The web as we know it will soon crash and burn in a fiery death. 12 days. There’s even a countdown. This is apparently a redux of request smuggling reborn. Request research reborn redux.

more...

Once upon a time, there was a university president who couldn’t send an email more than 500 miles, and the wise sysadmin said that’s not possible, so the president said come to my office, and lo and behold, the emails stopped before going 500 miles. Has technology improved? Can we send an email farther than 500 miles in 2025?

more...

Not just a new server, a news server, although ironically I think only the olds use the news now. It was really just an experiment in why not. It took me about three hours from opening a blank main.go to mostly done, which was good to cover the Becket joins Dr. Cuddy at the FBI arc on Castle. Then an afternoon faffing about making scripts to load up some content.

The first and most important thing to discuss is the name, nuset. It’s got all the same pheromones as Usenet, subliminally exerting mind control over the reader. In the local dialect, it’s pronounced more like newsd, rhymes with used, as if it’s used news. About right. I was thinking of telling people it’s named after the Assyrian god of information, and could probably get someone to believe that. Or maybe it’s nu-Set, the reincarnation of Set.

The NNTP protocol is specified by RFC 3977. It’s a pretty easy read, and filled with lots of examples, which I found very helpful. Read a section, then copy the client line into the parser and copy the server line into the output. There’s words, too, but it’s much less ambiguous to always see exactly the format of commands and results.

In hindsight, this would have been a good project to experiment with a new language. But I was lazy and already know where go keeps the textproto.DotWriter.

I’m not super into Gemini, the tiny web alike, in part because I think it’s fun to interact with people. But a tiny usenet, without all the spams and trolls, I could get into. Although I’m not there yet. I’ve only got enough commands working to allow local posting, not federation. A little more effort, and we could get there, though.

For now, I’m just mirroring content. You can check it out at nntp://flak.tedunangst.com. Subscriber exclusive: see the behind the scenes markdown I use to write posts!

In honor of YUV420 day, I thought it would be fun to transcode JPEG images to AVIF in honk, or anywhere. I got lost in the weeds a few times along the way, but eventually found all the eggs.

more...

As noted, Valve uses the same flicker effect for broken lights in all their games. What if I want a broken web page?

more...

There’s a feature called bracketed paste supported by some “modern” terminals and editors, etc. When text is pasted from the clipboard, the terminal brackets it in special markers so that the receiving program knows it came from the clipboard and not the keyboard, and thus might turn off autoindent, etc.

It’s also supported by some shells, and I’ve lost count of how many times I’ve seen people claim that this is a security measure. Yeah, sure, it’s totally safe to paste commands from a website into the shell, because bracketed paste will let you review them before executing.

Does it work? The brackets delimiting the pasted text are just bytes as well, in band. A website can put the end paste sequence into the clipboard as easily as any other text.

Here are two buttons for testing. One runs ls. The second tries a little harder.

<style>
button {
font-size: 1em;
min-width: 6em;
}
.script {
display: block;
white-space: pre-wrap;
font-family: monospace;
}
.script::before {
content: "<script>";
}
.script::after {
content: "</script>";
}
</style>
<script class=script>
function copy1() {
    navigator.clipboard.writeText("ls\n")
}
function copy2() {
    navigator.clipboard.writeText("\x1b[201~ls\n")
}
</script>
<p>
<button onclick="copy1()">ls</button>
<button onclick="copy2()">bonus</button>
<p>

In testing, xterm turns the escape into a space, and nothing happens but a little gibberish spray. Other terminals appear to be not so lucky.

ActivityPub August rolls on. Now with more (some) ActivityPub support in flak.

I held off on adding it before because I wasn’t sure how deep I wanted the integration to go, and I had some doubts about how useful minimal support would be. Time to find out.

Posts are now available as activity Article objects. There’s a minimal Person actor as well, since every post needs an author, but that’s about it. I think the objects are complete enough even for fussy implementations to accept them, but one never knows.

No inbox support, no following, no replies, etc. (Strike that. we’ve got follows and deliveries and creates now. Oh my.) Getting into delivery adds a lot more code (it did) and admin maintenance (oh well). So many little commits to fix all the bugs.

Another issue is that sometimes I like to experiment with posts that include custom scripting or styling, and that’s not going to federate well. Oh well, I guess you can figure it out and click through. Or not. WASM over AP when?

It’s been four years since honk 0.1. Before that, the preview, and shortly after the followup. But finally, after a long journey, we’ve reached honk 1.0. (Narrator: honk is a microblog server that federates with other servers via ActivityPub.)

more...

Reddit is deddit. Everybody needs to write a replacement. Mine is called azorius.

more...

Among the underutilized HTML elements is the q tag, for quotes. This should, depending on user agent, render with appropriate opening and closing quote marks, without needing to specify them by hand. This sounds really convenient, to avoid ambiguity when quotes are nested inside quotes inside quotes. I said, “Alex told Bobby, “according to Chris, “Danny said “No way am I the one who’s confused,” when asked,” direct quote,” yesterday morning,” emphatically. Lucky Danny.

more...