my main itch with the DMs extensions is that these messages are intended to be private, not public information. Thatās why other extensions make sense, but DMs are another kind of feature.
TwiXter, Mastodon, FB and some other services usually hide the DMs in another section, so they are not mixed with the public timeline.
I find the DM topic interesting, I even made an indie experiment for a centralized messaging system here https://github.com/eapl-gemugami/owl.
Although, as Iāve said a few times here, Iām not particularly interested in supporting it on microblogging, as I donāt use it that much. In the rare case Iāve used them, I donāt have to manage public and private keys, and finally none of my acquaintances use encrypted email.
Nothing personal against anyone, and although I like to debate and even fight, itās not the case here. This proposal is the only one allowing DMs on twtxt, and if the community wants it, Iāll support it, with my personal input, of course.
A good approach I could find with a good compromise between compatibility with current clients and keeping these messages private is āhidingā the DMs in comments. For example:
# 2025-04-13T11:02:12+02:00 !<dm-echo https://dm-echo.andros.dev/twtxt.txt> U2FsdGVkX1+QmwBNmk9Yu9jvazVRFPS2TGJRGle/BDDzFult6zCtxNhJrV0g+sx0EIKbjL2a9QpCT5C0Z2qWvw==
@andros@twtxt.andros.dev how often do you send a private message on the Fediverse? How often do you send PGP/SMIME encrypted emails? Are there other tools that are more suitable for the task? If implementing direct/private messages on twtxt scratches an itch (you know, that hobbyist itch we all get from time to time), then donāt give up so easily. Worse comes to worse, and your feed becomes too noisy, people can simply unfollow/mute.
I really donāt care about direct messages here, but I might be on that bottom 1%!
guys omg the people behind pico.sh are so nice ;_; one of the people running it emailed me to let me know i had what was likely a malfunctioning (or well, not working as intended) script that was spawning the same SSH tunnel over and over and they wanted to give me a heads up.
and i felt SO BAD because i worried i was straining their service or something so i disabled my 4 tunnels (they were serving little SSH games and services) and got back to them.
but i just woke up to THE NICEST EMAIL EVER reassuring me that i was actually using it as intended, it was just my script that was having problems, and they even said that if it was intended to work that way it was fine and they just wanted to let me know!
so i restarted the tunnels but have since added lockfiles as safeguards so that when the script is run itāll check if itās already running :D
Twtxt was made for nerds, by nerds.
Iād like to change that. Itās by nerds/hackers, for nerds/hackers and friends of these. It doesnāt have to be hacky all the time, as you donāt need to be a nerd to have a blog.
But, for that to happen, someone has to build the tools to improve UX.by design there really is no way to easily discovers others
Yeah, I agree, and although there are directories of email addresses, usually you donāt want that, unless you are a āpublic figureā.
I couldnāt say that a microblogging is a āsocial networkā by default, as a blog is not either. At the same time, people would expect to find new people and conversations, as youād do in a forum.
I think of two features on top of the current spec:
- Clients showing a few posts of what your following are watching but you donāt, so perhaps you find something interesting to follow next. Or that feature of āYour āfollowingsā are following these accounts/peopleā. (Hard to explain in english, but I hope you get the idea)
- Sharing your .txt into some directory, saying āHey, I have this twtxt URL, I want to be discoveredā. Iām thinking of something like the Federated tab on Mastodon.
2 is a great idea, you should suggest it in that blog post.
About 1, well, I think anyone has an email address and only about 5% use a Feed, so it makes sense to offer what most people use š¤
I have applied your comments, and I tried to add you as an editor but couldnāt find your email address. Please request editing access if you wish.
Also, could you elaborate on how you envision migrating with a script? You mean that the client of the file owner could massively update URLs in old twts ?
thatās a fair point.
Perhaps, since Twitter in 2006 never implemented read flags, every derivative microblogging system never saw that as an expected feature. This is curious because Twitter started with SMS, where on our phones we can mark messages as read or unread.
I think it all comes from the difference between reading an email (directed to you) vs. reading public posts (like a blog or a āwall,ā where you donāt mark posts as read). Itās not necessary to mark it as āreadā, you just jump over it.
Reading microblogging posts in an email program is not common, I think, and I havenāt really used it, so I cannot say how it works, and whether it would be better for me or not.
However, Iāve used Thunderbird as a feed reader, and I understand the advantages when reading blog posts.
