@abucci Precisely 😅

It’s a really good time to invest in nVIDIA shares 🤣

@abucci@anthony.buc.ci No this correctly now responds with:

$ curl 'https://twtxt.net/external?uri=https://google.com&nick=lovetocode999'
Feed Not Found

After nuking that from my cache. I forgot to nuke my own cache myself because it’s quite destructive and takes a few mins to rebuild on my pod 🤣 There’s a tool in tools for deleting a specific feed from the cache that I’ve been using.

@cuaxolotl@sunshinegardens.org Hey! 👋

Yeah I wonder too 🤔

@abucci appreciate it if you find the time to update again 🙏

Now that’s rolling out, I think that’s it. The only final way I can improve that /external endpoint/view is to refactor how it works a bit and add some HTMX magic™ so it has a nice snappy UX to it as it dynamically tries to validate the feed and provide useful feedback to the user, that way I can avoid injecting it into the cache unnecessarily in the first place!

@bender@twtxt.net Yeah but I found another bug and just squished that. CD pipeline is gonna roll this pod soon™ – Basically wasn’t handling feeds that redirect properly. e.g: https://google.com => https://www.google.com (though it’s not a feed 🤣)

Hmm I see this in the cache again 🤦‍♂️ Not sure how tbh – Job for me later.

@bender@twtxt.net https://google.com has been removed from the cache (without nuking the entire cache) @abucci if you need to selectively do this for some reason, there’s a script in the tools directory for this:

$ ./tools/cache_delete_feed.sh 'https://google.com'

Anyway, that’s gone. This is much much harder to exploit now, even if you’re an authenticated user.

Time for work™, But I quickly hacked together a bit of a better solution here. Rolling it out to my pod so we’ll see how it actually goes. Still possible to abuse if you’re a logged in user, etc, but at least now we delete the invalid/bad feed afterwards if it a) was not even a text//plain content-type or b) it errored out and was a new fetch of a HTTP feed.

Yeah okay.

@bender@twtxt.net Not possible 🤣

@abucci I mean it’s only suppose to do one thing really. What are you thinking here?

Yeah I was afraid of this. Technically can still be abused by “logged in” users. Hmmm

So we really not trust ourselves? 🤣🙄

@abucci No worries! 😅

But this is super weird, should behave the same as my pod 🤦‍♂️

@abucci nuke the cache file before starring

How did you nuke your cache?

@abucci Hmmm weird 🤔

@abucci You don’t actually appear to be running that sha hmmm? 🤔

Image

Image

Hmmm

It appears to be working to 👌

Image

silly bots 🙄

@abucci Bo worries! If you curl it too it’ll return a proper 494 👌 Should make bots go away 🤞

@abucci Blah my cache was poisoned 🤦‍♂️ it’s fine now! And this is no monger possible to do now.

@bender@twtxt.net Did they win though? Did they?! 🤣

@abucci This is already in place. It will error, return 404 Feed Not Found for non-browsers and external feeds are never fetched (unless you are an authenticated/valid user of the pod) – I patched that hole a while ago, because I already picked up it was being abused by bots 🤖

Support (and thus abuse reports) are now disabled on this pod. There’s now a new setting in Settings -> Poderator Settings called “Disable Support”.

This happens again today. This is twice just today alone. Hmm I’m reconsidering this feature entirely, rarely used and if it’s just going to be abused by spammer, I don’t see the value in it. I’m certainly not going to try to build some kind of “anti-spam” filters or anything, sounds cool, I’d learn a lot, but smells of effort and time I simply don’t have 😢 #spam #sucks

@slashdot@feeds.twtxt.net OMG! 😦 What da hell is going on here?! I used to have a friend that came from North Carolina, this is terrible (attacking power grids) 🤬 wtf are these people smoking?! 🚬

Like why does spammers even bother?! Don’t they realize how fucking futile and useless it is to be abuse something like a support form? I mean clearly nothing is going to come of this, except it’s going to be clearly ignored and toss in the bin. 🤣

Wow! My god spammers really try hard song they? 🤣 Geez 🤦‍♂️

Image

Do we need to make the captcha harder? 🙄

@lyse@lyse.isobeef.org to be fair the settings that you can change in the user interface are persisted to the settings YAML file and yes override any environmental command online options. This is always made sense to me because there are subset of settings that can be changed dynamically at runtime without requiring any restart.

@abucci It’s good enough IMO 🤞

@aelaraji@aelaraji.com It is if he’s turned off open profiles 👌

@lyse@lyse.isobeef.org thank you! 🙇‍♂️

@quark@ferengi.one Thanks! 😅

I’m happy with the current implementation though, because the only reason you should be hitting the external profile endpoint at all is a) you’re logged in and happen to click on someone’s profile that is external to the pod or b) you’re anonymous and just clicking through the frontpage (see a)

@bender@twtxt.net The problem with this is we just don’t know until we try. That’s why if the external feed you’re looking for isn’t found in the cache, it’ll try to fetch it in the background. It’s a bit of a sucky UX really, but its better than the experience of “waiting, waiting waiting and then timeout”.

I’ve pushed a slightly improved version of this that will return a HTTP 404 Not Found if the UserAgent is determined to NOT be a Browser.

Now responds with an error page; but still a 200 OK which I’m not entirely sure I agree with or am happy with? Hmm

Image

Image

@abucci I’ve fixed this and pushed a commit to main. Will test it on my pod and see how it goes. Basically reporting an error if the feed isn’t in the cache and you’re unauthenticated (anonymous).

@movq@www.uninformativ.de Yup! 👌

@abucci Hmmm I’ll have a look at this today, hopefully. 🤞 Thanks for bringing this up! 🙇‍♂️

@xuu@txt.sour.is we really must invest more time and effort into salty im 🤣

@aelaraji@aelaraji.com good morning! Are you wake up that early?! 🤣

@movq@www.uninformativ.de it looks like it would kill you. 😅

@lyse@lyse.isobeef.org Definately! Next time I’ll make sure I announce it a few days in advance. 🙄😅

This ☝️

@movq@www.uninformativ.de I certainly am 🤣 I wonder whether she is one of the yontest? 🤔