By using scp I can see just how fast my updates are published to the WWW.

I salute you, who can remember Vim’s copy paste commands without using a cheatsheet.

So Youtube rea really cracking down on Ad-blockers. The new popup is a warning saying you can watch 3 videos before you can watch no more. Not sure for how long. I guess my options are a) wait for the ad-blockers to catch-up b) pay for Youtube c) Stop using Youtube.

I think I’m going with c) Stop using Youtube.

Está muy meta, aunque bueno… Te invito a que tu también uses twtxt
https://text.eapl.mx/microbloguea-por-twtxt

Using the CLI to be in-dis-tractable

I will have to host something like this, a mail hosting service. I like mail. Clever use of mblaze <3. https://codemadness.org/mailservice.html

@prologic@twtxt.net I have seen these screen shots. But have not yet seen them in actuality. I use ublockOrigin. Maybe it gets these too unlike adblock.

For android I have revanced.. The only place I get ads is on TV. I haven’t found a replacement there.

Oh okay, so Youtube is cracking down on “Ad Blockers”.

Image

Image

Great, with ‘|’ key, one can pipe the #w3m buffer to any script. That will be sooo useful :)

@prologic@twtxt.net I do similar. Though probably much more simple.. I have CGNAT and use wireguard to VMs to punch through for stuff like HTTP/SSH from external.

And for SMTP I have smart hosts on the VMs that will store anf forward to my mailbox if the connection goes down.

@prologic@twtxt.net I find the L2 mode where you have one interface and multiple hosts to be tricky. Its best if you are trying to make a full mesh style. But then all hosts need to be able to see one another.

I have had more success using point-to-point connections where there are only two ends to each interface. It means you have a ton of interfaces and udp ports. but you can share the host IP across the interfaces. Add to that a simple router proto ala OSPF or RIP and you can navigate around not having a full meshnet.

I have dozens of localnet wireguard connections and many more connections to others that use bgp for route propagation.

I’ll shut down this instance soon, I want to say thanks to all of you, especially @prologic@twtxt.net . It’s been fun here, but I do not spend much time here anymore - cutting down on the things I host and use \ spend time on etc.

I’ve been using activitypub more - since it’s more or less replaced ‘x’ for me, and can be reached at:
@stigatle@activitypub.stigatle.no

Factorial Numbers
⌘ Read more

Urban Planning Opinion Progression
⌘ Read more

@prologic@twtxt.net

1. It’s criminal: Copilot was only possible because of massive theft of other peoples’ work (no compensation or even acknowledgement to any of the developers whose code was used to create Copilot)
   
2. It’s positioned to put software developers out of work or so fully de-skill them that they no longer know how to code anything but prompts (after which come corporate-justified salary and benefits decreases)
   

Don’t use it. No one should ever use it. You’re destroying your own future as a software developer by leaning on and supporting these things.

@prologic@twtxt.net I use FreeOTP+ from F-Droid and it does what I need. It may be considered bad practice but I do use the import/export functionality to sync devices.

@prologic@twtxt.net do not use it, but gave it a try early on and was not impressed. it gave a good outline of what I asked but then unreliably dorked up all the crucial parts.

I will say though if it is truly learning at the rate they say then it should be a good tool.

@prologic@twtxt.net nice. i can see this being used for testing scenarios as well at work.

How Google Authenticator made one company’s network breach much, much worse | Ars Technica

🤦‍♂

WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Google’s making, at scale.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.

Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being “multi” factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.

Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.

@eapl.me@eapl.me Hmmm interesting 🤔 Your trying to use 2FA as passwords? 🤔

Autumn and Fall
⌘ Read more

GPT-4 wins chatbot lawyer contest – but is still not as good as humans
Several AI chatbots were tested to see how well they could perform legal reasoning and tasks used by human lawyers in everyday practice – GPT-4 performed the best, but still wasn’t great ⌘ Read more

@prologic@twtxt.net I use the gmail webapp for work, and I have to say that over the years it’s gotten less and less usable. There are so many little usability things that it’s bad at. For instance, if you select a message and hit the Delete key nothing happens. The message is not put in the trash like you’d expect. There are issues like that scattered all over the app. I suspect they spend most of their energy on the spyware side of gmail and dedicate less to making it a useful app for end users (which seems to be true of their search engine too).

