So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.
What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:
The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.
The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?
From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.
I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.
# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...
its sad all the links off that page are broken.
↳
In-reply-to
»
This tool, using age is pretty neat: https://github.com/ndavd/agevault. So simple, yet seemingly powerful!
⤋ Read More
@mckinley@twtxt.net agevault uses age, allegedly very secure (aiming to replace pgp/gpg). Comparing it with gocryptfs, from the user perspective, agevault seems simpler, though CLI exclusive. As the repository states, “Like age, it features no config options, allowing for a straightforward secure flow”. It would also run in all major OS platforms out of the box.
But agevault is also very new. Though age has been around for a while now, I don’t see an “audited” link (neither on agevault, nor age).
@bender@twtxt.net Oh look at that, the same problem is still happening on twtxt.net too. I tested a different link but that one gave an error. Maybe that means my pod isn’t behaving different from twtxt.net after all.
↳
In-reply-to
»
There is a bug in
⤋ Read More
yarnd that's been around for awhile and is still present in the current version I'm running that lets a person hit a constructed URL like
@prologic@twtxt.net I believe you are not seeing the problem I am describing.
Hit this URL in your web browser:
https://twtxt.net/external?nick=lovetocode999&uri=https://socialmphl.com/story19510368/doujin
That’s your pod. I assume you don’t have a user named lovetocode999 on your pod. Yet that URL returns HTTP status 200, and generates HTML, complete with a link to https://socialmphl.com/story19510368/doujin, which is not a twtxt feed (that’s where the twtxt.txt link goes if you click it). That link could be to anything, including porn, criminal stuff, etc, and it will appear to be coming from your twtxt.net domain.
What I am saying is that this is a bug. If there is no user lovetocode999 on the pod, hitting this URL should not return HTTP 200 status, and it should definitely not be generating valid HTML with links in it.
Edit: Oops, I misunderstood the purpose of this /external endpoint. Still, since the uri is not a yarn pod, let alone one with a user named lovetocode999 on it, I stand by the belief that URLs like this should be be generating valid HTML with links to unknown sites. Shouldn’t it be possible to construct a valid target URL from the nick and uri instead of using the pod’s /external endpoint?
《黑神话:悟空》都有哪些隐藏道具、Boss、剧情、地图?
来做个我所知的,全部的隐藏地图+boss+剧情梳理
目前一周目通关,刚开二周目,成就70/81。
另外,我会使用游民星空制作的互动地图进行截图,感兴趣的也可以直接去看。
黑神话悟空全收集互动地图_提供黑悟空全土地庙、妖王BOSS等点位信息
一、第一章·黑风山 1、隐藏地图黑风山有一张隐藏地图:隐·观音禅院。
开启方式是敲响地图上的三口钟,分别在“广智”、“广谋”、“白衣秀士”三个boss附近,具体如图。
原版地址: https://preview.drivethrurpg.com/en/product/282898/fateforge-spellcaster-s-guide…
刚上大学,啥也不会,周末风度翩翩的学长带着大家玩,最简单的地图天府之国,拿了个农民的称号。学长看了后说你一个兵都不想死还怎么玩?他给我示范了一下,他的称号是精灵弓箭手。这里面人族偏弱,同学常称之为粑粑堡。最好的体验是野外一队游侠或者阿拉丁神灯(属于顶级5级兵)加入你的队伍。一般部队只带4个,留一个空格,这样有几率让野怪加入。印象深刻的兵种是狮鹫,可以无限反击,还有九头蛇,可以群攻打周围一圈敌人,配合传送术效果极佳。只有四个种族,野蛮人,移动不受地形影响。骑士,士气+1。女巫,航海移动力+3。男巫,?
, “Not Now” (cancel), or … [Read More](https://osxdaily.com/2024/ … ⌘ Read more
如果让你来画刘看山,你会画成什么样呢?
下面是这两天画的…怎么说呢…简笔画真好玩儿呀…
不过有一说一,真正的实践给人带来的真切感知足以改变理论上搭建起的假设。
我是一个福瑞控,2023年借《有兽焉》的热播写了一个关于福瑞的理论专栏文章。后来下半年的时候也作为分享学者参与了中数音像协会的一个有关福瑞的分享活动,但是我要说但是,那时候我其实并没有真正去过任何的兽展,我只是凭借自己朴素的对福瑞群体和福瑞动画的感知去完成的文章。
直到2023年12月31日参加了云幽岛福瑞展,亲眼看到了线下兽展的样子,能够亲身摸到那些毛茸茸的兽装,同时能够亲自买下摊位的那些小周边,我的感受出现了非常大的转变,虽然都是正面评价,但正是因为这个亲身性,才让我有了全新的感知,由此形成的两个不同的文章可以看:
[动漫眼 | 《有兽焉》:“于是毛茸茸们能团圆”_思想市场_澎湃新闻-The Paper](//link.zhihu.com/?target=https%3A//www.thepaper.cn/ne … ⌘ Read more
Erlang Solutions: 7 Key Blockchain Principles for Business
Welcome to the final instalment of our Blockchain series. Here, we are taking a look at the seven fundamental principles that make blockchain: Immutability, decentralisation
‘workable’ consensus, distribution and resilience, transactional automation (including ‘smart contracts’), transparency and trust, and links to the external world.
