@sorenpeter@darch.dk I like this idea. Just for fun, I’m using a variant in this twt. (Also because I’m curious how it non-hash subjects appear in jenny and yarn.)

URLs can contain commas so I suggest a different character to separate the url from the date. Is this twt I’ve used space (also after “replyto”, for symmetry).

I think this solves:

• Changing feed identities: although @mckinley@twtxt.net points out URLs can change, I think this syntax should be okay as long as the feed at that URL can be fetched, and as long as the current canonical URL for the feed lists this one as an alternate.
  
• editing, if you don’t care about message integrity
  
• finding the root of a thread, if you’re not following the author
  

An optional hash could be added if message integrity is desired. (E.g. if you don’t trust the feed author not to make a misleading edit.) Other recent suggestions about how to deal with edits and hashes might be applicable then.

People publishing multiple twts per second should include sub-second precision in their timestamps. As you suggested, the timestamp could just be copied verbatim.

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

no but linux containers aren’t secure. yeah, they’re administrative boundaries. a sandbox would be nice, but this isn’t Sun. we have fallen from grace. tape the box closed with AppArmor if you need to and flip the exact 11 switches that apply for your impending scenario. i’m sure nobody will steal your data.

i have successfully put a docker container inside of a nixos container, a turturken so to speak. next up, we get arion-compose working in there and then see about mem_limit and cpus!

Let me suggest to use a more secure password, @bender@twtxt.net. One, that does not contain “password”. Like hunter2!!

Is sharing your smartphone PIN part of a healthy relationship?
Smartphones contain some of our most intimate data, but are you willing to share it with your most intimate partner? A survey has revealed that 51 per cent of people are happy to give their PIN to their partner, but other forms of data sharing are less agreeable ⌘ Read more

Bad Map Projection: Exterior Kansas
⌘ Read more

@prologic@twtxt.net hey mate, all working well here so far. The login issue isn’t really an issue as far as actually logging in goes, rather if I get my password wrong it gives the response error code in console, the response of which contains the HTML for the wrong password page if you inspect it, but on the frontend itself nothing actually happens which is the confusion. Just stays on the login page as if it was never submitted. Am I alone in having this issue as well?

I’m starting to embrace containers on my PC for software I want to use once without littering my home folder with junk files. It’s nice.

QOTD: What do you host on your home server? How do you host it? Are you using containers? VMs? Did you install any management interface or do you just SSH in? What OS does it run?

Mine runs Arch (btw) and hosts a handful of things using Docker. Adguard Home, http://mckinley2nxomherwpsff5w37zrl6fqetvlfayk2qjnenifxmw5i4wyd.onion/, and some other things. NFS, Flexo, and Wireguard (peer and bounce server in my personal network) are outside Docker. I have a hotkey in my window manager that spawns a terminal on my server using SSH. It makes things very easy and I highly recommend it.

I am thinking about replacing Docker with Podman because the Common Wisdom seems to say it’s better. I don’t really know if it is or isn’t.

Also, how much of your personal infrastructure is on IPv6? I think all the software I use supports both, but I’ve mostly been using IPv4 because it’s easier to remember the addresses. I’ve been working for the last couple days on making it IPv6-only.

@sorenpeter@darch.dk this makes sense as a quote twt that references a direct URL. If we go back to how it developed on twitter originally it was RT @nick: original text because it contained the original text the twitter algorithm would boost that text into trending.

i like the format (#hash) @<nick url> > "Quoted text"\nThen a comment
as it preserves the human read able. and has the hash for linking to the yarn. The comment part could be optional for just boosting the twt.

The only issue i think i would have would be that that yarn could then become a mess of repeated quotes. Unless the client knows to interpret them as multiple users have reposted/boosted the thread.

