1. 6

  2. 3

    So, this is just a .plan over HTTP?

    1. 1

      I see it more of a format specification for sharing “micro-blogging” stuff online. You can use any protocol to share your file. I use gopher myself, but you could use FTP, SCP, or Finger if you will.

      All that’s needed is a client that can fetch the file over the protocol you specify.

    2. 2

      Surprised to see my old twtxt feed there!

      1. 2

        In case anyone else is unfamiliar with twtxt, a decent introduction is provided here.

        1. 3

          Please get a TLS certificate and serve this over https.

          1. 8

            TBH i get it when people don’t want to set up HTTPS for every server. I’ve had issues with TLS in the past, that even broke domain names, because of some minor mistakes here and there.

            1. 5

              “Minor mistakes here and there” is an opportunity to learn. Now that we have Let’s Encrypt, there are only few excuses to not provide secure connections everywhere.

              Personally, I have mostly stopped visiting websites that offer insecure http only.

              1. 3

                I’m talking about Let’s Encrypt, I wouldn’t have never set TLS up if it weren’t for free.

                Personally, I have mostly stopped visiting websites that offer insecure http only.

                I don’t get why? What’s the problem, especially if it’s a personal or a hobby site? No accouts, no important data, nothing to care about.

                1. 2

                  I live in a country where the government is spying on its citizens and is logging all data connections.

                  1. 2


                    1. 2

                      Yes, Denmark.

                  2. 1

                    Private entities in the United States (e.g. your hotel, that hotspot you used over coffee) often make use of user data to further solicit commercial transactions. I’d take it as a fun excuse to play with Let’s Encrypt – or to see if you can get your CA to issue you a domain-validated certificate backed by an 8192-bit key (higher is probably possible, but it sacrifices compatibility and it a bit too absurd even for me).

                  3. 3

                    Personally, I have mostly stopped visiting websites that offer insecure http only.

                    Well I guess if you’re not visiting the site your opinion doesn’t really count for much. There are reasons to support HTTP, and reasons not to use HTTPS. Just because they might not apply to you doesn’t mean they don’t apply to the person creating the content. Nobody owes you a HTTPS connection.

                    1. 4

                      True, I’m just stating my preferences and asking nicely.

                  4. 1

                    I agree, TLS is often a huge barrier for someone, e.g. whose device clock is not set.

                    I don’t think it is always necessary for just reading text.

                    If your ISP is MITMing you to the extent that this is an issue, you’ve got bigger problems.

                  5. 5

                    Yah, no, why?

                    I mean, the spec for twtxt doesn’t require https. Non-modern computer systems can’t use https, stuff like plan9 and such.

                    Why is it important that this be put over https? Why not comment on the spec, or on the implementation of the site, or pretty much anything to do with the OP than this load of nonsense.

                    Seriously, this comment is like something you’d see on /. or HN.

                    1. 1

                      Chill, man. For reasons that I have already made clear in this thread I have a strong preference for encrypted connections, and all I did was asking nicely for https. That’s a comment that is just as valid as if I’d commented the CSS or on the concept of aggregation, and implementing https doesn’t necessarily remove http, so if people wish to connect over an insecure connection they can do so, the opposite is not true: if https is unavailable, you cannot choose it.

                      I’ve been on twtxt for more that three years and the site mentioned is not a new one. I’m not a big fan of these aggregation sites: They keep obsolete feeds around and put a burden on the publisher of the original individual twtxt streams to update them or have them removed.