# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is hosted by a Yarn.social pod twtxt.net running yarnd 0.15.1@7fd3daed 2023-11-26T10:40:12+10:00 go1.21.4 # Learn more about Yarn.social at https://yarn.social # # nick = ocdtrekkie # url = https://twtxt.net/user/ocdtrekkie/twtxt.txt # avatar = https://twtxt.net/user/ocdtrekkie/avatar#jnrcyxc2hd7p2bsap67pricteap7krh4zimvwx6e54222oee5tyq # description = a ferret # # following = 6 ## # follow = abucci https://anthony.buc.ci/user/abucci/twtxt.txt # follow = mckinley https://twtxt.net/user/mckinley/twtxt.txt # follow = mckinley@mckinley.cc https://mckinley.cc/twtxt.txt # follow = ocdtrekkie https://twtxt.net/user/ocdtrekkie/twtxt.txt # follow = off_grid_living https://twtxt.net/user/off_grid_living/twtxt.txt # follow = prologic https://twtxt.net/user/prologic/twtxt.txt 2020-08-04T17:41:46Z I am testing out twtxt! 2020-08-04T18:24:40Z @ Can you document the API side of things a bit on dev.twtxt.net? Is there a URL I can enter into my browser to see my feed on twtxt.net the way another client would see it? 2021-07-04T05:40:18Z @ @ (#) I guess the concern is: If you don't at least mirror the code to GitHub, discoverability of your code will suffer. But if you do mirror your code to GitHub, they potentially will ingest it into future AI training sets. Not sure there's a good way to have your cake and eat it too, apart from someone finally passing legislation that regulates how big companies (ab)use AI on other people's data. 2021-12-04T05:06:12Z (#dfq3t3q) @ Wow, this has come a long way since last time I logged in! 2021-12-05T01:25:03Z (#suv25xa) @ I have survived The Purge! 2021-12-05T01:27:38Z (#suv25xa) Though considering that the service isn't even named the same as last time I logged into it, that I recall, and I had three previous posts tops, I would not have been shocked if my login did not work. 2021-12-05T06:05:58Z (#suv25xa) @ It's very possible. I had to have you fix my password reset once before, too. 2021-12-06T06:02:50Z (#jkgumvq) @ Here's the thing I've seen from the wonders of doing IT support for people, and hence seeing things like where they browse news and what emails they get: People are fed a completely distorted view of reality. And if you're seeing that constant stream of awful, and someone says "but you can do your part to save us for $x"... a lot of otherwise very rational people will do it without a second thought. 2021-12-13T17:46:00Z (#zaoprhq) @ I respectfully disagree. Software is offered or sold on terms, and if corporations aren't giving back, that's because they don't have to: Most people with money have it because they don't part with it when they don't have to. If we want healthy open source, we have to set terms for open source that establish healthy relationships with corporate users. 2021-12-13T17:46:30Z (#zaoprhq) I would agree with the original claim, that open source is broken, because we've let small groups of people (OSI and FSF) hold very arbitrary and restrictive rules that prohibit fixing the issue. The SSPL and similar solutions exist, but we refuse to embrace them because of these gatekeepers to the official definitions of FOSS. 2021-12-13T17:48:51Z (#zaoprhq) Personally I'm very fond of permissive licensing like MIT for things that I work on myself, but I also am not looking for financial support from any of these efforts. But we can't set licenses and then be upset when people abide by them: As long as we allow by license terms for Amazon to profit off the work of open source companies in a one-way transaction, we can't complain that they do so. 2021-12-15T22:44:11Z (#cgt57ia) @ I would say I do see a lot of commercial software including an "open source" link somewhere that lists out the projects they use and their respective license files. I am sure there are many violators, but in the case of MIT-licensed software it is likely more of a lack of knowledge than real noncompliance, as there is almost no cost to compliance, unlike with the GPL. 2021-12-15T22:46:00Z (#yrofxzq) @ So the SSPL (Server Side Public License) is basically a somewhat aggressive relative of the AGPL. Basically it says if you offer the open source project as a service, you must also open source all of the "management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software" around that service. 2021-12-15T22:48:57Z (#yrofxzq) SSPL is more aggressive than AGPL, obviously, but is similarly a copyleft license which requires someone serving the software also contribute back to open source. And in most use cases, SSPL doesn't impact people: If MongoDB is SSPL, you can run a proprietary service using MongoDB in the backend with no special requirements. However, if you provide MongoDB as a service (aka, you're AWS), you might be forced to open source AWS in order to comply with SSPL. So while it is technically usable by any commercial user... in practice, it poisons the well for cloud providers. 2021-12-15T22:51:56Z (#yrofxzq) The problem we keep seeing with open source businesses, is if it's successful enough that Amazon, Google, or Microsoft want in on it, they'll provide a service hosting your open source project cheaper than you can, without having done any of the development work or contributing anything back.  The OSI though has refused to accept SSPL as being "open source" though, so people argue that it is not. The view that I found in their discussions was that it "wasn't their responsibility" to make open source businesses viable. 2021-12-15T22:55:32Z So like... there's no notifications for this thing, are there, @? 