The format is also how iphone does reactions to SMS messages with +number liked: original SMS

Gracias. Also the git repo now contain code that should actually work

Ubuntu Desktop 23.10 ISOs Recalled Due To Malicious User Translations
Hours after the release of Ubuntu 23.10, Canonical has pulled the ISOs and is re-spinning them after user-submitted translations for the Ubuntu installer turned out to contain hate speech… ⌘ Read more

Earth Layers
⌘ Read more

fractalnetworksco/selfhosted-gateway: Route HTTPS traffic to local Docker containers through a cloud VPS over WireGuard. Ideal for self-hosting behind CGNAT.

@prologic@twtxt.net I don’t get your objection. dockerd is 96M and has to run all the time. You can’t use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn’t use, and docker fucks with your network configuration right on install, which podman doesn’t do unless you tell it to.

That’s way fat as far as I’m concerned.

As far as corporate goes, podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they’ll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn’t change that it’s always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.

That’s way too corporate as far as I’m concerned.

I mean, all of this might not matter to you, and that’s fine! Nothing wrong with that. But you can’t have an alternate reality–these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.

@prologic@twtxt.net I had a feeling my container was not running remotely. It was too crisp.

podman is definitely capable of it. I’ve never used those features though so I’d have to play around with it awhile to understand how it works and then maybe I’d have a better idea of whether it’s possible to get it to work with cas.run.

There’s a podman-specific way of allowing remote container execution that wouldn’t be too hard to support alongside docker if you wanted to go that route. Personally I don’t use docker–too fat, too corporate. podman is lightweight and does virtually everything I’d want to use docker to do.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.

My proof-of-concept Container as a Service (CAS or CaaS) is now up and running. If anyone wants to have a play? 🤔 There’s still heaps to do, lots of “features” missing, but you can run stuff at least 😅

ssh -p 2222 cas.run help

@prologic@twtxt.net It was super useful if you needed to do the sorts of things it did. I’m pretty sad.

At its core was Sage, a computational mathematics system, and their own version of Jupyter notebooks. So, you could do all kinds of different math stuff in a notebook environment and share that with people. But on top of that, there was a chat system, a collaborative editing system, a course management system (so if you were teaching a class using it you could keep track of students, assignments, grades, that sort of thing), and a bunch of other stuff I never used. It all ran in a linux container with python/conda as a base, so you could also drop to a terminal, install stuff in the container, and run X11 applications in the same environment. I never taught a class with it but I used to use it semi-regularly to experiment with ideas.

@lyse@lyse.isobeef.org do you need to have an explicit Is function? I believe errors.Is has reflect lite and can do the type infer for you. The Is is only really needed if you have a dynamic type. Or are matching a set of types as a single error maybe? The only required one would be Unwrap if your error contained some other base type so that Is/As can reach them in the stack.

As is perfect for your array type because it asserts the matching type out the wrap stack and populates the type for evaluating its contents.

Wikipedia Article Titles
⌘ Read more

💡 Quick ‘n Dirty prototype Yarn.social protocol/spec:

If we were to decide to write a new spec/protocol, what would it look like?

Here’s my rough draft (back of paper napkin idea):

• Feeds are JSON file(s) fetchable by standard HTTP clients over TLS
  
• WebFinger is used at the root of a user’s domain (or multi-user) lookup. e.g: prologic@mills.io -> https://yarn.mills.io/~prologic.json
  
• Feeds contain similar metadata that we’re familiar with: Nick, Avatar, Description, etc
  
• Feed items are signed with a ED25519 private key. That is all “posts” are cryptographically signed.
  
• Feed items continue to use content-addressing, but use the full Blake2b Base64 encoded hash.
  
• Edited feed items produce an “Edited” item so that clients can easily follow Edits.
  
• Deleted feed items produced a “Deleted” item so that clients can easily delete cached items.
  

#Yarn.social #Protocol #Ideas

@prologic@twtxt.net Alright, there’s some erroneous markdown parsing going on, I reckon. In my original twt I have a code block surrounded by three backticks. The code block itself contains a single backtick. However, at least for rendering, yarnd shows three backticks instead (not sure if my markdown is invalid, though):

Image

@prologic@twtxt.net Error handling especially in Go is very tricky I think. Even though the idea is simple, it’s fairly hard to actually implement and use in a meaningful way in my opinion. All this error wrapping or the lack of it and checking whether some specific error occurred is a mess. errors.As(…) just doesn’t feel natural. errors.Is(…) only just. I mainly avoided it. Yesterday evening I actually researched a bit about that and found this article on errors with Go 1.13. It shed a little bit of light, but I still have a long way to go, I reckon.

