@prologic@twtxt.net Absolutely! It is essential to practice and deepen every art 😄

@andros@twtxt.andros.dev You know, I’d really love to see how/if location-based addressing works in practice. I might fork jenny to judy and run both things in parallel for a while … 🤔

Missteps Equipment Problems and a Common but Risky Practice Led to a Fatal Crash
Comments ⌘ Read more

FTC Takes Action Against Uber for Deceptive Billing and Cancellation Practices
Comments ⌘ Read more

Systems Correctness Practices at AWS: Leveraging Formal and Semi-Formal Methods
Comments ⌘ Read more

Wow, this is a nice way to practice internationalization for our systems
https://i18n-puzzles.com

Bit of an update, there is now a general licence for all my stuff:

“Unless projects are accompanied by a different license, Creative Commons apply (“BY-NC-ND” for all art featuring the Canine mascot and “BY-NC” for everything else).”

It’s even included on my website, where most of the demand for a clear licence originated from:

Image

In practice this changes nothing, as I was never enforcing anything more than this anyway and given permission for other use too. Now it’s just official that this is the baseline, of what can be done, without having to ask for permission first.

Microsoft discovers massive malvertising campaign on GitHub
Like the other Chrome skins, Microsoft Edge is also moving to disable Manifest v2 extensions, restricting the effectiveness of ad blockers like uBlock Origin. As an advertising company, Microsoft was obviously never going to do the work to keep Manifest v2 support around in Chrome, so this was inevitable. Blocking ads might be a necessary security practice, but why cry over spilled user data, am I right? Anyway, … ⌘ Read more

Short summary of Project2025 and Trump’s plans for the US:

• Abolish the Federal Reserve
  Why? To end what is seen as an unelected, centralized body that exerts too much influence over the economy and monetary policy, replacing it with a more transparent, market-driven approach.

• Implement a national consumption tax
  Why? To replace the current federal income tax system, simplify taxation, and increase government revenue through a broader base that includes all consumers.

• Lower corporate tax rates
  Why? To promote business growth, increase investment, and stimulate job creation by reducing the financial burden on companies.

• Deregulate environmental policies
  Why? To reduce government intervention in the economy, particularly in energy and natural resources sectors, and to foster a more business-friendly environment.

• Restrict abortion access
  Why? To align with conservative pro-life values and overturn or limit abortion rights, seeking to restrict the practice at a federal level.

• Dismantle LGBTQ+ protections
  Why? To roll back protections viewed as promoting LGBTQ+ rights in areas like employment and education, in line with traditional family values.

• Eliminate diversity, equity, and inclusion (DEI) programs
  Why? To end policies that are seen as divisive and to promote a merit-based system that prioritizes individual achievements over group identity.

• Enforce stricter immigration policies, including mass deportations and detentions
  Why? To prioritize border security, reduce illegal immigration, and enforce existing laws more aggressively, as part of a broader strategy to safeguard U.S. sovereignty.

• Eliminate the Department of Education
  Why? To reduce federal control over education and shift responsibilities back to local governments and private sectors, arguing that education decisions should be made closer to the community level.

• Restructure the Department of Justice
  Why? To ensure the department aligns more closely with the administration’s priorities, potentially reducing its scope or focus on areas like civil rights in favor of law-and-order policies.

• Appoint political loyalists to key federal positions
  Why? To ensure that government agencies are headed by individuals who are committed to advancing the administration’s policies, and to reduce the influence of career bureaucrats.

• Develop training programs for appointees to execute reforms effectively
  Why? To ensure that political appointees are equipped with the knowledge and skills necessary to implement the proposed changes quickly and effectively.

• Provide a 180-day transition plan with immediate executive orders
  Why? To ensure that the incoming administration can swiftly implement its agenda and make major changes early in its term without delay.

Do y’all agree with any/all/some of these poliices? Hmmm 🤔

#Project2025 #US #Trump

The Heirloom Project
The Heirloom Project provides traditional implementations of standard Unix utilities. In many cases, they have been derived from original Unix material released as Open Source by Caldera and Sun. Interfaces follow traditional practice; they remain generally compatible with System V, although extensions that have become common use over the course of time are sometimes provided. Most utilities are also included in a variant that aims at POSIX conformance. On the interior, technologies for th … ⌘ Read more

another one would be to allow changing public keys over time (as it may be a good practice [0]). A syntax like the following could help to know what public key you used to encrypt the message, and which private key the client should use to decrypt it:

!<nick url> <encrypted_message> <public_key_hash_7_chars>

Also I’d remove support for storing the message as hex, only allowing base64 (more compact, aiming for a minimalistic spec, etc.)