About read flags being simple, well⦠we just had a discussion this morning about how tracking read messages would require a lot of rethinking for clients such as timeline where no state is stored. Even considering some kind of ānotification of unread messages or mentionsā is not expected for those minimalist client, so itās an interesting compromise to think about.
email threats with hidden text salting https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/
Letās Encrypt ends support for expiration notification emails
Since its inception, Letās Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. ā« Josh Aas on the Letās Encrypt website Theyāre ending the expiration notification service because itās costly, adds a ton of complexity to their systems, and constitutes a privacy risk because of all the email addresses the ⦠ā Read more
Google begins requiring JavaScript for Google Search
Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In an email to TechCrunch, a company spokesperson claimed that the change is intended to ābetter protectā Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users. The spokesperson noted that, with ⦠ā Read more
Google Begins Requiring JavaScript For Google Search
Google says it has begun requiring users to turn on JavaScript, the widely-used programming language to make web pages interactive, in order to use Google Search. From a report: In an email to TechCrunch, a company spokesperson claimed that the change is intended to ābetter protectā Google Search against malicious activity, such as bots and spam, and to improve the over ⦠ā Read more
@kat@yarn.girlonthemoon.xyz OK YAY SO RESET PASS DOES WORK IT JUST DOESNāT SEND AN EMAIL IT PRINTS IT ON THE PAGE LOL
GUYS HELP I LOCKED MYSELF OUT OF MY ACCOUNT ON WEB AND I COULDNāT GET EMAILS WORKING IāM STUCK POSTING FROM CLI LOLLLL
hey yarn pod hosting friends, how do i enable an SMTP relay in the env settings? iām trying to get a friend on here and iām pretty sure my env config is good but it wonāt send emails even after restarts which is strange. i have the right hostname for mailjet, user and pass are in there, same with from address, iām wondering if the port is messing it up bc it has to send from 587?
@prologic@twtxt.net Well I just mirrored yarndās JSON in my webfinger endpoint and lookup, so not much else to do for standardization.
And for people who donāt like PHP you can always just go with Added WebFinger support to my email address using one rewrite rule and one static file. or simply putting a static JSON in place for .well-know/webfinger
@eapl.me@eapl.me why not https://domain.com/.well-known/twtxt/:domain/:user ?
the business card test is this can you write it on your business card and have someone you give it to be able to figure it out without added context?
- phone number: yes because everyone knows what a phone number is.
- email address: yes, everyone knows an email and their aol or prodigy will let them email.
- twitter/x/insta/pintrest handle: no, whats a twitter? do i need to sign up?
- domain name: yes its simple and you just type it in a browser right?
- twtxt url: kinda? its a bit long and is that a forward slash? or a backward slash?
@ec8ad I sent an email to the person who is running gophernews.net 3 day ago. Currently no answer.
Lol. āLighty Encryptedā https://www.pcmag.com/news/hot-topic-breach-confirmed-millions-of-credit-cards-email-addresses-exposed
This morning (and a little bit of the afternoon) the idea of having a full referenced archive of twtxts on the web has consumed me a bit. I am talking about something similar to the email archives one see online, but for twtxts, and a more personal level. Such archive would be available, even if the involved feeds are long gone, because feeds will be treated as received emails.
@eapl.me@eapl.me here are my replies (somewhat similar to Lyseās and Jamesā)
Metadata in twts: Key=value is too complicated for non-hackers and hard to write by hand. So if there is a need then we should just use #NSFS or the alt-text file in markdown image syntax
if something is NSFWIDs besides datetime. When you edit a twt then you should preserve the datetime if location-based addressing should have any advantages over content-based addressing. If you change the timestamp the its a new post. Just like any other blog cms.
Caching, Yes all good ideas, but that is more a task for the clients not the serving of the twtxt.txt files.
Discovery: User-agent for discovery can become better. Iām working on a wrapper script in PHP, so you donāt need to go to Apaches log-files to see who fetches your feed. But for other Gemini and gopher you need to relay on something else. That could be using my webmentions for twtxt suggestion, or simply defining an email metadata field for letting a person know you follow their feed. Interesting read about why WebMetions might be a bad idea. Twtxt being much simple that a full featured IndieWeb sites, then a lot of the concerns does not apply here. But thatās the issue with any open inbox. This is hard to solve without some form of (centralized or community) spam moderation.
Support more protocols besides http/s. Yes why not, if we can make clients that merge or diffident between the same feed server by multiples URLs
Languages: If the need is big then make a separate feed. I donāt mind seeing stuff in other langues as it is low. You got translating tool if you need to know whats going on. And again when there is a need for easier switching between posting to several feeds, then itās about building clients with a UI that makes it easy. No something that should takes up space in the format/protocol.
Emojis: Iām not sure what this is about. Do you want to use emojis as avatar in CLI clients or it just about rendering emojis?
Another new email handling strategy I am applying is agressively deleting everything that I donāt need to keep for some reason.
plus dāemails, si3t.ch down: https://mirror.si3t.ch/log/2024-11-04-plus-d-email-si3tch-down.txt
So Iāve flattened my work and private email inboxes to single inbox folders and I donāt even know anymore what I was thinking before trying frantically to organise everything in sub folders. Labels and search filters are the way forward.
