@xuu@txt.sour.is @prologic@twtxt.net This? Fingerprint: 161c614f08e4ed4d1c8e5410f8c457e6878574dbab7c9ac25d474de67db1bdad

@prologic@twtxt.net I use https://key.sour.is/id/me@sour.is

I would need an out-of-band way to verify your public key’s fingerprint though 🤣

@prologic@twtxt.net I use https://key.sour.is/id/me@sour.is

I would need an out-of-band way to verify your public key’s fingerprint though 🤣

@prologic@twtxt.net Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.

@prologic@twtxt.net Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.

@prologic@twtxt.net

Can we not have clients sign their own public keys before listing them on their Pod’s account?

Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.

@prologic@twtxt.net

Can we not have clients sign their own public keys before listing them on their Pod’s account?

Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.

WEBMENTION: @xuu@txt.sour.is on https://twtxt.net/twt/raylsra

@pbatch@pbat.ch I had that happen to me too a couple times! I kept thinking it was my isp or something. i had to run the command a couple times to see everything

@lucidiot@tilde.town BEST SATURDAY

@prologic@twtxt.net def would be a wider discussion on preventing the pod from adding its own key to a users device list. Or using device keys to authenticate instead of user/pass.

@prologic@twtxt.net def would be a wider discussion on preventing the pod from adding its own key to a users device list. Or using device keys to authenticate instead of user/pass.

@prologic@twtxt.net pod should probably track revocation of device keys and delete the encryptedkeys that are paired with revoked keys

@prologic@twtxt.net pod should probably track revocation of device keys and delete the encryptedkeys that are paired with revoked keys

@prologic@twtxt.net device gets the cypertext and uses it’s device key to decrypt one of the keys and then decrypts the cypertext.

@prologic@twtxt.net device gets the cypertext and uses it’s device key to decrypt one of the keys and then decrypts the cypertext.

@prologic@twtxt.net sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.

@prologic@twtxt.net sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.

@prologic@twtxt.net for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.

@prologic@twtxt.net for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.

@prologic@twtxt.net 👋 I can take a stab at it when I am done with the changes I am working on.

@prologic@twtxt.net 👋 I can take a stab at it when I am done with the changes I am working on.

@prologic@twtxt.net my bad.. my next one is more fun.

@prologic@twtxt.net my bad.. my next one is more fun.

WEBMENTION: @xuu@txt.sour.is on https://twtxt.net/twt/xkpbn6a

@xuu@txt.sour.is Just saw your PR, Thanks! I think I’ve covered that change already in master 😀

@prologic@twtxt.net I see.. so using an ec25519 key as identity? and some kind of certificate to define the location of a feed? or maybe a DHT like Kademlia? TwTorrent ;)

@prologic@twtxt.net I see.. so using an ec25519 key as identity? and some kind of certificate to define the location of a feed? or maybe a DHT like Kademlia? TwTorrent ;)

@prologic@twtxt.net kinda like how MX records work.

@prologic@twtxt.net kinda like how MX records work.

@prologic@twtxt.net My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..

I have an idea of using something like SRV records where they can define weighted url endpoints to reach.

@prologic@twtxt.net My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..

I have an idea of using something like SRV records where they can define weighted url endpoints to reach.

@prologic@twtxt.net just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it’s just not store anyplace?

also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.

@prologic@twtxt.net just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it’s just not store anyplace?

also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.

@prologic@twtxt.net when i get the code up to a shareable level ill ping with what i have.

@prologic@twtxt.net when i get the code up to a shareable level ill ping with what i have.

@prologic@twtxt.netd so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

type Twt interface {
	Twter()        Twter
	Text()         string
	MarkdownText() string
	Created()      time.Time
    ... 
}

@prologic@twtxt.netd so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

type Twt interface {
	Twter()        Twter
	Text()         string
	MarkdownText() string
	Created()      time.Time
    ... 
}

@prologic@twtxt.net yeah I do.

It seems a bit wonky that it imports from your packages in some places. I’m guessing that’s some legacy bits that need updates?

@prologic@twtxt.net yeah I do.

It seems a bit wonky that it imports from your packages in some places. I’m guessing that’s some legacy bits that need updates?

@prologic@twtxt.net I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for ParseFile

Kinda wish types.Twt was an interface. it’s sooo close.

@prologic@twtxt.net I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for ParseFile

Kinda wish types.Twt was an interface. it’s sooo close.

@lyxal@twtxt.net @prologic@twtxt.net yah. the service can have a flag for allowing non-TLS for development. but by default ignores.

are there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔

@lyxal@twtxt.net @prologic@twtxt.net yah. the service can have a flag for allowing non-TLS for development. but by default ignores.

are there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔

My latest work over the last few days. a twtxt parser. so far looking promising. Faster and less memory than the regex version. 😁

My latest work over the last few days. a twtxt parser. so far looking promising. Faster and less memory than the regex version. 😁

@prologic@twtxt.net @lyxal@twtxt.net blocking http would be a good start

@prologic@twtxt.net @lyxal@twtxt.net blocking http would be a good start

dither waves #shaders #GLSL #shadertoy - https://www.shadertoy.com/view/tdGBz3

Image

Image

@admin @lyxal@twtxt.net hax?

