~22h to go for the 3rd #AdventOfCode puzzle (Day 3) 😅

Come join us!

👋 Hey you Twtxters/Yarners 👋 Let’s get a Advent of Code leaderboard going!

Join with 1093404-315fafb8 and please use your usual Twtxt feed alias/name 👌

Twtxt/Yarn AoC > Leaderboard

If anyone is doing advent of code this year i created a private leader board for twtxters! 3463928-93bf7cfa

Starting Advent of Code today, a day late but oh well 😅 Also going to start a Twtxt/Yarn leaderboard. Join with 1093404-315fafb8 and please use your usual Twtxt feed alias/name 👌

@eapl.me@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.

I think is part of the code by @eapl.me@eapl.me that I have based my project on. So try to ask him.

Gracias. Also the git repo now contain code that should actually work

Commentaire du code pour un service de lecture over ssh (et je me la pète au passage avec plein de liens #C ) : https://si3t.ch/log/2023-11-13-txtoverssh.c.txt gopher://si3t.ch/0/log/2023-11-13-txtoverssh.c.txt gemini://si3t.ch/log/2023-11-13-txtoverssh.c.txt http://6gvb6fzoxv72mtlpvr2fgj7ytpeggwuerdawspt24njlkwfxir6jncid.onion/log/2023-11-13-txtoverssh.c.txt gopher://of2w2p5f4hsslk63hmo6tid6r7inhlxuxviq4pb5cxg45enswpbrfjad.onion/0/log/2023-11-13-txtoverssh.c.txt gemini://b2khgkvb2wn4avjshjp63kknsjwikgwff5dwwydldia6qwf4kdnueyad.onion/log/2023-11-13-txtoverssh.c.txt ou encore ‘ssh lire@si3t.ch’ numéro 45.

Pinellas County - Base: 4.54 miles, 00:10:07 average pace, 00:45:57 duration
whoa humidity! had to cut it short for code brown.
#running

@prologic@twtxt.net

1. It’s criminal: Copilot was only possible because of massive theft of other peoples’ work (no compensation or even acknowledgement to any of the developers whose code was used to create Copilot)
   
2. It’s positioned to put software developers out of work or so fully de-skill them that they no longer know how to code anything but prompts (after which come corporate-justified salary and benefits decreases)
   

Don’t use it. No one should ever use it. You’re destroying your own future as a software developer by leaning on and supporting these things.

How Google Authenticator made one company’s network breach much, much worse | Ars Technica

🤦‍♂

WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Google’s making, at scale.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.

Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being “multi” factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.

Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.

Not a bad option, although now we need a phone with camera, a printer, a QR reader app, to name a few…
And don’t let get started with usability issues of QR codes (like restaurant menus)

My idea is to make it easy to backup keys with pen and paper 🖋 📄 without copying the hexadecimal string which is prone to error 👀

@eapl.me@eapl.me QR code printed on paper?

I’d love to read the original source code of this:

https://ecsoft2.org/t-tiny-editor

This was our standard editor back in the day, not an “emergency tool”. And it’s only 9kB in size … which feels absurd in 2023. 😅 The entire hex dump fits on one of today’s screens.

Being so small meant it had no config file. Instead, it came with TKEY.EXE, a little tool to binary-patch T.EXE to your likings.

Image

Image

Image

@New_scientist@feeds.twtxt.net hello @prologic@twtxt.net here’s another feed that’s spewing multiple copies of the same post. This one above is repeated 8 times. @awesome-scala-weekly@feeds.twtxt.net now has 13 copies of each post every week. This definitely looks like a bug in whatever code is generating these feeds, because the source feeds don’t have multiple copies of the original posts:

• Has 8 copies of the above post: https://feeds.twtxt.net/New_scientist/twtxt.txt
  
• Has only 1 copy of the above post: https://www.newscientist.com/feed/home/
  

I forget whether I filed an issue on this before, but can you tell me where I should do that?

I take it back. Excalidraw is like tldraw–you can integrate it into a Javascript front end if you want. Which means technically you could self-host it if you wanted, but you’d have to write your own front end code to embed it, and host that code somehow.

En un ejercicio de diseño, ¿que pasaría si hacemos el inicio de sesión solo con un código dinámico TOTP?

Lo que he encontrado es que muchos clientes limitan a 6 y máximo 8 o 10 caractères.
Quizás algo de 12 o 16 dígitos (similar a una tarjeta de crédito, por lo que describe frecuentemente), agregaría seguridad.