Moved my email back into a single āinboxā folder instead of trying to keep everything organised in sub-folders. Using Vivaldiās labels instead for organising the messages. Makes sense because I sometimes had trouble if a message needed to be in multiple boxes.
Diving into mblaze, I think Iāve nearly* reached peek email geek.
Just a bunch of shell commands I can pipe together to search, list, view and reply to email (after syncing it to a local Maildir).
EXAMPLES at https://git.vuxu.org/mblaze/tree/README
So far Iām using most of the tools directly from the command line, but I might take inspiration from https://sr.ht/~rakoo/omail/ to make my workflow a bit more efficient.
*To get any closer, I think Iād have to hand-craft my own SMTP client or something.
@movq@www.uninformativ.de Yes, the tools are surprisingly fast. Still, magrep takes about 20 seconds to search through my archive of 140K emails, so to speed things up I would probably combine it with an indexer like mu, mairix or notmuch.
#fzf is the new emacs: a tool with a simple purpose that has evolved to include an #email client. https://sr.ht/~rakoo/omail/
Iām being a little silly, of course. fzf doesnāt actually check your email, but it appears to be basically the whole user interface for that mail program, with #mblaze wrangling the emails.
Iāve been thinking about how I handle my email, and am tempted to make something similar. (When I originally saw this linked the author was presenting it as an example tweaked to their own needs, encouraging people to make their own.)
This approach could surely also be combined with #jenny, taking the place of (neo)mutt. For example mblazeās mthread tool presents a threaded discussion with indentation.
@lyse@lyse.isobeef.org Iād suggest making the whole content-type thing a SHOULD, to accommodate people just using some hosting service they donāt have much control over. (The same situation could make detecting followers hard, but IMO āplease email me if you follow meā is still legit twtxt, even if inconvenient.)
@falsifian@www.falsifian.org Do you have specifics about the GRPD law about this?
Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I donāt think I have to honour that request, no matter how European they are.
Iām not sure myself now. So letās find out whether parts of the GDPR actually apply to a truly decentralised system? š¤
@prologic@twtxt.net Do you have a link to some past discussion?
Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I donāt think I have to honour that request, no matter how European they are.
I am really bothered by the idea that someone could force me to delete my private, personal record of my interactions with them. Would I have to delete my journal entries about them too if they asked?
Maybe a public-facing client like yarnd needs to consider this, but that also bothers me. I was actually thinking about making an Internet Archive style twtxt archiver, letting you explore past twts, including long-dead feeds, see edit histories, deleted twts, etc.
I wrote some code to try out non-hash reply subjects formatted as (replyto ), while keeping the ability to use the existing hash style.
I donāt think we need to decide all at once. If clients add support for a new method then people can use it if they like. The downside of course is that this costs developer time, so I decided to invest a few hours of my own time into a proof of concept.
With apologies to @movq@www.uninformativ.de for corrupting jennyās beautiful code. I donāt write this expecting you to incorporate the patch, because it does complicate things and might not be a direction you want to go in. But if you like any part of this approach feel free to use bits of it; I release the patch under jennyās current LICENCE.
Supporting both kinds of reply in jenny was complicated because each email can only have one Message-Id, and because itās possible the target twt will not be seen until after the twt referencing it. The following patch uses an sqlite database to keep track of known (url, timestamp) pairs, as well as a separate table of (url, timestamp) pairs that havenāt been seen yet but are wanted. When one of those āwantedā twts is finally seen, the mail file gets rewritten to include the appropriate In-Reply-To header.
Patch based on jenny commit 73a5ea81.
https://www.falsifian.org/a/oDtr/patch0.txt
Not implemented:
- Composing twts using the (replyto ā¦) format.
- Probably other important things Iām forgetting.
@movq@www.uninformativ.de could it be possible to have compressed_subject(msg_singlelined) be configurable, so only a certain number of characters get displayed, ending on ellipses? Right now the entire twtxt is crammed into the Subject:. This request aims to make twtxts display on mutt/neomutt, etc. more like emails do.
So.. basically a rehash of the email āunsendā requests? What if i was to make a (delete: 5vbi2ea) .. would it delete someone elses twt?
So, today I created a space where you can send an email to the void: https://void.si3t.ch/ gemini://void.si3t.ch/ #smolnet
@mckinley@twtxt.net Thanks for the feedback.
- Yeah I agrees that nick sound not be part of syntax. Any valid URL to a twtxt.txt-file should be enough and is more clear, so it is not confused with a email (one of the the issues with webfinger and fedivese handles)
- I think any valid URL would work, since we are not bound to look for exact matches. Accepting both http and https as well as a gemni and gophe could all work as long as the path to the twtxt.txt is the same.
