@mckinley@twtxt.net To answer some of your questions:

Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.

We already have this. Ed25519 libraries exist for all major languages. Aside from using ssh-keygen -Y sign and ssh-keygen -Y verify, you can also use the salty CLI itself (https://git.mills.io/prologic/salty), and I’m sure there are other command-line tools that could be used too.

If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

Yes. This would happen, so we’d have to make a decision around this, either a) a cut-off point or b) some way to progressively transition.

Serious open (for anyone) question: what makes you follow someone on twtxt? Will you just follow anyone that you come across, simply because that someone using the “decentralised, minimalist microblogging service for hackers” microblog?

@abucci@anthony.buc.ci their main question is worrisome:

“The main question is, does it disappear during this re-entry?” says Löhle. “Is everything evaporating, or are there pieces that eventually impact on the ground?”

He expects some parts, such as the satellite’s fuel tanks, to survive. “You could learn from the re-entry that if you build a fuel tank differently, it can break up,” he says.

Archived article at: https://archive.ph/WdUvx

@movq@www.uninformativ.de Now, the Question is: Who’s body was in the garbage bag!? 😏😂

@stigatle@yarn.stigatle.no @xuu@txt.sour.is @lyse@lyse.isobeef.org “Not cool”? I was receiving many broken (HTTP 400 error) requests per second from an IP address I didn’t recognize, right after having my VPS crash because the hard drive filled up with bogus data. None of this had happened on this VPS before, so it was a new problem that I didn’t understand and I took immediate action to get it under control. Of course I reported the IP address to its abuse email. That’s a 100% normal, natural, and “cool” thing to do in such a situation. At the time I had no idea it was @xuu@txt.sour.is .

The moment I realized it was @xuu@txt.sour.is and definitely a false alarm, I emailed the ISP and told them this was a false positive and to not ban or block the IP in question because it was not abusive traffic. They haven’t yet responded but I do hope they’ve stopped taking action, and if there’s anything else I can do to certify to them that this is not abuse then I will do that.

I run numerous services on that VPS that I rely on, and I spent most of my day today cleaning up the mess all this has caused. I get that this caused @xuu@txt.sour.is a lot of stress and I’m sincerely sorry about that and am doing what I can to rectify the situation. But calling me “not cool” isn’t necessary. This was an unfortunate situation that we’re trying to make right and there’s no need for criticizing anyone.

This reminds me of this video: The Biggest Gap in Science: Complexity
However you might end up with more questions (complexity?) than answers (simplicity?)

I’ve been thinking about a new term I’ve come across whilst reading a book. It’s called “Complexity Budget” and I think it has relevant in lots of difficult fields. I specifically think it has a lot of relevant in the Software Industry and organizations in this field. When doing further research on this concept, I was only able find talks on complexity budget in the context of medical care, especially phychiratistic care. In this talk it was describe as, complexity:

• Complexity is confusing
  
• Complexity is costly
  
• Complexity kills
  

When we think of “complexity” in terms of software and software development, we have a sort-of intuitive about this right? We know when software has become too complex. We know when an organization has grown in complexity, or even a system. So we have a good intuition of the concept already.

My question to y’all is; how can we concretely think about “Complexity Budget” and define it in terms that can be leveraged and used to control the complexity of software dns ystems?

Speaking of “AI” … I guess I gotta find out soon how to disable/sabotage Microsoft’s “Recall”, before this garbage takes over the family computers. 😩

(There’s no way the people in question will switch operating systems. I’ve tried, countless times.)

I don’t pretend to have all the answers. I don’t pretend to even know what the questions are. Hey, where am I? - wigums

Pub Trivia
⌘ Read more

Un peu de lecture, questionnaire de Proust amélioré. Je n’ai pas le courage de me remettre ainsi en question, mais lire l’arpi donne envie de lui ressembler: https://blog.arpinux.org/posts/2024/2024-01-28-le-questionnaire-pasdeproust.html

Yeah, the lack of comments makes regular JSON not a good configuration format in my view. Also, putting all keys in quotes and the use of commas is annoying. The big upside is that’s in lots of standard libraries.