Aquí unas fórmulas interesantes para predecir la probabilidad de un ataque de fuerza bruta, dependiendo el número de dígitos.
https://security.stackexchange.com/questions/185905/maximum-tries-for-2fa-code#185917

En un ejercicio de diseño, ¿que pasaría si hacemos el inicio de sesión solo con un código dinámico TOTP?

Lo que he encontrado es que muchos clientes limitan a 6 y máximo 8 o 10 caractères.
Quizás algo de 12 o 16 dígitos (similar a una tarjeta de crédito, por lo que describe frecuentemente), agregaría seguridad.

Aquí unas fórmulas interesantes para predecir la probabilidad de un ataque de fuerza bruta, dependiendo el número de dígitos.
https://security.stackexchange.com/questions/185905/maximum-tries-for-2fa-code#185917

Preparing visuals for #Kune2023 by coding some new #shaders in #GLSL

Image

Image

Image

Image

Image

Image

Image

Image

Home | Tabby This is actually pretty cool and useful. Just tried this on my Mac locally of course and it seems to have quite good utility. What would be interesting for me would be to train it on my code and many projects 😅

Asleep at the Keyboard? Assessing the
Security of GitHub Copilot’s Code Contributions

40% of code produced by GitHub Copilot has at least one well-known security vulnerability, in the test reported in this paper.

@Planet_Jabber_XMPP@feeds.twtxt.net No. ChatGPT does not improve your code. Coding is thinking. You offloaded your thought to a machine. You will not be able to reproduce what the machine did for you if you don’t have the machine, so you learned nothing.

Erlang Solutions: How ChatGPT improved my Elixir code. Some hacks are included.
I have been working as an Elixir developer for quite some time and recently came across the ChatGPT model. I want to share some of my experience interacting with it.

During my leisure hours, I am developing an open-source Elixir initiative, Crawly, that facilitates the extraction of structured data from the internet.

Here I want to demonstrate how … ⌘ Read more

TornadoVM Continues Adapting Java OpenJDK/GraalVM For Heterogeneous Hardware
A new release of TornadoVM is now available, the open-source plug-in to OpenJDK and GraalVM to allow for Java code to run on heterogeneous hardware with ease – including various GPU models as well as FPGAs… ⌘ Read more

They haven’t written the federation code yet. Its literally run on the staging instance. People are paying to access the alpha. Though if you want a code to see what all the fuss is about there are a few with invites around here.

So the news is telling me, Bluesky is the hottest new decentralized thing, with parole waiting month to join, or buying invite codes of ebay, for thousands of dollars.

Yet there’s not one other instance out there, for people to join this decentralized paradise. Idk, just sounds a little sussy to me.

I know there was stems.social, but when people tried joining it, they cried “abuse” and shut it down - so no, it doesn’t count.

being immersed in gorgeous #nature makes me want to write elegant programs, I’m amazed by the underlying systems #coding #phylosophy

Went to the barber shop today. Got a nice talk and, surprisingly, my first “contract” to 3D print something. So, I spent the last hour reading about QR codes, versions and patterns and rescue data to embed an image in the centre of the code. Then it took me some time to convert it from a PNG to an SVG to an STL, so I can put it into Tinkercad to design the new plate. I now have a baseplate, a backplate with the QRCode & two smaller plates which I have to glue into placeholders on the backplate.

There is a “right” way to make something like GitHub CoPilot, but Microsoft did not choose that way. They chose one of the most exploitative options available to them. For that reason, I hope they face significant consequences, though I doubt they will in the current climate. I also hope that CoPilot is shut down, though I’m pretty certain it will not be.

Other than access to the data behind it, Microsoft has nothing special that allows it to create something like CoPilot. The technology behind it has been around for at least a decade. There could be a “public” version of this same tool made by a cooperating group of people volunteering, “leasing”, or selling their source code into it. There could likewise be an ethically-created corporate version. Such a thing would give individual developers or organizations the choice to include their code in the tool, possibly for a fee if that’s something they want or require. The creators of the tool would have to acknowledge that they have suppliers–the people who create the code that makes their tool possible–instead of simply stealing what they need and pretending that’s fine.

This era we’re living through, with large companies stomping over all laws and regulations, blatantly stealing other people’s work for their own profit, cannot come to an end soon enough. It is destroying innovation, and we all suffer for that. Having one nifty tool like CoPilot that gives a bit of convenience is nowhere near worth the tremendous loss that Microsoft’s actions in this instace are creating for everyone.

@carsten@yarn.zn80.net That’s a dissembling answer from him. Github is owned by Microsoft, and CoPilot is a for-pay product. It would have no value, and no one would pay for it, were it not filled with code snippets that no one consented to giving to Microsoft for this purpose. Microsoft will pay $0 to the people who wrote the code that makes CoPilot valuable to them.

