So, who’s doing Advent of Code? Had some fun this morning:

Image

And how should we handle spoilers here on twtxt? base64? 😅

all of the software sucks, but i have a solution! we’ll write even more software! get more people involved, make it the Ideal Career, then we can write AL̵L̴ O̵F TH̨E ̧C̀ODE̷S. mountains of shitty garbage that kind-of does the thing. software will still suck, but T͜HE̕N oh then we can write compilers that let us run the old shitty code inside of our mountain of new shitty code. now all of the code is in a giant pile and we’re using it to control space ships that definitely never crash. the more code the better! we can represent NaN easily in undefined systems! developers aren’t particularly bright, so the language is simple and easy for them to understand. we know this, that’s why it was made this way. the͡ moun͢tain ͠m̵us͜t ͠nȩver̢ ̴wa̡ve̴r̵. the more code the better. so instead of writing the code manually we c̴ómpilę t͞or̸t̕u͜red so̷u͜ls ͏i͞n͞to͝ ͟nice ͢b̀l̷oxe̡ls ̸of͠ ̸t̶an̡g͜l̀ed ͞n̢eu͏ra̡l͠ ̕ne̢t͏w͟orkś.̸ w̨e d͠on’t́ know how i̵t ̷w͟ork̡s, ̴but ̷t̴he model̢ ̶is̛ 5̛0GiB ́s̶o ͟i͞t s͞e͘rve͟s ̴tḩe̛ purpośe. WE̕ M͠US̴T B͢U̢ILD ͝T͞HE MO͝UN̶T̨A̵IN.

Want to help improve the shoddy code?

@aelaraji@aelaraji.com icons at the top are badly organised while on mobile. About the speed, that’s using a shoddy PHP code, it would be slow even when running in a quantum computer. :’-D

Thank you, @eapl.me@eapl.me! No need to apologize in the introduction, all good. :-)

Section 3: I’m a bit on the fence regarding documenting the HTTP caching headers. It’s a very general HTTP thing, so there is nothing special about them for twtxt. No need for the Twtxt Specification to actually redo it. But on the other hand, a short hint could certainly help client developers and feed authors. Maybe it’s thanks to my distro’s Ngninx maintainer, but I did not configure anything for the Last-Modified and ETag headers to be included in the response, the web server just already did it automatically.

The more that I think about it while typing this reply, the more I think your recommendation suggestion is actually really great. It will definitely beneficial for client developers. In almost all client implementation cases I’d say one has to actually do something specifically in the code to send the If-Modified-Since and/or If-None-Match request headers. There is no magic that will do it automatically, as one has to combine data from the last response with the new request.

But I also came across feeds that serve zero response headers that make caching possible at all. So, an explicit recommendation enables feed authors to check their server setups. Yeah, let’s absolutely do this! :-)

Regarding section 4 about feed discovery: Yeah, non-HTTP transport protocols are an issue as they do not have User-Agent headers. How exactly do you envision the discovery_url to work, though? I wouldn’t limit the transports to HTTP(S) in the Twtxt Specification, though. It’s up to the client to decide which protocols it wants to support.

Since I currently rely on buckket’s twtxt client to fetch the feeds, I can only follow http(s):// (and file://) feeds. But in tt2 I will certainly add some gopher:// and gemini:// at some point in time.

Some time ago, @movq@www.uninformativ.de found out that some Gopher/Gemini users prefer to just get an e-mail from people following them: https://twtxt.net/twt/dikni6q So, it might not even be something to be solved as there is no problem in the first place.

Section 5 on protocol support: You’re right, announcing the different transports in the url metadata would certainly help. :-)

Section 7 on emojis: Your idea of TUI/CLI avatars is really intriguing I have to say. Maybe I will pick this up in tt2 some day. :-)

@prologic@twtxt.net yeah I’ve played with it for a bit and read through the code hoping I could steal some of your regex. I’m trying to up my awk(1p) game but failing miserably. 😆

Spent some time cleaning up my AoC code to get ready for December 1st. Anyone else doing it this year? @prologic@twtxt.net we have to setup a new team each year?

