@lyse@lyse.isobeef.org Thanks!
@stigatle@yarn.stigatle.no Yeah, the sudden drop makes it feel worse than it is. It made me wear a beanie and gloves on my bike ride on Friday evening. In a few weeks I consider the same temperatures not an issue anymore, maybe even nicely warm. ;-) The body is fairly quick to adopt, but not that fast.
I just saw that we’re supposed to hit 19°C mid next week again. Let’s see.
@off_grid_living@twtxt.net Oh dear, what an epic adventure! Terrible at the time, but hilarious to tell later on. :-D
I do like this photo a lot. It brings up memories of cool scouting trips.
@off_grid_living@twtxt.net Still a bit different, but this reminds me of the rusk boy on the Brandt boxes which is kinda iconic over here: https://cdn.idealo.com/folder/Product/2151/8/2151814/s1_produktbild_max/brandt-der-markenzwieback-225-g.jpg They should switch to this photo. :-)
@off_grid_living@twtxt.net It’s kinda cool to see how small cars were back in the days. Especially the left one looks really tiny.
Happy birthday @prologic@twtxt.net! :-)
@falsifian@www.falsifian.org TLS won’t help you if you change your domain name. How will people know if it’s really you? Maybe that’s not the biggest problem for something with such low stakes as twtxt, but it’s a reasonable concern that could be solved using signatures from an unchanging cryptographic key.
This idea is the basis of Nostr. Notes can be posted to many relays and every note is signed with your private key. It doesn’t matter where you get the note from, your client can verify its authenticity. That way, relays don’t need to be trusted.
@falsifian@www.falsifian.org One of the nice things I think is that you can almost assuredly trust that the hash is a correct representation of the thread because it was computed via our content, addressing in the first place, so all you need to do yes copy it 👌
@falsifian@www.falsifian.org I agree completely about backwards compatibility.
Well, we can’t have it both ways! 😅 Should we assume twtxt are read by clients, and not worry about something humans won’t see? 🤭
@falsifian@www.falsifian.org Yeah that’s why we made them short 😅
@prologic@twtxt.net Brute force. I just hashed a bunch of versions of both tweets until I found a collision.
I mostly just wanted an excuse to write the program. I don’t know how I feel about actually using super-long hashes; could make the twts annoying to read if you prefer to view them untransformed.
@falsifian@www.falsifian.org I think I wrote a very similar program and go myself actually and you’re right we do have to change the way we encode hashes.
@falsifian@www.falsifian.org All very good points 👌 by the way, how did you find two pieces of content that hash the same when taking the last N characters of the base32 and coded hash?
@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.
Imagine I found this twt one day at https://example.com/twtxt.txt :
2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup
and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to
2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory
which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)
That’s what I meant by “spoofing” in an earlier twt.
I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.
Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.
Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.
@off_grid_living@twtxt.net Aww thanks! 🤗
There are certainly improvements that can be made to this tool.🤞
And here the Tommos camp with Mum and Dad in the trailor at Myall Lakes.
Boy I could tell you some stories here, like the time we got dozens of spiders all in the tent one night, and the time Dad yelled to Bob to get the red belly black snake that crawled over Brains sleeping bag. Up I jump grab a shovel and cut the head off. silly me !! We camped out with all our partners too.
Karen was treated like family with the 5 siblings and Mum and Dad. It was a great time. Happy camping James on your birthday!
Here is a picture of me aged 1 yr in a bucket at Muttabun Sheep Station, a place near Goodooga in NSW.
This is what the old house at Sunshine looked at the back steps, demolished and changed by dad.
The picture is Grandma Thompson and Grandad Thompson, very special people to me.
And here is James with Emily as a very young boy
And this is a picture of James a few months old taken with all family making you a fifth generation with all family still alive
1 Great grandma Lacey aged 92
2 Nana Strong (holding James)
3 My Mum
4 Karen
5 James
Not too many can post something like this.
Here is a picture of Sunshine House in 1970, I am the tallest one at the back. The house got a new roof and some more bedrooms before you lived here after Belmont Hospital.
This message was posted at 4:24 AM. For my Son who is a night owl and I am an early riser, you would still be asleep. Many happy returns of the day !
Happy Birthday my Son, I guess you are still camping and celebrating your special day with family.
