(#jb5qaka) @xuu@xuu I guess so 🤣 Looks nice, bit of a rats nest though 🤣
@xuu @txt.sour.is I guess so 🤣 Looks nice, bit of a rats nest though 🤣 ⌘ Read more

(#kggaawa) @xuu@xuu Works for me over here 👈
@xuu @txt.sour.is Works for me over here 👈 ⌘ Read more

@aelaraji@aelaraji.com Works 👌

(#xi2cema) @aelaraji@aelaraji Works 👌
@aelaraji @aelaraji.com Works 👌 ⌘ Read more

@andros@twtxt.andros.dev is it me or twtxt-el generates a wrong twt hash when I use the [ ↳ Reply to twt ] button?

@prologic@twtxt.net huh.. i added sour.is and img.sour.is to my whitelist but its not showing inline for me

@prologic@twtxt.net huh.. i added sour.is and img.sour.is to my whitelist but its not showing inline for me

(#dmkwu4q) @bender@bender Yup!
@bender @twtxt.net Yup! ⌘ Read more

@prologic@twtxt.net Those aren’t actually serving anything public-facing. I’ve thought about it, but for now I’m sticking with VPSs, partly because I don’t relish the risk of weeks of downtime if something goes wrong while I’m travelling.

@prologic@twtxt.net Here’s mine.

Edit #issuecomment-18968

@eapl.me@eapl.me @andros@twtxt.andros.dev here’s another variant as per eapl’s suggestion (#issuecomment-18968)[https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18968]

⌘ Read more

@bender@twtxt.net Hmmm, does that mean it’s not that popular in the US? 🤔

I hope not, @bender@twtxt.net! I haven’t checked, but I’d reckon it to be at most a single digit MiB number. How wrong am I?

@off_grid_living@twtxt.net No right click thing, but in the terminal:

convert -strip -quality 70 -resize 300x original.jpg resized.jpg

“original.jpg” being the filename of the input file and “resized.jpg” the filename of the output. You can play around with the width, “300x” means 300 pixels wide and the height is determined automatically to still remain in the same ratio. The quality is how much to compress it. The closer to 0 the value gets, the worse the result, but also smaller in file size. More towards 100 and the quality improves together with a larger file size.

You have to install the package “imagemagick” for this to work, I believe.

@off_grid_living@twtxt.net Oh, I’m ready for my retirement, too. :-D Still have some decades to go, unfortunately.

@off_grid_living@twtxt.net You could try starting it in the terminal in order to spot errors. Just open the GNOME Terminal or something like that and then type in “kolourpaint” and hit Enter.

@bender@twtxt.net Lol! :-D

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

@arne@uplegger.eu Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message: 

😭

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

@andros@twtxt.andros.dev Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.

@arne@uplegger.eu With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn “evpKDF” 😔

@prologic@twtxt.net I’ve been there yesterday w/o success.

@arne@uplegger.eu I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔

(#k2ob6bq) @arne@arne I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔
@arne @uplegger.eu I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔 ⌘ Read more

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

(#he7co7q) @off_grid_living@off_grid_living The smaller the file size the smaller the image’s resolution and the less detail you can see. It’s a trade …
@off_grid_living @twtxt.net The smaller the file size the smaller the image’s resolution and the less detail you can see. It’s a tradeoff between space, bandwidth and pixel density and detail. ⌘ Read more

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

(#7mxlpza) @movq@movq that used to be me until I lobbied to have fiber optic to the premise
@movq @www.uninformativ.de that used to be me until I lobbied to have fiber optic to the premise ⌘ Read more

oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM I’m using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

Love my new shed, getting ready to retire

@lyse@lyse.isobeef.org call the @ call the @yarn_police@twtxt.net! 😂

@arne@uplegger.eu

Image

@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

hey @lyse@lyse.isobeef.org I’ve seen your mention from uhhmmm 4months ago just now using my crawler -__-’ / curious to know, do you see my mention now? #meta #twtxt

Thanks, @falsifian@www.falsifian.org! I’ll definitely start with the latter one then. Let’s see how far I make it. :-)

@falsifian@www.falsifian.org Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.

I am so sorry Maggie Forest, but I won’t be voting for you for the Ryan electorate. I will continue to vote for and support Elizabeth Watson-Br …
I am so sorry Maggie Forest, but I won’t be voting for you for the Ryan electorate. I will continue to vote for and support Elizabeth Watson-Brown a voice for the people of Ryan who actually gets things done! ⌘ Read more

@prologic@twtxt.net Holly, didn’t know bots and crawlers could do comedy now… they should’ve added “Dave Chappelle/69.420” to their UA.

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

@lyse@lyse.isobeef.org I don’t remember exactly. They might have been growing all winter. The trick is to have a badly insulated extension to the house.

@falsifian@www.falsifian.org Hahaha, that’s sick, I love it! :-D I envy you a bit. On the other hand, I have to admit I’m glad that I don’t have to chisel down giant blocks of ice from the house.

@lyse@lyse.isobeef.org I am a big fan of “obvious” math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . It’s written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .

@falsifian@www.falsifian.org Mate, what an amazing video, holy cow! :-D We only get complete jokes of icicles compared to what you had there ealier today. It’s a giant wall. For how many days did that grow on your roof?

@lyse@lyse.isobeef.org Still melting!

@falsifian@www.falsifian.org Oh, that’s neat! Interesting how “obviously” isn’t all that obvious at all, even to the contrary. I reckon I have to read up on that subject on the weekend. :-)

I like how Ian’s and your photo complement each other, winter and summer join forces for something special. :-)

@falsifian@www.falsifian.org Wooooaaaahhh! That is BY FAR the biggest icicle I’ve ever seen. Really cool! :-) How long did it take to melt in your sink? The video download is still dripping in, looking forward to that.

@eapl.me@eapl.me I couldn’t care less about ActivityPub, but twtxt is the thing for hackers by design. That’s the appealing part for me, personally. I actually do enjoy that not everybody and their dogs are here. :-)

@thecanine@twtxt.net I agree!

@movq@www.uninformativ.de @prologic@twtxt.net I don’t know, I don’t see this happening all that often. Very rarely. The problem I encounter much more often is that tech folks are blindly adopting every new hype without thinking the slightest bit what the consequences might be.

But maybe that also means I’m one of these “told you so” guys. Not sure.

@andros@twtxt.andros.dev 4

@andros@twtxt.andros.dev 4

Today is an important day. We have a new extension: Direct message 🪇🗨️🚀🥳❤️
https://twtxt.dev/exts/direct-message.html
#twtxt

@sorenpeter@darch.dk Sorry, I realized that shortly after posting. Here’s another attempt to post the images:

@eapl_en@eapl.me Good idea

4, but I like the idea of @eapl_en@eapl.me

(#x6zj56a) 3
3 ⌘ Read more

(#ptywoma) 3
3 ⌘ Read more

What would you like the new twtxt logo to be?
Comments: https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18960

Image

What would you like the new twtxt logo to be?

Image

@prologic@twtxt.net All the URL are missing the protocol part (https://) and my markdown parser does not know how to handle but I see yarnd does it just fine.

(#3vtnszq) @sorenpeter@sorenpeter I think it was just one broken image link, right?
@sorenpeter @darch.dk I think it was just one broken image link, right? ⌘ Read more

@falsifian@www.falsifian.org
it look like your markdown image tags are missing the protocol part (https://) so they don’t render at least on my server: https://darch.dk/timeline/conv/3vtnszq

(#dr7h3ya) @eapl.me@eapl.me Agree 👍
@eapl.me @eapl.me Agree 👍 ⌘ Read more

(#xbiyfxq) @falsifian@falsifian In the process of 🤞
@falsifian @www.falsifian.org In the process of 🤞 ⌘ Read more

@prologic@twtxt.net Have you tried Google’s robots.txt report? https://support.google.com/webmasters/answer/6062598?hl=en . I would expect Google to be pretty good about this sort of thing. If you have the energy to dig into it and, for example, post on support.google.com, I’d be curious to hear what you find out.

Something interesting to think about for twtxt, the microblogging for hackers and friends…

The biggest challenge of ActivityPub is that it’s too technical to easily explain to regular people. Nobody is interested in a jargon-laden diatribe about servers and federation. When simple questions have overly complex answers, people tend to switch off.
https://activitypub.ghost.org/your-thoughts-on-onboarding/

(#htzehaq) @movq@movq Poo 💩 I feel you 🤗
@movq @www.uninformativ.de Poo 💩 I feel you 🤗 ⌘ Read more

(#jr6ywrq) @bender@bender I plead the 5th 🤣
@bender @twtxt.net I plead the 5th 🤣 ⌘ Read more

@bender@twtxt.net @prologic@twtxt.net the markdown list in #jr6ywrq is a “loose” list, e.g. https://github.com/erusev/parsedown/issues/474#issuecomment-280874843
My markdown parser (parsedown PHP) renders the list with p-tags also.

(#lcl6bea) @bender@bender It’s the blind abiding that worries me a lot. I’m still reading his letter, plus some other similar things I’ve com …
@bender @twtxt.net It’s the blind abiding that worries me a lot. I’m still reading his letter, plus some other similar things I’ve come across I’ll share later. It’s all fucking horrifying just how fucking goddamn corrupted everything is lately 🤦‍♂️ ⌘ Read more

(#pzgssha) @bender@bender Not my doing. That’s the Markdown parser/render. Not Goldmark (yet).
@bender @twtxt.net Not my doing. That’s the Markdown parser/render. Not Goldmark (yet). ⌘ Read more

**On my hit list of assholes tech giants that break the rules and are bad web citizens:

• Microsoft
  

• Google
  

• Alibaba
  

• Open AI

• _more to come …**
  On my hit list of assholes tech giants that break the rules and are bad web citizens:

• Microsoft

• Google

• Alibaba

• Open AI

• more to come… ⌘ Read more

**(#lcl6bea) @bender@bender Not with that kind of attitude 🤣

I don’t think it will have any impact**
@bender @twtxt.net Not with that kind of attitude 🤣