2021-12-18T17:28:27Z (#kqzjunq) @ I do understand that, though it makes the engagement problem even worse, I have to remember I said something on here, and then actively check and see if anyone ever commented on it. I try to enable email notifications on every network I use (though some platforms do make this difficult to try to force you to browse directly on their site). 2022-05-07T00:45:39Z (#zaxghrq) @ OpenCollective is pretty solid if you want to accept donations, it takes away a lot of the legal questions at a modest cut. Sandstorm has one, we will be using it more soon. 2022-05-07T00:46:56Z (#zaxghrq) And since the cut is just a portion of donated funds, there's really no cost to having it set up. It costs nothing if you aren't bringing anything in via it. 2022-05-07T02:17:38Z (#zaxghrq) Hmmm, what would you do with funds you raise? 2022-05-07T05:07:46Z (#zaxghrq) @ I was gonna join the call... but I'm tired. That's probably a good list though, question is how many are willing to pay how much towards those goals. More users would definitely help. 2022-05-28T04:20:43Z Literally the first time I remembered on the right day, lol. 2022-06-04T00:24:54Z (#p2wodwq) @ The best part is the announcement they intend to rapidly shift VMware to subscriptions. So the acquisition hasn't even closed and they've already announced they're buying it just to bleed customers dry. 2022-06-04T03:14:58Z (#p2wodwq) @ So in actuality they already do: Nobody would be caught dead running vCenter without a valid support contract. Of course, that's in addition to the upfront purchase.  Switching to fully subscription largely means disregarding the initial purchase, in favor of a higher yearly bill. 2022-06-18T04:22:34Z (#b6537wq) @ I can join! Like 38 minutes from now, right? 2022-06-25T05:23:35Z Material design on my iPhone? *Gross* Feedback cc: @ 2022-06-25T05:56:49Z (#sfosaeq) I installed Goryon, and it looks like someone shoved an Android app onto my iPhone. 2022-06-25T06:46:32Z (#sfosaeq) I don't like all that Google UI design slapped onto my otherwise decent phone. :P 2022-06-25T06:47:27Z (#cwdgedq) @ Did you do this from memory or like... did you take notes? O.o 2022-06-25T20:57:19Z (#cwdgedq) @ I prefer Jitsi's UI but it performs fine. Bear in mind I didn't hear or see anything on that call though. 2022-06-25T20:59:42Z (#sfosaeq) @ I'll just have to hope Yarn becomes popular enough for someone to make a native iOS client app. 2022-06-25T21:02:27Z (#kirt2ga) @ There's nothing that inherently blocks the federal government from passing a law banning abortion here, it's just a claim the court establishing a right to abortion was an overreach. Bear in mind, both parties are willing to claim it should be a state's rights thing... until they're in the position to enforce their view federally. 2022-07-11T02:44:32Z (#iz3e75q) @ Probably weitten by someone who pulled all their repos off GitHub in protest. lol 2022-07-30T06:23:20Z (#qrpxafq) @ Obviously Yarn should be on Sandstorm, but as much as I knock other selfhosting platforms you could get on them very easily. Cloudron, Umbrel, etc. are basically just Docker hosts at the end of the day, but it'd put Yarn in front of everyone who uses those platforms for self-hosting. 2022-08-02T20:31:23Z (#szsrzxq) @ This sounds like a non-ideal user experience. Any idea what happened there or no? 2022-08-02T20:35:29Z (#m6hdkxa) @ Ooooh, that's... hairier than I thought it would be. The whole "apps currently use hardcoded IPs thing" is also super weird. 2022-08-02T20:38:23Z (#szsrzxq) The way Sandstorm generally addresses the initial-user setup problem is that you can generate an "admin-token" from the CLI to log in administratively one time, and do whatever account setup (or OAuth configuration recovery) that you need to do.  I'm kinda curious where they failed out on this, considering it's a ready-to-deploy app they support on Vultr, from the looks of it. 2022-08-02T20:40:32Z (#m6hdkxa) Sandstorm currently has no special behavior for local networks versus over the Internet: All things use the public IP and supports Let's Encrypt. Access hence somewhat depends on hairpin routing, but certificates are no issue. On my home network, I actually adjusted my DNS to route my Sandstorm with local IPs internally, mind you, so it works when the Internet is down. 2022-08-06T01:55:25Z (#2dp3c7a) @ I may try to be there, wife may have other plans. 2022-08-06T06:28:22Z @ I found the Atom feed, but I'm worried it might be *too* noisy, I don't want to overwhelm my feed reader too much. Hmm... 2022-08-06T08:09:54Z (#gqqqwca) @ Yeah, I just get a few hundred news items a day, I worry adding twts will double the daily backlog even if only following a few people. 2022-08-08T16:45:18Z I mean, I am US Central, but I'm used to basing things on Eastern time so it's not a big deal, lol. 2022-08-08T16:46:23Z (#4xxgkfq) This is why I'm moving a bunch of my "sites" to basically internal-only apps on my Sandstorm server. I never really needed anyone else to have access anyways. 2022-08-08T16:49:39Z So, @, I feel like I should convince you that your self-hosting solution you build should use containerized documents (Sandstorm calls them "grains" for kind of good reasons, but documents is usually applicable). This would have twofold benefits: 1. Your platform would be more secure/better. 2. Apps you build for it would probably be reasonably straightforward to also run on Sandstorm. 2022-08-08T16:54:57Z (#gn72dqq) Essentially the key concept is to move as much of the management of security and access to the platform, and not the individual application. Sandstorm assumes the applications might be insecure, or even actively malicious, and so we want them as inaccessible and locked down as possible all the time.  