@arne https://uplegger.eu/twtxt.txt
Unterhaltung: 15 Beiträge von @alexonit, @bender, @lyse, @movq und @zvava.
@zvava
is the first url metadata field unequivocally treated as the canon feed url when calculating hashes, or are they ignored if they're not at least proper urls? do you just tolerate it if they're impersonating someone else's feed, or pointing to something that isn't even a feed at all?
and if the first url metadata field changes, should it be logged with a time so we can still calculate hashes for old posts? or should it never be updated? (in the case of a pod, where the end user has no choice in how such events are treated) or do we redirect all the old hashes to the new ones (probably this, since it would be helpful for edits too)
Antworten zu #xrswtvq von @zvava
@alexonit
|
#xrswtvq
@zvava That was my greatest concern with how it is currently handled, I'm afraid to break threads even by fixing a typo.
Handling it via the pod might work but I think it's not the best approach, external feeds and clients don't usually use a pod api but their own implementation, so any workaround won't work there.
That's why my proposals addressed those issues:
- the idea of using a "key" instead of the
url(with the url as a fallback), the key could even be a public key so it can be used verifieable in crypto functions - using the timestamp to prevent content changes to break threads (plus being simpler to implement)
- using an explicit thread reference with an alternative subject format (like
[#THREAD_ID] Hello worldand replies with(#REPLY_ID) Ahoy) so the content can change without affecting the thread reference, and anyone can use their own schemes freely
@zvava
|
#xrswtvq
@alexonit prologic has me sold on the idea of hashv2 being served alongside a text fragment, eg. (#abcdefghijkl https://example.com/tw.txt#:~:text=2025-10-01T10:28:00Z), because it can be simply hacked in to clients currently on hashv1 and provides an off-ramp to location-based addressing (though i still think the format should be changed to smth like #<abc... http://example.com/...> so it's cleaner once we finally drop hashes)
Antworten zu #xodo4da von @zvava
@bender
|
#xodo4da
Antworten zu #3sqf67q von @bender
@alexonit
|
#3sqf67q
@bender The first format use the subject extension while the other is a new format that is inspired by mentions format, the first one should be compatible but I'm not sure, if it's used verbatim by the client it would work, but if we consider the new proposal for it to have an optional part it wont work on clients without changes.
@lyse
|
#xodo4da
Antworten zu #2kiw2vq von @lyse
@zvava
|
#2kiw2vq
@lyse i would like to ditch hash addressing but as was pointed out it would be a pain in the ass to get clients currently working off of hashv1 to suddenly switch to location-based addressing instead of just hashv2 with the option to eventually phase it out — unless we can rally together all active client developers to decide on a location-based addressing specification (i still think my original suggestion of #<https://example.com/tw.txt#yyyy-mm-ddThh:mm:ssZ> is foolproof)
@alexonit
|
#2kiw2vq
@lyse
|
#xrswtvq
@zvava Yes, the specification defines the first url to be used for hashing. No matter if it points to a different feed or whatever. Just unsubscribe from malicious feeds and you're done.
Since the first url is used for hashing, it must never change. Otherwise, it will break threading, as you already noticed. If your feed moves and you wanna keep the old messages in the same new feed, you still have to point to the old url location and keep that forever. But you can add more urls. As I said several times in the past, in hindsight, using the first url was a big mistake. It would have been much better, if the last encountered url were used for hashing onwards. This way, feed moves would be relatively straightforward. However, that ship has sailed. Luckily, feeds typically don't relocate.
@movq
|
#xrswtvq
@zvava My clients trusts the first url field it finds. If there is none, it uses the URL that I’m using for fetching the feed.
No validation, no logging.
In practice, I’ve not seen issues with people messing with this field. (What I do see, of course, is broken threads when people do legitimate edits that change the hash.)
I don’t see a way how anyone can impersonate anybody else this way. 🤔 Sure, you could use my URL in your url field, but then what? You will still show up as zvava in my client or, if you also change your nick field, as movq (zvava).
@movq
|
#xrswtvq
(#abcdefghijkl https://example.com/tw.txt#:~:text=2025-10-01T10:28:00Z), because it can be simply hacked in to clients currently on hashv1 and provides an off-ramp to location-based addressing
I like that property (an off-ramp to location-based addressing), so I think I could live with that approach. ✅
(I’m not sure why we’re using text fragments, though. Wouldn’t that link to the first occurence of 2025-10-01T10:28:00Z? That’s not necessarily correct. And, to be proper URLs that Firefox and Chromium understand, it would also need to be written as 2025%2D10%2D01T10:28:00Z. The dash carries meaning, sadly. I think all this just creates needless complication. How about we just go with https://example.com/tw.txt#2025-10-01T10:28:00Z?)
Antworten zu #lolhvka von @movq
@movq
|
#lolhvka
@zvava Hm, I tried with https://www.uninformativ.de/twtxt.txt#:~:text=2025-09- and my Firefox 143 didn’t like it. https://www.uninformativ.de/twtxt.txt#:~:text=2025%2D09%2D worked. 🤔