- My idea is that you quote the timestamp as it is in the original twtxt.txt that you are referring to, so you can do it by simply copy/pasting. Also what are the change that the same human will make two different posts within the same second?!
Regarding the whole cryptographic keys for identity, to me it seems like an unnecessary layer of complexity. If you move to a new house or city you tell people that you moved - you can do the same in a twtxt.txt. Just post something like āI move to this new URL, please follow me there!ā I did that with my feeds at least twice, and you guys still seem to read my posts:)
@lyse@lyse.isobeef.org This looks like a nice way to do it.
Another thought: if clients canāt agree on the url (for example, if we switch to this new way, but some old clients still do it the old way), that could be mitigated by computing many hashes for each twt: one for every url in the feed. So, if a feed has three URLs, every twt is associated with three hashes when it comes time to put threads together.
A client stills need to choose one url to use for the hash when composing a reply, but this might add some breathing room if thereās a period when clients are doing different things.
(From what I understand of jenny, this would be difficult to implement there since each pseudo-email can only have one msgid to match to the in-reply-to headers. I donāt know about other clients.)
For following notifications I would say use webmetion refering to the the line in your twtxt.txt as per: https://darch.dk/mentions-twtxt
Or send them an email, so it would be an idea to add a # contact = mailto:me@domain.net to ones twtxt.txt
hey a āmericans, have a great Labor Day holiday. take no work calls or emails.
Had to disable support functions because Iāve received three spammy support emails today. Thanks for that feature @prologic@twtxt.net
@movq@www.uninformativ.de, that would be a nice addition. :-) I would also love the ability to hide/not show the hash when reading twtxts (after all, thatās on the header on each āemailā). Could that be added as a user configurable toggle?
receieveFile())? š¤
@stigatle@yarn.stigatle.no @xuu@txt.sour.is @lyse@lyse.isobeef.org āNot coolā? I was receiving many broken (HTTP 400 error) requests per second from an IP address I didnāt recognize, right after having my VPS crash because the hard drive filled up with bogus data. None of this had happened on this VPS before, so it was a new problem that I didnāt understand and I took immediate action to get it under control. Of course I reported the IP address to its abuse email. Thatās a 100% normal, natural, and ācoolā thing to do in such a situation. At the time I had no idea it was @xuu@txt.sour.is .
The moment I realized it was @xuu@txt.sour.is and definitely a false alarm, I emailed the ISP and told them this was a false positive and to not ban or block the IP in question because it was not abusive traffic. They havenāt yet responded but I do hope theyāve stopped taking action, and if thereās anything else I can do to certify to them that this is not abuse then I will do that.
I run numerous services on that VPS that I rely on, and I spent most of my day today cleaning up the mess all this has caused. I get that this caused @xuu@txt.sour.is a lot of stress and Iām sincerely sorry about that and am doing what I can to rectify the situation. But calling me ānot coolā isnāt necessary. This was an unfortunate situation that weāre trying to make right and thereās no need for criticizing anyone.
receieveFile())? š¤
he emailed my ISP about causing logging abuse. This is the only real ISP in my area, its gonna basically send me back to dialup.
receieveFile())? š¤
Hey so.. i just got an email from my ISP saying they will terminate my service. Did i break something @abucci@anthony.buc.ci ?
The vast majority of this traffic was coming from a single IP address. I blocked that IP on my VPS, and I sent an abuse report to the abuse email of the service provider. That ought to slow it down, but the vulnerability persists and Iām still getting traffic from other IPs that seem to be doing the same thing.
There are also a bunch of log messages scrolling by. Iāve never seen this much activity in the log:
Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (149.71.56.69) "GET /external?nick=lovetocode999&uri=https://pagez.co.uk/services/your-own-100-fully-owned-online-vi>
Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (162.211.155.2) "GET /twt/112135496802692324 HTTP/1.1" 400 12 826.65µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (51.222.253.14) "GET /conv/muttriq HTTP/1.1" 200 36881 20.448309ms
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/112730114943543514 HTTP/1.1" 400 12 663.493µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (27.75.213.253) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Falfarah.jo%2FHome%2FChangeCulture%3FlangCode%3Den>
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=error msg="http://bynet.com.br/log_envio.asp?cod=335&email=%21%2AEMAIL%2A%21&url=https%3A%2F%2Fwww.almanacar.c>
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/111674756400660911 HTTP/1.1" 400 12 545.106µs
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=warning msg="feed FetchFeedRequest: @<lovetocode999 http://alfarah.jo/Home/ChangeCulture?langCode=en&returnUrl>
Jul 25 01:37:41 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:41 (162.211.155.2) "GET /twt/112507964696096567 HTTP/1.1" 400 12 838.946µs
Something really weird is going on?
I havnt seen any emails about the outage at work. I know i have the mac crowdstrike client though. My buddy that works at a hospital says they wernt affected.