@prologic@twtxt.net yeah, I’ve had even requested access to it in order to give it a try and report whatever I can but, Sorry I never got to do any of it. 2025 slam dunked a massive pile of 💩 over my life (hence the disappearance, trying to avoid talking about any of it) and I’m just starting to recover (or at least trying to).

@prologic@twtxt.net I’ll create one manually and send you the creds so you can change them as soon as you log in (my instance isn’t set up to send emails). Not sure how you could get access to logs, not even my admin account has that on the admin panel. I just snoop trough the /var/log/* when needed.

@aelaraji@aelaraji.com Ahh that would be awesome!!! I’d also somehow need read access to logs so i can figure shit out on my own 🧐

@bender@twtxt.net Hmm, didn’t find anything. But you mean a giant bucketload of access_log /home/$USER/logs/access.log if=… where the condition matches the requested path for said user? Yeah, that gets annoying very quickly. :-D

@bender@twtxt.net Sounds about right.

I had a brainfart yesterday, though. For whatever reason I thought of subdomains, which are modeled with server entries in nginx. So, each could define its own access_log location. However, there are no subdomains in place! Searching around, I didn’t find any solution to give each user their own access log file.

One way would be a cronjob, aeh, systemd timer as I learned the other day, that greps the main access log and writes all user access log files with only the relevant stuff.

I mean, granting everyone read access, maybe?

@movq@www.uninformativ.de Actually, @threatcat@tilde.club popped up in my own access log first. That’s how I discovered the feed. :-) So I figured that this feed author actually sees my reply. The hope is that with the next mention of my feed in threatcat’s feed, the other tilde users, who are following threatcat, are then also informed of my existence. :-)

I don’t know how tilde.club is set up. But it should be relatively easy to give all users access to their nginx access logs. Not sure if somebody already requested that or not. But I’d encourage tilde users to ask for that. Maybe also just for twtxt.txt and/or in a custom, reduced log format.

@lyse@lyse.isobeef.org There’s a couple of new users on https://tilde.club, but since this is a shared host, I doubt that they have access to their access.log files. Hence they’ll never see followers, unless we notify them out of band. 🫤

@movq@www.uninformativ.de Gemini liked your opinion very much. Here is how it countered:

The criticism of AI as untrustworthy is a problem of misapplication, not capability.

• AI as a Force Multiplier: AI should be treated as a high-speed drafting and brainstorming tool, not an authority. For experts, it offers an immense speed gain, shifting the work from slow manual creation to fast critical editing and verification.
  
• The Rise of AI Literacy: Users must develop a new skill—AI literacy—to critically evaluate and verify AI’s probabilistic output. This skill, along with improving citation features in AI tools, mitigates the “gaslighting” effect.
  

The fear of skill loss is based on a misunderstanding of how technology changes the nature of work; it’s skill evolution, not erosion.

• Shifting Focus to High-Level Skills: Just as the calculator shifted focus from manual math to complex problem-solving, AI shifts the focus from writing boilerplate code to architectural design and prompt engineering. It handles repetitive tasks, freeing humans for creative and complex challenges.
  
• Accessibility and Empowerment: AI serves as a powerful democratizing tool, offering personalized tutoring and automation to people who lack deep expertise. While dependency is a risk, this accessibility empowers a wider segment of the population previously limited by skill barriers.
  

The legal and technical flaws are issues of governance and ethical practice, not reasons to reject the core technology.

• Need for Better Bot Governance: Destructive scraping is a failure of ethical web behavior and can be solved with better bot identification, rate limits, and protocols (like enhanced robots.txt). The solution is to demand digital citizenship from AI companies, not to stop AI development.

Design trends I think will take off in 2026
but tierlist

S - move from flat design to more detailed, 3D, more complex logos.

A - glass, not just liquid, Windows Vista, 7, 11,… accessibility concerns, but I like to see it.

B-/C+ - black and white icons, favicons. I did it before it was cool, but it’s getting overused.

