Mike Waltz Used Personal Gmail for Government Communications: Report
Comments ⌘ Read more

The Average College Student Is Illiterate
Comments ⌘ Read more

thanks @prologic!
@bender the idea of the RFC was to reach an agreement on a difficult problem, receiving proposals, and the voting is a simple count to gauge the sentiment of “is this a problem worth to be fixed?, are we committed to implement a change in our clients?”

But that’s a fair point. What do the community expect? What do y’all expect?

For anyone following the proposals to improve replies and threads in twtxt, the voting period has started and will be open for a week.
https://eapl.me/rfc0001/

Please share the link with the twtxt community, and leave your vote on your preferred proposals, which will be used to gauge the perceived benefits.

Also, the conversation is open to discuss implementation concerns or anything aimed at making twtxt better.

well, I assume by syntax you mean Gemtext (which I like a lot, my personal blog is built on top of it), so I think it might work for twtxt clients…

I knew of twtxt in Gemini Antenna, so at least the 2017 spec might work on that protocol. I think the main issue with extensions is that they weren’t designed with many URLs and protocols in mind.

Also I have to admit that the Gemini community significantly reduced in the last few years. I don’t know how worth it is to add support for Gemini now.

well… it has been an opportunity to build an artisanal microblogging client on top of a minimalist protocol. I agree on the hacker toy part.

And of course it’s about being part of a niche community which is (mostly) amazing, and nurturing. As there is almost no one writing in my native spanish, it has been an interesting challenge to share my thoughts in english, as well.

I couldn’t say it’s a ‘social network’ per se, I think it lack many engagement things usually associated with social networks, although it has a social part of igniting discussions, learnings and behavioral changes, which is the meaning of social for me.

What is twtxt for me? It is a community of users sharing plain text following a specification that can be readable by both humans and machines.

For some it is a microblogging platform, for others it is a social network, others see it as an enhanced RSS feed and a few consider it a hacker’s toy. I use it as a learning platform. And as collateral damage, I’m meeting some very interesting people.

And for you?

What does the #twtxt community think about having a p2p database to store all history? This will be managed by Registries.

@prologic@twtxt.net oops, I’m sorry to see disagreement leading to draining emotions.

It remind me a bit of the Conclave movie where every part wanted to defend their vision and there is only a winner. If one wins the other loses. Like the political side of many leaders and volunteers representing a broad community. I don’t think that’s the case here. Most of us (in not all) should ‘win’.

I can only add that isn’t nice to listen that ‘my idea and effort’ is not what the rest of the people expect. I personally have a kind of issue with public rejection, but I also like to argue, discuss and even fight a bit. “A gem cannot be polished without friction, nor a man perfected without trials,” they say.
This exercise and belonging to this community also brings me good feelings of smart people trying to solve a human and technical problem, which is insanely difficult to get ‘right’.

I genuinely hope we can understand each other, and even with our different and respectful thoughts on the same thing, we might reach an agreement on what’s the best for most people.

Good vibes to everyone!

One of the biggest gripes of the community with the way the threading model currently works with Twtxt v1.2 (https://twtxt.dev) is this notion of:

What is this hash?
What does it refer to?

Idea: Why can’t we all agree to implement a simple URI scheme where we host our Twtxt feeds?

That is, if you host your feed at https://example.com/twtxt.txt – Why can’t or could you not also host various JSON files (let’s agree on the spec of course) at https://example.com/twt/<hash> ? 🤔

That way we solve this problem in a truly decentralised way, rather than every relying on yarnd pods alone.

C++ creator calls for help to defend programming language from ‘serious attacks’
Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings. C and C++ are built around manual memory management, which can result in memory safety errors, such as out of bounds reads and writes, though bo … ⌘ Read more

True. Though if the idea turns out to be better.. then community will adopt it.

if you look at the subject for that twt you will see that it uses the extended hash format to include a URL address.

@andros@twtxt.andros.dev I’ve commented on the ticket: https://git.mills.io/yarnsocial/twtxt.dev/issues/14#issuecomment-19142

In all reality, though, I don’t see that our community will come to an agreement. Some folks just don’t want to give up on the content-based addressing scheme.

