In-reply-to » Does anybody know a right mouse click save and reduce a screen saver image to a smaller file, say 50KB? My usual method is slow, place in image program and re-save it smaller.

@off_grid_living@twtxt.net No right click thing, but in the terminal:

convert -strip -quality 70 -resize 300x original.jpg resized.jpg

“original.jpg” being the filename of the input file and “resized.jpg” the filename of the output. You can play around with the width, “300x” means 300 pixels wide and the height is determined automatically to still remain in the same ratio. The quality is how much to compress it. The closer to 0 the value gets, the worse the result, but also smaller in file size. More towards 100 and the quality improves together with a larger file size.

You have to install the package “imagemagick” for this to work, I believe.

⤋ Read More
In-reply-to » (#ztpfyia) here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php The encryption part seems to work, if I decrypt it the message with OpenSSL. I think it can help you for some key parts not well explained in OpenSSL documentation.

@eapl.me@eapl.me Nope, I switched to the openssl library in PHP. But our rubberducking 🦆 seems to be working. Your find https://crypto.stackexchange.com/a/79855 for the IV generation may be the breakthrough …

⤋ Read More
In-reply-to » (#bjjnrsa) @eapl.me Here is what I've got so far: https://github.com/upputter/testing-twtxt-dm

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

⤋ Read More
In-reply-to » (#bjjnrsa) @eapl.me Here is what I've got so far: https://github.com/upputter/testing-twtxt-dm

@arne@uplegger.eu Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message: 

😭

⤋ Read More
In-reply-to » (#fyr2v5a) trying to implement it quickly, I get the same questions than you ```

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

⤋ Read More
In-reply-to » Today is an important day. We have a new extension: Direct message 🪇🗨️🚀🥳❤️ https://twtxt.dev/exts/direct-message.html #twtxt

@andros@twtxt.andros.dev Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.

⤋ Read More
In-reply-to » (#ozvrvpq) @arne Well, just for my understanding. The command: echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin will take the input string from echo to openssl. It then will

trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);

⤋ Read More
In-reply-to » (#ozvrvpq) @arne Well, just for my understanding. The command: echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin will take the input string from echo to openssl. It then will

@arne@uplegger.eu With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn “evpKDF” 😔

⤋ Read More
In-reply-to » Today is an important day. We have a new extension: Direct message 🪇🗨️🚀🥳❤️ https://twtxt.dev/exts/direct-message.html #twtxt

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

⤋ Read More
In-reply-to » (#k2ob6bq) @andros I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters. All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

  1. use the content of shared_key.bin as password
  2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
  3. use the PBKDF2 generated key for an aes-256-cbc encryption

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

  1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
  2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
  3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?

To be continued …

⤋ Read More

Does anybody know a right mouse click save and reduce a screen saver image to a smaller file, say 50KB?
My usual method is slow, place in image program and re-save it smaller.

I used to have a Window’s way to reduce file images from 1MB to 50 KB with right mouse click.

⤋ Read More

SpacemiT X60 RISC V Processor Enables AI and High Speed Storage in Bit Brick K1 Embedded Board
The Bit-Brick K1 is a single-board computer designed for industrial and edge computing applications. It features the SpacemiT Key Stone K1, an ultra-low-power octa-core RISC-V system-on-chip with SpacemiT Daoyi AI acceleration. Built on the RISC-V 64GCVB architecture and RVA22 standard, the processor delivers 2.0TOPS of AI computing power using customized … ⌘ Read more

⤋ Read More

Unbuntu in a bad mood. KolourPaint will not run, unstalled and reinstalled in, shut down the machine and fired it up again, installed just keeps the wheel icon wheeling????

I get nothing. The stupid Kolour Paint will not run.
The wheeling wheel keeps on wheeling, yet everything else is fine.

Why can’t you get you computer back when you shutdown Ubuntu?

⤋ Read More
In-reply-to » (#k2ob6bq) @andros I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters. All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

@arne@uplegger.eu

Image

If I keep the “nonce”, I can decrypt a message with the shared key, like in the direct message specs.
But that is not how it should work. 😒

⤋ Read More
In-reply-to » Today is an important day. We have a new extension: Direct message 🪇🗨️🚀🥳❤️ https://twtxt.dev/exts/direct-message.html #twtxt

@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

⤋ Read More
In-reply-to » 💭 Remember kids 🧒

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

⤋ Read More
In-reply-to » I'm in an article in Quanta Magazine! It's about the bizarre world of algorithms that re-use memory that's already full. https://www.quantamagazine.org/catalytic-computing-taps-the-full-power-of-a-full-hard-drive-20250218/ I'm the one with all the snow in the background.

Thanks, @falsifian@www.falsifian.org! I’ll definitely start with the latter one then. Let’s see how far I make it. :-)

⤋ Read More

Silicon Labs-Based XIAO MG24 Series Expands with New Pre-Soldered and Multi-Pack Versions
Seeed Studio has expanded its XIAO MG24 and XIAO MG24 Sense development board lineup with new variants, including pre-soldered versions and 3PCS packs. These additions provide more flexibility for developers working on IoT and Matter-based projects, streamlining prototyping and small-scale production. The XIAO MG24 and XIAO MG24 Sense are now available in 3PCS packs … ⌘ Read more

⤋ Read More
In-reply-to » I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your device's password (i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now there's no Password being transmitted, stored or presented to Github.com but still, all an attacker has to do is somehow be on my device and know my login password to my device right? Is that better or worse? 🤔

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

⤋ Read More
In-reply-to » I'm in an article in Quanta Magazine! It's about the bizarre world of algorithms that re-use memory that's already full. https://www.quantamagazine.org/catalytic-computing-taps-the-full-power-of-a-full-hard-drive-20250218/ I'm the one with all the snow in the background.

@lyse@lyse.isobeef.org I am a big fan of “obvious” math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . It’s written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .

⤋ Read More
In-reply-to » I'm in an article in Quanta Magazine! It's about the bizarre world of algorithms that re-use memory that's already full. https://www.quantamagazine.org/catalytic-computing-taps-the-full-power-of-a-full-hard-drive-20250218/ I'm the one with all the snow in the background.

@falsifian@www.falsifian.org Oh, that’s neat! Interesting how “obviously” isn’t all that obvious at all, even to the contrary. I reckon I have to read up on that subject on the weekend. :-)

I like how Ian’s and your photo complement each other, winter and summer join forces for something special. :-)

⤋ Read More
In-reply-to » You have a microwave oven at home, right?

I’m surprised, here you can’t find dial controls anymore. How old are your ovens? The last one my parents had was from the 90s.

I was amazed experimenting with different combinations, for instance instead of 100, using 60 for a minute, 90 for 1:30, and stupid stuff like heating with 11, 22, 55 seconds and so, to make it quicker to type any time.

⤋ Read More
In-reply-to » What would you like the new twtxt logo to be? Comments: https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18960 Media

among these options, 3

Although I like it more “twt”, without the dot and with a t at the end

⤋ Read More