@falsifian@www.falsifian.org One of the nice things I think is that you can almost assuredly trust that the hash is a correct representation of the thread because it was computed via our content, addressing in the first place, so all you need to do yes copy it 👌
@falsifian@www.falsifian.org I agree completely about backwards compatibility.
@falsifian@www.falsifian.org Yeah that’s why we made them short 😅
@prologic@twtxt.net Brute force. I just hashed a bunch of versions of both tweets until I found a collision.
I mostly just wanted an excuse to write the program. I don’t know how I feel about actually using super-long hashes; could make the twts annoying to read if you prefer to view them untransformed.
@falsifian@www.falsifian.org I think I wrote a very similar program and go myself actually and you’re right we do have to change the way we encode hashes.
@falsifian@www.falsifian.org All very good points 👌 by the way, how did you find two pieces of content that hash the same when taking the last N characters of the base32 and coded hash?
@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.
Imagine I found this twt one day at https://example.com/twtxt.txt :
2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup
and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to
2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory
which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)
That’s what I meant by “spoofing” in an earlier twt.
I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.
Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.
Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.
@off_grid_living@twtxt.net Aww thanks! 🤗
There are certainly improvements that can be made to this tool.🤞
And here the Tommos camp with Mum and Dad in the trailor at Myall Lakes.
Boy I could tell you some stories here, like the time we got dozens of spiders all in the tent one night, and the time Dad yelled to Bob to get the red belly black snake that crawled over Brains sleeping bag. Up I jump grab a shovel and cut the head off. silly me !! We camped out with all our partners too.
Karen was treated like family with the 5 siblings and Mum and Dad. It was a great time. Happy camping James on your birthday!
Here is a picture of me aged 1 yr in a bucket at Muttabun Sheep Station, a place near Goodooga in NSW.
This is what the old house at Sunshine looked at the back steps, demolished and changed by dad.
The picture is Grandma Thompson and Grandad Thompson, very special people to me.
And here is James with Emily as a very young boy
And this is a picture of James a few months old taken with all family making you a fifth generation with all family still alive
1 Great grandma Lacey aged 92
2 Nana Strong (holding James)
3 My Mum
4 Karen
5 James
Not too many can post something like this.
Here is a picture of Sunshine House in 1970, I am the tallest one at the back. The house got a new roof and some more bedrooms before you lived here after Belmont Hospital.
This message was posted at 4:24 AM. For my Son who is a night owl and I am an early riser, you would still be asleep. Many happy returns of the day !
Happy Birthday my Son, I guess you are still camping and celebrating your special day with family.
You were born on a Wednesday on 15 September 1982 at Belmont Hospital, which is a lovely low set place outside Newcastle, as you were brought home to live with my Mum and Dad at Sunshine in our first few months as a married couple, at Sunshine near Morriset NSW. Enjoy your special day.
Happy Birthday my Son, I guess you are still camping and celebrating your special day with family.
You were born on a Wednesday on 15 September 1982 at Belmont Hospital, which is a lovely low set place outside Newcastle, as you were brought home to live with my Mum and Dad at Sunshine in our first few months as a married couple. If you subtract 9 months and a bit, the term of your pregnancy, that makes your conception date a few days after our marriage, and the first time both of us had sexual intercourse together, sometime around Friday Saturday or Sunday beginning on 4th December 1981. We were married at Gosford and arrived in the Sydney Hilton Hotel on that evening Thursday 3rd December, it was such a quiet place so far above the street level, the tiny cars below looked like ants. Because you were the first child, we have special sessions each week to attend to learn how to be parents after your birth, and care for the Mum during your delivery. If I remember yours was a breech birth, the doctor had to turn you around somewhat before the normal course of action took place. Karen was brave, being only on gas. Enjoy your special day.
@lyse@lyse.isobeef.org brr, we have the same here. Starting to get cold riding motorcycle to work in the morning.
@prx@si3t.ch I haven’t messed with rdomains, but still it might help if you included the command that produced that error (and whether you ran it as root).
They’re in Section 6:
Receiver should adopt UDP GRO. (Something about saving CPU processing UDP packets; I’m a but fuzzy about it.) And they have suggestions for making GRO more useful for QUIC.
Some other receiver-side suggestions: “sending delayed QUICK ACKs”; “using recvmsg to read multiple UDF packets in a single system call”.
Use multiple threads when receiving large files.