@adi@twtxt.net I think it is, and one benefit they have is that you can add third-party repositories to the F-Droid app as you discover them. So, for instance, if you know of a developer who pushes builds to an F-Droid compatible repository, you can add that to your F-Droid app and start tracking updates like you would for any other app in there. Can’t do that with Google Play!

F-Droid tends to focus on open source applications that can be built in a reproducible way, which limits the inventory (though of course tends to mean the apps are safer and don’t spy on you). There are non-free apps in there as well but they come with warnings so you’re informed about what you might be sacrificing by using them.

That said if you have a favorite app you get through Google Play, there’s a decent chance it won’t be in F-Droid. Many “big corporate” apps aren’t, and vendor-specific apps tend not to be either. But for most of the major functions you might want, like email clients, calendar apps, weather apps, etc etc, there are very good substitutes now in F-Droid. You’re definitely making a trade-off though.

What I did was go through the apps I had installed on my last phone, found as many substitutes in F-Droid as I could, started using those instead to see how they worked, and bit by bit replaced as much as I could from Google Play with a comparable app from F-Droid. I still have a few apps (mostly vendor-specific things that don’t have substitutes) that come from Google Play but I’m aiming to be rid of those before I need to replace this phone.

@prologic@twtxt.net I’ve had a Teracube phone for about 3 years now. Theirs comes with a guarantee of 4 years–if something that’s covered breaks, you send the phone to them and they fix it and send it back, or they send you a new one. I took advantage of that last year when the screen broke; their tech support even helped me figure out how to wipe the phone when the screen didn’t display anything. Pretty painless all around. Have to say I’ve been very happy with it. It doesn’t have the top-end features that new big company phones have, but I don’t want those features so that’s not an issue for me. I dunno if it’s available in Australia or if it’s just a US thing.

@adi@twtxt.net @prologic@twtxt.net It’s worth bearing in mind that

• Fairphone has taken a considerable amount of VC funding so, sooner or later, that bill will become due: (see: https://techcrunch.com/2023/01/31/fairphone-growth-capital-raise and https://www.crunchbase.com/organization/fairphone)
  
• Fairphone comes with Google Play apps by default, so it’s also a spyware vector (see: https://mastodon.ar.al/@aral/110978014080809471)
  

I used to have a lot of hope for them but these two ingredients mean that enshittification is virtually inevitable.

@prologic@twtxt.net Horseshit hype:

• AI that we have today cannot think–there is no cognitive capacity
  
• AI that we have today cannot be interviewed–“inter” “viewing” is two minds interacting, but AI of today has no mind, which means this is a puppet show
  
• AI today is not free–it’s a tool, a machine, hardly different from a hammer. It does what a human directs it to do and has no drives, desires, or autonomy. What you’re seeing here is a fancy Mechnical Turk
  

This shit is probably paid for by AI companies who desperately want us to think of the AI as far more capable than it actually is, because that juices sales and gives them a way to argue they aren’t responsible for any harms it causes.

@jmjl@tilde.green I’m sorry that I’m not super knowledgeable about alternatives to jmp.chat but I’ll tell you what I know.

You’re probably right about jmp.chat not working for you, at least as it is now. You can only get US and Canadian phone numbers through it last time I checked, so if you’re not in either of those countries you’d be making international calls all the time and people who wanted to call you would be making international calls too.

I’ve seen people talk about using SIP as an intermediary: you can bridge SIP-to-XMPP, and bridge SIP-to-PSTN (PSTN = “packet switched telephone network”, meaning normal telephone). You can skip the SIP-to-XMPP side if you’re comfortable using a SIP client. I don’t know very much about SIP or PSTN so I am not sure what to recommend, but perhaps this helps your search queries.

