(#xyy4hrq) @shinyoukai@neko.laidback.moe Welcome back! 🤟 You have been missed! 😅

(#ykqom5q) @shinyoukai@neko.laidback.moe Welcome back 🤟

(#qjlgy4q) @movq@www.uninformativ.de Fail2ban to the rescue? :-?

(#usa342a) @movq@www.uninformativ.de In my current project I’m typically far away from this pile of shit. Let’s see how the project will be in this regard.

(#2ueqd7a) @bender@twtxt.net Unfortunately, this also breaks the browser search.

(#d2pj7pq) @movq@www.uninformativ.de I’m raising my hand for tt.

Not a day goes by at work, where I’m not either infuriated or frustrated by this wave of AI garbage. In my private life, I can avoid it. But not at work. And they’re pushing hard for it.

Something has to change in 2026.

The classified information in the future classified information the surface so classified information is classified information and I wasn’t hurt

In fact, look at how soft this ball is

~ Mikuru Asahina The Elder (The Melancholy of Suzumiya Haruhi-chan)

Say what, npf(7) is throwing up and won’t block anything, yare yare :facepalm:

(#d2pj7pq) @prologic@twtxt.net the only one other that exists is htwtxt which may as well be Yarn’s ancestor

(#d2pj7pq) Obviously yarnd 🙋‍♂️

(#xyy4hrq) that is to say, chaotic.ninja still exists (although I don’t directly control it anymore as of last year), the rest is classified information ;P

Do not expect me to not hit other people’s nerves. You have been warned.

@prologic@twtxt.net I have returned

Which actively maintained Yarn/twtxt clients are there at the moment? Client authors raise your hands! 🙋

(#jryh2ba) This is what this looked like visually 😳

(#jryh2ba) @prologic@twtxt.net Time to make a new internet. Maybe one that intentionally doesn’t “scale” and remains slow (on both ends) so it’s harder to overload in this manner, harder to abuse for tracking your every move, … Got any of those 56k modems left?

(I’m half-joking. “Make The Internet Expensive Again” like it was in the 1990ies and some of these problems might go away. Disclaimer: I didn’t have my coffee yet. 😅)

(#jryh2ba) At this point I’m considering starting a class action lawsuit for all the self-hostess and little-web folks that want to host a small thing or two and sue these fucking inconsiderate fucking corporate giants, hopefully win, and make them respect others on the web.

Fark me 🤦‍♂️ I woke up quite late today (after a long night helping/assisting with a Mainframe migration last night fork work) to abusive traffic and my alerts going off. The impact? My pod (twtxt.net) was being hammered by something at a request rate of 30 req/s (there are global rate limits in place, but still…). The culprit? Turned out to be a particular IP 43.134.51.191 and after looking into who own s that IP I discovered it was yet-another-bad-customer-or-whatever from Tencent, so that entire network (ASN) is now blocked from my Edge:

+# Who: Tentcent
+# Why: Bad Bots
+132203

Total damage?

$ caddy-log-formatter twtxt.net.log | cut -f 1 -d  ' ' | sort | uniq -c | sort -r -n -k 1 | head -n 5
  61371 43.134.51.191
    402 159.196.9.199
    121 45.77.238.240
      8 106.200.1.116
      6 104.250.53.138

61k reqs over an hour or so (before I noticed), bunch of CPU time burned, and useless waste of my fucking time.

(#uvddnqa) @movq@www.uninformativ.de That’s what tests are for. To fix them. :-D

(#ifjh3pa) @lyse@lyse.isobeef.org Oops. 😅 But yay, it’s working. 🥳

All my newly added test cases failed, that movq thankfully provided in https://git.mills.io/yarnsocial/twtxt.dev/pulls/28#issuecomment-20801 for the draft of the twt hash v2 extension. The first error was easy to see in the diff. The hashes were way too long. You’ve already guessed it, I had cut the hash from the twelfth character towards the end instead of taking the first twelve characters: hash[12:] instead of hash[:12].

After fixing this rookie mistake, the tests still all failed. Hmmm. Did I still cut the wrong twelve characters? :-? I even checked the Go reference implementation in the document itself. But it read basically the same as mine. Strange, what the heck is going on here?

Turns out that my vim replacements to transform the Python code into Go code butchered all the URLs. ;-) The order of operations matters. I first replaced the equals with colons for the subtest struct fields and then wanted to transform the RFC 3339 timestamp strings to time.Date(…) calls. So, I replaced the colons in the time with commas and spaces. Hence, my URLs then also all read https, //example.com/twtxt.txt.

But that was it. All test green. \o/

(#kyfenpq) And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …

But the thing is that I’m seeing new URLs constructed in this pattern. So this can’t just be an old crawling dataset.

I am now wondering if those broken URLs are bot bugs as well.

They look like this (zalgo is a new project):

https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/

When you request that URL, you get redirected to /git/:

$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/

And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, you’ll end up with an infinite loop.

Is that what’s going on here or are my redirects actually still broken … ?

