twtxt

Timeline for https://eapl.me/twtxt.txt

🔄 Refresh timeline

ðŸ‘Ļ‍ðŸ’ŧ Login

Following: 16

tkanos https://twtxt.net/user/tkanos/twtxt.txt Remove

eaplme https://eapl.me/twtxt.txt Remove

eaplmx https://eapl.mx/twtxt.txt Remove

lyse https://lyse.isobeef.org/twtxt.txt Remove

prologic https://twtxt.net/user/prologic/twtxt.txt Remove

rrraksamam https://twtxt.net/user/rrraksamam/twtxt.txt Remove

darch https://neotxt.dk/user/darch/twtxt.txt Remove

shreyan https://twtxt.net/user/shreyan/twtxt.txt Remove

movq https://www.uninformativ.de/twtxt.txt Remove

bender https://twtxt.net/user/bender/twtxt.txt Remove

stigatle https://yarn.stigatle.no/user/stigatle/twtxt.txt Remove

darch http://darch.dk/twtxt.txt Remove

xuu https://txt.sour.is/user/xuu/twtxt.txt Remove

jason https://jasonsanta.xyz/twtxt.txt Remove

mckinley https://twtxt.net/user/mckinley/twtxt.txt Remove

eapl-mes-7-daily-links https://feeds.twtxt.net/eapl-mes-7-daily-links/twtxt.txt Remove


prologic
Reply to #3f7eeba
What were the recommended mitigations?
3 days ago
💎 Reply


xuu
Reply to #eg6mlhq
@sorenpeter There was a client that would generate a unique hash for each twt. It didn't get wide adoption.
3 days ago
💎 Reply


xuu
Reply to #iweop2a
@prologic identity and content integrity are two different problems.
3 days ago
💎 Reply


xuu
Reply to #mhtocjq
Key rotation is a very important feature in a system like this.
4 days ago
💎 Reply


xuu
Reply to #mhtocjq
> the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feed’s unique identity that never changes.

i would rather it be a random value signed by a key. That way the key can change but the value stays the same.
4 days ago
💎 Reply


eapl-mes-7-daily-links
**#minimalism The Minimalism Checklist | www.becomingminimalist.com** ⌘ Read more
4 days ago
💎 Reply


xuu
Interesting.. QUIC isn't very quick over fast internet.

> QUIC is expected to be a game-changer in improving web application performance. In this paper, we conduct a systematic examination of QUIC's performance over high-speed networks. We find that over fast Internet, the UDP+QUIC+HTTP/3 stack suffers a data rate reduction of up to 45.2% compared to the TCP+TLS+HTTP/2 counterpart. Moreover, the performance gap between QUIC and HTTP/2 grows as the underlying bandwidth increases. We observe this issue on lightweight data transfer clients and major web browsers (Chrome, Edge, Firefox, Opera), on different hosts (desktop, mobile), and over diverse networks (wired broadband, cellular). It affects not only file transfers, but also various applications such as video streaming (up to 9.8% video bitrate reduction) and web browsing. Through rigorous packet trace analysis and kernel- and user-space profiling, we identify the root cause to be high receiver-side processing overhead, in particular, excessive data packets and QUIC's user-space ACKs. We make concrete recommendations for mitigating the observed performance issues.

<https://dl.acm.org/doi/10.1145/3589334.3645323>
4 days ago
💎 Reply


lyse
Reply to #aauieca
@movq Yeah, public transport is great if it works. All too often, it just doesn't, though. :-( Unfortunately, for my trips to the offices, it's always slower than a car.

That website looks like one I would build. :'-D I just always go to bahn.de. It even works alright if the train is operated by another company. At least it's good enough for my connections (VVS, Arverio, Ding & Co.). When GoAhead took over the line from DB, their delay/cancel information on their own website were just as bad as the one relayed by DB most of the time.
4 days ago
💎 Reply


lyse
Reply to #md4ux5q
@movq @bender That was indeed a funny adventure. I really had to laugh about the mess on the floor I made. :-D
4 days ago
💎 Reply


movq
Reply to #et3csbq
Speaking of public transportation, though: *If* it works, then it’s an amazing system. I love it.

I recently took the time to find an alternative route to one of my doctors. Hardly any people using that route *and* it’s faster. Absolutely brilliant. It’s like having a chauffeur. 😅

*But* navigating through that system is also a total nightmare. Which bus takes you to which places at which times, getting info about current construction sites, all that stuff. It takes forever.

And it doesn’t help at all that this is what their website looks like:

https://movq.de/v/acb23dc1c2/s.png

You can’t move that window at the bottom. It just sits there and takes up space from the map. It gets even worse: When you ask for a route, you get to see the buses and individual stops and all that – but all in that little window with that large font! Why do we all have widescreen monitors and than stack UI items vertically?

