@mckinley@twtxt.net

HTTPS is supposed to do

ODROID-M2 Leverages RK3588S2 SoC and Supports LPDDR5 Memory
The ODROID-M2 builds on the success of the Hardkernel ODROID-M1 series, offering enhanced computing power for industrial embedded systems. Powered by the RK3588S2 SoC, the ODROID-M2 provides significant improvements in both processing power and memory performance. Like the Radxa 5C and Lite models, the ODROID-M2 is equipped with the RK3588S2. This system features an octa-core

Many thanks!

@aelaraji@aelaraji.com Have you considered https://git.mills.io/yarnsocial/twtxt2html

On my blog: Toots 🦣 from 09/09 to 09/13 https://john.colagioia.net/blog/2024/09/13/week.html #linkdump #socialmedia #quotes #week

The #readchristie2024 for #September is “Ordeal by Innocence”, and in this #fridayreads I’m reading the Portuguese translation, than changes it’s title to “cabo da víbora”.

Image

you can just have a web address.. i added mine.. though i think they have changed up the protocol so my key doesn’t seem to work anymore. https://key.sour.is/id/me@sour.is

@bender@twtxt.net Thanks! 🤗 – I know it will 🤣

Out camping with the family this weekend for my birthday 🥳

I think so 😅 Thanks$!🙇‍♂️

The Fediverse Files ⌘ https://notiz.blog/a/9L7

ASRock Industrial SBC-374: A Versatile Platform Accommodating Meteor Lake-PS Intel Processors
The ASRock Industrial SBC-374 is a robust single board computer designed for embedded applications. It features Intel Core Ultra Processors (Meteor Lake-PS) on an LGA 1851 socket and is supported by an AMI SPI BIOS with secure flash options, suitable for demanding tasks in secure environments. According to the product specifications, the SBC-374 supports Inte … ⌘ Read more

MSI’s MS-CF17: An Ultra-Low-Power 3.5″ SBC with Intel Raptor Lake-P Processors
The MS-CF17 from MSI is an advanced single-board computer that combines high performance with a compact, fanless, ultra-low-power design. Featuring Intel’s latest 13th Gen Raptor Lake-P processors, the board is also available in an industrial-grade variant, making it suitable for demanding applications. This SBC is equipped with Intel Mobile 13th Gen Raptor Lake-P U Series

@aelaraji@aelaraji.com Hah interesting 🤔

been rather uninterested in technology lately for some reason. it’s probably the US Election’s fault, since I live in the US and all

Já não fazia um toot sobre #traduções há muito tempo…

Image

@xuu@txt.sour.is What’s the keyoxide thingy you wrote/built? 🤔 What’s your URI/profile? 🤔

@aelaraji@aelaraji.com Sounds like it would work 👌 Though I’ve not tried or invested anytime into proofs and claims type things so far 🤔

On my blog: Real Life in Star Trek, Cause and Effect https://john.colagioia.net/blog/2024/09/12/cause-effect.html #scifi #startrek #closereading

@aelaraji@aelaraji.com Nice write up!

I just received a thought… When you visit a server home page, or any page, why can’t the server sent you a page full of images, asking the human to click on three ants, or four ducks, or two trees, or five cars?
Can an AI machine do such a thing? After a few seconds of human time, the page they wish is downloaded for them. Would this work all you computer experts? (I am getting sick of bots reading my content and stealing my copyright)

aujourd’hui, j’ai configuré un serveur caldav pour éviter les oublis de rendez-vous avec ma chérie, et j’ai configuré unbound pour qu’il fasse le résolveur DNS en même temps qu’être le point de sortie de mon VPN #wireguard. Ça traînait depuis trop longtemps. C’était pas une si mauvaise journée ^^

quelqu’un peut me dire pourquoi https://buymeacoffee.com/ ça serait mieux que https://liberapay.com/ ?

Cette nuit, j’ai rêvé de PV Nova qui reprenait RATM et modifiait très légèrement le rythme, c’était vraiment excellent. J’ai maintenant la musique dans la tête :)

@aelaraji@aelaraji.com how would that work exactly? Does that mean then that every user is required to have a cox side profile? Who maintains cox site? Is it centralized or decentralized can be relied upon?

Summer, going too fast. :(

Ford, the company can honestly go fuck themselves! No one ever asked or even thought to themselves:

Gee I wish my car would listen to my in-car conversations and serve me ads.

