Any good ideas on how to maintain ~/go/pkg/mod and to remove old garbage?
†Read More
@prologic@twtxt.net the rm -rf is basically what go clean -modcache does.
I think you can use another form that will remove just the deps for a specific module. go clean -r
@pbatch@pbat.ch not sure youâre reading this, how come youâre ditching twtxt?
↳
In-reply-to
»
@abucci Where did I hate on SQL databases? đ€
†Read More
@prologic@twtxt.net aha, a hater! Just the kind I was looking for some serious business that requires some fervent hating. Pay is good, you up to? :-D :-P
↳
In-reply-to
»
The parse is correct. this seems to be something with the markdown render.
†Read More
interesting that in my pod this is showing in reply to something.. but in the twtxt is has no subject.
↳
In-reply-to
»
Like, check it out. That link to DRY? It doesn't render as a link in the webapp. However, it does render as a link, and works fine, in Goryon. I've seen before that Markdown tables render fine in Goryon but not in the webapp. They ought to behave as similarly as possible, right? So just in this small interaction there are three discrepancies between how the mobile app and webapp render Markdown.
†Read More
@prologic@twtxt.net The parse is correct. this seems to be something with the markdown render.
↳
In-reply-to
»
@lyse flawed is the right word, no harsh at all. Good reading, and thanks for supporting the possibility of convincing @prologic to switch to a database! :-D :-P
†Read More
@abucci@anthony.buc.ci Where did I hate on SQL databases? đ€
↳
In-reply-to
»
@lyse flawed is the right word, no harsh at all. Good reading, and thanks for supporting the possibility of convincing @prologic to switch to a database! :-D :-P
†Read More
@prologic@twtxt.net boo, boo, boooooo! :-D :-P
↳
In-reply-to
»
@eldersnake Several reasons:
†Read More
@lyse@lyse.isobeef.org flawed is the right word, no harsh at all. Good reading, and thanks for supporting the possibility of convincing @prologic@twtxt.net to switch to a database! :-D :-P
↳
In-reply-to
»
I've never liked the idea of having everything displayed all of the time for all of history.
†Read More
@eldersnake@we.loveprivacy.club Several reasons:
- Itâs another language to learn (SQL)
- It adds another dependency to your system
- Itâs another failure mode (database blows up, scheme changes, indexs, etc)
- It increases security problems (now you have to worry about being SQL-safe)
And most of all, in my experience, it doesnât actually solve any problems that a good key/value store can solve with good indexes and good data structures. Iâm just no longer a fan, I used to use MySQL, SQLite, etc back in the day, these days, nope I wouldnât even go anywhere near a database (for my own projects) if I can help it â Itâs just another thing that can fail, another operational overhead.
↳
In-reply-to
»
@prologic I am not seeing some of my previous interactions. This one is an example: https://twtxt.net/conv/svvpd3a
†Read More
@bender@twtxt.net You mean @eaplmx@twtxt.netâs reply didnât show up in your mentions? đ€
@prologic@twtxt.net I am not seeing some of my previous interactions. This one is an example: https://twtxt.net/conv/svvpd3a
↳
In-reply-to
»
@prologic @movq this is the default behavior of
†Read More
pass on my machine:
@abucci@anthony.buc.ci So.. The issue is that its showing the password by default? Would making an alias to always include the -c help? We can probably engage Jason with a PR to enable a more hardened approach when desired. Iâve spoken to him before and is generally a pretty open to ideas.
I found this app that was created by the gopass author that does copy by default and has a tui or GUI mode https://github.com/cortex/ripasso
@prologic@twtxt.net @movq@www.uninformativ.de this is the default behavior of pass on my machine:
I add a new password entry named example and then type pass example. The password I chose, âtestâ, is displayed in cleartext. This is very bad default behavior. I donât know about the other clis you both mentioned but Iâll check them out.
The browser plugin browserpass does the same kind of thing, though I have already removed it and Iâm not going to reinstall it to make a movie. Next to each credential thereâs an icon to copy the username to the clipboard, an icon to copy the password to the clipboard, and then an icon to view details, which shows you everything, including the password, in cleartext. The screencap in the Chrome store is out of date; it doesnât show the offending link to show all details, which I know is there because I literally installed it today and played with it.
↳
In-reply-to
»
#randomQuestionOfTheDay
†Read More
@mckinley@twtxt.net i use pass along with the android and browser-pass clients. it is very good and keeping in sync is pretty simple.
↳
In-reply-to
»
i am curious why we only get 5 twts in yarn when they have several more on the feed. so something isnt parsing right.
†Read More
@mckinley@twtxt.net very weird things going on for me.. i can see your twt but its not showing up as a reply or fork? 
↳
In-reply-to
»
@xuu yeah, I know less about ISO27k (in part because you have to pay for access to the complete standards documents!!!), but I figured it was similar.
†Read More
@abucci@anthony.buc.ci i have an old copy of the 2005 version from university if you want to give it a read through. its quite dry.
