twtxt

Timeline for https://twtxt.net/user/shreyan/twtxt.txt

🔄 Refresh timeline

👨‍💻 Login

Following: 4

lyse@lyse.isobeef.org https://lyse.isobeef.org/twtxt.txt Remove

prologic@twtxt.net https://twtxt.net/user/prologic/twtxt.txt Remove

shreyan https://twtxt.net/user/shreyan/twtxt.txt Remove

xuu@txt.sour.is https://txt.sour.is/user/xuu/twtxt.txt Remove


prologic
Reply to #ku6lzaa
@falsifian I think I wrote a very similar program and go myself actually and you're right we do have to change the way we encode hashes.
3 hours ago
💬 Reply


prologic
Reply to #ku6lzaa
@falsifian All very good points 👌 by the way, how did you find two pieces of content that hash the same when taking the last N characters of the base32 and coded hash?
3 hours ago
💬 Reply


prologic
Reply to #ijwxx7q
@off_grid_living Aww thanks! 🤗
5 hours ago
💬 Reply


prologic
Reply to #6shod5q
There are certainly improvements that can be made to this tool.🤞
5 hours ago
💬 Reply


prologic
Reply to #bhnihfq
Many thanks!
1 day ago
💬 Reply


prologic
Reply to #6shod5q
@aelaraji Have you considered https://git.mills.io/yarnsocial/twtxt2html
1 day ago
💬 Reply


lyse
Reply to #kmopgpq
Ta, @bender! Correct, apart from resizing, no further processing on my end. That's just the Japanese sunset photo engineer's magic. :-) In all it's original glory (3.2 MiB): https://lyse.isobeef.org/abendhimmel-2024-09-13/02.JPG
1 day ago
💬 Reply


lyse
Reply to #nfuyjyq
@off_grid_living Looks like you're describing a captcha. They do not really work. Bots seem to solve them, too.
1 day ago
💬 Reply


lyse
Reply to #r3mkxya
@movq Thanks! Yeah, one week for autumn and spring must be enough. Or so the weather thinks. Looks like there is only on or off.
1 day ago
💬 Reply


lyse
Reply to #bhnihfq
@prologic Oh, that's a lovely campfire! Seeing them always makes me smile. Enjoy your time in nature with your loved ones.
1 day ago
💬 Reply


lyse
Cool sunset when I went to the scouts: https://lyse.isobeef.org/abendhimmel-2024-09-13/


1 day ago
💬 Reply


xuu
Reply to #h7zeenq
you can just have a web address.. i added mine.. though i think they have changed up the protocol so my key doesn't seem to work anymore. https://key.sour.is/id/me@sour.is
1 day ago
💬 Reply


prologic
Reply to #bhnihfq
@bender Thanks! 🤗 -- I know it will 🤣
1 day ago
💬 Reply


prologic
Out camping with the family this weekend for my birthday 🥳
1 day ago
💬 Reply


prologic
Reply to #xzyxyva
I think so 😅 Thanks$!🙇‍♂️
1 day ago
💬 Reply


prologic
Reply to #rh6gtwq
@aelaraji Hah interesting 🤔
1 day ago
💬 Reply


shreyan
been rather uninterested in technology lately for some reason. it's probably the US Election's fault, since I live in the US and all
2 days ago
💬 Reply


prologic
@xuu What's the keyoxide thingy you wrote/built? 🤔 What's your URI/profile? 🤔
2 days ago
💬 Reply


prologic
Reply to #h7zeenq
@aelaraji Sounds like it would work 👌 Though I've not tried or invested anytime into proofs and claims type things so far 🤔
2 days ago
💬 Reply


prologic
Reply to #sfpgcyq
@aelaraji Nice write up!
2 days ago
💬 Reply


lyse
20° temperature drop in just a hand full of days. Ooof. We went on a stroll at 10°C today. I could have used a beanie, my ears were very cold. The sun was out, but hardly any people. Very nice. Also, no wind.

It was nice to finally hear a few birds singing again, although it was still fairly silent. The sun gave us a nice show. In hindsight, we should have stayed at the summit a bit longer. In the forest, we missed the very best, crazy red sky. We could only see parts shimmering through the tree lines.



https://lyse.isobeef.org/waldspaziergang-2024-09-12/
2 days ago
💬 Reply


prologic
Reply to #rh6gtwq
@aelaraji how would that work exactly? Does that mean then that every user is required to have a cox side profile? Who maintains cox site? Is it centralized or decentralized can be relied upon?
2 days ago
💬 Reply


prologic
Reply to #wv2ccwq
Ford, the company can honestly go fuck themselves! No one ever asked or even thought to themselves:

> Gee I wish my car would listen to my in-car conversations and serve me ads.

🤬🤦‍♂️ #Ford #Ads
3 days ago
💬 Reply


prologic
Reply to #wv2ccwq
@slashdot i'll get fucked! The US patent office should ban this immediately.
3 days ago
💬 Reply


prologic
Reply to #mhtocjq
@xuu True 😅 I guess it comes down to our risk appetite and the attack vectors we're trying to solve for 🤔
3 days ago
💬 Reply


prologic
Reply to #iweop2a
@bender yes I agree.
3 days ago
💬 Reply


xuu
Reply to #mhtocjq
@prologic a signature *IS* encryption in reverse. If my private key becomes compromised then they can impersonate me. Being able to manage promotion and revocation of keys needed even in a system where its used for just signatures.
3 days ago
💬 Reply


prologic
Reply to #n4omfvq
@bender there is a certain simplicity to that. 😅
3 days ago
💬 Reply


prologic
Reply to #mhtocjq
@xuu it's not really strictly required if we're just talking about identity though right? If we're talking about encryption then yes I agree rotate and keys becomes very important if you want to have attributes like perfect forward secrecy.
3 days ago
💬 Reply