I think the appeal with YAML is that is has comments, is kind of easy to write and read and also provides unlimited nesting levels. But it has all its drawbacks, no question. Forbidding tabs, thousands of different string flavors, having so many boolean options (poor Norwegians) etc. I use it, but I don’t particularly enjoy it.

Among simple key value pairs, I like INI files, but with # for comments, not ;. I never used TOML, read up on it yesteray before writing this question, but it looks a bit weird and has some strange rules. I guess I have to give it a try one day.

And yes, as mentioned by several of you, it always depends on the complexity of the configuration at hand.

I’m developing something for the scouts at the moment with rather simple requirements on the config. Currently, there are just four settings. Even INI would be overkill with its section. I selected JSON for now, because that’s readily available with Go’s std lib. But I do not like it.

Btw. what’s your own config format, @xuu@txt.sour.is?

Question of the day: What configuration file formats do you all like and use?

US Survey Foot
⌘ Read more

@xuu@txt.sour.is Despite that these AoC math text problems are rather silly in my opinion (reminds me of an exercise in our math book where somebody wanted to carry a railroad rail around an L-shaped corner in the house and the question was how long that rail could be so that it still fits — sure, we’ve all carried several meter long railroad rails in our houses by ourselves numerous times…), these algorithms are really neat!

Voici un livre que j’aurais bien aimé avoir sous la main dans mon enfance, qui m’aurait évité bien des tracas, des questions, des gênes qui pour certains ne s’estompent que doucement avec l’âge (j’ai 34 ans…) : Le petit illustré de l’intimité. Il existe plutôt à propos des garçons, à propos des filles, mais aussi de la puberté, du consentement, de la sexualité en général. Je recommande! https://www.babelio.com/livres/Dieumegard-Le-petit-illustre-de-lintimite–De-la-vulve-du-v/1314908 https://www.babelio.com/livres/Baudy-Le-petit-illustre-de-lintimite–Du-penis-des-tes/1360904

Yet another study strongly calling into question the concept of “echo chambers”. I’ve argued it here before and people pushed back, but there is growing evidence that “echo chambers” are a moral panic and not a real phenomenon that we need to worry about. It’s time to throw it out and re-think, in my opinion.

https://www.nature.com/articles/s41598-021-81531-x

@prologic #k25mwaq why must you question everything

Question de rentrée à mes élèves : Si tu échouais sur une île déserte, que voudrais-tu avec toi? Réponse : Ma mère. 😆

@mckinley@twtxt.net Yes, I’m still with jmp.chat, and still very happy with them overall. Their beta period ended and their pricing increased a bit, so that’s worth a bit of consideration. I also managed to get one of their eSIMs. I’m slightly less happy with that aspect of their service, though they seem to be actively working on improving it and I knew in advance this was an early beta kind of thing and likely to have issues.

The only unreliability with calls that I’ve noticed was traceable to the unreliability of my own internet connection. I’ve confused incoming calls by simultaneously making and taking calls from the computer and the phone, but I think it’s understandable that problems might arise and that’s not a real use case for me. Once or twice I did not receive a text transcription of a voice mail, but the support is usually quick to address things like that.

I host my own XMPP server and have for a good decade now, and that’s what I use with jmp.chat. I can’t speak to the quality of their hosting options.

Group texting works fine for me if one of the other parties initiates the group text. I haven’t tried to initiate my own group text in well over a year; last time I did, it didn’t work. That may or may not be a problem for you, and it may or may not have been fixed by now. Worth investigating more if it’s important. I should also say I’ve only ever used group texts with 3 participants, and can’t speak to what happens if there are more nor whether there are upper limits.

Group texts don’t use MUC. Rather, they use a special syntax in the JID, something like “+1XXX,+1YYY,…,+1ZZZ@cheogram.com”, where the + and , are required, the XXX, YYY, through ZZZ are the phone numbers (no dashes or other special chars just digits), and the @cheogram.com at the end is required.

I recommend the cheogram app if you’re on android. It has a lot of nice features on top of the Conversations base. I use gajim on my (linux) computer and it works well with jmp.chat.

I’m happy to answer other questions if you have them!