With a platform like YunoHost without virtualization, an RCE in an app could compromise everything on your server. A Docker-host like Cloudron or Umbrel, an RCE in an app could compromise all of the data in that app. More often than not, an RCE in a Sandstorm app grants zero ability to compromise anything at all. This means Sandstorm very rarely cares that apps have any good security practice at all: In most cases it just doesn't matter. 2022-08-08T16:59:44Z (#gn72dqq) If you consider an application like Etherpad, which by default, one would run and have dozens, hundreds, or thousands of documents, and you might host it at etherpad.yourdomain.com. And it's always running, and it's data is always available, and it's using system resources. Additionally, you might want to share some documents with people, so people might have access to your Etherpad instance, but maybe only read-only, and only to some documents, or whatever. 2022-08-08T17:01:34Z (#gn72dqq) In a normal Docker setup, a flaw in Etherpad could lead unauthorized users to access documents they shouldn't be able to, or of course, edit documents without permission, including documents they weren't supposed to have access to. Since Sandstorm spins up Etherpad containers on demand, if a user doesn't have access to a document via Sandstorm, the server isn't even loaded/running anywhere, and nobody can access it. When we do spin it up, the authorized user gets a container with... only the one document they have access to. A flaw in Etherpad could let a read-only user exploit their way into editing, but only, again, for the one document they already had access to.  Also, Sandstorm spins up these containers on ethereal randomized subdomains, and requires a unique authorization cookie on your browser to access them when they're up. So they're also very difficult to access even when they're spawned without authorization. 2022-08-08T17:06:22Z (#gn72dqq) There's some interesting impacts here: If you don't share a document with anyone else, there's really zero way any vulnerabilities in the app itself can be exploited in any way, it's not even running unless you open it via Sandstorm. So it's safe to use these apps basically forever even without security updates.  The other big one is performance: Since apps are only running while you're accessing them, there's no performance cost to having a lot of different apps "installed" on your server. The cost of installing an app on your server is the storage, and CPU/memory is only impacted on demand. 2022-08-09T16:54:40Z (#gn72dqq) @ There's a few places users will tend to prefer a monolith (social networks and feed readers come to mind), but anything document-based it makes a *huge* difference. The biggest downside is that since "starting the web server" happens every time you open an document, apps have to start very very fast. It's why we prefer SQLite over MySQL heavily, for example. Also, MySQL has a lot of overhead per-database, which makes file sizes annoying large, for example.  From a size, isolation, and performance standpoint, a lot of your small Go apps fit very well in the model already. :) 2022-08-09T16:59:07Z (#b23cumq) @ Another good option to bear in mind is the DomainConnect protocol, depending where you buy your domains: https://www.domainconnect.org/  It supports basically an open standard protocol of updating your DNS from a local script, and they provide both a Python script and a .NET app to do it. 2022-08-09T17:00:31Z @ The green banner tells me you need that registration CAPTCHA. ;) https://git.mills.io/yarnsocial/yarn/issues/962 2022-08-10T02:11:13Z (#wf37oda) @ Yeah I have two options for static hosting I like: One is a Dropbox like file store, drag-drop files and they're statically hosted, the other is a GitWeb instance where you can just push updates to it for static hosting. 2022-08-20T00:50:33Z (#cpppxfa) @ Framadate is an open source tool for this. 2022-08-20T06:38:04Z (#qhf2oda) @ We forgive you! Call was poppin' today! 2022-08-22T18:11:15Z (#ndqyfiq) @ Host an ICS file people can add to their calendar of choice, which you can edit/update as needed.  Example: Subscribe to https://api-3da23a889bf723786c4367d1f36a1ca2.ocdhost.sandcats.io/.sandstorm-token/H-GeVZmxQN5aN3ArLHe7SDynYB5wEac1bxwq55ugQYB/export.ics in your calendar of choice. I have the current call schedule in it. 2022-08-22T18:18:20Z Calendaring is hard, so those who actually read the file will notice it's set as 12 AM in America/Chicago... I should probably edit it to be based around UTC, or James' time if he does any daylight savings stuff and intends the call to follow it accordingly... but if I amend this, and you subscribe, your calendar will get the updates! 2022-08-22T18:19:18Z Apparently if I write a Yarn entirely in parenthesis, I write a blank Yarn... But if I edit it, the text is still there. Test post to follow. 2022-08-22T18:20:10Z (I wrote this Yarn entirely in parenthesis and it disappeared.) 2022-08-22T18:21:16Z (If I start writing) a post in parenthesis, it assumes it's a Yarn ID and hides it. 2022-08-22T18:22:08Z (If I start writing) I kinda think this is a bug? 2022-08-22T19:23:22Z (I wrote this Yarn entirely in parenthesis and it disappeared.) You see my entire message as the conversation ID, basically? 