↳
In-reply-to
»
And in the latest "don't store your passwords in the cloud" news, NortonLifeLock warns that hackers breached Password Manager accounts
†Read More
@xuu@txt.sour.is yeah, I know less about ISO27k (in part because you have to pay for access to the complete standards documents!!!), but I figured it was similar.
↳
In-reply-to
»
@prologic
†Read More
!XO!1GcUL/ZbHj+CZnedB67ddd0tt3y1ppSLY7wbzMhraUeubCUH8LRT61pz6jPyOEa2wYYupwP7tu1cwR9mNN/k+No7PEw13kqBy6YvDU8jettw25Lkj3gZ+R4J1q6d0GWKKGx+OsYmJMPev7BL+5SCnt08qQYmgGAVhyhJZMkndIgk=!OX!
@prologic@twtxt.net yap. This was an offer message to you. rachet-over-yarn mode enabled!
↳
In-reply-to
»
So... Just out of curiosity (again), back of paper napkin math. Based on Vultr pricing, running my infra in the "Cloud"âą would cost me upwards of $1300 per month. That's about ~10x more than my current power bill for my entire household đ
(10 VMs of around ~4 vCPUS and 4-6GB of RAM each + 10TB of storage on the NAS)
†Read More
@prologic@twtxt.net vultr pricing is low. But it can be lower if you shop the less fancy admin ui sites like virmarch or ovh. There are some bare metal that cost way less.. Though the experience is less than optimal.
↳
In-reply-to
»
And in the latest "don't store your passwords in the cloud" news, NortonLifeLock warns that hackers breached Password Manager accounts
†Read More
@abucci@anthony.buc.ci ISO 27001 is basically the same. It means that there is management sign off for a process to improve security is in place. Not that the system is secure. And ITIL is that managment signs off that problems and incidents should have processes defined.
Though its a good mess of words you can throw around while saying âmanagement supports this so X needs to get doneâ
@prologic@twtxt.net !XO!1GcUL/ZbHj+CZnedB67ddd0tt3y1ppSLY7wbzMhraUeubCUH8LRT61pz6jPyOEa2wYYupwP7tu1cwR9mNN/k+No7PEw13kqBy6YvDU8jettw25Lkj3gZ+R4J1q6d0GWKKGx+OsYmJMPev7BL+5SCnt08qQYmgGAVhyhJZMkndIgk=!OX!
↳
In-reply-to
»
Trying to wrap my head around webfinger..
†Read More
@prologic@twtxt.net that worked.. But took crazy long time
@prologic@twtxt.net I get this error when replying to yarns. 
@prologic@twtxt.net I have updated to kinda follow this. It now redirects to other webfingers if the resource has a different hostname. Iâm still not sure what I should put multiple services with the same domain name. Like if they were to have conflicting properties.
↳
In-reply-to
»
@xuu that doesn't seem to fit the spirit of the spec, at least by my read (I could be wrong obv). The example on Wikipedia's webfinger page,
†Read More
@abucci@anthony.buc.ci see here in the okta docs: https://developer.okta.com/docs/reference/api/webfinger/ they are adding a prefix to the acct
↳
In-reply-to
»
Trying to wrap my head around webfinger..
†Read More
@xuu@txt.sour.is that doesnât seem to fit the spirit of the spec, at least by my read (I could be wrong obv). The example on Wikipediaâs webfinger page,
{
"subject": "acct:bob@example.com",
"aliases": [
"https://www.example.com/~bob/"
],
"properties": {
"http://example.com/ns/role": "employee"
},
"links": [{
"rel": "http://webfinger.example/rel/profile-page",
"href": "https://www.example.com/~bob/"
},
{
"rel": "http://webfinger.example/rel/businesscard",
"href": "https://www.example.com/~bob/bob.vcf"
}
]
}
and then the comparison with how mastodon uses webfinger,
{
"subject": "acct:Mastodon@mastodon.social",
"aliases": [
"https://mastodon.social/@Mastodon",
"https://mastodon.social/users/Mastodon"
],
"links": [
{
"rel": "http://webfinger.net/rel/profile-page",
"type": "text/html",
"href": "https://mastodon.social/@Mastodon"
},
{
"rel": "self",
"type": "application/activity+json",
"href": "https://mastodon.social/users/Mastodon"
},
{
"rel": "http://ostatus.org/schema/1.0/subscribe",
"template": "https://mastodon.social/authorize_interaction?uri={uri}"
}
]
}
suggests to me you want to leave the subject/acct bit as is (donât add prefixes) and put extra information you care to include in the links section, where youâre free to define the rel URIs however you see fit. The notion here is that webfinger is offering a mapping from an account name to additional information about that account, so if anything youâd use a "subject": "acct:SALTY ACCOUNT_REPRESENTATION" line in the JSON to achieve what youâre saying if you donât want to do that via links.
↳
In-reply-to
»
Trying to wrap my head around webfinger..
†Read More
@prologic@twtxt.net Unfortunately the RFCâs are a bit light in this regard. While it makes mention of different kinds of accounts like mailto: or status services.. it never combines them. It does make mention of using redirects to forward a request to other webfingers to provide additional detail.