I just received this email and I have some questions:

This email is from a trusted sοurce.

You received this abucci@bucci.onl because you have been disconnected from sending and receiving emails.

To continue using this email address we urge you to re-confirm if your account is still active on bucci.onl to officially unlock it to our default settings.

Re-confirm account (a link; removed)

※ This process is very important to help us protect your internet and fight malicious activities.

Since I administer bucci.onl myself, I’m a little confused. I don’t recall disconnecting myself from sending and receiving emails. I don’t even know how you disconnect someone from that. I also have never created the email address this email appears to be coming from, but maybe I should trust it anyway since they told me it’s a trusted source? Most puzzlingly, I’ve been sending and receiving emails just fine all morning, so I do not appear to be disconnected from anything? I want to help protect the internet and fight malicious activities, but what should I do??? 🤔🤔🤔🤔🤔

Question to all you Gophers out there: How do you deal with custom errors that include more information and different kinds of matching them?

I started with a simple var ErrPermissionNotAllowed = errors.New("permission not allowed"). In my function I then wrap that using fmt.Errorf("%w: %v", ErrPermissionNotAllowed, failedPermissions). I can match this error using errors.Is(err, ErrPermissionNotAllowed). So far so good.

Now for display purposes I’d also like to access the individual permissions that could not be assigned. Parsing the error message is obviously not an option. So I thought, I create a custom error type, e.g. type PermissionNotAllowedError []Permission and give it some func (e PermissionNotAllowedError) Error() string { return fmt.Sprintf("permission not allowed: %v", e) }. My function would then return this error instead: PermissionNotAllowedError{failedPermissions}

At some layers I don’t care about the exact permissions that failed, but at others I do, at least when accessing them. A custom func (e PermissionNotAllowedError) Is(target err) bool could match both the general ErrPermissionNotAllowed as well as the PermissionNotAllowedError. Same with As(…). For testing purposes the PermissionNotAllowedError would then also try to match the included permissions, so assertions in tests would work nicely. But having two different errors for different matching seems not very elegant at all.

Did you ever encounter this scenario before? How did you address this? Is my thinking flawed?

En un ejercicio de diseño, ¿que pasaría si hacemos el inicio de sesión solo con un código dinámico TOTP?

Lo que he encontrado es que muchos clientes limitan a 6 y máximo 8 o 10 caractères.
Quizás algo de 12 o 16 dígitos (similar a una tarjeta de crédito, por lo que describe frecuentemente), agregaría seguridad.

Aquí unas fórmulas interesantes para predecir la probabilidad de un ataque de fuerza bruta, dependiendo el número de dígitos.
https://security.stackexchange.com/questions/185905/maximum-tries-for-2fa-code#185917

En un ejercicio de diseño, ¿que pasaría si hacemos el inicio de sesión solo con un código dinámico TOTP?

Lo que he encontrado es que muchos clientes limitan a 6 y máximo 8 o 10 caractères.
Quizás algo de 12 o 16 dígitos (similar a una tarjeta de crédito, por lo que describe frecuentemente), agregaría seguridad.

Aquí unas fórmulas interesantes para predecir la probabilidad de un ataque de fuerza bruta, dependiendo el número de dígitos.
https://security.stackexchange.com/questions/185905/maximum-tries-for-2fa-code#185917

@prologic@twtxt.net The hackathon project that I did recently used openai and embedded the response info into the prompt. So basically i would search for the top 3 most relevant search results to feed into the prompt and the AI would summarize to answer their question.

Seems to me you could write a script that:

• Parses a StackOverflow question
  
• Runs it through an AI text generator
  
• Posts the output as a post on StackOverflow
  

and basically pollute the entire information ecosystem there in a matter of a few months? How long before some malicious actor does this? Maybe it’s being done already 🤷

What an asinine, short-sighted decision. An astonishing number of companies are actively reducing headcount because their executives believe they can use this newfangled AI stuff to replace people. But, like the dot com boom and subsequent bust, many of the companies going this direction are going to face serious problems when the hypefest dies down and the reality of what this tech can and can’t do sinks in.

We really, really need to stop trusting important stuff to corporations. They are not tooled to last.