2022-08-22T23:35:33Z (I wrote this Yarn entirely in parenthesis and it disappeared.) Note: These aren't hidden on the iOS app! 2022-08-23T02:43:10Z (#ndqyfiq) @ Intriguing! It downloads on Firefox, but you aren't actually supposed to download it, you're supposed to let your calendar subscribe to it. (Sandstorm API URLs aren't generally supposed to be accessed via normal browsers... there might be user agent code for that, not positive.) 2022-08-23T02:44:25Z (#ndqyfiq) I suspect you can curl/wget it if you want to see what it contains. 2022-08-23T05:46:05Z (#ndqyfiq) @ You'd think! I usually do most of my actual set up of calendars and contacts on desktops, really only use my phone for consuming said information. 2022-08-23T05:47:37Z (#ndqyfiq) If you are using the default iOS Calendar though, you can copy the URL, go to Add Calendar within the app, and then Add Subscription Calendar. 2022-08-23T12:36:54Z (#ndqyfiq) @ Safari being stupid is often a good bet. 2022-08-26T15:37:28Z (#2ciawva) @ @ For the record, there's a drastically better alternative than powerline for many US homes: MoCA. A pair of Motorola MM1025 adapters can shove 2.5 Gbps down an old coaxial cable, incredibly reliably. I use some older MM1000s (1 Gbps) to get between my basement and the second floor. 2022-08-27T04:18:35Z (#uqcgbnq) @ @ Doubt I will make it in time. 2022-08-27T04:20:52Z (#ddivsja) @ That is essentially what Sandstorm already does! We have Sandstorm specific header names, but you can also make the header name you ingest configurable. https://docs.sandstorm.io/en/latest/developing/auth/ 2022-08-27T04:22:10Z (#ddivsja) The only thing particularly more complicated for Sandstorm is that we don't control the uniqueness of a user's preferred handle, so you do need to user the user-id field for authentication, and then ensure the username is unique inside the app. 2022-08-27T04:26:12Z (#ddivsja) Sometimes apps shoehorn the user-id field into like their email or password fields, and then use either username or preferred-handle for the display name depending on the type of app. 2022-08-27T04:50:53Z (#uqcgbnq) @ @ Update: I think I will make it, just might be a few late. 2022-08-27T06:16:43Z @ @ Paper I referenced in my draft blog post: It's really old school, but I find it kinda fun: https://www.spinellis.gr/pubs/jrnl/2003-PUC-ifurnace/html/furnace.html 2022-08-27T06:32:36Z (#sm7x4pa) I drafted a take about this concept to eventually go on the Sandstorm blog, not my own. My own blog is a joke. :D 2022-08-29T02:22:43Z Hey @ if I was gonna try to write one or two small web apps with Go, could I waste your time on a call to get me started? 2022-08-29T03:16:09Z (#zx2i7iq) @ That might work, I do want to make sure my environment is set up first. 2022-08-29T04:10:41Z @ , GoNix ponderances: If Docker runs, would non-GoNix-compatible apps run successfully in said Docker containers? is go-capnp something that would run in GoNix, considering I believe the Go side is just the bindings? 2022-08-29T05:02:58Z (#zx2i7iq) My SSD has died, so I may or may not have a working dev environment by Friday. :| 2022-08-29T05:55:31Z (#zx2i7iq) @ I don't backup my boot drive, but it also generally doesn't have a lot of significant data of value. It is also still readable, apparently SSDs do that when they expect to fail, so I am currently backing it up anyways. 2022-08-29T05:58:18Z (#pxoxf3a) @ I was thinking if Cap'n Proto can work on GoNix, then Sandstorm apps could conceivably also work... 2022-08-29T06:27:23Z (#pxoxf3a) @ Well, SPKs carry all the parts of a Linux OS (except the kernel itself) to operate the app, and while presumably the container environment itself would have to be reimplemented, I think Cap'n Proto would really be the only like... hard dependency to an environment being able to run a Sandstorm app, as it's the protocol Sandstorm apps talk through to the outside world. 2022-08-29T12:07:45Z (#q3xlyla) @ Who knew birds were anticapitalist? 2022-08-29T12:09:56Z (#dqwn2ba) @ @ Google is deeply dependent on its corporate culture. It depends on both it's amenities and the internal social structure to keep people working there and to keep them there for extended hours. Google's entire thing collapses if people aren't there for the free food. 2022-08-30T06:33:46Z (#zx2i7iq) @ Alright well I couldn't rebuild the old OS intact. Windows is hard to fix once broke. But I've got my fresh install on my new drive, feels very shiny, home automation is back online. Should be good for Friday! 2022-08-30T11:52:23Z (#zx2i7iq) @ I am *crushed*. No problem, happy birthday and stuff! Believe me, I have plenty more to do with this computer now. 2022-09-03T03:14:03Z No call tonight, I assume? 2022-09-03T03:36:16Z (#miamuaa) @ Yeah, my understanding is he's out, so if it's just us, it's just one personal talking and one person typing. I'm not totally opposed to that though, I don't... have a lot better to do? 2022-09-03T04:07:43Z (#miamuaa) @ Sounds like we need to hunt down more attendees. o_o 2022-09-03T04:39:45Z @ The call is 19 minutes from now, if people show up. 2022-09-03T04:42:21Z (#ntpsgpa) https://meet.jit.si/Yarn.social is the location for said meeting too. 2022-09-03T07:22:30Z (#q7chvzq) @ Key takeaway here is we need more attendees so that chat doesn't devolve into being about Windows. 2022-09-03T16:50:00Z (#q7chvzq) @ FWIW, the chat has no strong topic setting, and it can go pretty much anywhere. I am probably the only regular Windows user who attends, lol. It's at midnight for me too! 2022-09-10T03:40:22Z (#4bn76kq) @ Still the plan. Figured we'd go to the same bat-channel if you have no objection! 2022-09-10T03:40:50Z (#rsj7m2q) Yep, that's the joke, lol. 2022-09-10T06:56:52Z Yarn.social call notes: Nobody showed up, so @ just kept teaching me Go stuff. 