LECK MICH FETT!
Das Küchenradio (Sagem - My Dual Radio 700) gibt wieder Töne von sich! Der XML-Parser von dem Ding ist sowas von hinüber. Die “Fertiglösungen” YCast und YTuner haben ein zu ordentliches XML erstellt. Per Trial and Error habe ich dann die Formatierung gefunden, die die olle Kiste braucht. 🥳

@lyse@lyse.isobeef.org i trusted all pods yesterday and now when i pull it up they are all untrusted.

@xuu The Pod.LastSeen and Pod.LastUpdated fields are only ever updated in the Cache.DetectPodFromUserAgent(…) function as far as I can tell. This function is called in Cache.DetectClientFromRequest(…) and Cache.DetectClientFromResponse(…).

Cache.DetectClientFromRequest(…) is only invoked when the twtxt.txt is requested and looks at the User-Agent HTTP request header.

Cache.DetectClientFromResponse(…) is only called in Cache.FetchFeeds(…) and looks at the Powered-By HTTP response header. This header would be set in twtxt.txt HTTP responses from yarnd. A bunch of places invoke Cache.FetchFeeds(…), including a periodic job (UpdateFeedsJob.Run()). Maybe something is iffy around these locations.

@movq@www.uninformativ.de It’s an old, cheap Optus without any model information on it. It was maybe 180DM or so in a discounter 25, 30 years ago. Its main job is to collect dust, can’t even remember its last use. That must have been easily 15 years ago I reckon. Thus, absolutely no surprise. Maybe I’ll just take it apart and see what I can see as the week progresses.

did I just break something else? 😅🤣

@lyse@lyse.isobeef.org @prologic@twtxt.net 😆 There was something weird going on with my #Timeline instance, the text input box was visible even though I was logged out and I was able to twt from it … It has to do with cache because it wouldn’t disappear unless I whip my website’s cache from the browser.

Poke @sorenpeter@darch.dk and @eapl.me@eapl.me I have no Idea how to reproduce this.

[47°09′48″S, 126°43′38″W] Working impossible due to heavy rain

I’m rather frozen after half an hour looking at Venus and Saturn through the telescope outside. I couldn’t see any rings around Saturn. Disappointing. It also appeared rather dark. The very bright Venus on the other hand told me that there is something growing inside the scope. :-( Or maybe there is dust.

@xuu I added some logging when a “dead” peer is removed as I suspect this to be a hot candidate for all the trouble. https://git.mills.io/yarnsocial/yarn/commit/21538951f9dc71b9366db6dbb784a8078096a4c8 Does this yield anything?

@aelaraji@aelaraji.com @prologic@twtxt.net Hmmm!

[47°09′41″S, 126°43′01″W] Wind speed: 107kph – batteries low

0-click deanonymization attack targeting Signal, Discord, other platforms
Article URL: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Comments URL: https://news.ycombinator.com/item?id=42780816

Points: 503

# Comments: 179 ⌘ Read more

It’s nice to see we’re all largely thinking along the same lines. e.g: Salty.im 😅

@eapl.me@eapl.me Yeah this is true. Previously RSA and AES were more common. These days Salsa and Chacha and Curve are fairly prevalent. For example all the Wireguard stuff uses Curve25519 / Ed25519 crypto. Signal uses very similar crypto too, but with some very nice double ratcheting 3DH.

@eapl.me@eapl.me I -think we’ve gotten use to it somewhat 🤣

a year ago I had a struggle to find documentation about it and now it seems there are more examples, cool!

I agree 🙂, although it’s easy to lose comments over time and are not so grouped by topic, it’s not so easy to vote or make a survey about it…

I prefer a forum for that 😊

here are a few ideas you might take into consideration when designing a secure IM https://developer.virgilsecurity.com/docs/e3kit/fundamentals/secure-instant-messaging/

Obviously if you’ve worked on something similar, you already know it, he

I made a draft of an “encrypted public messenger”, which was basically a Feed for an address derivate from the public ket, let’s say ‘abcd..eaea’

Anyone could check, “are there any messages for my address?” and you get a whole list of timestamps and encrypted stuff.

Inside the encrypted message is a signature from the sender. That way you ‘could’ block spam.