Sure, 30 years ago it was much worse. But it could also be much better today. 😅
4 days ago
💎 Reply


bender
Reply to #mqjlnyq
@lyse talk about an epic adventure! :-D
4 days ago
💎 Reply


movq
Reply to #md4ux5q
@lyse Gosh, that sounds so horrible. 🙈ðŸĪĒ
4 days ago
💎 Reply


movq
Reply to #pjlgfsa
Another idea for the upcoming Advent Of Code 2024:

OS/2 Warp 4 came with Java and that not only meant a runtime but *a JDK* including *API docs*. So, for AoC, I could try to solve as many puzzles as I can in that environment, directly on my old Pentium. For later puzzles, I’ll definitely want to switch to my normal workstation for faster development cycles – but I can still use Java and try to backport the solutions.

Sounds interesting. ðŸĪ”

https://movq.de/v/81ac0142f2/1.ff.jpg
https://movq.de/v/81ac0142f2/2.ff.jpg
4 days ago
💎 Reply


lyse
Reply to #ibort4q
@movq Right!
4 days ago
💎 Reply


lyse
Reply to #md4ux5q
The knowledge gain was still very limited, but it actually turned out a little better than I thought. Talking to the people face to face was really nice. And we also had a surprise barbie in the end, so it was worth coming. :-D

Also, the train connections worked out. Just on the way back, I made the error to use the toilet in the train. I've experienced way worse, but there was certainly a little Urine odor in the air. Second thing I noted was a large pile of toilet paper in the bowl.

When I wanted to wash my hands, I got the soap dispenser to work, but the tap just dripped extremely slowly. Not usable. Then it clicked why there was all this paper in the loo. I tried to wipe the soap off with toilet paper as best as I could and then used my water bottle to rinse my hands. Luckily, I had topped it off before I left the office. I only had to use my jumper to increase grip for actually getting the lid off. The sparkling water happily soaked my jumper and the floor in an instant. :-D

Tip for your next train ride: Bring your own water supply, preferably non-carbonated. Alternatively, just use the office toilet beforehand.

Turns out that at least this train model has two separate water tanks. One for the faucet and another for the loo. I flushed the paper without issues before I left.
4 days ago
💎 Reply


movq
Reply to #lt573ga
@aelaraji Yeah, that’s pretty close to what was outlined here: https://twtxt.net/twt/ansuy4a 😅
4 days ago
💎 Reply


xuu
Reply to #2qn6iaa
So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first `url:`

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like `frank@beans.co` that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

```
# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...
```
4 days ago
💎 Reply


prologic
Reply to #rh6gtwq
IMO we just have to fix the identity problem and figure out how to detect or support edits.
4 days ago
💎 Reply


prologic
Reply to #rh6gtwq
@sorenpeter No, this is what I want to avoid. For many reasons I stated before, content addressing or hashing is far better here for threading in a decentralized way.
4 days ago
💎 Reply


sorenpeter
Reply to #rh6gtwq
@prologic do that mean that for every new post (not replies) the client will have to generate a UUID or similar when posting and add that to to the twt?
4 days ago
💎 Reply


lyse
Reply to #pkaw6ka
Merci, @movq! I will keep you posted. :-)
4 days ago
💎 Reply


lyse
Reply to #md4ux5q
@movq Same here for sure. :-D Great, I just saw the start was postponed by yet another half hour. I could have slept longer. Well, gonna catch the later train then.
4 days ago
💎 Reply


bender
Reply to #jceux2q
@prologic yup.
5 days ago
💎 Reply


prologic
Reply to #rh6gtwq
@lyse I personally think that we just go with a magic timestamp approach. It's simpler and easier to implement across the major clients that are still actively developed.

The question is how much time do we give ourselves as we're all a bit time poor and I can't imagine we would do this quickly.
5 days ago
💎 Reply


prologic
Reply to #md4ux5q
@movq if you do win the lottery, don't forget to include us so we can all join in and share the things that we like to tinker with instead of this whole rat race. ðŸĪĢ
5 days ago
💎 Reply


prologic
Reply to #jceux2q
@bender Big photo capability upgrade?
5 days ago
💎 Reply


prologic
Reply to #lt573ga
@aelaraji Nice hack! 👌
5 days ago
💎 Reply


eapl-mes-7-daily-links
**Aligning Your Projects with Your Core Purpose: A Guide for Indie Hackers | www.indiehackers.com** ⌘ Read more
5 days ago
💎 Reply


bender
Reply to #jceux2q
@prologic iPhone 16 Pro Max for you, for sure. If significant other likes to take pictures as much as mine, then one for her too. That's $1,200 each (with 256GB storage).
5 days ago
💎 Reply


movq
Reply to #md4ux5q
I went straight to bed after posting this and slept for 3 hours. ðŸ˜Đ Can’t I just win the lottery and be done with this whole “money” thing? ðŸĪŠ