I don’t think it will have any impact ⌘ Read more

Can’t seem to prevent “bad bots” from aggressively hitting your shit™ 🤦‍♂️
Can’t seem to prevent “bad bots” from aggressively hitting your shit™ 🤦‍♂️ ⌘ Read more

**Bloody hell 🤦‍♂️🤦‍♂️

$ jq -r --arg host "gopher.mills.io" '. | select(.request.host==$host) | "\(.request.client_ip) \(.re ...**
Bloody hell 🤦‍♂️🤦‍♂️

$ jq -r –arg host “gopher.mills.io” ‘. | select(.request.host==$host) | “(.request.client_ip) (.request.uri) (.request.headers[“User-Agent”])“’ mills.io.log-au | while IFS=$’ ‘ read -r ip uri ua; do asn=”$(geoip -a “$ip”)“; echo “$asn $ip $uri $ua”; done | grep -E ‘^45102.*’ | sort | head
45102 47.251.70.245 /gopher.floodgap.com/0/feeds/democracynow/2015/Oct/14/0 [“Mozilla/5.0 (M … ⌘ Read more

@andros@twtxt.andros.dev Thank you :-)

@andros@twtxt.andros.dev screenshots plz :=!

Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, it’s not a good idea.
However, it’s an AMAZING technology. I want to start playing with it.

(#lcl6bea) @anth@anth 👀
@anth @a.9srv.net 👀 ⌘ Read more

@prologic@twtxt.net 🤣🤣🤣 thanks! I didn’t even notice 😅

@prologic@twtxt.net It seems like the typical problem of an unneutered cat 😂

(#drg7gqq) @lyse@lyse Hmmm 🧐
@lyse @lyse.isobeef.org Hmmm 🧐 ⌘ Read more

@prologic@twtxt.net That boycott didn’t last very long, eh!?

Yeah, sounds like another hype train arriving at the station.

@doesnm@doesnm.p.psf.lt I’ll let you know once it reaches a point where it might be barely usable by someone else than myself. There are long ways to go, though. Right now, you don’t wanna even look at it. :-)

Thinking about trying tt. If it really usable i will abandon twtxtdon (service to read twtxt feeds from mastodon client), which currently has only authorization implemented

(#r7cg2xa) @movq@movq fuck 🤣
@movq @www.uninformativ.de fuck 🤣 ⌘ Read more

**(#xbiyfxq) * 185325d - (HEAD -> master) edge: Ban Alibaba (38 seconds ago) <James Mills>

fark me 🤦‍♂️ Alibaba, CN has been hitting m …**
* 185325d - (HEAD -> master) edge: Ban Alibaba (38 seconds ago) <James Mills>

fark me 🤦‍♂️ Alibaba, CN has been hitting my Gopher proxy quite hard as well. Fuck’n hell! 🔥 ⌘ Read more

(#xbiyfxq) * 8a77b64 - (HEAD -> master) edge: Ban Google's ASN (21 seconds ago) <James Mills>
* 8a77b64 - (HEAD -> master) edge: Ban Google's ASN (21 seconds ago) <James Mills> ⌘ Read more

It would appear that Google’s web crawlers are ignoring the robots.txt that I have on https://git.mills.io/robots.txt with content:

User-agent: *
Disallow: /

Evidence attached (see screenshots): – I think its the the Small Web community band together and file a class action suit(s) against Microsoft.com Google.com and any other assholes out there (OpenAI?) that violate our rights and ignore requests to be “polite” on the web. Thoughts? 💭

**It would appear that Google’s web crawlers are ignoring the robots.txt that I have on https://git.mills.io/robots.txt with content:

User- ...**
It would appear that Google’s web crawlers are ignoring the `robots.txt` that I have on [https://git.mills.io/robots.txt](https://git.mills.io/robots.txt) with content:

User-agent: *
Disallow: /

”`

Evidence attached ( see screenshots): – I think its the the Small Web com … ⌘ Read more”`

I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome …
I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your device’s password ( i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now there’s no Password being transmitted, stored or presented to G … ⌘ Read more

Our stupid fucking 🤬 cat 🐱 keeps pissing 🚽 everywhere in our house 🏠
Our stupid fucking 🤬 cat 🐱 keeps pissing 🚽 everywhere in our house 🏠 ⌘ Read more

I’m continuing my tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don’t wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.

The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.eu’s TwtxtReader, I’m not able to include the original timestamp, though. I don’t have it in its original form in the database. :-/

Next up is a URL view.

@movq@www.uninformativ.de That’s what I immediately thought as well. :-D @eapl.me@eapl.me Unfortunately, no fancy buttons. What does your model do?

(#keigmrq) @lyse@lyse Ouch 🤕
@lyse @lyse.isobeef.org Ouch 🤕 ⌘ Read more

(#o2aamwq) @sorenpeter@sorenpeter Nice 😊
@sorenpeter @darch.dk Nice 😊 ⌘ Read more