Weird, I can’t set up my iwm0 interface to rdomain 1 : ifconfig: SIOCSIFRDOMAIN: Invalid argument. What am I missing? #openbsd
On my blog: Free Culture Book Club — Aumyr, part 2 https://john.colagioia.net/blog/2024/09/14/aumyr-2.html #freeculture #bookclub
We need more support summer software :(
HTTPS is supposed to do
ODROID-M2 Leverages RK3588S2 SoC and Supports LPDDR5 Memory
The ODROID-M2 builds on the success of the Hardkernel ODROID-M1 series, offering enhanced computing power for industrial embedded systems. Powered by the RK3588S2 SoC, the ODROID-M2 provides significant improvements in both processing power and memory performance. Like the Radxa 5C and Lite models, the ODROID-M2 is equipped with the RK3588S2. This system features an octa-core
@aelaraji@aelaraji.com Have you considered https://git.mills.io/yarnsocial/twtxt2html
On my blog: Toots 🦣 from 09/09 to 09/13 https://john.colagioia.net/blog/2024/09/13/week.html #linkdump #socialmedia #quotes #week
The #readchristie2024 for #September is “Ordeal by Innocence”, and in this #fridayreads I’m reading the Portuguese translation, than changes it’s title to “cabo da víbora”.
you can just have a web address.. i added mine.. though i think they have changed up the protocol so my key doesn’t seem to work anymore. https://key.sour.is/id/me@sour.is
@bender@twtxt.net Thanks! 🤗 – I know it will 🤣
Out camping with the family this weekend for my birthday 🥳 
I think so 😅 Thanks$!🙇♂️
The Fediverse Files ⌘ https://notiz.blog/a/9L7
ASRock Industrial SBC-374: A Versatile Platform Accommodating Meteor Lake-PS Intel Processors
The ASRock Industrial SBC-374 is a robust single board computer designed for embedded applications. It features Intel Core Ultra Processors (Meteor Lake-PS) on an LGA 1851 socket and is supported by an AMI SPI BIOS with secure flash options, suitable for demanding tasks in secure environments. According to the product specifications, the SBC-374 supports Inte … ⌘ Read more
MSI’s MS-CF17: An Ultra-Low-Power 3.5″ SBC with Intel Raptor Lake-P Processors
The MS-CF17 from MSI is an advanced single-board computer that combines high performance with a compact, fanless, ultra-low-power design. Featuring Intel’s latest 13th Gen Raptor Lake-P processors, the board is also available in an industrial-grade variant, making it suitable for demanding applications. This SBC is equipped with Intel Mobile 13th Gen Raptor Lake-P U Series
@aelaraji@aelaraji.com Hah interesting 🤔
been rather uninterested in technology lately for some reason. it’s probably the US Election’s fault, since I live in the US and all
Já não fazia um toot sobre #traduções há muito tempo…
@xuu@txt.sour.is What’s the keyoxide thingy you wrote/built? 🤔 What’s your URI/profile? 🤔
@aelaraji@aelaraji.com Sounds like it would work 👌 Though I’ve not tried or invested anytime into proofs and claims type things so far 🤔
On my blog: Real Life in Star Trek, Cause and Effect https://john.colagioia.net/blog/2024/09/12/cause-effect.html #scifi #startrek #closereading
@aelaraji@aelaraji.com Nice write up!
I just received a thought… When you visit a server home page, or any page, why can’t the server sent you a page full of images, asking the human to click on three ants, or four ducks, or two trees, or five cars?
Can an AI machine do such a thing? After a few seconds of human time, the page they wish is downloaded for them. Would this work all you computer experts? (I am getting sick of bots reading my content and stealing my copyright)
aujourd’hui, j’ai configuré un serveur caldav pour éviter les oublis de rendez-vous avec ma chérie, et j’ai configuré unbound pour qu’il fasse le résolveur DNS en même temps qu’être le point de sortie de mon VPN #wireguard. Ça traînait depuis trop longtemps. C’était pas une si mauvaise journée ^^
quelqu’un peut me dire pourquoi https://buymeacoffee.com/ ça serait mieux que https://liberapay.com/ ?
Cette nuit, j’ai rêvé de PV Nova qui reprenait RATM et modifiait très légèrement le rythme, c’était vraiment excellent. J’ai maintenant la musique dans la tête :)
@aelaraji@aelaraji.com how would that work exactly? Does that mean then that every user is required to have a cox side profile? Who maintains cox site? Is it centralized or decentralized can be relied upon?
Summer, going too fast. :(
Ford, the company can honestly go fuck themselves! No one ever asked or even thought to themselves:
Gee I wish my car would listen to my in-car conversations and serve me ads.
@slashdot@feeds.twtxt.net i’ll get fucked! The US patent office should ban this immediately.
@xuu@txt.sour.is True 😅 I guess it comes down to our risk appetite and the attack vectors we’re trying to solve for 🤔
@bender@twtxt.net yes I agree.
Fall is in the air now in Minnesota.
