@eapl.me@eapl.me Nope, I switched to the openssl library in PHP. But our rubberducking 🦆 seems to be working. Your find https://crypto.stackexchange.com/a/79855 for the IV generation may be the breakthrough …

@bender@twtxt.net Lol! :-D

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

@arne@uplegger.eu Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message: 

😭

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

Open Web Conversations ⌘ https://notiz.blog/b/DUX

I thought hCaptcha was getting off the rails. Try making an X account using a VPN service!

Those are some impressive wigs: https://imgur.com/gallery/life-imitates-video-game-5KlJBhj I wonder how it feels to wear such a thing for a day – especially in summer. 😅🥵

@andros@twtxt.andros.dev Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.

trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);

I haven’t taken a look into that extension, although I think you could use the OpenSSL library: https://www.php.net/manual/en/function.openssl-encrypt.php

@arne@uplegger.eu With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn “evpKDF” 😔

@prologic@twtxt.net I’ve been there yesterday w/o success.

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

Had some fun with my old Mandelbrot renderer: https://movq.de/v/83110057f5/

#musiquinta sobre “cachorro”, a música que tinha em mente acho que já aqui a divulguei numa outra musiquinta, e em vez disso deixo-vos aqui uma música para chorar:

Ashram - Lucky’s Song (My Dog)
https://youtu.be/oJ37mmym_LA

hello @c8e00 ! All the best to you too, despite a very disrupted world… I live in France, lost in the countryside.

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

https://www.project-syndicate.org/commentary/serbia-protests-new-strategy-of-challenging-a-corrupt-authoritarian-state-by-slavoj-zizek-2025-02

oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM I’m using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

DOGE has ‘god mode’ access to government data
Article URL: https://www.theatlantic.com/technology/archive/2025/02/doge-god-mode-access/681719/

Comments URL: https://news.ycombinator.com/item?id=43112084

Points: 533

# Comments: 1021 ⌘ Read more

Noo, please mercy him

Does anybody know a right mouse click save and reduce a screen saver image to a smaller file, say 50KB?
My usual method is slow, place in image program and re-save it smaller.

I used to have a Window’s way to reduce file images from 1MB to 50 KB with right mouse click.

These pictures are expensive, 130 KB as a png file. how come? Can they get smaller to under 50Kb?

Some chooks not up this morning ?

my faviourite tree under wire netting, an apple, got fruit fly this year. bother
might need netting over it

Especially love my new pre loved roller doors !!

Love my new shed, getting ready to retire

A view of the deck, overlooking the new gardens.

Like the writing it does.

I finally got “Drawing” as an APP to work. Happy with it so far.

(Updated) SolidRun HummingBoard i.MX8M IIOT SBC with NVMe, RS232, RS485, and LTE Support
SolidRun HummingBoard i.MX8M IIOT SBC with NVMe, RS232, RS485, and LTE Support ⌘ Read more

SpacemiT X60 RISC V Processor Enables AI and High Speed Storage in Bit Brick K1 Embedded Board
The Bit-Brick K1 is a single-board computer designed for industrial and edge computing applications. It features the SpacemiT Key Stone K1, an ultra-low-power octa-core RISC-V system-on-chip with SpacemiT Daoyi AI acceleration. Built on the RISC-V 64GCVB architecture and RVA22 standard, the processor delivers 2.0TOPS of AI computing power using customized … ⌘ Read more

Like like Kolourpaint for its simplicity why has it stopped working?

Seems I am not the only one to find the APP stops working?

I finally got Ubuntu Software to find Kolourpaint and it installed, now when I run the APP nothing happens.
Dead, zip narda.

Stupid program , what is wrong?

Shutdown OK this time

In Unbunti software, explore KolourPaint is says the “No application found”

Why can’t the APP find the software on the WWW?

Unbuntu in a bad mood. KolourPaint will not run, unstalled and reinstalled in, shut down the machine and fired it up again, installed just keeps the wheel icon wheeling????

I get nothing. The stupid Kolour Paint will not run.
The wheeling wheel keeps on wheeling, yet everything else is fine.

Why can’t you get you computer back when you shutdown Ubuntu?

@nff@www.noizhardware.com I do! :-) Btw. line 65 in your feed is broken.

We are all we have.

no body to say hello?

happy to be here!

@arne@uplegger.eu

Image

@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

hey @lyse@lyse.isobeef.org I’ve seen your mention from uhhmmm 4months ago just now using my crawler -__-’ / curious to know, do you see my mention now? #meta #twtxt

hey @lyse@lyse.isobeef.org I’ve seen your mention from uhhmmm 4months ago just now using my crawler -__-’ / curious to know, do you see my mention now? #meta #twtxt

Thanks, @falsifian@www.falsifian.org! I’ll definitely start with the latter one then. Let’s see how far I make it. :-)

@falsifian@www.falsifian.org Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.