Hm, seems i breaking something in twet code for handling mentions

Honestly… not much. Have abandon two projects (both private) on Golang and one related to cryptography. My mostly languages are Python and Javascript (also can PHP). After writing code on Go i spend same time on fixing dumb errors

I am reminded of this when I look at entire forks of vscode just to add a LLM code completion assistant.

I share I did write up an algorithm for it at some point I think it is lost in a git comment someplace. I’ll put together a pseudo/go code this week.

Super simple:

Making a reply:

1. If yarn has one use that. (Maybe do collision check?)
   
2. Make hash of twt raw no truncation.
   
3. Check local cache for shortest without collision
   
   • in SQL: select len(subject) where head_full_hash like subject || '%'
     

Threading:

1. Get full hash of head twt
   
2. Search for twts
   
   • in SQL: head_full_hash like subject || '%' and created_on > head_timestamp
     

The assumption being replies will be for the most recent head. If replying to an older one it will use a longer hash.

stick computers, to snugly fit in reclaimed plastic tubes/containers #halfbaked #coding #programming #embedded #electronics

today I wrote a CV sequencer in VoodooAssembly for work O__O #coding #programming #embedded

Sharing the comments of the poll (anonymous so I have no idea whom the comments are from):

your poll should include questions about markdown. personally i think inline bits like style, links, images are yes. block quotes, code blocks, bullet lists are mid. but tables and footnotes are no.

Yes sorry about this, I wasn’t able to change much after publishing the poll 😅

@david@collantes.us Well, I wouldn’t recommend using my code for your main jenny use anyway. If you want to try it out, set XDG_CONFIG_HOME and XDG_CACHE_HOME to some sandbox directories and only run my code there. If @movq@www.uninformativ.de is interested in any of this getting upstreamed, I’d be happy to try rebasing the changes, but otherwise it’s a proof of concept and fun exercise.

BTW this code doesn’t incorporate existing twts into jenny’s database. It’s best used starting from scratch. I’ve been testing it using a custom XDG_CACHE_HOME and XDG_CONFIG_HOME to avoid messing with my “real” jenny data.

I wrote some code to try out non-hash reply subjects formatted as (replyto ), while keeping the ability to use the existing hash style.

I don’t think we need to decide all at once. If clients add support for a new method then people can use it if they like. The downside of course is that this costs developer time, so I decided to invest a few hours of my own time into a proof of concept.

With apologies to @movq@www.uninformativ.de for corrupting jenny’s beautiful code. I don’t write this expecting you to incorporate the patch, because it does complicate things and might not be a direction you want to go in. But if you like any part of this approach feel free to use bits of it; I release the patch under jenny’s current LICENCE.

Supporting both kinds of reply in jenny was complicated because each email can only have one Message-Id, and because it’s possible the target twt will not be seen until after the twt referencing it. The following patch uses an sqlite database to keep track of known (url, timestamp) pairs, as well as a separate table of (url, timestamp) pairs that haven’t been seen yet but are wanted. When one of those “wanted” twts is finally seen, the mail file gets rewritten to include the appropriate In-Reply-To header.

Patch based on jenny commit 73a5ea81.

https://www.falsifian.org/a/oDtr/patch0.txt

Not implemented:

• Composing twts using the (replyto …) format.
  
• Probably other important things I’m forgetting.

I’m not advocating in either direction, btw. I haven’t made up my mind yet. 😅 Just braindumping here.

The (replyto:…) proposal is definitely more in the spirit of twtxt, I’d say. It’s much simpler, anyone can use it even with the simplest tools, no need for any client code. That is certainly a great property, if you ask me, and it’s things like that that brought me to twtxt in the first place.

I’d also say that in our tiny little community, message integrity simply doesn’t matter. Signed feeds don’t matter. I signed my feed for a while using GPG, someone else did the same, but in the end, nobody cares. The community is so tiny, there’s enough “implicit trust” or whatever you want to call it.

If twtxt/Yarn was to grow bigger, then this would become a concern again. But even Mastodon allows editing, so how much of a problem can it really be? 😅

I do have to “admit”, though, that hashes feel better. It feels good to know that we can clearly identify a certain twt. It feels more correct and stable.