2022-09-16T12:05:36Z (#kev23pa) @ TestFlight also says Goryon expires in 4 days so an iOS push is also probably well warranted. 2022-09-17T01:40:32Z (#w743fcq) @ I will be there, plus Ian. 2022-09-17T05:18:10Z (#qjbfs6q) @ Wait is this even real? I block so much I haven't seen an experience like this in twenty years. 2022-09-21T03:25:15Z (#nsijvza) @ Is Mastodon a "legacy" social network in this context too? :P 2022-09-21T03:27:57Z (#2fvguza) @ DokuWiki is my strong vote, I believe the actual data format is just text files, which is quite nice. 2022-09-22T04:12:35Z (#2fvguza) @ tbh, your wiki felt a little half-baked when I tried it. I actually had given up on it and was playing with someone's fork of it where they were going to build it out a lot more... and then they also abandoned it, I think. But that was also a bit ago, I don't know if you've done more since. 2022-09-22T04:14:30Z (#2fvguza) I will probably take another look after Todo or something, if you're going to base your kinda core app experience for self-hosting on some of these, I should probably provide specific notes. :P 2022-09-22T05:28:00Z (#2fvguza) @ Definitely didn't pick up that you were joking... was slightly worried you might be offended by my honesty there! I am warming to HedgeDoc for some things, particularly meeting notes and blog drafting, but yeah, DokuWiki is what I use for my personal infrastructure docs. Network configs, manuals for obscure hardware, etc. 2022-09-22T06:21:33Z (#2fvguza) I feel like wikis push me to hierarchical organization. My replacement is far messier: I open random Sandstorm documents, leave some notes, and hope I'll remember enough of what I named it to search for it. :D 2022-09-22T19:31:36Z Okay fine, @, I'll update my feed source. I get the message. 2022-09-24T04:19:20Z (#4atctaa) @ I'll be there. I need to finish my PR at the same time though. Been busy. 2022-10-01T04:33:51Z (#gdfubhq) @ Planning on it here. 2022-10-01T06:15:08Z New styling on desktop looks real good here! 2022-10-01T06:15:36Z (#ands4ba) @ Technically they were git forking mysteries, no GitHub involved. :P 2022-10-08T01:58:01Z (#i4w4wtq) @ I think me? 2022-10-10T17:15:40Z (#ngo44kq) @ > this app basically took over my phone number  Is this an Android-specific thing? What the heck? 2022-10-11T01:11:58Z (#wdhjkqq) @ Awful. Glad I didn't risk that installing Signal over here. Heck, my phone still dials emergency services, unlike Pixels at various points. 2022-10-11T05:44:58Z (#ngo44kq) @ That sounds awful. I had to give Signal my phone number, but I assume that's so people can find my account? It couldn't reroute messages within my phone. 2022-10-11T05:47:14Z (#ngo44kq) @ FWIW, spam on IRC is really, really prevalent, and IRC has limited systems to handle it. I know they'll let you cloak your info with regards to other users seeing it, but trusting them with it is somewhat important to them managing the server. 2022-10-13T16:22:22Z (#ngo44kq) @ Interestingly enough, Signal has announced plans to deprecate SMS/MMS support entirely. So even if I had a phone which could tamper with my text messages, Signal soon won't anyways.  Since I've solely installed Signal to talk to the Yarn social Signal group, and that's not a sensitive communication, it doesn't bother me if it's compromised very much. 2022-10-14T00:58:55Z (#f7pxu3q) @ I feel this about Signal giving everyone real phone numbers. I worry a little less about IP addresses because I'm generally pretty public about my rough geographic area anyways... 2022-10-14T05:31:30Z (#cpoievq) @ I find the top purpose for corporate VPN providers is low-impact legal offenses involving torrenting: It's not necessarily about the VPN provider not ratting you out, but about being enough of a hassle to uncloak you that by the time the legal process to do so has ramped up, the VPN provider has dumped their logs anyways. Serious crimes, governments are going to act a lot faster, and get the response they need quickly, but for the low level stuff it's more civil law nonsense a VPN company in the middle will befuddle the process. 2022-10-15T02:50:04Z Why is everyone's profile picture gone/default on Goryon? 2022-10-15T05:01:22Z Hey all, it's weekly call time! https://meet.jit.si/Yarn.social Join us! 2022-10-15T05:35:34Z @ NFT! 2022-10-15T05:44:26Z (#qsk2rnq) I was just trying to see if my account got suddenly deleted. 2022-10-15T07:18:25Z (#wv4r7cq) @ NICE! Looks classy. 2022-10-15T15:22:54Z (#56f27iq) @ Yarn call was actually sbout Yarn stuff mostly this week? What on earth? 2022-10-20T18:40:33Z (#uvttuea) The problem is the OSI considers this working-as-intended. 2022-10-20T18:42:22Z (#qjreyuq) @ The problem is that if I fork your code (which I can do), and then post it on GitHub (which I can do), then Copilot still trains on it, whether you like it or not.  The answer here, is what's happening: Litigation. 2022-10-20T18:43:18Z (#qjreyuq) @ More than likely if a class action settlement happens, anyone who can allege they had their code on GitHub during the span of time Microsoft was training Copilot will be eligible, which would include anyone who deleted their repos when Microsoft first showed it off. 2022-10-20T18:46:07Z (#dlz4iuq) @ I mean he is very sour on Mastodon/ActivityPub, so it's not outside the realm of possibility... 2022-10-21T21:28:41Z (#uvttuea) @ I think the OSI positions are paid positions via memberships/donations. Which is to say, the status quo is perfectly sustainable... for the OSI.  