[0] https://www.brandonchecketts.com/archives/its-2023-you-should-be-using-an-ed25519-ssh-key-and-other-current-best-practices

@prologic@twtxt.net YEAH it’s so cool!!! i was thinking about trying it as sorta practice for golang lol

i recorded my first camcorder video!!!! it’s just me practicing guitar after sooo long of not playing it. my acoustic, to be specific (well, it’s an electric acoustic thing but i can play it without plugging it in lol, i do have a stratocaster though). it’s capped at ~30 minutes because i used one mini DVD for it and decided i wasn’t gonna use another one to extend the run time. so yeah. it was super fun! i hope i can share it soon, i’m ripping the disc with make MKV right now, then i’ll re-encode to a web friendly format, and upload to my site and hope that works well

One benefit with bluesky is your username is also a website. And not a clunky URL with slashes and such. I wish twtxt adopted that. I have advocated for webfinger to for twtxt to let us do something like it with usernames. Nostr has something like it

By default the bsky.social urls all redirect to their feeds like: hmpxvt.bsky.social
Many custom urls will redirect to some kind of linktree or just their feed cwebonline.com or la.bonne.petite.sour.is or if you are a major outlet just to your web presence like https://theonion.com‬ or https://netflix.com

Its just good SEO practice

Do all nostr addresses take you to the person if typed into a browser? That is the secret sauce.
No having to go to some random page first. no accounts. no apps to install. just direct to the person.

Practical IR Active Directory | https://hardenedlinux.org/blog/2024-10-13-container-hardening-process/

minibase has a network security architecture with a number of overlapping layers of protection. first, routers and discovery endpoints either require a password or an authorized public key to accept traffic. this setup restricts who can reach the endpoints to an extent, but peering with enough third parties with less restrictive policies will practically allow global routing. since this is a possible policy choice, minibase also requires internal traffic to be authenticated. overlay traffic is automatically encrypted by yggdrasil, but applications should still treat the traffic like its clearnet and use tls. currently i’m requiring a dns acme challenge to generate wildcard certs, but eventually it might make sense to scope the certificates to the specific service its associated with. we don’t have much config generation in the nix modules yet, but something like this should be possible eventually. i’m working on configurations for ory oathkeeper, hydra, and kratos to provide a federated auth framework that your network services and minibase configs can integrate with.

More thoughts about changes to twtxt (as if we haven’t had enough thoughts):

1. There are lots of great ideas here! Is there a benefit to putting them all into one document? Seems to me this could more easily be a bunch of separate efforts that can progress at their own pace:
   

1a. Better and longer hashes.

1b. New possibly-controversial ideas like edit: and delete: and location-based references as an alternative to hashes.

1c. Best practices, e.g. Content-Type: text/plain; charset=utf-8

1d. Stuff already described at dev.twtxt.net that doesn’t need any changes.

1. We won’t know what will and won’t work until we try them. So I’m inclined to think of this as a bunch of draft ideas. Maybe later when we’ve seen it play out it could make sense to define a group of recommended twtxt extensions and give them a name.

2. Another reason for 1 (above) is: I like the current situation where all you need to get started is these two short and simple documents:
   https://twtxt.readthedocs.io/en/latest/user/twtxtfile.html
   https://twtxt.readthedocs.io/en/latest/user/discoverability.html
   and everything else is an extension for anyone interested. (Deprecating non-UTC times seems reasonable to me, though.) Having a big long “twtxt v2” document seems less inviting to people looking for something simple. (@prologic@twtxt.net you mentioned an anonymous comment “you’ve ruined twtxt” and while I don’t completely agree with that commenter’s sentiment, I would feel like twtxt had lost something if it moved away from having a super-simple core.)

3. All that being said, these are just my opinions, and I’m not doing the work of writing software or drafting proposals. Maybe I will at some point, but until then, if you’re actually implementing things, you’re in charge of what you decide to make, and I’m grateful for the work.

@prologic@twtxt.net Thanks for writing that up!

I hope it can remain a living document (or sequence of draft revisions) for a good long time while we figure out how this stuff works in practice.

I am not sure how I feel about all this being done at once, vs. letting conventions arise.

For example, even today I could reply to twt abc1234 with “(#abc1234) Edit: …” and I think all you humans would understand it as an edit to (#abc1234). Maybe eventually it would become a common enough convention that clients would start to support it explicitly.