In short, it’s a gigantic resource-grab. They’re greedy assholes taking advantage of the hard work of millions of people without giving a single cent back to any of them. I hope they’re sued so often that this product is destroyed.

I was listening to an O’Reilly hosted event where they had the CEO of GitHub, Thomas Dohmke, talking about CoPilot. I asked about biased systems and copyright problems. He, Thomas Dohmke, said, that in the next iteration they will show name, repo and licence information next to the code snippets you see in CoPilot. This should give a bit more transparency. The developer still has to decide to adhere to the licence. On the other hand, I have to say he is right about the fact, that probably every one of us has used a code snippet from stack overflow (where 99% no licence or copyright is mentioned) or GitHub repos or some tutorial website without mentioning where the code came from. Of course, CoPilot has trained with a lot of code from public repos. It is a more or less a much faster and better search engine that the existing tools have been because how much code has been used from public GitHub repos without adding the source to code you pasted it into?

I played around with parsers. This time I experimented with parser combinators for twt message text tokenization. Basically, extract mentions, subjects, URLs, media and regular text. It’s kinda nice, although my solution is not completely elegant, I have to say. Especially my communication protocol between different steps for intermediate results is really ugly. Not sure about performance, I reckon a hand-written state machine parser would be quite a bit faster. I need to write a second parser and then benchmark them.

lexer.go and newparser.go resemble the parser combinators: https://git.isobeef.org/lyse/tt2/-/commit/4d481acad0213771fe5804917576388f51c340c0 It’s far from finished yet.

The first attempt in parser.go doesn’t work as my backtracking is not accounted for, I noticed only later, that I have to do that. With twt message texts there is no real error in parsing. Just regular text as a “fallback”. So it works a bit differently than parsing a real language. No error reporting required, except maybe for debugging. My goal was to port my Python code as closely as possible. But then the runes in the string gave me a bit of a headache, so I thought I just build myself a nice reader abstraction. When I noticed the missing backtracking, I then decided to give parser combinators a try instead of improving on my look ahead reader. It only later occurred to me, that I could have just used a rune slice instead of a string. With that, porting the Python code should have been straightforward.

Yeah, all this doesn’t probably make sense, unless you look at the code. And even then, you have to learn the ropes a bit. Sorry for the noise. :-)

Code Lifespan
⌘ Read more

It seems like https://proxy.vulpes.one/ runs a code that once was written by @prologic@twtxt.net. Its rendering looks quite nice. Sadly, I am unable to compile it (modified code at https://git.vulpes.one/gopherproxy/).

An interesting read about testing code using nullable states instead of mocks.

https://www.jamesshore.com/v2/projects/testing-without-mocks/testing-without-mocks

ChatGPT is good, but it’s not that good 🤣 I asked it to write a program in Go that performs double ratcheting and well the code is total garbage 😅 – Its only as good as the inputs it was trained on 🤣 #OpenAI #GPT3

tonight’s treat: roasted peanuts, ginger soda and some #ada #coding , with a side of HPC rabbithole

Ah git-bug! Ive chatted with the creator when he was working on the graphql parts. Its working with git objects directly sorta like how git-repo does code reviews. Its a pretty neat idea for storing data along side the branches. I believe they don’t add a disconnected branch to avoid data getting corrupted by merging branches or something like that.

@prologic@twtxt.net Alright, there’s some erroneous markdown parsing going on, I reckon. In my original twt I have a code block surrounded by three backticks. The code block itself contains a single backtick. However, at least for rendering, yarnd shows three backticks instead (not sure if my markdown is invalid, though):

Image

WTFM : Write The Fucking Manual, a note to self. #coding #lol

Trying to figure out what sql query maddy does to change user passwords, but first, i’m looking for the subcommand that actually does that… on the source code

Parece que sí funciona 😀

Por ahora está con un valor hard-coded. Me falta implementar alguna función (Quizás con JS o alguna selección manual) para poder cambiar la zona, si viajas.