There are a fair number of services like TextNow that let you sign up for a real telephone number that you can then use via their app (I wouldn’t use TextNow–they had tons of spyware in their app). I don’t know if that kind of service works for you but if it does perhaps you’d be able to find one of them that isn’t horrible. This page (https://alternativeto.net/software/jmp-chat/) has a bunch of alternatives; I can’t vouch for any of them but maybe it’s a starting point if you want to go this route.

Good luck!

@mckinley@twtxt.net Yes, I’m still with jmp.chat, and still very happy with them overall. Their beta period ended and their pricing increased a bit, so that’s worth a bit of consideration. I also managed to get one of their eSIMs. I’m slightly less happy with that aspect of their service, though they seem to be actively working on improving it and I knew in advance this was an early beta kind of thing and likely to have issues.

The only unreliability with calls that I’ve noticed was traceable to the unreliability of my own internet connection. I’ve confused incoming calls by simultaneously making and taking calls from the computer and the phone, but I think it’s understandable that problems might arise and that’s not a real use case for me. Once or twice I did not receive a text transcription of a voice mail, but the support is usually quick to address things like that.

I host my own XMPP server and have for a good decade now, and that’s what I use with jmp.chat. I can’t speak to the quality of their hosting options.

Group texting works fine for me if one of the other parties initiates the group text. I haven’t tried to initiate my own group text in well over a year; last time I did, it didn’t work. That may or may not be a problem for you, and it may or may not have been fixed by now. Worth investigating more if it’s important. I should also say I’ve only ever used group texts with 3 participants, and can’t speak to what happens if there are more nor whether there are upper limits.

Group texts don’t use MUC. Rather, they use a special syntax in the JID, something like “+1XXX,+1YYY,…,+1ZZZ@cheogram.com”, where the + and , are required, the XXX, YYY, through ZZZ are the phone numbers (no dashes or other special chars just digits), and the @cheogram.com at the end is required.

I recommend the cheogram app if you’re on android. It has a lot of nice features on top of the Conversations base. I use gajim on my (linux) computer and it works well with jmp.chat.

I’m happy to answer other questions if you have them!

Ugh, ffs–the datasette project just added #ChatGPT garbage. Another seemingly nice piece of software and project that I need to stop using.

I guess I can be thankful they self-identify.

@New_scientist@feeds.twtxt.net No, Google does not predict this. “Google AI” has been self-promoting like this for decades. Remember when they used to brag that they could predict the onset of flu season weeks before it started? That silently went away because they got it badly wrong many times and people caught on to how bad their “predictions” actually were.

They can’t stop themselves. Anything about AI coming out of big tech companies these days is marketing, not real, and certainly not science.

@New_scientist@feeds.twtxt.net because of course they have.

Emily Bender, a computational linguistic and excellent critic of this generative AI nonsense, uses an analogy of an oil spill to characterize what is happening as a result of generative AI. It’s polluting the world with false information, false images, false “academic” articles, false books. The companies that create this stuff are not cleaning up their misinformation spill; they’re letting the mess spread all over. It’s being used to commit crimes, and that’ll only get worse. Just like an out of control oil spill will destroy entire ecosystems.

Tricks for making AI chatbots break rules are freely available online
Certain prompts can encourage chatbots such as ChatGPT to ignore the rules that prevent illicit use, and they have been widely shared on social platforms ⌘ Read more

Montana lawsuit: Young people win landmark climate change case
In a first-of-its-kind ruling, a court in Montana in the US sided with a group of young activists who said the state had violated their right to a “clean and healthful environment” ⌘ Read more

Car Wash
⌘ Read more

not exactly the same topic, although I found a wordlist useful to generate passphrases, for example with Bitwarden, 1password or Keepass

https://github.com/sts10/generated-wordlists/tree/main

Today I’m reading about how to save a copy of your secret keys outside a computer, using analog media, or sharing it by voice. For instance, for TOTP authenticators.