Similarly we could just start using 11-digit hashes. We should iron out whether it’s sha256 or whatever but there’s no need get all the other stuff right at the same time.

I have similar thoughts about how some users could try out location-based replies in a backward-compatible way (append the replyto: stuff after the legacy (#hash) style).

However I recognize that I’m not the one implementing this stuff, and it’s less work to just have everything determined up front.

Misc comments (I haven’t read the whole thing):

• Did you mean to make hashes hexadecimal? You lose 11 bits that way compared to base32. I’d suggest gaining 11 bits with base64 instead.

• “Clients MUST preserve the original hash” — do you mean they MUST preserve the original twt?

• Thanks for phrasing the bit about deletions so neutrally.

• I don’t like the MUST in “Clients MUST follow the chain of reply-to references…”. If someone writes a client as a 40-line shell script that requires the user to piece together the threading themselves, IMO we shouldn’t declare the client non-conforming just because they didn’t get to all the bells and whistles.

• Similarly I don’t like the MUST for user agents. For one thing, you might want to fetch a feed without revealing your identty. Also, it raises the bar for a minimal implementation (I’m again thinking again of the 40-line shell script).

• For “who follows” lists: why must the long, random tokens be only valid for a limited time? Do you have a scenario in mind where they could leak?

• Why can’t feeds be served over HTTP/1.0? Again, thinking about simple software. I recently tried implementing HTTP/1.1 and it wasn’t too bad, but 1.0 would have been slightly simpler.

• Why get into the nitty-gritty about caching headers? This seems like generic advice for HTTP servers and clients.

• I’m a little sad about other protocols being not recommended.

• I don’t know how I feel about including markdown. I don’t mind too much that yarn users emit twts full of markdown, but I’m more of a plain text kind of person. Also it adds to the length. I wonder if putting a separate document would make more sense; that would also help with the length.

I’m still more in favor of (replyto:…). It’s easier to implement and the whole edits-breaking-threads thing resolves itself in a “natural” way without the need to add stuff to the protocol.

I’d love to try this out in practice to see how well it performs. 🤔 It’s all very theoretical at the moment.

One distinct disadvantage of (replyto:…) over (edit:#): (replyto:…) relies on clients always processing the entire feed – otherwise they wouldn’t even notice when a twt gets updated. a) This is more expensive, b) you cannot edit twts once they get rotated into an archived feed, because there is nothing signalling clients that they have to re-fetch that archived feed.

I guess neither matters that much in practice. It’s still a disadvantage.

I’m not advocating in either direction, btw. I haven’t made up my mind yet. 😅 Just braindumping here.

The (replyto:…) proposal is definitely more in the spirit of twtxt, I’d say. It’s much simpler, anyone can use it even with the simplest tools, no need for any client code. That is certainly a great property, if you ask me, and it’s things like that that brought me to twtxt in the first place.

I’d also say that in our tiny little community, message integrity simply doesn’t matter. Signed feeds don’t matter. I signed my feed for a while using GPG, someone else did the same, but in the end, nobody cares. The community is so tiny, there’s enough “implicit trust” or whatever you want to call it.

If twtxt/Yarn was to grow bigger, then this would become a concern again. But even Mastodon allows editing, so how much of a problem can it really be? 😅

I do have to “admit”, though, that hashes feel better. It feels good to know that we can clearly identify a certain twt. It feels more correct and stable.

Hm.

I suspect that the (replyto:…) proposal would work just as well in practice.

@quark@ferengi.one Mine is a little overkill 😂 but I need to do something for practice:

#!/bin/bash
set -e
trap 'echo "!! Something went wrong...!!"' ERR

#============= Variables ==========#

# Source files
LOCAL_DIR=$HOME/twtxt

TWTXT=$LOCAL_DIR/twtxt.txt
HTML=$LOCAL_DIR/log.html
TEMPLATE=$LOCAL_DIR/template.tmpl

# Destination
REMOTE_HOST=remotHostName     # Host already setup in ~/.ssh/config

WEB_DIR="path/to/html/content"
GOPHER_DIR="path/to/phlog/content"
GEMINI_DIR="path/to/gemini-capsule/content"

DIST_DIRS=("$WEB_DIR" "$GOPHER_DIR" "$GEMINI_DIR")