E - gradientslop, barely started, already all blends together.

My open letter, to the European Commission digital markets act team:

Hello,

I am joining other developers, concerned about Googles new plan, to approve every app and effectively destroy most of the competing 3rd party stores this way. The biggest one of these alternative stores, most known for their focus on user and developer privacy, already states, this would make it impossible for them to operate: https://f-droid.org/cs/2025/09/29/google-developer-registration-decree.html
Even communities like the XDA forum, where new developers are often introduced to the world of Android development, would likely be strongly impacted, as making, publishing and installing Android apps is made less accessible.

I am not just writing on their behalf, I run a small website myself (https://thecanine.ueuo.com/), that both provides legal modifications, for some android apps - for example adding an amoled dark theme, to the most popular XMPP chat client for Android, or increasing one of Androids keyboard apps height. This all comes after Googles previous changes to the Android operating system, that prevent users from installing old apps (old to Google, can mean only a couple of months, without an update - https://developer.android.com/google/play/requirements/target-sdk and the target version gets increased every year). I rely on apps developed by a single developer, even for things like making the pixel art presented on my website and sideloading as a way to make these apps work, before developers can catch up to Google’s new requirements - if Google is allowed to slowly kill these options, us digital artists will soon lose the tools we need to create digital art.

@alexonit@twtxt.alessandrocutolo.it i tried making a webapp initially but i didn’t even get into the initial stages of testing because no one sets the Access-Control-Allow-Origin header, so i just jumped into building a backend instead. did you find away around this limitation? :o

Pretty happy with my zs-blog-template starter kit for creating and maintaining your own blog using zs 👌 Demo of what the starter kit looks like here – Basic features include:

• Clean layout & typography
  
• Chroma code highlighting (aligned to your site palette)
  
• Accessible copy-code button
  
• “On this page” collapsible TOC
  
• RSS, sitemap, robots
  
• Archives, tags, tag cloud
  
• Draft support (hidden from lists/feeds)
  
• Open Graph (OG) & Twitter card meta (default image + per-post overrides)
  
• Ready-to-use 404 page
  

As well as custom routes (redirects, rewrites, etc) to support canonical URLs or redirecting old URLs as well as new zs external command capability itself that now lets you do things like:

$ zs newpost

to help kick-start the creation of a new post with all the right “stuff”™ ready to go and then pop open your $EEDITOR 🤞

#awesome #zs

Hello everyone! 👋

After a long while away, I’m back on twtxt with this new feed.

Some of you might remember me as justamoment@twtxt.net, that was a test account I made for trying things out, but I ended up keeping it more than planned.

I also tried other social platforms in search of a place that felt right for me.

In the end twtxt was the one that ticked all of my boxes:

• Slow social: it act more like a feed reader and I really appreciate that there’s no flood of content that I can’t keep up with.
  
• No server needed: I absolutely love to have total control over my content, I tend to avoid having moving parts that might break, plus you can put your feed under version control and it’s all backed up.
  
• Ownership: I can put my feed anywhere I want and nobody can decide if I can access it or not.
  
• For hackers: a single .txt file allows me to join a community, how cool is that!
  

This is why I decided to build my own twtxt client, one that allows you to decide how the feed is presented on your “instance”.

It’s still in the making but I’ll try to share a bit of it once I defined how things should work.

Coincidentally, I discovered that @itsericwoodward@itsericwoodward.com and @zvava@twtxt.net were also building a twtxt client, seems like twtxt is set to grow!

This probably means that I can no longer host my own website. I don’t want to deploy something like Anubis, because that ruins the whole thing: I want it to be accessible from ancient browsers, like OS/2 or Windows 3.11.

I’ll keep an eye on it for a while. Maybe try to block some IPs.

Sooner or later, I’ll take the website down and shift everything to Gopher.

The bots have begun to access my website way more often. I’m getting about 120k hits on https://www.uninformativ.de/git/ now in a couple of hours.

They don’t cache anything, probably on purpose.