I was just reminded of this interpreter for an APL/J-like language by Arthur Whitney, the absolute weirdest bit of C code I’ve actually gotten something out of, and thought I’d share: https://code.jsoftware.com/wiki/Essays/Incunabulum

📣 NEW: Announcing the new and improved Yarns search engine and crawler! search.twtxt.net – Example search for “Hello World” Enjoy! 🤗 – @darch@neotxt.dk When you have this, this is what we need to work on in terms of improving the UI/UX. As a first step you should probably try to apply the same SimpleCSS to this codebase and go from there. – In the end (didn’t happen yet, time/effort) most of the code here in yarns will get reused directly into yarnd, except that I’ll use the bluge indexer instead.

just wrote a note in my code float* output; /* to write output to physical device, or just the next lower device in the abstraction tower */ feeling pretty proud of that LoL #coding #klebe

HM [02;04;06]: 13 mile run: 13.21 miles, 00:11:02 average pace, 02:25:47 duration
felt great minus high alert for code brown since miles 7 to 11.

last run of the training block!
#running

sound-only tetris: chords and layered timbres come to mind, might yield pretty interesting tunes :)) #halfbaked #videogame #sound #coding #nyx #klebe

sound-only pong: pitch, panning and volume should be enough #halfbaked #videogame #sound #coding #nyx #klebe

@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didn’t have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.

Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.

MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you don’t. You are for sure going to have an outlet in every room of the house by code.

started writing a small crawler to find keywords and mentions, should now be able to see if you’re mentioning me :)) #twtxt #community #coding

(cont.)

Just to give some context on some of the components around the code structure.. I wrote this up around an earlier version of aggregate code. This generic bit simplifies things by removing the need of the Crud functions for each aggregate.

A domain object can be used as an aggregate by adding the event.AggregateRoot struct and finish implementing event.Aggregate. The AggregateRoot implements logic for adding events after they are either Raised by a command or Appended by the eventstore Load or service ApplyFn methods. It also tracks the uncommitted events that are saved using the eventstore Save method.

type User struct {
  Identity string ```json:"identity"`

  CreatedAt time.Time

  event.AggregateRoot
}

// StreamID for the aggregate when stored or loaded from ES.
func (a *User) StreamID() string {
	return "user-" + a.Identity
}
// ApplyEvent to the aggregate state.
func (a *User) ApplyEvent(lis ...event.Event) {
	for _, e := range lis {
		switch e := e.(type) {
		case *UserCreated:
			a.Identity = e.Identity
			a.CreatedAt = e.EventMeta().CreatedDate
        /* ... */
		}
	}
}

Events are applied to the aggregate. They are defined by adding the event.Meta and implementing the getter/setters for event.Event

type UserCreated struct {
	eventMeta event.Meta

	Identity string
}

func (c *UserCreated) EventMeta() (m event.Meta) {
	if c != nil {
		m = c.eventMeta
	}
	return m
}
func (c *UserCreated) SetEventMeta(m event.Meta) {
	if c != nil {
		c.eventMeta = m
	}
}

With a domain object that implements the event.Aggregate the event store client can load events and apply them using the Load(ctx, agg) method.

// GetUser populates an user from event store.
func (rw *User) GetUser(ctx context.Context, userID string) (*domain.User, error) {
	user := &domain.User{Identity: userID}

	err := rw.es.Load(ctx, user)
	if err != nil {
		if err != nil {
			if errors.Is(err, eventstore.ErrStreamNotFound) {
				return user, ErrNotFound
			}
			return user, err
		}
		return nil, err
	}
	return user, err
}

An OnX command will validate the state of the domain object can have the command performed on it. If it can be applied it raises the event using event.Raise() Otherwise it returns an error.

// OnCreate raises an UserCreated event to create the user.
// Note: The handler will check that the user does not already exsist.
func (a *User) OnCreate(identity string) error {
    event.Raise(a, &UserCreated{Identity: identity})
    return nil
}

// OnScored will attempt to score a task.
// If the task is not in a Created state it will fail.
func (a *Task) OnScored(taskID string, score int64, attributes Attributes) error {
	if a.State != TaskStateCreated {
		return fmt.Errorf("task expected created, got %s", a.State)
	}
	event.Raise(a, &TaskScored{TaskID: taskID, Attributes: attributes, Score: score})
	return nil
}

The following functions in the aggregate service can be used to perform creation and updating of aggregates. The Update function will ensure the aggregate exists, where the Create is intended for non-existent aggregates. These can probably be combined into one function.

// Create is used when the stream does not yet exist.
func (rw *User) Create(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil && !errors.Is(err, ErrNotFound) {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)

	return session, err
}

// Update is used when the stream already exists.
func (rw *User) Update(
  ctx context.Context,
  identity string,
  fn func(*domain.User) error,
) (*domain.User, error) {
	session, err := rw.GetUser(ctx, identity)
	if err != nil {
		return nil, err
	}

	if err = fn(session); err != nil {
		return nil, err
	}

	_, err = rw.es.Save(ctx, session)
	return session, err
}