@lyse Oof, well, good luck. Those multi-day meetings are usually really exhausting (and mostly pointless) in our company, hopefully it’s different at yours. ✌ïļ
5 days ago
💎 Reply


movq
Reply to #en4l3ba
@lyse Indeed, great news! If you need testers at some point, let me know. 😅
5 days ago
💎 Reply


movq
Reply to #pcxtuta
Lest we forget … https://www.youtube.com/watch?v=mp5gksq_OEI … !
5 days ago
💎 Reply


lyse
Reply to #rh6gtwq
@falsifian Regarding your last paragraph: Back in December 2020, we already once changed the hashing. I think that was my first contribution, breaking everything by switching to RFC 3339 for the timestamp format. ;-) I'm computing two hashes in my client, the old and current one. And then I just select whatever matching parent exists to build the thread tree.

I could do that again in my client, but you're right, it's a different story for jenny. If I'm not mistaken, `In-Reply-To` could contain several hashes, but the `Message-ID` header is the issue.

By increasing the hash length for a potential future change, clients could tell, which algorithm to use.

Maybe we could define a magic timestamp in the future that marks the cutoff point. Use the current implementation for messages authored before that magic date or the new algorithm for all messages after that.

But eventually, all clients have to be updated. There's no way around that, I believe. Simplicity is key and my magic time already adds complexity. :-/
5 days ago
💎 Reply


lyse
Reply to #pcxtuta
@movq @aelaraji @bender Why not have both Jupiter and Venus together? https://www.youtube.com/watch?v=oXyCORLeLd0 I don't understand anything either, but it just sounds great to my ears.

> if not I am editing and breaking replies!

Bwahahahaaa! :'-D
5 days ago
💎 Reply


prologic
Reply to #jceux2q
@bender I doubt I'll be able to watch it live ðŸĪĢ But by all means, please Yarns all the goodies 😅
5 days ago
💎 Reply


lyse
Reply to #hzxjrca
Nice, thanks for the offer, @bender! You have to be a bit patient, though, it'll take a while until there is something to actually worth messing with. :-)
5 days ago
💎 Reply


bender
Getting ready for the Apple Event. Are you watching it live, @prologic, or afterwards? :-P
5 days ago
💎 Reply


lyse
Reply to #md4ux5q
@movq @prologic :-D

It's like that for months. :-( And tomorrow I even gotta go into the office for some two day meeting, but I only attend a single day. On the positive side, I'm gonna see some workmates that I haven't ever met in the real world or for a very long time.
5 days ago
💎 Reply


prologic
Reply to #76gkopq
@bender Kind of mirrored the `ssh` and `ssh-keygen` utilities. No reason really.
5 days ago
💎 Reply


prologic
Reply to #c3ii7gq
@bender

```
$ echo 'hello world' | ./salty -i ./test_ed25519 --ssh-key --sign
```
5 days ago
💎 Reply


bender
Reply to #76gkopq
@prologic any reason why there is `salty`, and `salty-keygen`? Why not both into one?
5 days ago
💎 Reply


bender
Reply to #c3ii7gq
@prologic hey, what's the one liner to sign using an SSH key with `salty`?
5 days ago
💎 Reply


prologic
Reply to #c3ii7gq
@bender Ahh yeah sorry about that ðŸĪĢ You were getting confused between salty.im and salty. The later of which salty.im _actually_ uses and formed the basis of everything else. It's a simple robust library and command-line tools with good test coverage. The lowest building block 😅
5 days ago
💎 Reply


bender
Reply to #c3ii7gq
I think I know what I did wrong. LOL. I used the wrong repository. Going for `go install go.mills.io/salty/cmd/salty@latest` instead. Duh!
5 days ago
💎 Reply


bender
Reply to #c3ii7gq
@prologic So, I did `go install go.salty.im/saltyim/cmd/salty-chat@latest`, moved `salty-chat` to my `bin` as `salty`, and that one liner isn't working. What am I doing wrong?
5 days ago
💎 Reply


prologic
Reply to #md4ux5q
@movq That bad eh? 😅
5 days ago
💎 Reply


movq
It’s one of those days.


5 days ago
💎 Reply


prologic
Reply to #fvxcc3q
For example:

```
$ echo 'hello world' | ./salty -i ./test.key -s | ./salty -i ./test.key -v
# signed by: kex1yfzzthmsdlqhgwzafy9zpjze6a0asxf6y552dp4yhvq66a4jje0qxqapvd
hello world
```
5 days ago
💎 Reply


prologic
Reply to #fvxcc3q
@bender Yes of course it can 😅 Sorry I missed your question on IRC ðŸ˜Ē
5 days ago
💎 Reply


bender
Reply to #fvxcc3q
@prologic can `salty` verify ed25519 signed messages? I asked on IRC, but never got a reply (or I missed it).
5 days ago
💎 Reply


⏭ïļ Next