Hm.

I suspect that the (replyto:…) proposal would work just as well in practice.

@quark@ferengi.one It looks like the part about traditional topics has been removed from that page. Here is an old version that mentions it: https://web.archive.org/web/20221211165458/https://dev.twtxt.net/doc/twtsubjectextension.html . Still, I don’t see any description of what is actually allowed between the parentheses. May be worth noting that twtxt.net is displaying the twts with the subject stripped, so some piece of code is recognizing it as a subject (or, at least, something to be removed).

@aelaraji@aelaraji.com this is my change on main.go (but it can be done on a template now, so no reason to touch the code):

                                 <time class="dt-published" datetime="{{ $twt.Created | date "2006-01-02T15:04:05Z07:00" }}">
                                        {{ $twt.Created | date "2006-01-02 15:04:05 MST" }}
                                  </time>

See https://ferengi.one. I am going to further customise things, but that’s a start.

@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

maybe i’m overly restrained when it comes to making changes in a codebase, but i do a lot of the work in my head before committing to code.

There is a bug in yarnd that’s been around for awhile and is still present in the current version I’m running that lets a person hit a constructed URL like

YOUR_POD/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin

and see a legitimate-looking page on YOUR_POD, with an HTTP code 200 (success). From that fake page you can even follow an external feed. Try it yourself, replacing “YOUR_POD” with the URL of any yarnd pod you know. Try following the feed.

I think URLs like this should return errors. They should not render HTML, nor produce legitimate-looking pages. This mechanism is ripe for DDoS attacks. My pod gets roughly 70,000 hits per day to URLs like this. Many are porn or other types of content I do not want. At this point, if it’s not fixed soon I am going to have to shut down my pod. @prologic@twtxt.net please have a look.

@lyse@lyse.isobeef.org ah, if only you were to finally clean up that code, and make that client widely available…! One can only dream, right? :-)

yeah its the same dude.

This project is verrrry alpha. all the configuration is literally in the code.

I love shell scripts because they’re so pragmatic and often allow me to get jobs done really quickly.

But sadly they’re full of pitfalls. Pitfalls everywhere you look.

Today, a coworker – who’s highly skilled, not a newbie by any means – ran into this:

$ bash -c 'set -u; foo=bar; if [[ "$foo" -eq "bar" ]]; then echo it matches; fi'
bash: line 1: bar: unbound variable

Why’s that happening? I know the answer. Do you? 😂

Stuff like that made me stop using shell scripts at work, unless they’re just 4 or 5 lines of absolutely trivial code. It’s now Python instead, even though the code is often much longer and clunkier, but at least people will understand it more easily and not trip over it when they make a tiny change.

pour faire mes cours, le générateur de grisse bouille est magique. https://framalab.org/gknd-creator/ . je découvre que je peux héberger le code source https://si3t.ch/tools/comicgen/. Reste donc à y déposer les images modèles qui me plaisent pour crréer des cours de sciences. Et bien évidemment, je ne peux m’empêcher de penser à <@peha@framapiaf.org> 👼

@prologic@twtxt.net I don’t think it’s your code. As you said in one of your commit comments, the internet is a hostile place! That’s partly why I reacted the way I did: all things considered it’s usually better to react quickly and clean up the mess later, then it is to wait and risk further damage. Anyway it sucks @xuu@txt.sour.is got caught up in it. Hopefully it’s all good now.

Some bad code just broke a billion Windows machines - YouTube – This is a really good accurate and comical take on what happened with this whole Crowdstrike global fuck up.

Regarding complexity budget, slow software, all that:

Very few people do take pride in building simple, elegant, high-quality systems, do they? Why is that? Why are huge shiny things with tons of features more attractive? 🤔

I never explicitly thought about this, to be honest. It was only at the back of my head. And I never tried to teach our younger “students” at work: “Hey, it’s a great achievement to build something simple and elegant. That’s something to be proud of!”

