One thing about my design here is that it would no longer incorporate “regex”-based rules like OWASP, mostly because my experience thus far has taught me that these rules are kind of overly sensitive, produce false positives and I’m not sure they are really very effective. For example, why is the point of performing SQL injection detection at the Edge using a WAF if you already handle SQL properly in the first place? (seriously does anyone still construct SQL queries by hand with effectively printf?!)

Also spent the morning continuing to think about a new design for EdgeGuard’s WAF. I’m basically going to build an entirely new pluggable WAF that will be designed to only consider Rate Limiting, IP/ASN-based filtering, JavaScript challenge handling, Basic behavioral analysis and Anomaly detection.

The only part of this design I’m not 100% sure about is the Javascript-based challenge handling? 🤔 I’m also considering making this into a “proof of work” requirement too, but I also don’t want to falsely block folks that a) turn Javascript™ off or b) Use a browser like links, elinks or lynx for example.

Hmmm 🧐

@kat@yarn.girlonthemoon.xyz Look into using something like pyrra for creating and managing SLO(s) with Prometheus 👌 I use this myself actually, plus I also use HetrixTools for external monitoring with SLO-style measures via status.mills.io 👌

Move beyond basic threshold alerts! Define clear Service Level Objectives (SLOs) and measure Service Level Indicators (SLIs) to track real user impact. Use Prometheus to alert when your SLOs are at risk, ensuring you focus on what truly matters to your users. #Monitoring #SRE #Prometheus

And on a similar note, cross-post from Mastodon:

What I love about HTML and HTTP is that it can degrade rather gracefully on old browsers.

My website isn’t spectacular but I don’t think it looks horrible, either. And it’s still usable just fine all the way down to WfW 3.11:

• Some blog post in various browsers
  
• Git repo viewer (stagit)
  
• Older photos of WfW 3.11
  

It’s not perfect, but it’s usable. And that makes me happy. Almost 30 years of compatibilty.

The biggest sacrifice is probably that I don’t enforce TLS and that HTTP 1.0 has no Host: header, so no vhosts (or rather, everything must come from the default vhost). (Yes, some old browsers send Host:, even though they predate HTTP 1.1. Netscape does, but not IBM WebExplorer, for example.)

(On the other hand, it might completely suck on modern mobile devices. Dunno, I barely use those. 🤪)

@sorenpeter@darch.dk No because as the spec statd originally, and we didn’t change that syntax at all:

Mentions are embedded within the text in either @ or @ format

So the lextwt parser we use will simply call this an invalid mention, which it does.

Why are we testing, or playing with, an alternate non-fully-compatible feed format within the same feed that we use daily?

@ About the URL, since it no longer used for hashing there might be no need to change it. I agree that we keep all the parts that already are out there for the most parts. Instead of a contact field you could also just use links like: link = Email mailto:user@example.dk or link = Signal https://signal.me/sthF4raI5Lg_ybpJwB1sOptDla4oU7p[...]

@sorenpeter@darch.dk Yes, there are interesting things that can be incorporated to see how they work.
The issue of allowing the use of Z for UTC is interesting. I think I should add a brief explanation.
The url issue is for a debate :D . Maybe an issue could be opened. My opinion is that it is necessary to leave it as it is right now because otherwise the thread system, or replies, may have problems (404s). It’s all a matter of discussion.
I like your idea of contact. I will add it.
Thanks to you for your feedback!!!

@andros@twtxt.andros.dev Thanks for consolidating a lot of good ideas. Especially how you have deiced to just extend the mention syntax for location-based treads. This might even be backward compatible with older (pre-yarn) clients.
What about using Z for UTC +00:00- is that allowed in your specs?
Regarding url = I would suggest to only allow one and the maybe add url_old = or url_alt = !?
I’m still not a fan of a DM feature, even thou it helps that i have now been split out into a separate feed file. Instead if would suggest a contact = field for where people can put an email or other id/link for an established chat protocol like signal or matrix.

@andros@twtxt.andros.dev @eapl.me@eapl.me Still lots of bugs in my client. 🥴 I’ll try to fix it next week.

And yes, using the same timestamp twice will very likely break threads.