You were born on a Wednesday on 15 September 1982 at Belmont Hospital, which is a lovely low set place outside Newcastle, as you were brought home to live with my Mum and Dad at Sunshine in our first few months as a married couple, at Sunshine near Morriset NSW. Enjoy your special day.
@lyse@lyse.isobeef.org brr, we have the same here. Starting to get cold riding motorcycle to work in the morning.
@prx@si3t.ch I haven’t messed with rdomains, but still it might help if you included the command that produced that error (and whether you ran it as root).
They’re in Section 6:
Receiver should adopt UDP GRO. (Something about saving CPU processing UDP packets; I’m a but fuzzy about it.) And they have suggestions for making GRO more useful for QUIC.
Some other receiver-side suggestions: “sending delayed QUICK ACKs”; “using recvmsg to read multiple UDF packets in a single system call”.
Use multiple threads when receiving large files.
The missing context makes it kind of hard to follow.
HTTPS is supposed to do [verification] anyway.
TLS provides verification that nobody is tampering with or snooping on your connection to a server. It doesn’t, for example, verify that a file downloaded from server A is from the same entity as the one from server B.
I was confused by this response for a while, but now I think I understand what you’re getting at. You are pointing out that with signed feeds, I can verify the authenticity of a feed without accessing the original server, whereas with HTTPS I can’t verify a feed unless I download it myself from the origin server. Is that right?
I.e. if the HTTPS origin server is online and I don’t mind taking the time and bandwidth to contact it, then perhaps signed feeds offer no advantage, but if the origin server might not be online, or I want to download a big archive of lots of feeds at once without contacting each server individually, then I need signed feeds.
feed locations [being] URLs gives some flexibility
It does give flexibility, but perhaps we should have made them URIs instead for even more flexibility. Then, you could use a tag URI,
urn:uuid:*
, or a regular old URL if you wanted to. The spec seems to indicate that theurl
tag should be a working URL that clients can use to find a copy of the feed, optionally at multiple locations. I’m not very familiar with IP{F,N}S but if it ensures you own an identifier forever and that identifier points to a current copy of your feed, it could be a great way to fix it on an individual basis without breaking any specs :)
I’m also not very familiar with IPFS or IPNS.
I haven’t been following the other twts about signatures carefully. I just hope whatever you smart people come up with will be backwards-compatible so it still works if I’m too lazy to change how I publish my feed :-)
edit: […] have an unjustified* […]
@prologic@twtxt.net 🤯 HOLLY! … I’m definitely adding this to my Jenny’s publish_command
script!! THANK YOU! Now my website has TWO pages instead of just a boring one 😂
@prologic@twtxt.net does it renders threads nicely, or is it a straight, flat, timeline.
@prologic@twtxt.net Will try it right away!
@aelaraji@aelaraji.com Have you considered https://git.mills.io/yarnsocial/twtxt2html
@sorenpeter@darch.dk !! I freaking love your Timeline … I kind of have an justified PHP phobia 😅 but, I’m definitely thinking about giving it a try!
/ME wondering if it’s possible to use it locally just to read and manage my feed at first and then maybe make it publicly accessible later.
Ta, @bender@twtxt.net! Correct, apart from resizing, no further processing on my end. That’s just the Japanese sunset photo engineer’s magic. :-) In all it’s original glory (3.2 MiB): https://lyse.isobeef.org/abendhimmel-2024-09-13/02.JPG
@off_grid_living@twtxt.net Looks like you’re describing a captcha. They do not really work. Bots seem to solve them, too.
@movq@www.uninformativ.de Thanks! Yeah, one week for autumn and spring must be enough. Or so the weather thinks. Looks like there is only on or off.
Because it needs to be seeing bigger!
@lyse@lyse.isobeef.org pretty cool! No processing, those are the colours the camera saw, right? Amazing!
@prologic@twtxt.net Hey, Best wishes! Have fun! 🥳
@prologic@twtxt.net Oh, that’s a lovely campfire! Seeing them always makes me smile. Enjoy your time in nature with your loved ones.
Cool sunset when I went to the scouts: https://lyse.isobeef.org/abendhimmel-2024-09-13/
you can just have a web address.. i added mine.. though i think they have changed up the protocol so my key doesn’t seem to work anymore. https://key.sour.is/id/me@sour.is
Now the wait starts. 😩😂