#============ Functions ===========#

# Building log.html:

build_page() {
	twtxt2html -T $TEMPLATE $TWTXT > $HTML
}

# Bulk Copy files to their destinations:

copy_files() {
	for DIR in "${DIST_DIRS[@]}"; do
    # Copy both `txt` and `html` files to the Web server and only `txt`
    # to gemini and gopher server content folders
		if [ "$DIR" == "$WEB_DIR" ]; then
			scp -C "$TWTXT" "$HTML" "$REMOTE_HOST:$DIR/"
		else
			scp -C "$TWTXT" "$REMOTE_HOST:$DIR/"
		fi
	done
}

#========== Call to functions ===========$

build_page && copy_files

afaik nobody has done this, but i really need some numbers that can indicate the relative performance of various git servers (cgit, gitea, gitlab) on comparable hardware. cgit claims to be hyperfast, but what does that mean in practice?

@prologic@twtxt.net I believe you when you say registries as designed today do not crawl. But when I first read the spec, it conjured in my mind a search engine. Now I don’t know how things work out in practice, but just based on reading, I don’t see why it can’t be an API for a crawling search engine. (In fact I don’t see anything in the spec indicating registry servers shouldn’t crawl.)

(I also noticed that https://twtxt.readthedocs.io/en/latest/user/registry.html recommends “The registries should sync each others user list by using the users endpoint”. If I understood that right, registering with one should be enough to appear on others, even if they don’t crawl.)

Does yarnd provide an API for finding twts? Is it similar?

@lyse@lyse.isobeef.org Milk crates aren’t that practical to be honest. Especially when you have a nosy cat around. 😂 but it was worth a try.

Pinellas County - Long Run: 12.03 miles, 00:11:01 average pace, 02:12:35 duration
nice to be outside running again. at about the halfway point (6 mile-ish) started walking around a ¼ mile between miles to lower HR and practice for the PTC.
#running

Pinellas County - Base: 7.00 miles, 00:11:04 average pace, 01:17:28 duration
fuck this running in the late afternoon. got home and the weather said the “feels like” was 99.1F with 70% RH. this practically swallowed my soul.
#running

Pinellas County - Long run 3’(mod) [1’ rec]: 7.47 miles, 00:09:46 average pace, 01:13:02 duration
again practicing the 3’ on and 1’ off strategy. thinking i will have to just be flexible and adapt it as the day goes on for PTC. bit of a hot one out there today.
#running

Pinellas County - Long Run: 10.19 miles, 00:09:43 average pace, 01:39:03 duration
practicing 3 minutes running and one minute walking. not only for the knee but also for the PTC (~46.6 miles) coming in about 17 weeks. the knee actually hurt a little the first 5 miles but afterwards nothing. not sure if i finally found my stride but it felt great once the dull pain was gone.
#running

Pinellas County - Long Run: 17.80 miles, 00:08:57 average pace, 02:39:13 duration
practiced a marathon pacing strategy (simulated) of 5km/10mi/10mi/5km. went pretty well even though i was going faster than the paces at each step. but overall i felt good. also scouted out one of the two overpasses i will have to climb during the race. definitely nothing compared to the regular ones. freezing! started at 33F and ended at 45F. pretty lonely out there because the cold kept everyone inside.
#running

Pinellas County - 10 x 1km [30”]: 8.22 miles, 00:08:42 average pace, 01:11:36 duration
good session besides warning signs of code brown. kept the paces at around target pace of 8:30. i figure this may be close to maximum effort for the marathon so wanted to practice.
#running

I have been doing interview prep for next year. The problems have been great to get practice and make it fun when compared to the dry solve this you get on hacker rank or code scene.

That and so many great write-ups to explain the problems.

@prologic@twtxt.net I use FreeOTP+ from F-Droid and it does what I need. It may be considered bad practice but I do use the import/export functionality to sync devices.

GPT-4 wins chatbot lawyer contest – but is still not as good as humans
Several AI chatbots were tested to see how well they could perform legal reasoning and tasks used by human lawyers in everyday practice – GPT-4 performed the best, but still wasn’t great ⌘ Read more

I’m using rss on a terminal (Termux) in my phone, it’s more confortable read there articles and other stuff, but for posting on twtxt, I tried , I swear it, but it’s too much, it’s not practical, I have to assume that it’s better in a website/app like this.

Yarn wins!

@marado@twtxt.net It can’t possibly be defensible, which to me always signals an attempt at a power grab. They never explicitly said “we will use anything we scrape from the web to train our AI” before–that’s new. There is growing pushback against that practice, with numerous legal cases winding through the legal system right now. Some day those cases will be heard and decided on by judges. So they’re trying to get out ahead of that, in my opinion, and cement their claims to this data before there’s a precedent set.