@andros@twtxt.andros.dev Alright. 👍 Btw, your feed uses spaces instead of tabs. 😅

slowing working away at my latest code project: learning PHP by recreating the 2000s fandom mainstay known as a fanlisting! it’s been super fun i added a dynamic nav bar and other modifications in the latest commit

fanlistings even to this day rely on old PHP scripts dating back to the early 2000s that need whole ass mySQL or postgres DBs and are incredibly insecure. you can look at them here they’re like super jank lol it’s sad that new fanlistings have to use them because there’s no other options….

@kat@yarn.girlonthemoon.xyz with the help of a friend i got to build a nixOS server image from scratch and use it on a VPS! so that was neat!

@bender@twtxt.net Yes, you right. But is premium for more than that.
I use a feature I love a lot: customising different searches with different themes or links.
It’s easy to understand with an example. I have a search with the name “Django”. I set sources: Django documentation, stack overflow, topic “programming” and so on. It’s very quick to find Django solutions.
I also have another way to find my stuff: search my blog and repositories.
I had problems paying for the first mouths, now it’s a working tool for me.

We went on a 14 kilometers long hike in the heat, only a few spots were in the shade, most of our trip was in the open fields with the sun beating down on us. We reapplied the sun blocker after about two hours or so. All in all it took us about three and a half hours before we reached our destination Besigheim.

Last time I was there it was rainy, now we had the exact opposite. After some yummy Chinese lunch we visited the old town. There’s some gorgeous timer framing to see. When kept in decent shape, it just looks so dang cool.

Since it was too hot, we rode back by train. Despite the heat and some sections near the roaring Autobahn, this was a nice hike. Would do it again. Only in colder weather, though. I certainly don’t wanna trade my comperatively larger (still nothing to other more rural areas), covering forests with the wide open fields and vineyards in summer. That’s for sure.

https://lyse.isobeef.org/wanderung-von-asperg-nach-besigheim-2025-05-01/

@movq@www.uninformativ.de If you want, we can try it out between us. I’m just working on it (It was the easiest thing to do).

@movq@www.uninformativ.de not bad! The yellowish/ivory tint makes it much easier on the eyes. I have gotten so use to “dark” mode, that find it hard switching to anything else.

@movq@www.uninformativ.de “topic-based forums/groups”, you mean what USENET used to be, and the “niche” that Reddit is fulfilling these days? :-D I get it, I agree. I think I find twtxt more fulfilling than anything else because of its small size. I feel like I truly know everyone (even if that might not be true), and find myself “at home”. The bigger the place, the shyest I become, the less enticing it is.

@bender@twtxt.net It’s like having good manners at the table. Use forks and knives. ;-)

@movq@www.uninformativ.de welcome to a (for us, Floridians) “fresh day” temperature! Soon the daily rains will come, so it will be even hotter, and humid, and sticky. Lovely, eh? LOL.

Confession:

I’ve never found microblogging like twtxt or the Fediverse or any other “modern” social media to be truly fulfilling/satisfying.

The reason is that it is focused so much on people. You follow this or that person, everybody spends time making a nice profile page, the posts are all very “ego-centric”. Seriously, it feels like everybody is on an ego-trip all the time (this is much worse on the Fediverse, not so much here on twtxt).

I miss the days of topic-based forums/groups. A Linux forum here, a forum about programming there, another one about a certain game. Stuff like that. That was really great – and it didn’t even suffer from the need to federate.

Sadly, most of these forums are dead now. Especially the nerds spend a lot of time on the Fediverse now and have abandoned forums almost completely.

On Mastodon, you can follow hashtags, which somewhat emulates a topic-based experience. But it’s not that great and the protocol isn’t meant to be used that way (just read the snac2 docs on this issue). And the concept of “likes” has eliminated lots of the actual user interaction. ☹️

I’ve just released version 1.0 of twtxt.el (the Emacs client), the stable and final version with the current extensions. I’ll let the community maintain it, if there are interested in using it. I will also be open to fix small bugs.
I don’t know if this twt is a goodbye or a see you later. Maybe I will never come back, or maybe I will post a new twt this afternoon. But it’s always important to be grateful. Thanks to @prologic@twtxt.net @movq@www.uninformativ.de @eapl.me@eapl.me @bender@twtxt.net @aelaraji@aelaraji.com @arne@uplegger.eu @david@collantes.us @lyse@lyse.isobeef.org @doesnm@doesnm.p.psf.lt @xuu@txt.sour.is @sorenpeter@darch.dk for everything you have taught me. I’ve learned a lot about #twtxt, HTTP and working in community. It has been a fantastic adventure!
What will become of me? I have created a twtxt fork called Texudus (https://texudus.readthedocs.io/). I want to continue learning on my own without the legacy limitations or technologies that implement twtxt. It’s not a replacement for any technology, it’s just my own little lab. I have also made a fork of my own client and will be focusing on it for a while. I don’t expect anyone to use it, but feedback is always welcome.
Best regards to everyone.
#twtxt #emacs #twtxt-el #texudus