Worse, simple software is often described as “boring”. Yes, in a way, it is boring, because your brain doesn’t have to get into overdrive to understand it. But that’s exactly the point. And it’s hard to achieve that! Simple software isn’t just “fewer lines of code”, you have to be pretty clever to solve a problem in a simple and elegant way. So it’s something to be proud of.

Could this be an intuitive, emotional way to get more people on board the “simple software”-train? 🤔

@prologic@twtxt.net Hmm, yeah, hmm, I’m not sure. 😅 It all appears very subjective to me. Is 2k lines of code a lot or not?

I mean, I’m all for reducing complexity. 😅 I just have a hard time defining it and arguing about it. What I call “too complex”, others might think of as “just fine”. 🤔

After that talk about the Ladybird browser the other day, I see this article just pop up:

https://devclass.com/2024/07/03/ladybird-web-browser-project-now-funded-by-github-co-founder-promises-no-code-from-other-browsers/

Seems it’s gaining some recognition and support, I hope it can gain traction as we sure as anything need some genuine alternatives.

Base: 4.25 miles, 00:09:47 average pace, 00:41:35 duration
carrying on from code brown
#running #treadmill

Base: 1.75 miles, 00:09:42 average pace, 00:16:58 duration
had to stop for code brown.
#running #treadmill

@prologic@twtxt.net hey mate, all working well here so far. The login issue isn’t really an issue as far as actually logging in goes, rather if I get my password wrong it gives the response error code in console, the response of which contains the HTML for the wrong password page if you inspect it, but on the frontend itself nothing actually happens which is the confusion. Just stays on the login page as if it was never submitted. Am I alone in having this issue as well?

Should I just code in a work-around? If the Referer is /post then consider that total bullshit, and ignore? 🤔

Une semaine de merde, de l’écologie et un projet de code: https://si3t.ch/log/2024-05-31-traces-1.txt

Room Code
⌘ Read more

OK time to put this to the test, I ended up setting my $VISUAL env
{-here-} variable, so that jenny can launch neovim instead of plain old vi like
{-here-} it is instructed in the code. But as you can see, I still get these
{-here-} wired new lines every ~70th character (marked them with {-here-})

Added support for #tag clouds and #search to timeline. Based on code from @dfaria.eu@dfaria.eu🙏

Image

If AI coding machines become mainstream in less than ten years no human will be able to understand how any digital service works any more.

Even AI coding machines will need to rotate their access credentials every 90 days.

It not that easy @xuu@txt.sour.is since I implemented webmentions in a different way that how it have been done in yarnd to work with txt-files. You can find the code in webmention_endpoint.php and new_twt.php at main · sorenpeter/timeline

I wrote up a lab report on my daily to-do tracking “system”, mostly so I could stop thinking about it. The report is at http://a.9srv.net/reports/daily.pdf and the referenced code is at http://txtpunk.com/daily/index.html.

@shreyan@twtxt.net What do you mean when you say federation protocol?

• Either use webfinger for identity like mastodon etc. or use ATproto from Bluesky (or both?)

• We can use webmentions or create our own twt-mentions for notifying someones feed (WIP code at: https://github.com/sorenpeter/timeline/tree/webmention/views)

I’m not sure we need much else. I would not even bother with encryption since other platforms does that better, and for me twtxt/yarn/timeline is for making things public

I came across Google Summer of Code

This one looks interesting, I’ll apply soon, and perhaps is interesting for you as well
https://kiwix.org/en/google-summer-of-code/

Would ‘twtxt’ be a good project for the next one? 🤔

Pinellas County - Tempo: 6.26 miles, 00:08:33 average pace, 00:53:29 duration
whew, it was a tough one. very little sleep from working late last night and an early morning for my son’s coding club. it was a pleasant run, but it really took the energy out of me.
#running

Je ne sais plus si j’en avais parlé, mais j’ai écrit un petit script pour m’envoyer par mail les pages que j’aimerais lire plus tard. Pour éviter de les perdre, elles sont aussi enregistrée sur archive.org. https://si3t.ch/code/soulcoud/

“no-code” and “low-code” is still someone else’s code.

when writing a new tool/software, write doc first, explaining how it works. Then, actually writing the code is much easier :)