Bug Bounties May Sound Great, But Aren’t Always Handled Well
Bug bounty programs setup by large corporations to reward and recognize security researchers for properly reporting new bugs and security vulnerabilities is a great concept, but in practice isn’t always handled well. Security researcher Adam Zabrocki recently shared the troubles he encountered in the bug bounty handling at Google for Chrome OS and in turn for Intel with it having been an i915 Linux kernel graphics driver vulnerability… ⌘ Read more

@prologic@twtxt.net @carsten@yarn.zn80.net

There is (I assure you there will be, don’t know what it is yet…) a price to be paid for this convenience.

Exactly prologic, and that’s why I’m negative about these sorts of things. I’m almost 50, I’ve been around this tech hype cycle a bunch of times. Look at what happened with Facebook. When it first appeared, people loved it and signed up and shared incredibly detailed information about themselves on it. Facebook made it very easy and convenient for almost anyone, even people who had limited understanding of the internet or computers, to get connected with their friends and family. And now here we are today, where 80% of people in surveys say they don’t trust Facebook with their private data, where they think Facebook commits crimes and should be broken up or at least taken to task in a big way, etc etc etc. Facebook has been fined many billions of dollars and faces endless federal lawsuits in the US alone for its horrible practices. Yet Facebook is still exploitative. It’s a societal cancer.

All signs suggest this generative AI stuff is going to go exactly the same way. That is the inevitable course of these things in the present climate, because the tech sector is largely run by sociopathic billionaires, because the tech sector is not regulated in any meaningful way, and because the tech press / tech media has no scruples. Some new tech thing generates hype, people get excited and sign up to use it, then when the people who own the tech think they have a critical mass of users, they clamp everything down and start doing whatever it is they wanted to do from the start. They’ll break laws, steal your shit, cause mass suffering, who knows what. They won’t stop until they are stopped by mass protest from us, and the government action that follows.

That’s a huge price to pay for a little bit of convenience, a price we pay and continue to pay for decades. We all know better by now. Why do we keep doing this to ourselves? It doesn’t make sense. It’s insane.

This is like my 5rh day at it. I suck at words and spelling. So this is good practice.

On this subject, lately I’ve become obsessed with personal libraries and archives, both physical and digital. I don’t have a grand thesis yet, but there’s something to the role an individual’s practice of collecting and curating can lead to a distributed system of stored knowledge, particularly in arenas traditional institutions miss, but even just as a caretaking mentality, library as practice https://post.lurk.org/@mncmncmnc/106615911261119063

practical APL https://www.youtube.com/watch?v=2FMBf6A2eAA

this entertainment news stream that i’ve been working on has served the dual-purpose of giving me more information to work with to point out systemic flaws that nobody will ever admit exist. i think using an entertainment medium to talk about these ideas is good because its never going to be about winning an argument. we are presenting information in a fun way for the sake of education. a lot of western people are (possibly intentionally) ignorant of their genocidal history and practices that often continue to this day. there is a lot of injustice propping up western hegemony that must be answered for. there is a lot of organizing to do to provide adequate resources to the people that western culture continually treads on. to bring back the beauty that the white man keeps trying to burn down, suppress, or kill in the name of economic progress. https://www.twitch.tv/LeftistsFiteLeftists

If [you take] a look at how APLers communicate when they have ideas, you see code all the time, all day long. The APL community is the only one I’ve seen that regularly can write complete code and talk about it fluently on a whiteboard between humans without hand waving. Even my beloved Scheme programming language cannot boast this. When working with humans on a programming task, almost no one uses their programming languages that primary communication method between themselves and other humans outside of the presence of a computer. That signals to me that they are not, in fact, natural, expedient tools for communicating ideas to other humans. The best practices utilized in most programming languages are, instead, attempts to ameliorate the situation to make the code as tractable and as manageable as possible, but they do not, primarily, represent a demonstration of the naturalness of those languages to human communication. — aaron hsu

Bookmarking this to read over a few more times. https://dave.cheney.net/practical-go/presentations/qcon-china.html #practical #GO

Thanks to a pointer from Richard Miller, got screen rotation working on my Pi 4s. Makes this absurdly wide display more practical.

https://www.howtoforge.com/tutorial/linux-dd-command-clone-disk-practical-example/

@mdosch@mdosch.de I thought it was a nice practice to share interesting twtxt-ers through a follow tweet