@shinyoukai Welcome back! 🤟 You have been missed! 😅

@shinyoukai Welcome back 🤟

Not a day goes by at work, where I’m not either infuriated or frustrated by this wave of AI garbage. In my private life, I can avoid it. But not at work. And they’re pushing hard for it.

Something has to change in 2026.

The classified information in the future classified information the surface so classified information is classified information and I wasn’t hurt

In fact, look at how soft this ball is

~ Mikuru Asahina The Elder (The Melancholy of Suzumiya Haruhi-chan)

Image

⚠️ This feed shall only be used to post announcements about Laid-Back Systems

Say what, npf(7) is throwing up and won’t block anything, yare yare :facepalm:

@prologic the only one other that exists is htwtxt which may as well be Yarn’s ancestor

Obviously yarnd 🙋‍♂️

that is to say, chaotic.ninja still exists (although I don’t directly control it anymore as of last year), the rest is classified information ;P

Do not expect me to not hit other people’s nerves. You have been warned.

@prologic I have returned

Which actively maintained Yarn/twtxt clients are there at the moment? Client authors raise your hands! 🙋

This is what this looked like visually 😳

Image

@prologic Time to make a new internet. Maybe one that intentionally doesn’t “scale” and remains slow (on both ends) so it’s harder to overload in this manner, harder to abuse for tracking your every move, … Got any of those 56k modems left?

(I’m half-joking. “Make The Internet Expensive Again” like it was in the 1990ies and some of these problems might go away. Disclaimer: I didn’t have my coffee yet. 😅)

At this point I’m considering starting a class action lawsuit for all the self-hostess and little-web folks that want to host a small thing or two and sue these fucking inconsiderate fucking corporate giants, hopefully win, and make them respect others on the web.

Fark me 🤦‍♂️ I woke up quite late today (after a long night helping/assisting with a Mainframe migration last night fork work) to abusive traffic and my alerts going off. The impact? My pod (twtxt.net) was being hammered by something at a request rate of 30 req/s (there are global rate limits in place, but still…). The culprit? Turned out to be a particular IP 43.134.51.191 and after looking into who own s that IP I discovered it was yet-another-bad-customer-or-whatever from Tencent, so that entire network (ASN) is now blocked from my Edge:

+# Who: Tentcent
+# Why: Bad Bots
+132203

Total damage?

$ caddy-log-formatter twtxt.net.log | cut -f 1 -d  ' ' | sort | uniq -c | sort -r -n -k 1 | head -n 5
  61371 43.134.51.191
    402 159.196.9.199
    121 45.77.238.240
      8 106.200.1.116
      6 104.250.53.138

61k reqs over an hour or so (before I noticed), bunch of CPU time burned, and useless waste of my fucking time.

@lyse Oops. 😅 But yay, it’s working. 🥳

All my newly added test cases failed, that movq thankfully provided in https://git.mills.io/yarnsocial/twtxt.dev/pulls/28#issuecomment-20801 for the draft of the twt hash v2 extension. The first error was easy to see in the diff. The hashes were way too long. You’ve already guessed it, I had cut the hash from the twelfth character towards the end instead of taking the first twelve characters: hash[12:] instead of hash[:12].

After fixing this rookie mistake, the tests still all failed. Hmmm. Did I still cut the wrong twelve characters? :-? I even checked the Go reference implementation in the document itself. But it read basically the same as mine. Strange, what the heck is going on here?

Turns out that my vim replacements to transform the Python code into Go code butchered all the URLs. ;-) The order of operations matters. I first replaced the equals with colons for the subtest struct fields and then wanted to transform the RFC 3339 timestamp strings to time.Date(…) calls. So, I replaced the colons in the time with commas and spaces. Hence, my URLs then also all read https, //example.com/twtxt.txt.

But that was it. All test green. \o/

And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …

But the thing is that I’m seeing new URLs constructed in this pattern. So this can’t just be an old crawling dataset.

I am now wondering if those broken URLs are bot bugs as well.

They look like this (zalgo is a new project):

https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/

When you request that URL, you get redirected to /git/:

$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/

And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, you’ll end up with an infinite loop.

Is that what’s going on here or are my redirects actually still broken … ?

I just noticed this pattern:

uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Let me add some spaces to make it more clear:

    uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET                       /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Some IP (from Brazil) requests some (non-existing, completely broken) URL from my webserver. But they use the hostname uninformativ.de, so they get redirected to www.uninformativ.de.

In the next step, just a second later, some other IP (from Nepal) issues an HTTP proxy request for the same URL.

Clearly, someone has no idea how HTTP redirects work. And clearly, they’re running their broken code on some kind of botnet all over the world.

My webserver is getting millions of hits per month at the moment.

All bots.

@thecanine That image is correct.

Image

Great things happening over at the Xhitter.

Image

@bender Don’t even think that was on the cards I’m afraid 😳 But yes I’ve said that in a message to the recruiter.

@kiwu I’m glad you’re liking the updates haha 😆

@lyse @bender Pfft, they want folks to relocate to Sydney. Fuck that 🤣 Sydney is a bit like San Francisco, I’m not actually sure which is worse. Fuck’n expensive as hell, the only palce you’d be able to afford to buy or rent is at least ~2hrs out of the city by public transport (i.e: train) and by that time you’ve just pissed your life down the toilet, because you’d be expected ot work a 9-10hr day + 2-3hrs of travel each way, buy the time you factor in having to wake up super early to get ready to travel in to work, you basically have zero time for anything else, let alone your ufamily,

Fuck that.

Hmmm

Hello @therealprologic 👋

@bender Haha 🤣 Spoken like someone that’s done this before 😅

What do you do, when a recruiter throws you a PD or two and says the total compensation is ~2-3x what you’re on now?! 🤔

@thecanine Not bad. 🥳 Fingers crossed that they actually do it. 🤞

@arne @lukas In fact, Yarn.social’s yarnd client implementation actually uses (or did, still kinda does today) PicoCSS 🤟 It was/is a good CSS library! 👍

@lukas Immer her mit den Links und Bildschirmfotos.

@thecanine Comgrats! 🙌

To everyone previously asking, what my (and other developers) endless complaining about Google, to both every EU body, with a form on their website and every relevant team at Google accomplished…
WE FUCKING WON!!!
“While security is crucial, we’ve also heard from developers and power users who have a higher risk tolerance and want the ability to download unverified apps.”
-source

I was also able to work with my new webhost, to bring back “🐕.fr.to” - everyones favorite vanity redirect domain, for my site, Googles changes to SSL warnings in Chrome, killed at the beginning of this year.

The lesson: I NEED TO COMPLAIN MORE

https://youtu.be/qjBdAqBUWpQ

It’s winter!

Image

Luckily, I haven’t noticed at all. 😅

Boi am I glad I made the decision to get off of Clownflare back in Jan of this yaer 🤣

Hmmm 🧐

Hello Mastocon? 🤔

Testing 1 2 3

@kiwu Oh! you like? 👍 Haha 😆

the new logo is cute

Image

Testing 1 2 3

Hey @ocdtrekkie 👋

Habe mich am Wochenende nach Empfehlung von @arne an https://picocss.com versucht und bin restlos begeistert. Schön schlank, schnell und modern! In Zukunft werden sicherlich noch einige Projekte mit Pico folgen.