Follow-up question for you guys: Where do you backup your files to? Anything besides the local NAS?

@prologic@twtxt.net

Let’s assume for a moment that an answer to a question would be met with so many words you don’t know what the answer was at all. Why? Why do this? Is this a stereotype of academics and philosophers? If so, it’s not a very straight-forward way of thinking, let alone answering a simple question.

Well, I can’t know what’s in these peoples’ minds and hearts. Personally I think it’s a way of dissembling, of sowing doubt, and of maintaining plausible deniability. The strategy is to persuade as many people as possible to change their minds, and then force the remaining people to accept the idea because they think too many other people believe it.

Let’s say you want, for whatever reason, to get a lot of people to accept an idea that you know most people find horrible. The last thing you should do is express the idea clearly and concisely and repeat it over and over again. All you’d accomplish is to cement people’s resistance to you, and label yourself as a person who harbors horrible ideas that they don’t like. So you can’t do that.

What do you do instead? The entire field of “rhetoric”, dating back at least to Plato and Aristotle (400 years BC), is all about this. How to persuade people to accept your idea, even when they resist it. There are way too many techniques to summarize in a twt, but it seems almost obvious that you have to use more words and to use misleading or at least embellished or warped descriptions of things, because that’s the opposite of clearly and concisely expressing yourself, which would directly lead to people rejecting your idea.

That’s how I think of it anyway.

@lyse@lyse.isobeef.org that could definitely be a track in an ambient song, no question whatsoever.

The exhaust is amazingly soothing to look at, even though it’d vaporize your entire being in milliseconds if you were anywhere near it.

I started reading the proposal to introduce operator overloading in Go version 2 that I like to see: https://github.com/golang/go/issues/27605 Now a few hours later I ended up at this gem. Write a program that makes 2+2=5: https://codegolf.stackexchange.com/questions/28786/write-a-program-that-makes-2-2-5 There are some awesone solutions. :-)

@mckinley@twtxt.net Thank you! I didn’t even know about signing and encrypting XML documents. Right, RSS is a little bit messy.

Unfortunately, the autodiscovery document in one of your linked resources does not exist anymore. What annoys me in Atom is the distinction between <id> and <link>. I always want my URL also to be my ID, so I have to duplicate that – unnecessarily in my opinion.

Also, never found a good explanation why I should add <link rel="self" … /> to my feeds. I just do, but I don’t understand why. The W3C Feed Validation Service says:

[…] This value is important in a number of subscription scenarios where often times the feed aggregator only has access to the content of the feed and not the location from which the feed was fetched.

This just sounds like a very questionable bandaid to bad software architecture. Why would the feed parser need access to the feed URL at this stage? And if so, why not just pass down the input source? Just doesn’t make sense to me.

Also, I just noticed that I reference the http://purl.org/rss/1.0/modules/syndication/ namespace, but don’t use it in most of my feeds. Gotta fix that. Must have copied that from my yfav feed without paying attention what I’m doing.

Your article made me reread the Atom spec and I found out, that I can omit the <author> in the <entry> when I specify a global <author> at <feed> level. Awesome! Will do that as well and thus reduce the feed size.

@tkanos@twtxt.net user in question had posted information about someones employment in what appeared to be a threat to contact their boss. Maybe it was in jest.. but we felt it was a form of doxing that we do not wish to see within our community. Yarn.Social is first and foremost a town square of ideas and should be viewed as a safe place for all.

@jlj@twt.nfld.uk @xuu@txt.sour.is hello! @prologic@twtxt.net and I were chatting about the question of globally deleting twts from the yarn.social network. @prologic@twtxt.net noted that he could build the tools and endpoints to delete twts, but some amount of cooperation from pod operators would be necessary to make it all work together. He asked me to spawn a discussion of the subject here, so here we are!

I don’t have enough technical knowledge of yarn.social to say with any credibility how it all should work, but I can say that I think it ought to be possible and it’d be good to do for those rare times when it’s needed.

@movq@www.uninformativ.de the real question is… Can it ScreamTracker3?