🤬🤦‍♂️ #Ford #Ads

@slashdot@feeds.twtxt.net i’ll get fucked! The US patent office should ban this immediately.

@xuu@txt.sour.is True 😅 I guess it comes down to our risk appetite and the attack vectors we’re trying to solve for 🤔

@bender@twtxt.net yes I agree.

Fall is in the air now in Minnesota.

@prologic@twtxt.net a signature IS encryption in reverse. If my private key becomes compromised then they can impersonate me. Being able to manage promotion and revocation of keys needed even in a system where its used for just signatures.

@bender@twtxt.net there is a certain simplicity to that. 😅

I’m not sure if it’s possible to have unwind listening on a routing table != 0. It would be handy with my wireguard vpn set up on rdomain 2 (as example) si I can resolve domain names without setting up public DNS server in /etc/resolv.conf #openbsd.

I was not suggesting to that everyone need to setup a working webfinger endpoint, but that we take the format of nick+(sub)domain as base for generating the hashed together with the message date and content.

If we omit the protocol prefix from the way we do things now will that not solve most of the problems? In the case of gemini://gemini.ctrl-c.club/~nristen/twtxt.txt they also have a working twtxt.txt at https://ctrl-c.club/~nristen/twtxt.txt … damn I just notice the gemini. subdomain.

Okay what about defining a prefers protocol as part of the hash schema? so 1: https , 2: http 3: gemini 4: gopher ?

Ford Seeks Patent For Tech That Listens To Driver Conversations To Serve Ads
Ford is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car’s historical location and other data, according to a patent application published late last month. The Record: “In one example, the controller may moni … ⌘ Read more

@xuu@txt.sour.is it’s not really strictly required if we’re just talking about identity though right? If we’re talking about encryption then yes I agree rotate and keys becomes very important if you want to have attributes like perfect forward secrecy.

@xuu@txt.sour.is that could work too, but that requires a random value, a set of keys and signature verification of the value, which I don’t really have a problem with.

@xuu@txt.sour.is yes I’m less concerned about solving the integrity part of the problem of whether we can trust that the content of a feed is actually written by certain author, however, that’s not to say that we shouldn’t think about also leveraging keys to be able to do that maybe it’s an optional feature?

What were the recommended mitigations?

@sorenpeter@darch.dk There was a client that would generate a unique hash for each twt. It didn’t get wide adoption.

@prologic@twtxt.net identity and content integrity are two different problems.

Key rotation is a very important feature in a system like this.

the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feed’s unique identity that never changes.

i would rather it be a random value signed by a key. That way the key can change but the value stays the same.

Asus X7433RE-IM-A is a 3.5″ Single Board Computer with Intel Atom X7433RE Processor
The X7433RE-IM-A is a 3.5” industrial single board computer designed for industrial applications, featuring the Intel Amston Lake System-on-Chip. It integrates Intel Deep Learning Boost and Advanced Vector Extensions 2 to enhance AI inference and accelerate workloads at the edge, specifically targeting IoT applications. This SBC is available with the x7433RE processor, offering … ⌘ Read more

@xuu@txt.sour.is Thanks for the link. I found a pdf on one of the authors’ home pages: https://ahmadhassandebugs.github.io/assets/pdf/quic_www24.pdf . I wonder how the protocol was evaluated closer to the time it became a standard, and whether anything has changed. I wonder if network speeds have grown faster than CPU speeds since then. The paper says the performance is around the same below around 600 Mbps.

To be fair, I don’t think QUIC was ever expected to be faster for transferring a single stream of data. I think QUIC is supposed to reduce the impact of a dropped packet by making sure it only affects the stream it’s part of. I imagine QUIC still has that advantage, and this paper is showing the other side of a tradeoff.

Interesting.. QUIC isn’t very quick over fast internet.

QUIC is expected to be a game-changer in improving web application performance. In this paper, we conduct a systematic examination of QUIC’s performance over high-speed networks. We find that over fast Internet, the UDP+QUIC+HTTP/3 stack suffers a data rate reduction of up to 45.2% compared to the TCP+TLS+HTTP/2 counterpart. Moreover, the performance gap between QUIC and HTTP/2 grows as the underlying bandwidth increases. We observe this issue on lightweight data transfer clients and major web browsers (Chrome, Edge, Firefox, Opera), on different hosts (desktop, mobile), and over diverse networks (wired broadband, cellular). It affects not only file transfers, but also various applications such as video streaming (up to 9.8% video bitrate reduction) and web browsing. Through rigorous packet trace analysis and kernel- and user-space profiling, we identify the root cause to be high receiver-side processing overhead, in particular, excessive data packets and QUIC’s user-space ACKs. We make concrete recommendations for mitigating the observed performance issues.

https://dl.acm.org/doi/10.1145/3589334.3645323

So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.