@aelaraji@aelaraji.com oh fuck yea snac would be a good use of that! makes me wanna do the same… GTS also has a new profile view for profiles that shows only images which makes it great as a photo posting place

@prologic@twtxt.net hahahahaha! No, no, no. Every word has its use. But for things like these I like certain reactions. For example, I would have given a “thumbs down” to the original twtxt, and done with it. Now, composing a reply, to simply say “no, thank you.”, that I don’t like. It seems a waste of space, and it doesn’t “look good”. I like to see at least 140 characters! Ha!

“Monosyllabic replies” refers to responses that consist of a single syllable. These types of replies are typically brief and concise, often used in situations where a simple, direct answer is given. Examples include words like “Yes,” “No,” “Okay,” or “Sure.”

😂 Can I imply you’re not interested in things like “LIke”, “Report”, etc?! 😂

You know what, I can always run a separate Snac instance alongside the GTS one later on if I want to, maybe even use it for sharing Phtography stuff… a pixelfed alternative on budget kind of thing. 🤡

that said, and reading to @sorenpeter@darch.dk and @andros@twtxt.andros.dev I have new thoughts. I assume that this won’t change anyone’s opinions or priorities, so it makes no harm sharing them.

It’s always tempting to use something that already exists (like X, Masto, Bsky, etc.) rather that building anything through effort and disagreement until reaching to something useful and valuable together. A ‘social service’ is only useful if people is using it.

I’ll add that I haven’t lost interest on the ‘hacky’ part of twtxt about developing tools, protocols, and extensions as a community. It’s the appealing part! It’s a nice hobby to have, shared with random people across the world.
But this is not the right way for me, and makes me feel that I’m unwelcome to propose something different (after watching replies to my previous twt). Feels like “If you don’t agree, you are free to leave, we’ll miss you.” Naah, not cool. I’ve lived that many times before, and nowadays I don’t have enough spare time and energy for a hobby like that.

Let’s see what happens next with the micro-community!

just for the record I didn’t say I was leaving the twtxt ‘community’ (did I?) but than I have other priorities to focus on in the following months. Please don’t be condescending, is not cool.

Development of Timeline (PHP client) has been stale for some reasons, a few of them in my side, so I think it won’t be updated to the new thread model, at least pretty soon.
So is not that I’ll stop using twtxt, just the client I use won’t be compatible with the new model in July.

If we must stick to hashes for threading, can we maybe make it mandatory to always include a reference to the original twt URL when writing replies?

Instead of

(<a href="https://yarn.girlonthemoon.xyz/search?q=%23123467">#123467</a>) hello foo bar

you would have

(<a href="https://yarn.girlonthemoon.xyz/search?q=%23123467">#123467</a> http://foo.com/tw.txt) hello foo bar

or maybe even:

(<a href="https://yarn.girlonthemoon.xyz/search?q=%23123467">#123467</a> 2025-04-30T12:30:31Z http://foo.com/tw.txt) hello foo bar

This would greatly help in reconstructing broken threads, since hashes are obviously unfortunately one-way tickets. The URL/timestamp would not be used for threading, just for discovery of feeds that you don’t already follow.

I don’t insist on including the timestamp, but having some idea which feed we’re talking about would help a lot.

In my company we are using MinIO for local development.

Are there people who use Duolingo?

A cheat sheet for why using ChatGPT is not bad for the environment
Comments ⌘ Read more

gah i’ve been so busy working on love4eva! TL;DR i switched image backends from the test/dev only module i was using to the S3 one, but with a catch - i’m not using S3 or cloud shit!!! i instead got it to work with minio, so it’s a middle ground between self hosting the image uploads & being compatible with the highly efficient S3 module. i’m super happy with it :)

i posted a patreon update that details the changes more: https://www.patreon.com/posts/i-am-now-working-127687614

that post says i didn’t update my guide yet but i actually did like right after i made that post lol so you can CTRL+F for minio stuff there!