@movq@www.uninformativ.de ahh, living in a small house in the middle of nowhere, yes! That’s my dream too. We live in the suburbs, in a relatively small community; it isn’t enough, though. Take a sick day, and blast that amp! :-D

Sailfish OS 5.0 released for all supported devices
Sailfish OS 5.0, originally released late last year as part of the new Jolla C2 Community Phone, will now be pushed to all Sailfish OS devices. There have been several other minor releases since the original release, so if you’re running Sailfish OS on something other than the C2, you’re getting a release with some more bugfixes and improvements. The main improvement is an upgrade to Gecko ESR91, with work underway to move to ESR1 … ⌘ Read more

Short summary of Project2025 and Trump’s plans for the US:

• Abolish the Federal Reserve
  Why? To end what is seen as an unelected, centralized body that exerts too much influence over the economy and monetary policy, replacing it with a more transparent, market-driven approach.

• Implement a national consumption tax
  Why? To replace the current federal income tax system, simplify taxation, and increase government revenue through a broader base that includes all consumers.

• Lower corporate tax rates
  Why? To promote business growth, increase investment, and stimulate job creation by reducing the financial burden on companies.

• Deregulate environmental policies
  Why? To reduce government intervention in the economy, particularly in energy and natural resources sectors, and to foster a more business-friendly environment.

• Restrict abortion access
  Why? To align with conservative pro-life values and overturn or limit abortion rights, seeking to restrict the practice at a federal level.

• Dismantle LGBTQ+ protections
  Why? To roll back protections viewed as promoting LGBTQ+ rights in areas like employment and education, in line with traditional family values.

• Eliminate diversity, equity, and inclusion (DEI) programs
  Why? To end policies that are seen as divisive and to promote a merit-based system that prioritizes individual achievements over group identity.

• Enforce stricter immigration policies, including mass deportations and detentions
  Why? To prioritize border security, reduce illegal immigration, and enforce existing laws more aggressively, as part of a broader strategy to safeguard U.S. sovereignty.

• Eliminate the Department of Education
  Why? To reduce federal control over education and shift responsibilities back to local governments and private sectors, arguing that education decisions should be made closer to the community level.

• Restructure the Department of Justice
  Why? To ensure the department aligns more closely with the administration’s priorities, potentially reducing its scope or focus on areas like civil rights in favor of law-and-order policies.

• Appoint political loyalists to key federal positions
  Why? To ensure that government agencies are headed by individuals who are committed to advancing the administration’s policies, and to reduce the influence of career bureaucrats.

• Develop training programs for appointees to execute reforms effectively
  Why? To ensure that political appointees are equipped with the knowledge and skills necessary to implement the proposed changes quickly and effectively.

• Provide a 180-day transition plan with immediate executive orders
  Why? To ensure that the incoming administration can swiftly implement its agenda and make major changes early in its term without delay.

Do y’all agree with any/all/some of these poliices? Hmmm 🤔

#Project2025 #US #Trump

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, it’s not a good idea.
However, it’s an AMAZING technology. I want to start playing with it.

It would appear that Google’s web crawlers are ignoring the robots.txt that I have on https://git.mills.io/robots.txt with content:

User-agent: *
Disallow: /

Evidence attached (see screenshots): – I think its the the Small Web community band together and file a class action suit(s) against Microsoft.com Google.com and any other assholes out there (OpenAI?) that violate our rights and ignore requests to be “polite” on the web. Thoughts? 💭

General is “peoples”. Our community want replies and reactions minimum. Currently used Telegram+Matrix (most on Telegram and me from bridge)

I would like to make another proposal to the community, to discuss it calmly: https://git.mills.io/yarnsocial/twtxt.dev/issues/9 #twtxt

I haven’t read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn’t make sense to me. It of course depends on the threat model, but wouldn’t one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)

interesting idea. I’m not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.

I’d suggest to enable the Discussion section in your Github repo to receive comments, as we did for timeline https://github.com/sorenpeter/timeline/discussions

@discoverbsdthebsdcommunitylinklog@feeds.twtxt.net This is interesting. Not giving up on #FreeBSD #jails yet but definitely have to give this a try; and if my #podman workflow goes as smooth as it does on #Linux I might just end up installing FreeBSD on the #RaspberryPi too! 🥳

I’ve been using Mastodon too much lately. The constant notifications are becoming too stressful. I really do prefer slow communication, like twtxt. ✌️

@prologic@twtxt.net

What’s made you unlock twitch.tv?
A couple of events where my only choices for watching them are: Twitch, Youtube or Fartbook.
What are you doing differently?
TL;DR: I stopped going there unless I have to for the reason above.