@prologic@twtxt.net a signature IS encryption in reverse. If my private key becomes compromised then they can impersonate me. Being able to manage promotion and revocation of keys needed even in a system where its used for just signatures.
url field in the feed to define the URL for hashing. It should have been the last encountered one. Then, assuming append-style feeds, you could override the old URL with a new one from a certain point on:
@bender@twtxt.net there is a certain simplicity to that. 😅
I’m not sure if it’s possible to have unwind listening on a routing table != 0. It would be handy with my wireguard vpn set up on rdomain 2 (as example) si I can resolve domain names without setting up public DNS server in /etc/resolv.conf #openbsd.
url field in the feed to define the URL for hashing. It should have been the last encountered one. Then, assuming append-style feeds, you could override the old URL with a new one from a certain point on:
I was not suggesting to that everyone need to setup a working webfinger endpoint, but that we take the format of nick+(sub)domain as base for generating the hashed together with the message date and content.
If we omit the protocol prefix from the way we do things now will that not solve most of the problems? In the case of gemini://gemini.ctrl-c.club/~nristen/twtxt.txt they also have a working twtxt.txt at https://ctrl-c.club/~nristen/twtxt.txt … damn I just notice the gemini. subdomain.
Okay what about defining a prefers protocol as part of the hash schema? so 1: https , 2: http 3: gemini 4: gopher ?
Ford Seeks Patent For Tech That Listens To Driver Conversations To Serve Ads
Ford is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car’s historical location and other data, according to a patent application published late last month. The Record: “In one example, the controller may moni … ⌘ Read more
@xuu@txt.sour.is it’s not really strictly required if we’re just talking about identity though right? If we’re talking about encryption then yes I agree rotate and keys becomes very important if you want to have attributes like perfect forward secrecy.
@xuu@txt.sour.is that could work too, but that requires a random value, a set of keys and signature verification of the value, which I don’t really have a problem with.
@xuu@txt.sour.is yes I’m less concerned about solving the integrity part of the problem of whether we can trust that the content of a feed is actually written by certain author, however, that’s not to say that we shouldn’t think about also leveraging keys to be able to do that maybe it’s an optional feature?
What were the recommended mitigations?
@sorenpeter@darch.dk There was a client that would generate a unique hash for each twt. It didn’t get wide adoption.
@prologic@twtxt.net identity and content integrity are two different problems.
Key rotation is a very important feature in a system like this.
the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feed’s unique identity that never changes.
i would rather it be a random value signed by a key. That way the key can change but the value stays the same.
Asus X7433RE-IM-A is a 3.5″ Single Board Computer with Intel Atom X7433RE Processor
The X7433RE-IM-A is a 3.5” industrial single board computer designed for industrial applications, featuring the Intel Amston Lake System-on-Chip. It integrates Intel Deep Learning Boost and Advanced Vector Extensions 2 to enhance AI inference and accelerate workloads at the edge, specifically targeting IoT applications. This SBC is available with the x7433RE processor, offering … ⌘ Read more
@xuu@txt.sour.is Thanks for the link. I found a pdf on one of the authors’ home pages: https://ahmadhassandebugs.github.io/assets/pdf/quic_www24.pdf . I wonder how the protocol was evaluated closer to the time it became a standard, and whether anything has changed. I wonder if network speeds have grown faster than CPU speeds since then. The paper says the performance is around the same below around 600 Mbps.
To be fair, I don’t think QUIC was ever expected to be faster for transferring a single stream of data. I think QUIC is supposed to reduce the impact of a dropped packet by making sure it only affects the stream it’s part of. I imagine QUIC still has that advantage, and this paper is showing the other side of a tradeoff.
Interesting.. QUIC isn’t very quick over fast internet.
QUIC is expected to be a game-changer in improving web application performance. In this paper, we conduct a systematic examination of QUIC’s performance over high-speed networks. We find that over fast Internet, the UDP+QUIC+HTTP/3 stack suffers a data rate reduction of up to 45.2% compared to the TCP+TLS+HTTP/2 counterpart. Moreover, the performance gap between QUIC and HTTP/2 grows as the underlying bandwidth increases. We observe this issue on lightweight data transfer clients and major web browsers (Chrome, Edge, Firefox, Opera), on different hosts (desktop, mobile), and over diverse networks (wired broadband, cellular). It affects not only file transfers, but also various applications such as video streaming (up to 9.8% video bitrate reduction) and web browsing. Through rigorous packet trace analysis and kernel- and user-space profiling, we identify the root cause to be high receiver-side processing overhead, in particular, excessive data packets and QUIC’s user-space ACKs. We make concrete recommendations for mitigating the observed performance issues.
So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.
What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:
The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.
The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?
From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.
I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.
# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...
IMO we just have to fix the identity problem and figure out how to detect or support edits.
@sorenpeter@darch.dk No, this is what I want to avoid. For many reasons I stated before, content addressing or hashing is far better here for threading in a decentralized way.
@prologic@twtxt.net do that mean that for every new post (not replies) the client will have to generate a UUID or similar when posting and add that to to the twt?