What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:

The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.

The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?

From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.

I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.

# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w 
# sig: BEGIN SALTPACK SIGNED MESSAGE. ... 
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...

IMO we just have to fix the identity problem and figure out how to detect or support edits.

@sorenpeter@darch.dk No, this is what I want to avoid. For many reasons I stated before, content addressing or hashing is far better here for threading in a decentralized way.

@prologic@twtxt.net do that mean that for every new post (not replies) the client will have to generate a UUID or similar when posting and add that to to the twt?

HaloMax Product Line for Long-Range, Low-Power Wireless Solutions
Teledatics’ HaloMax, recently featured on CrowdSupply, is a long-range wireless module designed for applications like smart agriculture, industrial control, and HAM radio. Operating in the sub-1 GHz band, it delivers reliable, power-efficient communication over extended distances with FCC-allowed maximum output power. The HaloMax product lineup offers a range of modules and accessories tailored for long-range

MINIX U8K-ULTRA: 8K UHD Media Hub Powered by Android
MINIX U8K-ULTRA: 8K UHD Media Hub Powered by Android ⌘ Read more

@lyse@lyse.isobeef.org I personally think that we just go with a magic timestamp approach. It’s simpler and easier to implement across the major clients that are still actively developed.

The question is how much time do we give ourselves as we’re all a bit time poor and I can’t imagine we would do this quickly.

@movq@www.uninformativ.de if you do win the lottery, don’t forget to include us so we can all join in and share the things that we like to tinker with instead of this whole rat race. 🤣

@bender@twtxt.net Big photo capability upgrade?

@aelaraji@aelaraji.com Nice hack! 👌

@bender@twtxt.net I doubt I’ll be able to watch it live 🤣 But by all means, please Yarns all the goodies 😅

@bender@twtxt.net Kind of mirrored the ssh and ssh-keygen utilities. No reason really.

@bender@twtxt.net

$ echo 'hello world' | ./salty -i ./test_ed25519 --ssh-key --sign

@bender@twtxt.net Ahh yeah sorry about that 🤣 You were getting confused between salty.im and salty. The later of which salty.im actually uses and formed the basis of everything else. It’s a simple robust library and command-line tools with good test coverage. The lowest building block 😅

@prologic@twtxt.net excellent, thanks!

@movq@www.uninformativ.de That bad eh? 😅

For example:

$ echo 'hello world' | ./salty -i ./test.key -s | ./salty -i ./test.key -v
# signed by: kex1yfzzthmsdlqhgwzafy9zpjze6a0asxf6y552dp4yhvq66a4jje0qxqapvd
hello world

@bender@twtxt.net Yes of course it can 😅 Sorry I missed your question on IRC 😢

#MaradoWeekly #WeeklyRecord Week 37

Image

@jmjl@tilde.green howdy! Sorry for mistaken you with https://blog.nfld.uk/ (jlj), but glad to connect. Cheers!

@mckinley@twtxt.net To answer some of your questions:

Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.

We already have this. Ed25519 libraries exist for all major languages. Aside from using ssh-keygen -Y sign and ssh-keygen -Y verify, you can also use the salty CLI itself (https://git.mills.io/prologic/salty), and I’m sure there are other command-line tools that could be used too.

If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

Yes. This would happen, so we’d have to make a decision around this, either a) a cut-off point or b) some way to progressively transition.

@bender@twtxt.net Holy shit that pod is still alive?! 🤔

@sorenpeter@darch.dk WebFinger requires additional setup that whilsts helps to solve the “identity” problem in an “abstract” way, that extra infra that needs to be setup a) isn’t trivial and b) hard to support on “shared hosting”.

Sharing hosting is also the reason why you can’t just use part of a URL really.

On my blog: Developer Diary, Chrysanthemum Day https://john.colagioia.net/blog/2024/09/09/chrysanthemum.html #programming #project #devjournal

how little data is needed for generating the hashes? Instead of the full URL, can we makedo with just the domain (example.net) so we avoid the conflicts with gemini://, https:// and only http:// (like in my own twtxt.txt) or construct something like like a webfinger id nick@domain (also used by mastodon etc.) from the domain and nick if there, else use domain as nick as well

Where all folks?!