I had recent conversations with both the OSI's Executive Director and Standards Director, and both conversations convinced me the OSI does not remotely care about sustainable open source. 2022-10-22T04:58:58Z (#tw35uma) @ I'll be late probably. 2022-10-22T05:19:37Z (#tw35uma) @ No problem. I just got here, and it's twenty minutes past anyways. 2022-10-22T08:45:19Z (#zatuwba) @ If you have any sort of CI, it is relatively trivial in theory to have it git push to another repo. It's how I backup all my GitHub repos. 2022-10-22T14:47:20Z (#x77j6aq) @ Few spelling errors in there. msision, hotable, pacakages 2022-10-22T14:49:10Z (#x77j6aq) @ - Sandstorm.io hopefully someday ;) Though I admit we are probably not quite at the polish today for someone to replace their existing self-hosting stack (yet) 2022-10-22T15:16:21Z (#x77j6aq) @ To be fair, that both predates Sandstorm (circa 2014), and considering you've tried it recently and still spun up your own corporate infrastructure, demonstrates it's not ready to meet your needs even today.  I would probably love your top bullet points on what Sandstorm would've needed to have or do to meet your business infra needs. 2022-10-22T15:21:27Z (#gfpkedq) @ As a fun fact, Sandstorm is neither RBAC or ACL, it uses object capabilities, which is a superior but niche model also seen in Google's Fuchsia and a very limited number of random things since the 1980's. 2022-10-22T15:22:18Z (#gfpkedq) @ I really like Active Directory still. Mostly for Group Policy though, which only works on Windows. 2022-10-22T15:25:31Z (#55mho6q) @ Just got a couple of these to play with. At the least it's a convenient option to always using the TOTP app, but I'm having issues getting them working on one of my networks still. 2022-10-22T15:39:11Z (#55mho6q) @ Both the OS and browser have heavy restrictions, and I want to enable WebAuthn, but *only* WebAuthn, and I'm not sure what's breaking it when I test it. 2022-10-22T15:46:35Z (#gfpkedq) @ What I've learned in production is the apps need to be built or heavily modified to truly support object capabilities. We've packaged numerous apps for Sandstorm, but the best experience is still apps written to work in that environment, even if they aren't as feature-heavy. 2022-10-22T15:49:21Z (#2rzhvuq) @ I mean I wrote https://github.com/sandstorm-io/sandstorm-error-collector in an evening, but I'm pretty well-versed in working within vagrant-spk at this point, and I knew where to pull most examples of what I was building quickly. (Also with PHP I don't have to write my own web server...) 2022-10-22T15:51:30Z (#gfpkedq) @ True, though it becomes less of a problem once people realize writing apps with traditional security models is bad and everyone does it our way. ;)  The challenge with changing the world is overcoming momentum. 2022-10-22T15:58:11Z (#2rzhvuq) @ Absolutely a jab at Golang. Though I still want to try building a web app with it. 2022-10-22T16:00:47Z (#gfpkedq) @ The official lingo is ocap for object capabilities. And FWIW that is still IMHO just a need for better implementation by Sandstorm: Capabilities done right actually cause a lot less friction than ACLs! 2022-10-22T16:14:53Z (#5qqqtma) @ @ I'd also definitely second the recommendation of HedgeDoc. It's very clean and very capable. 2022-10-22T16:57:19Z (#4xke5sa) @ @ The entire public key infrastructure is kinda a joke, tbh. Let's Encrypt made HTTPS free, but in practice that mostly just means malware can be delivered securely to your PC. EV certs made a lot more sense, but Google had to deprecate those, VMC appears to be a potentially worthy replacement though. 2022-10-22T17:30:30Z (#4xke5sa) @ It does, but EV was already just prohibitively expensive. It's very hard for corporations to distinguish between malware authors and hobbyist developers, unfortunately. 2022-10-22T18:03:12Z (#4xke5sa) @ Well in this case the problem is that corporations tend to make and control all the web browsers. 2022-10-23T01:15:16Z (#zatuwba) @ I've just done a manual git pull and push for those, they're rarely things I'm too worried about keeping "up to date". 2022-10-24T13:00:37Z (#bm2nexq) @ maya wouldn't see my response anyways, right? 2022-10-26T18:28:06Z (#vbzz6ta) @ I won't delete mine, but I'll probably transition from being a user to a lurker. 2022-10-26T18:28:47Z (#momapxa) @ What is the ttps:// protocol, prologic? 2022-10-28T03:35:51Z (#anoxzqq) @ Yep, it's the land of Musk. The Fediverse is seeing it's standard huge population uptick on the news, that will disappear again in a month or two as usual. 2022-10-28T03:40:40Z (#qnrgs4a) @ As long as open source orgs reject the concept of sustainable development, any reasonably sized project will eventually go corporate. 2022-10-29T04:01:15Z (#lemfbca) @ Yep. Eugen said image uploads for posts took like 12 minutes after uploading to process earlier today. 2022-10-31T06:43:37Z This is an excellent post. https://theintercept.com/2022/10/28/elon-musk-twitter/ 2022-10-31T16:50:29Z (#d6alaoq) @ Bypassing a warning about an expired certificate is basically never actually dangerous. I have yet to see a maliciously used expired certificate in the wild. 2022-10-31T16:53:05Z (#d6alaoq) Unfortunately, I feel that right now the people who decide on how to run PKI are so far removed from the real world and practical concerns, it's straight up comical. 81% of organizations have had outages caused by expired certificates, something that has almost no real world security benefit. https://betanews.com/2022/03/22/81-percent-of-organizations-have-outages-caused-by-expired-certificates/ 2022-10-31T18:52:30Z (#d6alaoq) @ I literally had to fix an outage this weekend caused by a weird certificate. Not external facing, but the security risk caused by it was nonexistent, and yet, it was implemented as a requirement and caused random unexpected breakage when it expired itself. 