Only the owner of the private key could see who sent what, and so…

And even with that my concussion was that users expectations for a private IM might be far away from my experiment.

@doesnm@doesnm.p.psf.lt whilst technically true, expensive and unnecessary.

Again: if you can decrypt - it’s for you

[47°09′37″S, 126°43′16″W] Wind speed: 58kph

It is not possible to remove it, otherwise you do not know that the message is for you. With that information you can’t decrypt.

@doesnm@doesnm.p.psf.lt I always do 👌

I updated the specification with base64, Curve25519 and more examples: https://github.com/tanrax/twtxt-direct-message-extension

Can you share summary after meeting?

@prologic@twtxt.net @lyse@lyse.isobeef.org First, please leave me your comments on the repository! Even if it’s just to give your opinion on what shouldn’t be included. The more variety, the better.

Second, I’m going to try to do tests with Elliptic keys and base64. Thanks for the advice @eapl@eapl.me

Finally, I’d like to give my opinion. Secure direct messages are a feature that ActivityPub and Mastodon don’t have, to give an example. By including it as an extension, we’re already taking a significant leap forward from the competition. Does it make sense to include it in a public feed? In fact, we’re already doing that. When we reply to a user, mentioning them at the beginning of the message, it’s already a direct message. The message is within a thread, perhaps breaking the conversation. Direct messages would help isolate conversations between 2 users, as well as keeping a thread cleaner and maintaining privacy. I insist, it’s optional, it doesn’t break compatibility with any client and implementing it isn’t complex. If you don’t like it, you’re free to not use it. If you don’t have a public key, no one can send you direct messages.

Keep breathing and stay cool.

👋👋 Reminders that this weekend our monthly Yarn.social online meetup. Who’s coming? 🤔 Some possible topics:

• Direct Messaging for Twtxt
  
• @prologic@twtxt.net ’s new EdgeGuard services 🤣
  
• What’s the weather like? 👍
  

Details:

• When: 25th Jan 2025 at 12:00PM UTC (midday)
  
• Where: https://meet.mills.io/call/Yarn.social

@eapl.me@eapl.me@eapl.me@eapl.me But we’re actively discussing on Twtxt 🤣

@eapl.me@eapl.me@eapl.me@eapl.me Agree with the base64 encoding 👌

While the US politicians and tech billionaires are going full-on fascist mode, here is a reminder that there are European alternatives for many well known digital and online services: https://european-alternatives.eu

@eapl.me@eapl.me@eapl.me@eapl.me actually it is easy 🤣 It’s now the standard for SSH keys 😆

Simplifying my online presence further by removing my Known site. Goodbye social.johanbove.info - it was sometimes a little fun.

@aelaraji@aelaraji.com Hmmm? 🤔

@xuu@txt.sour.is Is this because there’s a bug in persisting trusted peers? 🤔

@lyse@lyse.isobeef.org This is a good point.

@doesnm@doesnm.p.psf.lt That’s actually not true, because you’d have to know the target you’re interested in, in the first place. Inboxes in Salty.IM are deliberately shahed for this reason. So whilst you may know your own inbox address, etc, I (as an arbitrary bad actor) wouldn’t easily be able to guess (let alone brute force) my way to another inbox address of an interested party.

It’s ok for most encrypted protocols (In salty you can fetch other messages but can’t decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can’t - its not message to you

[47°09′26″S, 126°43′41″W] Wind speed: N/A – Cannot comunicate

[47°09′25″S, 126°43′54″W] Wind speed: 99kph – batteries low

hmmm? 🤔

I remember starting that one.. it was a bit gratuitous for me to get past the first few episodes.

and yes.. these all come with satisfying endings across multiple seasons.

my goto’s are the Expanse, the Magicians, XFiles, House, Umbrella Academy, Orphan Black, 12 Monkeys, the star treks (DS9 especially)

i have probably watched through them a half dozen times each. some more :D

It seems related to us poor single user pods not getting the trust to share twts.. which it seems to still untrust on restart for me.

@movq@www.uninformativ.de ^^

@movq, @prologic@twtxt.net when navigating to a Yarn. If the head twt is missing then the whole thread is not accessible. It only returns an error. so i have no way to view any of the replies within the thread other than the end twt.