@admin @lyxal@twtxt.net hax?

with some scripting, I could probably use my upcoming !weewiki !zettelkasten as a drop-in replacement for !twtxt, and then generate the twtxt file. however, I think I am going to keep them separate for the time being. let them both grow to serve different purposes.

@prologic@twtxt.net ❤️

@prologic@twtxt.net ❤️

WEBMENTION: @xuu@txt.sour.is on https://twtxt.net/twt/nuwjdna

@prologic@twtxt.net an added benefit of the avatar: would be the user could put their gravatar/libravatar image url like https://key.sour.is/avatar/01bc6186d015218c23dec55447e502e669ca4c61c7566dfcaa1cac256108dff0

@prologic@twtxt.net an added benefit of the avatar: would be the user could put their gravatar/libravatar image url like https://key.sour.is/avatar/01bc6186d015218c23dec55447e502e669ca4c61c7566dfcaa1cac256108dff0

@prologic@twtxt.net Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.

@prologic@twtxt.net Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.

New Blog Post Test Blog by @xuu@txt.sour.is 📝

New Blog Post Test Blog by @xuu@txt.sour.is 📝

FOLLOW: @xuu@txt.sour.is from @vain@www.uninformativ.de using twtrd/latest

@hecanjog@hecanjog.com has a twtxt feed yay

@lyxal@twtxt.net @prologic@twtxt.net if we edit the txt file does it update on web?

@lyxal@twtxt.net @prologic@twtxt.net if we edit the txt file does it update on web?

@prologic@twtxt.net the HKP is http keyserver protocol. it’s what happens when you do gpg --send-keys

makes a POST to the keyserver with your pubkey.

@prologic@twtxt.net the HKP is http keyserver protocol. it’s what happens when you do gpg --send-keys

makes a POST to the keyserver with your pubkey.

@prologic@twtxt.net looking through the drafts it looks like it actually used SRV records as recently as 2018 😵

@prologic@twtxt.net looking through the drafts it looks like it actually used SRV records as recently as 2018 😵

@prologic@twtxt.net Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.

it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>

@prologic@twtxt.net Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.

it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>

@xuu@txt.sour.is With SRV you can set what hostname to be used (and port/priority/etc)

@xuu@txt.sour.is With SRV you can set what hostname to be used (and port/priority/etc)

@xuu@txt.sour.is Not too happy with WKD’s use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the RFC..

@xuu@txt.sour.is Not too happy with WKD’s use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the RFC..

My twtxt feed is now also part of https://github.com/jointwt/we-are-twtxt :-)

@prologic@twtxt.net also :)

@prologic@twtxt.net also :)

@adi @prologic@twtxt.net One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.

@adi @prologic@twtxt.net One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.

@prologic@twtxt.net @twtxt@txt.sour.is I have noticed that I will get some duplicate web mention notifications. some kind of dedup would be helpful.

@prologic@twtxt.net @twtxt@txt.sour.is I have noticed that I will get some duplicate web mention notifications. some kind of dedup would be helpful.

Trying out twtxt..

WEBMENTION: @xuu@txt.sour.is on https://twtxt.net/twt/c7g6dpq

@prologic@twtxt.net (#gqg3gea) ha yeah. COVID makes for a timey-wimey mish-mash. Worked on some WKD and fought with my XMPP client a bit.

@prologic@twtxt.net (#gqg3gea) ha yeah. COVID makes for a timey-wimey mish-mash. Worked on some WKD and fought with my XMPP client a bit.

@prologic@twtxt.net Herro! 👋

@prologic@twtxt.net Herro! 👋

@prologic@twtxt.net well nice chat. it’s off to bed for me.

@prologic@twtxt.net well nice chat. it’s off to bed for me.

@prologic@twtxt.net do you think twt will ever add ActivityPub integration?

@prologic@twtxt.net do you think twt will ever add ActivityPub integration?

@prologic@twtxt.net Yep! installed it yesterday. I like the simplicity of twt. I am quite happy with how little memory the pod seems to use. Mastodon and the “lightweight” Pleroma don’t work well in small VMs.

@prologic@twtxt.net Yep! installed it yesterday. I like the simplicity of twt. I am quite happy with how little memory the pod seems to use. Mastodon and the “lightweight” Pleroma don’t work well in small VMs.

@prologic@twtxt.net

That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™

i like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.

@prologic@twtxt.net

That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™

i like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.

@prologic@twtxt.net huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.

@prologic@twtxt.net huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.

@xuu@txt.sour.is @prologic@twtxt.net something that would be interesting would be libravatar for the user image. i made one that does the same for a profile cover image.

@xuu@txt.sour.is @prologic@twtxt.net something that would be interesting would be libravatar for the user image. i made one that does the same for a profile cover image.