It comes in waves. I get about 100 hits (all at once) on that /git endpoint, all from different IPs. Then it takes a moment until I get another wave of about 500-1000 requests (all at once) where they do HEAD requests on some of the paths below /git. I assume they did a GET earlier and are now checking if something has changed.

We use all the Microsoft programs at work - Teams and Outlook especially.

After all kinds of technical problems with Teams, that sometimes go unresolved for over a year, Microsoft shifted their priorities away from fixing things and towards adding an annoying AI Copilot button, that just takes up space and all it does, is loads the website in Teams, so I disabled it. Soon they just add it back, but in a different row of icons, therefore it’s now a different button, you have to disable (I think they added yet another one, to the Teams, on my work phone and I had to disabled that too). Not too long after, the desktop one just enabled itself, because of “an error” and I can disable it, but doing so activates a popup, that begs you to turn it back on, every once in a while. You can’t disable the popup and can only click “Yes” or “Not now” on it. I still keep it disabled, out of principle, but yesterday I noticed yet another Copilot button, this time in the top right corner of my Outlook and this one cannot be disabled, on the business version of Outlook and even on the personal one, it’s only possible to do it through hidden privacy settings, by prohibiting the program from connecting to Microsoft servers, for extra “features”.

There’s people complaining about it online, so it’s clear nobody really wants it, but at this point Microsofts position is that you will have at least one useless AI button on your screen, at any given time, and you will be happy. And yes, their AI sucks and if I absolutely have to use AI for something, there’s already 2 better options, we have access to, at work.

I just saw that these motherfuckers also query my twtxt feed. I have to enable access logs for everything again and see who else wants some napalm response. :-(

In 1996, they came up with the X11 “SECURITY” extension:

https://www.reddit.com/r/linux/comments/4w548u/what_is_up_with_the_x11_security_extension/

This is what could have (eventually) solved the security issues that we’re currently seeing with X11. Those issues are cited as one of the reasons for switching to Wayland.

That extension never took off. The person on reddit wonders why – I think it’s simple: Containers and sandboxes weren’t a thing in 1996. It hardly mattered if X11 was “insecure”. If you could run an X11 client, you probably already had access to the machine and could just do all kinds of other nasty things.

Today, sandboxing is a thing. Today, this matters.

I’ve heard so many times that “X11 is beyond fixable, it’s hopeless.” I don’t believe that. I believe that these problems are solveable with X11 and some devs have said “yeah, we could have kept working on it”. It’s that people don’t want to do it:

Why not extend the X server?

Because for the first time we have a realistic chance of not having to do that.

https://wayland.freedesktop.org/faq.html

I’m not in a position to judge the devs. Maybe the X.Org code really is so bad that you want to run away, screaming in horror. I don’t know.

But all this was a choice. I don’t buy the argument that we never would have gotten rid of things like core fonts.

All the toolkits and programs had to be ported to Wayland. A huge, still unfinished effort. If that was an acceptable thing to do, then it would have been acceptable to make an “X12” that keeps all the good things about X11, remains compatible where feasible, eliminates the problems, and requires some clients to be adjusted. (You could have still made “X11X12” like “XWayland” for actual legacy programs.)

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

hey! i asked this a while ago but i have to ask again – is anyone willing to offer space on their yarn pod to my friend? i would love to invite her to my own but she’s unable to access my site for personal reasons. she’s really interested in seeing what yarn is about so if anyone is willing and able, let me know!

Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)

fn mydiv(num: f64, denom: f64) -> Option<f64> {
    // (Let’s ignore precision issues for a second.)
    if denom == 0.0 {
        return None;
    } else {
        return Some(num / denom);
    }
}

fn main() {
    // Explicit, verbose version:
    let num: f64 = 123.0;
    let denom: f64 = 456.0;
    let wrapped_res = mydiv(num, denom);
    if wrapped_res.is_some() {
        println!("Unwrapped result: {}", wrapped_res.unwrap());
    }

    // Shorter version using "if let":
    if let Some(res) = mydiv(123.0, 456.0) {
        println!("Here’s a result: {}", res);
    }

    if let Some(res) = mydiv(123.0, 0.0) {
        println!("Huh, we divided by zero? This never happens. {}", res);
    }
}

You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)

Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.