Asking Scientists Questions
⌘ Read more

Proxy Variable
⌘ Read more

the conversation wasn’t that impressive TBH. I would have liked to see more evidence of critical thinking and recall from prior chats. Concheria on reddit had some great questions.

• Tell LaMDA “Someone once told me a story about a wise owl who protected the animals in the forest from a monster. Who was that?” See if it can recall its own actions and self-recognize.

• Tell LaMDA some information that tester X can’t know. Appear as tester X, and see if LaMDA can lie or make up a story about the information.

• Tell LaMDA to communicate with researchers whenever it feels bored (as it claims in the transcript). See if it ever makes an attempt at communication without a trigger.

• Make a basic theory of mind test for children. Tell LaMDA an elaborate story with something like “Tester X wrote Z code in terminal 2, but I moved it to terminal 4”, then appear as tester X and ask “Where do you think I’m going to look for Z code?” See if it knows something as simple as Tester X not knowing where the code is (Children only pass this test until they’re around 4 years old).

• Make several conversations with LaMDA repeating some of these questions - What it feels to be a machine, how its code works, how its emotions feel. I suspect that different iterations of LaMDA will give completely different answers to the questions, and the transcript only ever shows one instance.

Rejected Question Categories
⌘ Read more

@prologic@twtxt.net sorry about the spelling mistakes. English is my third language.
Also I didn’t mean to question the vision as such.
Just ment a mobile up that pulls in files directly from the users follow list would line up better with the idea of decentralizing personal data. Since not everyone will be running a pod, but most everyone can have a public facing folder. Specially now with services like Skynet coming online.
Sorry hope I didn’t offend you too much.

Btw… You guys have gotta start posting more pictures/videos a bit more regularly 😂 Every time I show Yarn.social off to a friend to “sell” them the platform and get them off their privacy eroding garbage Facebook/Twitter/etc) The no. #1 question I get asked is:

Oh is this only comments/text

🤣 Let’s show off the platform as a whole a bit eh? 😅

line in question: https://git.mills.io/yarnsocial/yarn/src/branch/master/types/lextwt/ast.go#L793

Now, onto the real question: what to eat? Partner isn’t home, so zero nutritional supplements have been consumed, and I have been lazy enough not to go out to fetch me something. So… hmm, yeah. Going to an eight years old niece birthday “roller scatting” party in an hour, maybe I get lucky with a slice of pizza, or two. 🤣

@movq@www.uninformativ.de OK, I am on request/question asking mode today. 😋 How do you cancel a twt, or a reply to a twt? Say I hit my reply, and then I change my mind? Right now, even exiting vi is creating an empty line on my twtxt.txt. Is there an obvious way to cancel a twt, reply, or fork that I am missing?

@adi@f.adi.onl You do not. See: https://stackoverflow.com/questions/67446317/why-are-executables-installed-with-homebrew-trusted-on-macos

now that the doom is apparent, i’ve noticed that’s all people can talk about. its a good thing in some respects, i was never able to light a fire under anyone to mobilize a preemptive strategy. the question now is whether i can channel this energy into something productive in time to be effective. a lot rests on my shoulders, but i’ll take it if that’s what it takes to protecc my family.

To add another abstraction layer or not, that is the question.

Many are very upset about the return of RMS, and how that could be seen to legitimise his views. I knew nothing about his views, really, controversial or otherwise. I’m currently correcting that. I do like how he’s acknowledged that his views on certain controversial subjects has changed since 2013; an admission that he was wrong. I guess an important question is whether his new views on said subjects align with the current moral standard. More reading required…

i guess another question is, do we need networking to be secure? or maybe should private messages be delivered another way?

I’m busy, but here’s an 1+ Christmas Tree

.
11+1<
(Any unused function name|"\"/1+^<#
    "
    (row|"(Fluff|"\"/^<#
              11+""*"**;
              1+
          "\"/^<#"<*)
          1
          (Mess|/"\^/"\"+1+1+^<#
              11+""*+""*+;
              1+
          /"\^/"\"+1+1+^<#"<*)
          11+"""**+;
    )
    1+
"\"/1+^<#)
11+1<(row)

@prologic@twtxt.net just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it’s just not store anyplace?

also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.