I used to spend Waaaaay too much time on the platform. I had a whole setup using Streamlink, MPV and Chatterino where sometimes, I’d have up to 10 concurrent open streams all day long on a secondary monitor (thanks to tiling window managers’ magic), some I was interested in watching, some I moderated for a couple of friends and some I’ve had open just for support (helping new streamers in the community with their numbers till they take off and such). Theeen something happened to one of my loved ones, so I had to stop all the nonsense and spend that time and attention with the person who deserves it the most. I blocked the platform at first since I had a habit to type twit... as soon as I opened a browser 😅 (addiction is real) and now I don’t. (That reflex got replaced with typing twtxt... instead 😂)

for example, ejabberd, redka, and litefs. all using sqlite+litefs for their database needs allows agents to communicate over xmpp, matrix, mqtt, and sip. other applications can use sqlite for storage or speak the redis protocol to redka. ejabberd can also handle file uploads, static file publishing, identity, and various other web application services. when scaling, litefs integrates with consul to manage replication which grants the network access to service disco, encrypted mesh networking, and various other features that can be used to build secure service grids. ejabberd and redka can be scaled to multiple nodes that coordinate over the litefs replication protocol without any changes to the db storage config. other components can be configured to plug into this framework fairly easily as well. we keep the network config fairly simple by linking nodes together with yggdrasil to flatten the address space and then linking app nodes together using consul to provide secure routing for the local grid service. yggdrasil also offers utility for buliding federated networks in a similarly flat address space, for more secure communications i2p is also available in yggdrasil mode. minibase is wonderful, and we have not even started to talk about secure IoT.

Interesting list of features to protect users and communities on bluesky. I wonder if any make sense in text context.

@bender@twtxt.net You’d be surprised how many lifetime old accounts I still have, scattered all over the internet. I just don’t have much energy to go through deleting each and every single one of them. xD and here is a bonus image for LOLs

@eapl.me@eapl.me here are my replies (somewhat similar to Lyse’s and James’)

1. Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax ![NSFW](url.to/image.jpg) if something is NSFW

2. IDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.

3. Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.

4. Discovery: User-agent for discovery can become better. I’m working on a wrapper script in PHP, so you don’t need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But that’s the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.

5. Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs

6. Languages: If the need is big then make a separate feed. I don’t mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then it’s about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.

7. Emojis: I’m not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?

the test would be: how often does unwanted content get pushed on your feed? do incongruent posters easily disrupt harmonious connections? &c. less about the community, more about how the social dynamics play out as various groups and individuals interact.

Ya know; Rather than being an asshole and getting all angry, just be reasonable and reach out to the community or folks fetching (or trying) your feed.

Most clients respect caching if your feed is transported I’ve HTTP.

Otherwise you can add the # refresh hint to clients on your feed.

No need to be an obnoxious ass and flood your own feed. That will just get you permanarely unfollowed and ignored.

Je cherche à comprendre si on peut avoir une couche IP sur des communications LORA. Pas simple :-)

In nostr/simplex you did not bounded account to server because its just a relay. In matrix, xmpp and salty.im you store account data on broker and when broker is down you will no longer to communicate

zmq seems like an interesting tool for building task queues and other types of messaging apps. the other option i’m looking at is rabbitmq which has some interesting features like mqtt bridges and federation, but as a result involves a broker. i would like to eventually have all of the ships systems (or at least on the inter-system boundary) communicate over a brokerless messaging protocol. off the shelf env devices and trackers all communicate over an mqtt bridge so some brokering is probably unavoidable without getting into fully custom tech, but that’ll blow the budget.

@movq@www.uninformativ.de i’m sorry if I sound too contrarian. I’m not a fan of using an obscure hash as well. The problem is that of future and backward compatibility. If we change to sha256 or another we don’t just need to support sha256. But need to now support both sha256 AND blake2b. Or we devide the community. Users of some clients will still use the old algorithm and get left behind.