The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.

The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.

Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.

(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)

@bender@twtxt.net Yeah, well, it’s a bit like twtxt. There is a Gopher community, but it’s small. I actually don’t like that HTTP is so easily accessible. I don’t like it that much when people post links to my site on HackerNews or something like that. Too much exposure.

Gopher is a small world. It’s slow and cozy.

And much like twtxt, the protocol is simple®, so it’s easier to tinker with it.

@lyse@lyse.isobeef.org Only 10% of the German population had Internet access in 1998: https://de.wikipedia.org/wiki/Internet_in_Deutschland#/media/Datei:Diagramm_Internetnutzer_in_Deutschland.svg I guess I was lucky in that regard.

(If today’s tech wasn’t constantly trying to track and scam you, I might still be an early adopter.)

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

next up: authentication center / for both work & personal use.
for the work project, the customers (of my client) are unhappy with the account login flow and I need a fast & easy SSO for them.

for personal use: just a gateway to lock all the apps and provide access to friends.

i slowly realize the power of 1% everyday on what i am doing.

Maybe you’ll enjoy this as well:

I still have one of my first modems, a Creatix LC 144 VF:

I think this was the modem that I used when I first connected to the internet, but I’m not sure.

I plugged it in again and it still works:

The firmware appears to be from 1994, which sounds about right. I don’t think we had internet access before that. We certainly did use local mailboxes, though. (Or BBS’s, as you might call them.)

I now want to actually use that modem again. For the moment, I can only use a phone to dial into it, I lack a second modem to actually establish a connection. Here’s a video:

Not spectacular, but the modem does answer after me entering ATA.

I bought another cheap old modem on eBay and am now waiting for it to arrive. Once it’s here, I want to simulate an actual dial-up session, hopefully from OS/2 or Windows 3.x.

@prologic@twtxt.net that will not be a problem; as long as it doesn’t affect authenticated users it wouldn’t make a difference. But we are comparing apples and eggs here. I don’t access GitHub while unauthenticated, but I can see how others might. It comes across as anti-web in general.

@movq@www.uninformativ.de, “60 requests per hour”, eh? Was that a thing (that is, unauthenticated access to GitHub)?! I know I am on the minority, perhaps, as I rarely (or never) access GitHub unauthenticated.

Introducing the Meta AI App: A New Way to Access Your AI Assistant
Comments ⌘ Read more

Finding Things the Government Might Know About You
Comments ⌘ Read more

DeepMind releases Lyria 2 music generation model
Comments ⌘ Read more

Steam to highlight accessibility support for games on store pages
The Steam store and desktop client will soon be able to help players find games that feature accessibility support. If your game has accessibility features, you can now enter that information in the Steamworks ‘edit store’ section for your app. ↫ Steam announcements page I have a lot of criticism for the Steam client application – it’s a overly complex, unattractive, buggy, slow, top-heavy Chrome engi … ⌘ Read more

good morning friends. i don’t know what i’m gonna do today. perhaps work on my patreon and login wall more personal sites behind authelia that i could offer access to via patreon tier

is it like… ethical to offer access to certain self hosted services as patreon exclusives. like i wanna offer the IRC client/bouncer i hosted which seems ok i think because i’ve seen pico.sh offer their instances of that as paid services. but the other ones i have in mind are alt web frontends for stuff like imgur and pinterest. and i just feel weird about it for some reason. idk i’m trying to think of ways to support my server stuff but every time i come up with something it feels weird

@bender@twtxt.net Exactly. I suspect it was because of sqlitebrowser also accessing the database in parallel to debug the original issue.

So far, I have not found the exact reason why some replies don’t show up. When I do not filter for unread messages and show all, though, I actually see them. So, there’s that.