We tried several things but haven’t found the holy grail. Currently, we have a mix of different styles, but nothing feels really right. And having plenty of different approaches also doesn’t help, that’s right. I agree, error messages often end up getting wrapped way too much with useless information. We haven’t found a solution yet. We just noticed that it kind of depends on the exact circumstances, sometimes the caller should add more information, sometimes it’s better if the callee already includes what it was supposed to do.

To experiment and get a feel for yesterday’s research results I tried myself on the combined log parser and how to signal three different errors. I’m not happy with it. Any feedback is highly appreciated. The idea is to let the caller check (not implemented yet) whether a specific error occurred. That means I have to define some dedicated errors upfront (ErrInvalidFormat, ErrInvalidStatusCode, ErrInvalidSentBytes) that can be used in the err == ErrInvalidFormat or probably more correct errors.Is(err, ErrInvalidFormat) check at the caller.

All three errors define separate error categories and are created using errors.New(…). But for the invalid status code and invalid sent bytes cases I want to include more detail, the actual invalid number that is. Since these errors are already predefined, I cannot add this dynamic information to them. So I would need to wrap them à la fmt.Errorf("invalid sent bytes '%s': %w", sentBytes, ErrInvalidSentBytes"). Yet, the ErrInvalidSentBytes is wrapped and can be asserted later on using errors.Is(err, ErrInvalidSentBytes), but the big problem is that the message is repeated. I don’t want that!

Having a Python and Java background, exception hierarchies are a well understood concept I’m trying to use here. While typing this long message it occurs to me that this is probably the issue here. Anyways, I thought, I just create a ParseError type, that can hold a custom message and some causing error (one of the three ErrInvalid* above). The custom message is then returned at Error() and the wrapped cause will be matched in Is(…). I then just return a ParseError{fmt.Sprintf("invalid sent bytes '%s'", sentBytes), ErrInvalidSentBytes}, but that looks super weird.

I probably need to scrap the “parent error” ParseError and make all three “suberrors” three dedicated error types implementing Error() string methods where I create a useful error messages. Then the caller probably could just errors.Is(err, InvalidSentBytesError{}). But creating an instance of the InvalidSentBytesError type only to check for such an error category just does feel wrong to me. However, it might be the way to do this. I don’t know. To be tried. Opinions, anyone? Implementing a whole new type is some effort, that I want to avoid.

Alternatively just one ParseError containing an error kind enumeration for InvalidFormat and friends could be used. Also seen that pattern before. But that would then require the much more verbose var parseError ParseError; if errors.As(err, &parseError) && parseError.Kind == InvalidSentBytes { … } or something like that. Far from elegant in my eyes.

This repository contains all the Incident Response Playbooks and Workflows of Company’s SOC [https://gitlab.com/syntax-ir/playbooks]

Webb
⌘ Read more

@movq@www.uninformativ.de

If Subject contains the full twt, then you can skim over conversations just by reading those lines in mutt’s index pager

Yes, I do the same, true.

So I decided: Okay, let’s have mutt do it.

And Mutt does it well. I agree it was/is a good idea.

The subject lines are already “compressed”

I noticed, yes.

I am not sure why I asked to begin with; in retrospect, in was a silly request. Perhaps the OCD in me got triggered while viewing rich headers, on a specific twt, when I saw the huge subject line that is, otherwise, always hidden.

Anyway, don’t mind me, move along. 😂

new writing format: monochrome indexed gif files containing images of writing.

@oevl@twtxt.net @prologic@twtxt.net (#) for the most part a subject is just the content in the perens. Usually it’s a tag. It appears near the start after any mentions. It can also contain text like (re: subjects)

@prologic@twtxt.net Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.