UNIT DualMCU One with RP2040 for Real-Time and ESP32 for Wireless Connectivity.
The UNIT DualMCU One is a development board that combines the ESP32 and RP2040 microcontrollers. The ESP32 provides Wi-Fi and Bluetooth connectivity, while the RP2040 offers hardware control with flexible GPIO, supporting applications in IoT, robotics, and automation. The RP2040 features a dual-core ARM Cortex-M0+ processor running at 133 MHz, offering compatibility with Arduino UNO [… … ⌘ Read more

@xuu@txt.sour.is Can you elaborate in textual form for the poor vision impaired developer 🤣 🙏

Also guys if u ever need a new life philosophy. Connor Hawke from green arrow comics is your guy

Lowkey planning out a book (anthology. Maybe) of just playscripts in my Greek myth yuriverse. Thank u lord

[47°09′28″S, 126°43′03″W] Automatic systems disengaged due to thunderstorm

Just threw this RSS feed into Newsboat. The titles suck, but I hope the content makes up for it. :-)

@movq@www.uninformativ.de Speaking of fog, a workmate showed me his view out of the window today and you couldn’t even see a hundred meters. Looked really nice! :-) We actually had a little bit of sun over here.

@movq@www.uninformativ.de Woah, that sun from satellite SDO is fucking sick! https://social.bund.de/system/media_attachments/files/113/859/065/836/106/300/original/95b43f7a0086476d.jpeg

I haven’t read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn’t make sense to me. It of course depends on the threat model, but wouldn’t one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)

Clouds are hiding the planets right now, but the sky was slightly on fire before: https://lyse.isobeef.org/abendhimmel-2025-01-20/

Image

This UX can be very frustrating.

another one would be to allow changing public keys over time (as it may be a good practice [0]). A syntax like the following could help to know what public key you used to encrypt the message, and which private key the client should use to decrypt it:

!<nick url> <encrypted_message> <public_key_hash_7_chars>

Also I’d remove support for storing the message as hex, only allowing base64 (more compact, aiming for a minimalistic spec, etc.)

[0] https://www.brandonchecketts.com/archives/its-2023-you-should-be-using-an-ed25519-ssh-key-and-other-current-best-practices

my first thought is that encrypting messages with Elliptic keys is not as easy as with RSA, although I tried doing something similar a few months ago with ECIES
https://github.com/eapl-gemugami/owl/blob/main/src/app/controller/ecies_demo.php

interesting idea. I’m not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.

I’d suggest to enable the Discussion section in your Github repo to receive comments, as we did for timeline https://github.com/sorenpeter/timeline/discussions

[47°09′22″S, 126°43′10″W] Weather forecast alert – storm from E

#MaradoWeekly #WeeklyPlant Week 03

Image

DeepSeek-R1
Article URL: https://github.com/deepseek-ai/DeepSeek-R1

Comments URL: https://news.ycombinator.com/item?id=42768072

Points: 517

# Comments: 180 ⌘ Read more

@andros@twtxt.andros.dev 🤩😍

[47°09′45″S, 126°43′19″W] Non-significative results – sampling finished

I promise I will! It’s the next step 😄

It would also be great if you put up a PR against twtxt.dev 🙏

@andros@twtxt.andros.dev My only comment so far is to use Ed25519 keys for crypto.

Hello from Windows 3.11 again

I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension

[47°09′50″S, 126°43′11″W] Transfer aborted

Tolle Wurst: vTuner hat den Support für das Küchenradio (Sagem - My Dual Radio 700) eingestellt. Die Subdomain sagem.vtuner.com ist nicht mehr.
Mal gucken, wie ich mit einer DNS-Umleitung und YCast wieder Klang in die Kiste kriege. Es wäre schade um das Gerät, welches einwandfrei funktioniert.

[47°09′29″S, 126°43′00″W] –interrupted–

@slashdot@feeds.twtxt.net Who the F+++ still uses goo’s search engine anyway xD Shout out to all my homies hosting a Searx instance 😂🤘

Greetings, welcome.