2022-11-04T01:53:04Z (#abjecua) @ I have to be reachable during my personal time for work stuff. So I feel no guilt or shame in being reachable during my work time for personal stuff. It's a balance still. 2022-11-04T01:56:19Z (#d6alaoq) @ I think TLS is fine. I think PKI is a crock of garbage, because most participants in PKI are garbage, and Google has complete capture of it and makes decisions that work best for it, and not the real world.  Ultimately what I think should happen for certificate expiration is browsers should soft-warn for like a week or two after expiry, with like a yellow address bar, as opposed to trying to block navigation. The risk of an expired cert just doesn't justify browser behavior. 2022-11-04T01:57:14Z (#d6alaoq) @ We tricked rocks into thinking, and this how they get back at us for it, because thinking is a horrible curse. 2022-11-04T17:54:25Z (#d6alaoq) @ Whether warning before or after the date is somewhat immaterial, except it slides the sysadmin window even narrower, for no good reason. Google's already aggressively forced everyone to a 12 month deadline. Not everything supports Let's Encrypt. And so every year we have a window where I have to rush around and update all the certs before the expiration date, but if I start the process too soon, then I am doing it every eleven months, because of that absolute 12 month cap.  And again, there's nothing inherently less secure about a 13 month old cert than a 12 month old cert. About 99% of certificate behavior is security theater and Google flexing it's ability to force everyone to do what it says. 2022-11-05T06:20:02Z (#hd6f7aa) @ Kinda. As per usual, Tim Berners-Lee is in the media here to promote Solid, a bad self-hosting idea that only gets coverage because Tim's famous. 2022-11-08T03:38:55Z (#hd6f7aa) @ So the problem with Solid is that the concept is to control your data, and merely allow apps to access that data. Aka, a significant downgrade from any selfhosting, because your apps can still disappear at any time.  The only reason this would make sense is if you really really were focused on enabling proprietary services while still giving lip service to owning your data. 2022-11-08T08:43:47Z (#hd6f7aa) @ Not quite that bad, but imagine a system that let you keep all your Word docs. But could remove your Microsoft Office install at any time. You might be able to recover your data and use them with another app, but it won't really be the same. And also Microsoft Office was a cloud service? 2022-11-12T05:40:32Z ![We don't deserve DojaCat](https://files.mastodon.social/media_attachments/files/109/326/825/984/559/912/original/524568a5e7f78262.png "Doja Cat literally owning Elon Musk") 2022-11-12T05:42:22Z ![Doja cat owns Elon Musk](https://twtxt.net/media/FR7CsYy24KsiezrRW7pcPE.png) 2022-11-14T06:45:55Z Wrote a new Sandstorm.io app tonight in *less than an hour* called Sum: https://apps.sandstorm.io/app/uw6vkwgwkeqv9fdkh94hqwt6nh4jfm02hzf3mkth1qfntkfx8cjh?experimental=true  It's extremely simple (basically an old tape adding machine plus a memo field), but it'll save me some time and make a process i do mobile friendly. 2022-11-14T06:47:34Z (#cbsp22a) A point of pride to me is that in a single file of less than 50 lines of code: Dark mode is supported without a whole stylesheet and input is validated without JavaScript. 2022-11-21T06:49:40Z (#lferlna) @ The fact that nothing on their website even mentions a business model and that their company's values page is entirely about vision and not at all about privacy or user rights at all should drive everyone far, far, far away from this thing. 2022-12-02T09:19:13Z Switched my Sandstorm dev box from an Ubuntu machine to a Debian one this week. Night and day difference in performance, once you get past the part where Debian fresh installs broken in various subtle ways. 2022-12-05T13:38:50Z (#luwoonq) @ What all makes the list? I have been archiving repos that matter to me too of late, though it's a smaller list. 2022-12-07T02:29:41Z (#luwoonq) @ I grab pretty much all unmaintained Sandstorm app repos, in case they disappear, and then anything interesting related to copyrighted games. Like if you saw the Portal64 thing recently... really interesting but begs for a DMCA, so I took a copy. 2022-12-10T11:39:30Z (#47wdtqq) @ I sorry, I fell asleep. 2022-12-10T13:09:54Z On the call we were talking about how Mastodon servers DDoS websites when they generate link previews: https://www.jwz.org/blog/2022/11/mastodon-stampede/ There's some interesting questions about how to do this more efficiently without a bad user experience. 2022-12-10T13:45:58Z (#du3afsq) @ There are tens of thousands of Mastodon servers. I believe the hit is caused by the servers all checking the link at once, not the clients. 2022-12-17T05:02:44Z (#hyfxvda) As per usual, I show up when you aren't here. Ah well. Hope you recover quickly. 2022-12-21T18:26:37Z Hey @, are you planning on switching git.mills.io over to Forgejo when it launches? 2022-12-21T22:36:18Z (#bukmc7q) @ @ One of the big things Forgejo is working on is federation support, so you can contribute to projects on various code forge servers from your own. Forgejo is led by a bunch of Gitea contributors who were blindsided by the corporate push.  But right now it is a soft fork, so it is yet to be seen how much they will diverge in the near future. 