(#sxlpyva) I just noticed this pattern:

uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Let me add some spaces to make it more clear:

    uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET                       /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Some IP (from Brazil) requests some (non-existing, completely broken) URL from my webserver. But they use the hostname uninformativ.de, so they get redirected to www.uninformativ.de.

In the next step, just a second later, some other IP (from Nepal) issues an HTTP proxy request for the same URL.

Clearly, someone has no idea how HTTP redirects work. And clearly, they’re running their broken code on some kind of botnet all over the world.

My webserver is getting millions of hits per month at the moment.

All bots.

(#dkc24ma) @thecanine@twtxt.net @movq@www.uninformativ.de Unfortunately, yes.

(#dkc24ma) @thecanine@twtxt.net That image is correct.

Great things happening over at the Xhitter.

(#wmobsaa) @bender@twtxt.net Thanks. That pulley is just to hang back up the telephone wire (on the ground in 16) for that farm and restaurant in 04 once they finish logging. Hahahahahaaahaaaa, I didn’t see the nails on top of the pole. :-D

Yup, these ice crystals are just lovely. :-)

(#g3u6i2q) @prologic@twtxt.net Who’s got a life besides work, huh? Yeah, no, thanks, mate! Scratch that.

(#g3u6i2q) @bender@twtxt.net Don’t even think that was on the cards I’m afraid 😳 But yes I’ve said that in a message to the recruiter.

(#xdrqwrq) @kiwu@twtxt.net I’m glad you’re liking the updates haha 😆

(#g3u6i2q) @lyse@lyse.isobeef.org @bender@twtxt.net Pfft, they want folks to relocate to Sydney. Fuck that 🤣 Sydney is a bit like San Francisco, I’m not actually sure which is worse. Fuck’n expensive as hell, the only palce you’d be able to afford to buy or rent is at least ~2hrs out of the city by public transport (i.e: train) and by that time you’ve just pissed your life down the toilet, because you’d be expected ot work a 9-10hr day + 2-3hrs of travel each way, buy the time you factor in having to wake up super early to get ready to travel in to work, you basically have zero time for anything else, let alone your ufamily,

Fuck that.

Hmmm

Hello @therealprologic@bridge.twtxt.net 👋

(#gg45s6a) @thecanine@twtxt.net Cool! Let’s hope they truly keep their word.

(#g3u6i2q) @prologic@twtxt.net I couldn’t have phrased it any better than @bender@twtxt.net. :-)

Twice or three times the money as before sounds a bit suspicious to me. Of course, I could be wrong, but I always was under the impression, that your last jobs weren’t all that badly salaried. If the new offer is really paid this highly, it might be a shit job. For me, money isn’t everything, I’d rather opt for a lower income where the job is fun than hating to go to work every day. But if the new job ticks all boxes, go for it. :-)

Also: Consult your pillow, don’t rush it.

I was looking at some ancient code and then thought: Hmm, maybe it would be a good idea to see more details in this error message. Which of the values don’t line up. On the other hand, that feature isn’t probably used anyway, because it’s a bit ugly to use (historically evolved). And on top of that, most teams need something slightly different, if they deal with that sort of thing.

I still told my workmates about it, so they could also have a look at it and we can decide tomorrow what to do about it. Speaking of the devil, no kidding, not even half an hour later, a puzzled tester contacted me. She received exactly that rather useless error message. Looks like I had an afflatus. ;-)

It’s interesting, though, that in all those years, nobody stumbled across this before. At least we now know for sure that this is not dead code. :-)

I had no meetings this arvo, so I made an appointment with the woods in my extended lunch break. The 6°C warm sun was out all day long and there was only a very light breeze. So, a very nice autumn day.

When I stopped to take a photo in the forest, a deer behind me took off into the woodland. I didn’t see it before. Also, I came across one or the other clearing. Sadly, it’s all commercial timberland here. Luckily, in a year or so, when nature slowly took over and reclaimed some spots, the apocalyptic sites are then looking a bit more decent again.

Cleaning of the ruin walls on my backyard mountain slowly takes shape. They made some progress and moved on to the other section. The flag on top is halfway disintegrated again, all the yellow half is completely gone. I’m wondering if they just stop replacing it at some point in time. But probably not.

Enjoy! https://lyse.isobeef.org/waldspaziergang-2025-11-19/

(#g3u6i2q) @bender@twtxt.net Haha 🤣 Spoken like someone that’s done this before 😅

What do you do, when a recruiter throws you a PD or two and says the total compensation is ~2-3x what you’re on now?! 🤔

(#gg45s6a) @thecanine@twtxt.net Not bad. 🥳 Fingers crossed that they actually do it. 🤞

(#zys4rlq) @arne@uplegger.eu @lukas@lukasthiel.de In fact, Yarn.social’s yarnd client implementation actually uses (or did, still kinda does today) PicoCSS 🤟 It was/is a good CSS library! 👍

(#gg45s6a) @thecanine@twtxt.net Comgrats! 🙌

(#enujccq) Luckily, I haven’t noticed at all. 😅

Boi am I glad I made the decision to get off of Clownflare back in Jan of this yaer 🤣

Hmmm 🧐

Hello Mastocon? 🤔

Testing 1 2 3