Whoops was just testing. Greetings from Spain, soon moving to SF!

nicoooo

@bender@twtxt.net planning on being around in 10 years 🤔 😅

How long will it take for the opponents of the Trump regime to start mysteriously disappearing?

@twtxt.net@twtxt.net when is the christening? Let me know, and I will plan a trip to down under. ☺️

@movq@www.uninformativ.de Schöne Bilder. Mein Teleskop muss ich auch einmal wieder aktivieren.

@movq@www.uninformativ.de That’s so awesome! I really oughta make use of the telescope I was gifted a few years ago…

This is an absolutely amazing talk about fixing a satellite in space. Totally worth watching, highly recommended. Super great engineering! I’m blown away, this is sooooo cool! https://media.ccc.de/v/38c3-hacking-yourself-a-satellite-recovering-beesat-1

@movq@www.uninformativ.de Oh yeah, nice! I gotta have to check tomorrow. I keep forgetting.

[47°09′10″S, 126°43′31″W] –no signal–

TikTok says it is restoring service for U.S. users
Article URL: https://www.nbcnews.com/tech/tech-news/tiktok-says-restoring-service-us-users-rcna188320

Comments URL: https://news.ycombinator.com/item?id=42759336

Points: 500

# Comments: 1516 ⌘ Read more

#selfhosting is a privilege.

Sure, I agree: it is the best option in many cases, and in some cases it feels like the only option - if you care for things like safety and privacy.

But us - the same community that usually promotes self-hosting - should also be aware that it is a means to an end, we should understand the reasons why it is a good idea… and also design “the fallback” for those who cannot, for some reason, self-host.

And we know how to do that: just look at the healthy community of fediverse servers that are out there, not in competition but in cooperation with a number self-hosted single-user instances. But we don’t do it/have the same ecosystem in many other fields.

And self-hosting is a privilege: it demands more financial investment, more time investment, and has some potentially expensive dependencies (stable 24/7/365 internet connection and electricity, for eg.).

Just like the “path to #freesoftware” is a ladder and not a binary switch, service autonomy/independence/sovereignty is too (an often they are even related - how many “need” to use some proprietary app in order to access to a certain service they are dependent of?).

VersaLogic’s Sabertooth AI Combines Xeon-E Processor with NVIDIA RTX GPU
VersaLogic Corp. has introduced the Sabertooth AI, a compact and rugged embedded system designed for AI inferencing and high-bandwidth video applications. Featuring DDR4 ECC memory, dual GbE, and support for multiple displays, it delivers high computational performance in a small form factor for industrial and edge computing. The Sabertooth AI incorporates an Intel Xeon-E processor, […] ⌘ Read more

[47°09′48″S, 126°43′38″W] Dosimeter fixed

Multihull of the year Winner: 2024 ILIAD 53F Power Catamaran Yacht Tour - YouTube👈 Really loving this Multihull Power Catamaran 👌 Very nice yacht! 🛥️

@movq@www.uninformativ.de Yeah, that’s not a lot.

@kat@yarn.girlonthemoon.xyz Only scp/rsync for me. :-) But I remember there is one server that only provides SFTP access. :-/

[47°09′56″S, 126°43′47″W] Resetting dosimeter

[47°09′29″S, 126°43′18″W] Dosimeter malfunction

[47°09′03″S, 126°43′21″W] Reading: 0.58 Sv

I tried using Firefox Focus as my default browser for a while but it was to extreme. It’s still the only one on my home screen. 50-60 is sort of my intent, but then it keeps being “just one more…”.

TikTok goes dark in the US
Article URL: https://techcrunch.com/2025/01/18/tiktok-goes-dark-in-the-u-s/

Comments URL: https://news.ycombinator.com/item?id=42753396

Points: 513

# Comments: 877 ⌘ Read more

HackCable: USB-C Keystroke Injection Cable with RP2040 or ESP32
Kickstarter recently featured the HackCable, a USB-C cable designed for cybersecurity research and system testing. It resembles a standard charging cable but includes features like built-in Wi-Fi and keystroke injection, providing a discreet and versatile tool for professionals and researchers. HackCable is available in two versions, each powered by a different microcontroller: the ESP32-S3 or […] ⌘ Read more