2022-12-22T03:26:27Z (#bukmc7q) @ Working on fixing that! Some prototyping of doing Cap'n Proto capabilities instead! 2022-12-25T19:22:00Z (#mvzvuca) @ @ Heh, just had to go trace back and find out what issue was being discussed. Heh, interesting thread indeed. I swear James, though, you lean hard into "do everything everyone else is doing but NOT THAT WAY", lol 😂🤣😂 2022-12-25T21:52:30Z (#mvzvuca) @ @ Written entirely in Go, of course. 2023-01-07T21:33:05Z (#ufl43ha) @ A decade and a half of unchecked marketing that it's the next thing. 2023-01-24T15:01:39Z Wooo! I'm back! And the app has a new name! 2023-01-25T03:13:13Z (#xwg44ra) @ Staring at the app no longer available screen. 🫠 2023-01-25T08:20:45Z (#xwg44ra) @ I have not had a ton of desktop-based social media time lately, so every time I tried to check in here I slammmed into the expired app and went back to Mastodon. :P Missing the calls has just been me failing, a lot of cool stuff has happened. 2023-01-25T08:26:09Z (#xwg44ra) @ We do, though technically what I'm blocked on is just re-organizing yarnd auth design.  Tonight I killed an eight year old issue report in Sandstorm's WordPress package, so I am on a roll right now. 2023-02-03T18:20:12Z (#kmjq5gq) @ I should try to come to the first one today, I have been a lapsed attendee for a bit here. 2023-02-04T04:30:37Z (#hab24la) @ Nostr doesn't have any blockchain features, it just has a community with a lot of crypto bros in it. 2023-02-04T11:00:16Z (#5pwe3aq) @ I mean I ended up outright asleep. 2023-02-04T11:03:55Z (#hab24la) @ Yeah the protocol for it is pretty straightforward. It suggests relays should charge money for their services though, which is likely why Bitcoin payment integration may be common. 2023-02-04T11:04:42Z (#5pwe3aq) @ Haha, well I'm up so that's reasonable. 2023-02-04T13:01:53Z (#hab24la) @ It's decentralized: You submit a copy of your messages to as many relays as you would like, and people can follow them from as many relays as they like. The relays act as the "server", but your profile isn't tied to any specific one. 2023-02-04T13:02:37Z (#hab24la) Messages are signed with a keypair to verify who they came from. But there's no blockchain strategy in use for them. 2023-02-04T13:05:02Z Oh, shoot, it's 13 UTC now? I just... got on the call... whoops. I knew the second call was 7 hours after the first one, and I didn't actually look at the time of the first one in my calendar, and made a daylight savings-inspired screw-up.  Can we please get rid of daylight savings time as a thing? 2023-02-04T13:18:06Z (#hab24la) @ It literally calls itself dumb here: https://github.com/nostr-protocol/nostr (It's a very readable readme) 2023-02-04T13:21:07Z (#nwjstlq) @ This is the downside of lacking notifications. Just saw this. I can't get Firefox to prompt for audio access on this site. 2023-02-04T13:33:23Z (#hab24la) @ I mean, I wouldn't want a Russian server to ensure my free speech, but some of the free speech absolutists will take it anywhere they can get it. 2023-02-04T14:28:17Z (#bfbchba) @ Russian sites generally don't care about US law, so you can feel free to say things on a relay there you could get in trouble for here. Of course, I'm confident Russia allows so much criminal Internet activity in their borders because it's annoying to the West. 2023-02-08T19:03:12Z Whelp, @prologic, Google can't help but be Google, and I shouldn't have believed you... Russ Cox wants to build telemetry directly into the core Go tools: https://github.com/golang/go/discussions/58409  You can't remove the Google stench from anything Google is involved in. 2023-02-09T22:54:15Z @ From Russ Cox: "note that if you set GOPROXY=direct, the go command still uses the checksum database to protect against supply chain attacks. If you really want the go command not to use servers, you also need to set GOSUMDB=off."  lol it has no end 2023-02-09T23:30:59Z (#mwhjn4a) @ It basically gives them all the same data using GOPROXY does though, does it not? 2023-02-10T01:52:57Z (#mwhjn4a) @ What info do they get via GOPROXY but not get through GOSUMDB? They'd get obviously your IP/connection plus all of the packages you are using, no? 2023-02-10T02:32:19Z (#mwhjn4a) @ I mean my point is that people thought they were excluding Google from that info by turning the proxy off, so Google went and implemented another less known switch to get the same data. 2023-02-10T07:39:43Z (#mwhjn4a) @ I mean, from a historical standpoint, probably no, but the fact that there's actually two and now a proposed third variable you have to set to keep Google out of your dev tools is a continuing problem, especially since the second one doesn't seem to be well-known. 2023-02-11T05:32:06Z (#fjtdvda) @ We were on the road until right now and I am barely awake and am going to sleep. 2023-02-11T11:59:32Z (#lrrtgka) Haha, this is getting funny at this point... I'm here for this later call now. Just. Keep. Missing. It. 2023-02-16T17:18:59Z (#el5mh5a) @ What's your current plan/concept on this? 2023-02-17T00:46:01Z (#el5mh5a) @ Awesome. We need to catch up. Hoping to make it tomorrow maybe. 2023-02-24T23:26:46Z We won. https://research.swtch.com/telemetry-opt-in 2023-02-26T20:10:37Z (#dpjnptq) @ I have no problem with opt-in telemetry at all. If you choose to share info with the developer, why not provide good tools to do it? 2023-03-12T01:56:36Z (#hzwqlla) @ Interesting. I think I interacted with that user today? 2023-03-12T01:57:28Z (#hzwqlla) @ I think you are talking the user side while @ is talking protocol side, and that means you're talking about wildly different things.