Multiple Russia-aligned threat actors actively targeting Signal Messenger
Article URL: https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Comments URL: https://news.ycombinator.com/item?id=43102284

Points: 504

# Comments: 196 ⌘ Read more

❤️ 🎶: Those Days by KIM KI TAE

❤️ 🎶: Pray by Younha

Silicon Labs-Based XIAO MG24 Series Expands with New Pre-Soldered and Multi-Pack Versions
Seeed Studio has expanded its XIAO MG24 and XIAO MG24 Sense development board lineup with new variants, including pre-soldered versions and 3PCS packs. These additions provide more flexibility for developers working on IoT and Matter-based projects, streamlining prototyping and small-scale production. The XIAO MG24 and XIAO MG24 Sense are now available in 3PCS packs … ⌘ Read more

“loud baby cries, wettings of bed.”

@prologic@twtxt.net Holly, didn’t know bots and crawlers could do comedy now… they should’ve added “Dave Chappelle/69.420” to their UA.

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

Valve releases Team Fortress 2 game code
Article URL: https://github.com/ValveSoftware/source-sdk-2013/commit/0759e2e8e179d5352d81d0d4aaded72c1704b7a9

Comments URL: https://news.ycombinator.com/item?id=43094260

Points: 511

# Comments: 137 ⌘ Read more

https://d4llo.codeberg.page/BloquonsBollore/

yes it works now :)

@lyse@lyse.isobeef.org I don’t remember exactly. They might have been growing all winter. The trick is to have a badly insulated extension to the house.

@falsifian@www.falsifian.org Hahaha, that’s sick, I love it! :-D I envy you a bit. On the other hand, I have to admit I’m glad that I don’t have to chisel down giant blocks of ice from the house.

@eapl.me@eapl.me I can do that as soon as I get back home. Also, just in case you’ve missed it, Choice 1 is actually 4 different variations.

@lyse@lyse.isobeef.org I am a big fan of “obvious” math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . It’s written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .

@falsifian@www.falsifian.org Mate, what an amazing video, holy cow! :-D We only get complete jokes of icicles compared to what you had there ealier today. It’s a giant wall. For how many days did that grow on your roof?

@lyse@lyse.isobeef.org Still melting!

@falsifian@www.falsifian.org Oh, that’s neat! Interesting how “obviously” isn’t all that obvious at all, even to the contrary. I reckon I have to read up on that subject on the weekend. :-)

I like how Ian’s and your photo complement each other, winter and summer join forces for something special. :-)

@falsifian@www.falsifian.org Wooooaaaahhh! That is BY FAR the biggest icicle I’ve ever seen. Really cool! :-) How long did it take to melt in your sink? The video download is still dripping in, looking forward to that.

@eapl.me@eapl.me I couldn’t care less about ActivityPub, but twtxt is the thing for hackers by design. That’s the appealing part for me, personally. I actually do enjoy that not everybody and their dogs are here. :-)

@thecanine@twtxt.net I agree!

@movq@www.uninformativ.de @prologic@twtxt.net I don’t know, I don’t see this happening all that often. Very rarely. The problem I encounter much more often is that tech folks are blindly adopting every new hype without thinking the slightest bit what the consequences might be.

But maybe that also means I’m one of these “told you so” guys. Not sure.

I’m in an article in Quanta Magazine! It’s about the bizarre world of algorithms that re-use memory that’s already full. https://www.quantamagazine.org/catalytic-computing-taps-the-full-power-of-a-full-hard-drive-20250218/ I’m the one with all the snow in the background.

@andros@twtxt.andros.dev 4

Today is an important day. We have a new extension: Direct message 🪇🗨️🚀🥳❤️
https://twtxt.dev/exts/direct-message.html
#twtxt

En fait, pour le #potager il me faudrait vraiment un broyeur (histoire d’avoir un bon compost). Je me demande s’il existe des trucs sans électricité….

@sorenpeter@darch.dk Sorry, I realized that shortly after posting. Here’s another attempt to post the images:

@eapl_en@eapl.me Good idea

4, but I like the idea of @eapl_en@eapl.me

I’m surprised, here you can’t find dial controls anymore. How old are your ovens? The last one my parents had was from the 90s.

I was amazed experimenting with different combinations, for instance instead of 100, using 60 for a minute, 90 for 1:30, and stupid stuff like heating with 11, 22, 55 seconds and so, to make it quicker to type any time.

with the quote?

among these options, 3

Although I like it more “twt”, without the dot and with a t at the end

What would you like the new twtxt logo to be?
Comments: https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18960

Image

I couldn’t agree more

Try something else…

@prologic@twtxt.net All the URL are missing the protocol part (https://) and my markdown parser does not know how to handle but I see yarnd does it just fine.

Show HN: Live-updating version of the ‘What a week, huh?’ meme
As a fun evening project, I made a live-updating version of the ‘What a week, huh?’ meme (based on a panel from The Adventures of Tintin comics

@falsifian@www.falsifian.org
it look like your markdown image tags are missing the protocol part (https://) so they don’t render at least on my server: https://darch.dk/timeline/conv/3vtnszq