ActiveX disabled by default in Microsoft 365
ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks. Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification. ↫ Zaeem Patel at the Microsoft 365 Insider Blog Be ho … ⌘ Read more

Access to future AI models in OpenAI’s API may require a verified ID
Comments ⌘ Read more

Treasury’s OCC Says Hackers Had Access to 150k Emails
Comments ⌘ Read more

Then I cleaned up my shell history of all of the invocations I ever made of dkv rm ... to make sure I never ever have this so easily accessible in my shell history (^R):

$ awk '
  /^#/ { ts = $0; next }
  /^dkv rm/ { next }
  { if (ts) print ts; ts=""; print }
' ~/.bash_history > ~/.bash_history.tmp && mv ~/.bash_history.tmp ~/.bash_history && history -r

Doge Is Planning a Hackathon at the IRS. It Wants Easier Access to Taxpayer Data
Comments ⌘ Read more

Microsoft makes it even harder to use a local account on Windows 11
Do you want to install Windows 11 without internet access or without an online Microsoft Account? It seems Microsoft really doesn’t want you to, as it has removed a very common and popular way of bypassing this requirement. In the release notes for the latest builds from the Dev and Beta channels, the company notes: We’re removing the bypassnro.cmd script from the build to enhance security and use … ⌘ Read more

Manjaro Linux: Making Arch Linux More Accessible
Comments ⌘ Read more

How NixOS and reproducible builds could have detected the xz backdoor for the benefit of all
Some more light reading: While it was already established that the open source supply chain was often the target of malicious actors, what is stunning is the amount of energy invested by Jia Tan to gain the trust of the maintainer of the xz project, acquire push access to the repository and then among other perfectly legitimate contributions insert … ⌘ Read more

FOSS infrastructure is under attack by AI companies
What do SourceHut, GNOME’s GitLab, and KDE’s GitLab have in common, other than all three of them being forges? Well, it turns out all three of them have been dealing with immense amounts of traffic from “AI” scrapers, who are effectively performing DDoS attacks with such ferocity it’s bringing down the infrastructures of these major open source projects. Being open source, and thus publicly accessible, means these scrapers have … ⌘ Read more

@kat@yarn.girlonthemoon.xyz Using full-blown Cloud services is good for old people like me who don’t want to do on-call duty when a disk fails. 😂 I like sleep! 😂

Jokes aside, I like IaaS as a middle ground. There are IaaS hosters who allow you to spin up VMs as you wish and connect them in a network as you wish. You get direct access to all those Linux boxes and to a layer 2 network, so you can do all the fun networking stuff like BGP, VRRP, IPSec/Wireguard, whatever. And you never have to worry about failing disks, server racks getting full, cable management, all that. 😅

I’m confident that we will always need people who do bare-bones or “low-level” stuff instead of just click some Cloud service. I guess that smaller companies don’t use Cloud services very often (because it’s way too expensive for them).

@prologic@twtxt.net oh yeah it’s absolutely epic i love how fast it is. it would be extra peak if it sent a message to every bot that it denies access to that just says “get fucked” or something idk

I have applied your comments, and I tried to add you as an editor but couldn’t find your email address. Please request editing access if you wish.

Also, could you elaborate on how you envision migrating with a script? You mean that the client of the file owner could massively update URLs in old twts ?

wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i don’t know how!!!!! i keep drifting towards hosting panels but i don’t exactly have fresh linux servers for those nor do i like the level of access they require. so i’m like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or something…. but then what about the dynamic sites!!!!!!! UGH

granted i doubt i’d get much interest in dynamic sites but i’d like to do this old school where i can offer people isolated mySQL databases or something for some project (i’m thinking PHP based fanlistings), which means i could do it the old school way of… people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isn’t happening

I make a Emacs theme with a contrast ready for colour blind or visually impaired people.
https://github.com/tanrax/thankful-eyes-theme.el
Enjoy!
#emacs #accessibility