prologic
Reply to #oikrdpa
@xuu that could work too, but that requires a random value, a set of keys and signature verification of the value, which I don't really have a problem with.
3 days ago
💬 Reply


prologic
Reply to #iweop2a
@xuu yes I'm less concerned about solving the integrity part of the problem of whether we can trust that the content of a feed is actually written by certain author, however, that's not to say that we shouldn't think about also leveraging keys to be able to do that maybe it's an optional feature?
3 days ago
💬 Reply


prologic
Reply to #3f7eeba
What were the recommended mitigations?
3 days ago
💬 Reply


xuu
Reply to #eg6mlhq
@sorenpeter There was a client that would generate a unique hash for each twt. It didn't get wide adoption.
3 days ago
💬 Reply


xuu
Reply to #iweop2a
@prologic identity and content integrity are two different problems.
3 days ago
💬 Reply


xuu
Reply to #mhtocjq
Key rotation is a very important feature in a system like this.
3 days ago
💬 Reply


xuu
Reply to #mhtocjq
> the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feed’s unique identity that never changes.

i would rather it be a random value signed by a key. That way the key can change but the value stays the same.
3 days ago
💬 Reply


xuu
Interesting.. QUIC isn't very quick over fast internet.

> QUIC is expected to be a game-changer in improving web application performance. In this paper, we conduct a systematic examination of QUIC's performance over high-speed networks. We find that over fast Internet, the UDP+QUIC+HTTP/3 stack suffers a data rate reduction of up to 45.2% compared to the TCP+TLS+HTTP/2 counterpart. Moreover, the performance gap between QUIC and HTTP/2 grows as the underlying bandwidth increases. We observe this issue on lightweight data transfer clients and major web browsers (Chrome, Edge, Firefox, Opera), on different hosts (desktop, mobile), and over diverse networks (wired broadband, cellular). It affects not only file transfers, but also various applications such as video streaming (up to 9.8% video bitrate reduction) and web browsing. Through rigorous packet trace analysis and kernel- and user-space profiling, we identify the root cause to be high receiver-side processing overhead, in particular, excessive data packets and QUIC's user-space ACKs. We make concrete recommendations for mitigating the observed performance issues.

<https://dl.acm.org/doi/10.1145/3589334.3645323>
4 days ago
💬 Reply


lyse
Reply to #aauieca
@movq Yeah, public transport is great if it works. All too often, it just doesn't, though. :-( Unfortunately, for my trips to the offices, it's always slower than a car.

That website looks like one I would build. :'-D I just always go to bahn.de. It even works alright if the train is operated by another company. At least it's good enough for my connections (VVS, Arverio, Ding & Co.). When GoAhead took over the line from DB, their delay/cancel information on their own website were just as bad as the one relayed by DB most of the time.
4 days ago
💬 Reply


lyse
Reply to #md4ux5q
@movq @bender That was indeed a funny adventure. I really had to laugh about the mess on the floor I made. :-D
4 days ago
💬 Reply


lyse
Reply to #ibort4q
@movq Right!
4 days ago
💬 Reply


lyse
Reply to #md4ux5q
The knowledge gain was still very limited, but it actually turned out a little better than I thought. Talking to the people face to face was really nice. And we also had a surprise barbie in the end, so it was worth coming. :-D

Also, the train connections worked out. Just on the way back, I made the error to use the toilet in the train. I've experienced way worse, but there was certainly a little Urine odor in the air. Second thing I noted was a large pile of toilet paper in the bowl.

When I wanted to wash my hands, I got the soap dispenser to work, but the tap just dripped extremely slowly. Not usable. Then it clicked why there was all this paper in the loo. I tried to wipe the soap off with toilet paper as best as I could and then used my water bottle to rinse my hands. Luckily, I had topped it off before I left the office. I only had to use my jumper to increase grip for actually getting the lid off. The sparkling water happily soaked my jumper and the floor in an instant. :-D

Tip for your next train ride: Bring your own water supply, preferably non-carbonated. Alternatively, just use the office toilet beforehand.

Turns out that at least this train model has two separate water tanks. One for the faucet and another for the loo. I flushed the paper without issues before I left.
4 days ago
💬 Reply


xuu
Reply to #2qn6iaa
So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first `url:`

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like `frank@beans.co` that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

```
# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...
```
4 days ago
💬 Reply


prologic
Reply to #rh6gtwq
IMO we just have to fix the identity problem and figure out how to detect or support edits.
4 days ago
💬 Reply


prologic
Reply to #rh6gtwq
@sorenpeter No, this is what I want to avoid. For many reasons I stated before, content addressing or hashing is far better here for threading in a decentralized way.
4 days ago
💬 Reply


lyse
Reply to #pkaw6ka
Merci, @movq! I will keep you posted. :-)
4 days ago
💬 Reply


lyse
Reply to #md4ux5q
@movq Same here for sure. :-D Great, I just saw the start was postponed by yet another half hour. I could have slept longer. Well, gonna catch the later train then.
4 days ago
💬 Reply


prologic
Reply to #rh6gtwq
@lyse I personally think that we just go with a magic timestamp approach. It's simpler and easier to implement across the major clients that are still actively developed.

The question is how much time do we give ourselves as we're all a bit time poor and I can't imagine we would do this quickly.
5 days ago
💬 Reply


prologic
Reply to #md4ux5q
@movq if you do win the lottery, don't forget to include us so we can all join in and share the things that we like to tinker with instead of this whole rat race. 🤣
5 days ago
💬 Reply


prologic
Reply to #jceux2q
@bender Big photo capability upgrade?
5 days ago
💬 Reply


prologic
Reply to #lt573ga
@aelaraji Nice hack! 👌
5 days ago
💬 Reply


⏭️ Next