Really we should all think hard about how changes will break things and if those breakages are acceptable.

@movq@www.uninformativ.de I cases of these kind of “abuse” of social trust. Then I think people should just delete their replies, unfollow the troll and leave them to shouting in the void. This is a inter-social issue, not a technical issue. Anything can be spoofed. We are not building a banking app, we are just having conversation and if trust are broken then communication breaks down. These edge-cases are all very hypothetical and not something I think we need to solve with technology.

I’m not advocating in either direction, btw. I haven’t made up my mind yet. 😅 Just braindumping here.

The (replyto:…) proposal is definitely more in the spirit of twtxt, I’d say. It’s much simpler, anyone can use it even with the simplest tools, no need for any client code. That is certainly a great property, if you ask me, and it’s things like that that brought me to twtxt in the first place.

I’d also say that in our tiny little community, message integrity simply doesn’t matter. Signed feeds don’t matter. I signed my feed for a while using GPG, someone else did the same, but in the end, nobody cares. The community is so tiny, there’s enough “implicit trust” or whatever you want to call it.

If twtxt/Yarn was to grow bigger, then this would become a concern again. But even Mastodon allows editing, so how much of a problem can it really be? 😅

I do have to “admit”, though, that hashes feel better. It feels good to know that we can clearly identify a certain twt. It feels more correct and stable.

Hm.

I suspect that the (replyto:…) proposal would work just as well in practice.

@prologic@twtxt.net you should see This ! The devs were already trying to figure things out for TWTXT and Yarn.social 😃

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

@bender@twtxt.net So far I’ve been following feeds fairly liberally. I’ll check to see if we have anything in common and lean toward following, just because this is new to me and it feels like a small community. But I’m still figuring out what I want. Later I’ll probably either trim my follower list or come up with some way to prioritize the feeds I’m more interested in.

@prologic@twtxt.net How does yarn.social’s API fix the problem of centralization? I still need to know whose API to use.

Say I see a twt beginning (#hash) and I want to look up the start of the thread. Is the idea that if that twt is hosted by a a yarn.social pod, it is likely to know the thread start, so I should query that particular pod for the hash? But what if no yarn.social pods are involved?

The community seems small enough that a registry server should be able to keep up, and I can have a couple of others as backups. Or I could crawl the list of feeds followed by whoever emitted the twt that prompted my query.

I have successfully used registry servers a little bit, e.g. to find a feed that mentioned a tag I was interested in. Was even thinking of making my own, if I get bored of my too many other projects :-)

I admit I’ve always compromised on this way too much myself, always to this day having Facebook Messenger just to communicate in my families group chats. Sure I run it in a Work profile on my GrapheneOS phone that I can switch off at any time, I can completely cut it off from network access any time as well, I can have a lot of rudimentary control over it, I use it as sparingly as possible, but it doesn’t change the fact everytime I use it we’re funneling private convos through bloody Meta’s servers and trackers etc.

My email is such a cluster of noise. The only time i actually use it is to find out I have to do my security training or something. All communication is slack now days.

[lang=en] I love this topic about definitions, it’s key to have meaningful conversations. Thanks for sharing that link.

Communication is vital for succeeding in any activity that requires the participation of more than one individual.

This is why it is so important to be tight and consistent with definitions and to fully understand them.
Love this

Li-Fi, light-based networking standard released
Today, the Institute of Electrical and Electronics Engineers (IEEE) has added 802.11bb as a standard for light-based wireless communications. The publishing of the standard has been welcomed by global Li-Fi businesses, as it will help speed the rollout and adoption of the  data-transmission technology standard. Where Li-Fi shines (pun intended) is not just in its purported speeds as fast as 224 GB/s. Fraunhofer’s Dominic Schulz points ou … ⌘ Read more

So given’s Google™’s recent policy changes where they now outright and blatantly just admit they’ll crawl, index and feed your (yes your fuckind) writings, thoughts, conversations, etc into their AI models; Should we as a small niche community (still growing) think about perhaps finally building Yarn.social v2 where we have encrypted feeds? 😅

An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

• Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

• Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

• Signal: date and time of account creation and date of last connection.

• Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

• Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

• Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

• WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

• WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

• Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.