I am kinda partial to using salty:acct:me@sour.is, yarn:acct:xuu@txt.sour.is, mailto:me@sour.is that could redirect to a specific service. and a parent account acct:me@sour.is that would reference them in some way. either in properties or aliases.
↳
In-reply-to
»
Trying to wrap my head around webfinger..
†Read More
@prologic@twtxt.net That was exactly my thought at first too. but what do we put as the rel for salty account? since it is decentralized we dont have a set URL for machines to key off. so for example take the standard response from okta:
# http GET https://example.okta.com/.well-known/webfinger resource==acct:bob
{
"links": [
{
"href": "https://example.okta.com/sso/idps/OKTA?login_hint=bob#",
"properties": {
"okta:idp:type": "OKTA"
},
"rel": "http://openid.net/specs/connect/1.0/issuer",
"titles": {
"und": "example"
}
}
],
"subject": "acct:bob"
}
It gives one link that follows the OpenID login. So the details are specific to the subject acct:bob.
Mastodons response:
{
"subject": "acct:xuu@chaos.social",
"aliases": [
"https://chaos.social/@xuu",
"https://chaos.social/users/xuu"
],
"links": [
{
"rel": "http://webfinger.net/rel/profile-page",
"type": "text/html",
"href": "https://chaos.social/@xuu"
},
{
"rel": "self",
"type": "application/activity+json",
"href": "https://chaos.social/users/xuu"
},
{
"rel": "http://ostatus.org/schema/1.0/subscribe"
}
]
}
it supplies a profile page and a self which are both specific to that account.
↳
In-reply-to
»
It seems like https://proxy.vulpes.one/ runs a code that once was written by @prologic. Its rendering looks quite nice. Sadly, I am unable to compile it (modified code at https://git.vulpes.one/gopherproxy/).
†Read More
@prologic@twtxt.net I think I spoke too soon. Got it running at https://arrakis.netbros.com/, for now. đ
It seems like https://proxy.vulpes.one/ runs a code that once was written by @prologic@twtxt.net. Its rendering looks quite nice. Sadly, I am unable to compile it (modified code at https://git.vulpes.one/gopherproxy/).
↳
In-reply-to
»
Anyone know what this might be about?
†Read More
@prologic@twtxt.net What is the SMART reading for the disk?
↳
In-reply-to
»
Why, oh why, does YouTube include upcoming videos in RSS feeds? âThis video premiers in 21 hours.â Oohhhhhhkay. I will long have forgotten about it by then, thank you very much.
†Read More
@lyse@lyse.isobeef.org As far as I know, theyâre still visible in the Web UI. Although, in the mobile app and youtube.com, I believe it tells you that the video isnât available without having to click on it. They donât tell you that in the RSS feed, and I agree; it gets annoying.
If we had a custom feed generator that hooks directly into the YouTube API, Iâll bet we could find that information and put â[Scheduled][Scheduled][Scheduled][Scheduled][Scheduled][Scheduled][Scheduled][Scheduled]â in the title for premieres and remove it when the video is available.
↳
In-reply-to
»
Why, oh why, does YouTube include upcoming videos in RSS feeds? âThis video premiers in 21 hours.â Oohhhhhhkay. I will long have forgotten about it by then, thank you very much.
†Read More
@lyse@lyse.isobeef.org As far as I know, theyâre still visible in the Web UI. Although, in the mobile app and youtube.com, I believe it tells you that the video isnât available without having to click on it. They donât tell you that in the RSS feed, and I agree; it gets annoying.
If we had a custom feed generator that hooks directly into the YouTube API, Iâll bet we could find that information and put â[Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=][Scheduled][Scheduled=]â in the title for premieres and remove it when the video is available.
↳
In-reply-to
»
Fomu | Crowd Supply
†Read More
@abucci@anthony.buc.ci did you know about the chip inside USB-C cables?
https://connectorsupplier.com/usb-type-c-what-you-need-to-know/
some groups have created their own chips that have hidden keyloggers that can phone home over network connections.
Termina un año mås, inicia otro, y acå andamos escribiendo nuestros pensamientos en un archivo twtxt.txt
A ti, que estas leyendo esto, te deseo mucho enfoque, superar tus sesgos, disfrutar el momento y seguir actuando para llegar a tu mĂĄximo.
ÂĄBuena vibra!
Did something chchange with how the discover feed is generated? My pods logout mode now only shows my twts. It used to be all twts from watcher observation like my logged on discover tab. @prologic@twtxt.net
One of the frustrating parts of using twtxt for conversations is the URLs are, well⊠ugly. Anyone (like yâall yarn folks) looked at using webfinger for translating user@domain accounts to URLs?
↳
In-reply-to
»
@prologic and @justamoment, this Gitxt project sounds really interesting. Can you tell us about some of your goals?
†Read More
More specifically: Will this be expanded into something like Gitea with the concept of users and organizations, or will it stay with a simple flat repository model like upstream legit or cgit?
Also, the shorthand mention syntax has struck again. Apologies, @justamoment@twtxt.net.
@prologic@twtxt.net and @justamoment, this Gitxt project sounds really interesting. Can you tell us about some of your goals?
Bon voyage @melyanna@tilde.club