I found BIP39 coming from the crypto-wallets world:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

The user has to write down this passphrase

fragile mimic expect ketchup truth between thunder visit expose output powder derive process disagree razor
Which is carefully designed to be checksummed and it’s easy to say on a call

Finally deriving it into a set of bytes like

da39a3ee5e6b4b0d3255bfef95601890afd80709

Do you know some alternatives not related to cryptocurrencies? 🤔

here’s my old web page at Brandeis University

Coevolutionary algorithms typically explore domains in which no single evaluation function is present or known. For the purpose of selecting which individuals to maintain and vary, they instead rely on the outcomes of interactions between evolving entities.

I’ve been using variations of that same phrasing for a very long time–I wrote that web page circa 2005 maybe?

@prologic@twtxt.net Change your script to this:

#!/bin/sh

set -e

alias docker=podman

if [ ! command -v docker > /dev/null 2>&1 ]; then
  echo "docker not found"
  exit 1
fi

mkdir -p $HOME/.docker/certs.d/cas

## key stuff omitted

# DO NOT DO THIS docker context create cas --docker "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO THIS:
podman system connection add "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO NOT DO THIS docker context use cas
# DO THIS: 
podman system connection default cas

@prologic@twtxt.net

$ podman --docker                                                                                                                                                        
Error: unknown flag: --docker

Why are you using a flag that podman doesn’t have?

@prologic@twtxt.net I don’t understand what you’re saying. podman works with TLS. It does not have the “–docker” siwtch so you have to remove that and use the exact replacement commands that were in that github comment.

@prologic@twtxt.net My understanding is that podman can talk to the Docker Engine API. It’s just that the commands sometimes have different names in the podmanverse. I think–never used those features.

@prologic@twtxt.net I don’t get your objection. dockerd is 96M and has to run all the time. You can’t use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn’t use, and docker fucks with your network configuration right on install, which podman doesn’t do unless you tell it to.

That’s way fat as far as I’m concerned.

As far as corporate goes, podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they’ll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn’t change that it’s always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.

That’s way too corporate as far as I’m concerned.

I mean, all of this might not matter to you, and that’s fine! Nothing wrong with that. But you can’t have an alternate reality–these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.

@prologic@twtxt.net I had a feeling my container was not running remotely. It was too crisp.

podman is definitely capable of it. I’ve never used those features though so I’d have to play around with it awhile to understand how it works and then maybe I’d have a better idea of whether it’s possible to get it to work with cas.run.

There’s a podman-specific way of allowing remote container execution that wouldn’t be too hard to support alongside docker if you wanted to go that route. Personally I don’t use docker–too fat, too corporate. podman is lightweight and does virtually everything I’d want to use docker to do.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.

👋 Hello @coreybag@anthony.buc.ci, welcome to Buccipod, a Yarn.social Pod! To get started you may want to check out the pod’s Discover feed to find users to follow and interact with. To follow new users, use the ⨁ Follow button on their profile page or use the Follow form and enter a Twtxt URL. You may also find other feeds of interest via Feeds. Welcome! 🤗

@prologic@twtxt.net so what is the command to use? I did ssh -p 2222 GITHUB_USERNAME@cas.run help but that gives the same error. There’s something missing here.

@prologic@twtxt.net I do, but you didn’t specify in your twt that you needed to use a github account. I copy pasted the ssh command you posted verbatim!

[lang=en] By the way, have you played with Station on Gemini?

I like that using Gemtext, you can have a pretty decent microblogging platform. Imagine that with decentralization from twtxt. That sounds appealing to me!

Yep, that’s right, we have to use these tools in a proper way; terminal it’s not a friendly tool to use for this kind of stuff, on mobile devices, and web interfaces are prepared to bring us a confortable space.

Btw, I’m waiting for your php based client 😜 no pressure… 🤭