Once or twice a year, I make an effort to switch from dark mode / black terminals to light mode again.

It usually doesn’t end well, because the contrast is just not as good. There’s a reason that things like professional DAWs or CAD software use a dark theme.

With a heavy bold font, it’s much better:

https://movq.de/v/331aa40bde/s.png

My font doesn’t get any bolder than this, though. I’d have to make a new variant of it. Mhh. 🤔

I also fundamentally do not believe in the notion that Twtxt should be readable and writable by humans. We’ve thrown this “argument” around in support of some of the proposals, and I just don’t buy it (sorry). As an analogy, nobody writes Email by hand and transmits them to mail servers vai SMTP by hand. We use tools to do this. Twtxt/Yarn should be the same IMO.

@eapl.me@eapl.me I honestly believe you are overreacting here a little bit 🤣 I completely emphasize with you, it can be pretty tough to feel part of a community at times and run a project with a kind of “democracy” or “vote by committee”. But one thing that life has taught me about open source projects and especially decentralised ecosystems is that this doesn’t really work.

It isn’t that I’ve not considered all the other options on the table (which can still be), it’s just that I’ve made a decision as the project lead that largely helped trigger a rebirth of the use of Twtxt back in July 1 2020. There are good reasons not to change the threading model right now, as the changes being proposed are quite disruptive and don’t consider all the possible things that could go wrong.

Heart disease deaths worldwide linked to chemical widely used in plastics
Comments ⌘ Read more

Garmin Pay: yes, you can do NFC tap-to-pay in stores without big tech
Late last year, I went on a long journey to rid myself of as much of my remaining ties to the big technology giants as I could. This journey is still ongoing, with only a few thin ties remaining, but there’s one big one I can scratch off the list: mobile in-store payments with NFC tap-to-pay. I used Google Pay and a WearOS smartwatch for this, but neither of those work on de-Googled Android – I … ⌘ Read more

Show HN: Heart Rate Zones Plus – The first iOS app I ever developed
Comments ⌘ Read more

@lyse@lyse.isobeef.org Hahahaha 🤣 I mean it’s “okay” every now and then, but what’s the point of having good clients and tools if we don’t use ‘em 🤣

Show HN: Autarkie – Instant Grammar Fuzzing Using Rust Macros
Comments ⌘ Read more

Finally I propose that we increase the Twt Hash length from 7 to 12 and use the first 12 characters of the base32 encoded blake2b hash. This will solve two problems, the fact that all hashes today either end in q or a (oops) 😅 And increasing the Twt Hash size will ensure that we never run into the chance of collision for ions to come. Chances of a 50% collision with 64 bits / 12 characters is roughly ~12.44B Twts. That ought to be enough! – I also propose that we modify all our clients and make this change from the 1st July 2025, which will be Yarn.social’s 5th birthday and 5 years since I started this whole project and endeavour! 😱 #Twtxt #Update

Just like we don’t write emails by hand anymore (See: #a3adoka), we don’t manually write Twts or update our twtxt.txt feeds. Instead, we use modern Twtxt clients that conform to the specifications at Twtxt.dev for a seamless, automated experience. #Twtxt #Twt #UserExperience

Nobody writes emails by hand using RFC 5322 anymore, nor do we manually send them through telnet and SMTP commands. The days of crafting emails in raw format and dialing into servers are long gone. Modern email clients and services handle it all seamlessly in the background, making email easier than ever to send and receive—without needing to understand the protocols or formats behind it! #Email #SMTP #RFC #Automation

Making a game from scratch using only a guitar [video]
Comments ⌘ Read more

The Zuckerbergs Founded Two Bay Area Schools. Now They’re Closing
Comments ⌘ Read more

@javivf@adn.org.es Go for it! You’re free to use it.
It’s been a community adventure to explore the whole DM/encryption thing. So the community can do with it whatever they want. 😎

The American democratic republic has died. It was 236 years old
Comments ⌘ Read more

Crucial Wii homebrew library contains code stolen from Nintendo, RTEMS
The Wii homebrew community has been dealt a pretty serious blow, as developers of The Homebrew Channel for the Wii have discovered that not only does an important library most Wii homebrew software rely on use code stolen straight from Nintendo, that same library also uses code taken from an open source real-time operating system without giving proper attribution. Most Wii homebrew software i … ⌘ Read more