For business leaders, understanding these core principles is crucial in harnessing the potenti … ⌘ Read more
How to Search the Web (Minus AI Junk & Clutter) with Google on Safari for Mac
If you’re a Safari user, as many of us are, you might be interested in actually searching the web with Google and then seeing a list of actual web link results, without seeing any of the new AI junk, video and image recommendations, knowledge panels, related searches, suggested searches, or the other junky clutter that … [Read More](https://osxdaily.com/2024/05/24/search-web-google-no-ai-junk-clutter-saf … ⌘ Read more
How to Search Google Without AI Rubbish & Clutter
Remember when you used to use Google search and it would only return a list of links for web results, letting you easily find what you’re looking for? Google was once the best way to search the web, but as almost all Google users have noticed, the web search engine has become less of an … Read More ⌘ Read more
Blogroll Network Map
Robert Alexander built a pretty cool Blogroll Network Map. Based on scraped blogrolls, it builds and visualizes a map of blogs. It contains almost 500 feeds, a lot to explore for boring days! ⌘ Read more
Docker and JFrog partner to further secure Docker Hub and remove millions of imageless repos with malicious links
Docker and JFrog partner further secure Docker Hub by removing millions of imageless repos with malicious links. ⌘ Read more
Make a Website Your Mac Wallpaper with Plash
A unique third party Mac app allows you to turn any web page, including YouTube videos and links to animated GIFs, into your Mac desktop wallpaper. Sound like fun? Well it definitely is, and depending on how creative you want to be, you can accomplish some really fascinating wallpaper experiences on the Mac with this … Read More ⌘ Read more
The Lunduke Journal gets a little Political!
The Lunduke Journal adds political topics, simplifies subscriptions: https://lunduke.locals.com/post/5514785/the-lunduke-journal-adds-political-topics-simplifies-subscriptions Lunduke Journal Link Central: https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm ⌘ Read more
Myth: “HTML was invented by Tim Berners-Lee”
Full article: https://lunduke.locals.com/post/5499910/myth-html-was-invented-by-tim-berners-lee Lunduke Journal Info: https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm How to support the Lunduke Journal: https://lunduke.locals.com/post/5460921/how-to-support-the-lunduke-journal ⌘ Read more
“If this one guy got hit by a bus, the world’s software would fall apart.”
The Article: https://lunduke.locals.com/post/5477752/if-this-one-guy-got-hit-by-a-bus-the-worlds-software-would-fall-apart Lunduke Journal Link Central: http://lunduke.com How to support The Lunduke Journal: https://lunduke.locals.com/post/5460921/how-to-support-the-lunduke-journal ⌘ Read more
Snikket: Security notice: Snikket not affected by CVE-2024-3094
A security vulnerability was intentionally added to a widely used open-source
project known as ‘xz’. This project is packaged in many operating systems, and
a lot of software depends upon it. The vulnerability has been assigned the
identifier CVE-2024-3094.
Systems with the vulnerable package may allow an attacker to gain unauthorized
access to the system via SSH, if your system’s SSH server was linked to the
affected packages.
Thankfully, the vulne … ⌘ Read more
↳
In-reply-to
»
(#qfge7za) Joplin + Caddy WebDAV over here.
⤋ Read More
its a notebook tool like evernote. @sorenpeter@darch.dk linked it above: https://joplinapp.org/
“Cloudflare loses 22% of its domains in Freenom .tk shutdown”
Reading about Freenom and .tk domains brings back memories: The first domains I registered were free .tk domains because I was too cheap to pay for domains as a high school student and also had no credit card to do so. ⌘ Read more
ooh.directory
Recently, I came across ooh.directory. A blog directory that lists blogs from all sorts of categories. (My blog is listed there, too). ⌘ Read more
See Who Sent You a Link in Safari on iPhone, Mac, iPad
The latest versions of Safari for Mac, iPhone, and iPad, support a handy feature that allows you to quickly identify who sent you a particular link or webpage that you have open in the browser. This ‘sent from’ link feature is useful if you engage in a lot of exchanging of URLs between friends, coworkers, … Read More ⌘ Read more
Microsoft’s Reading Coach
My English pronunciation can be improved — a lot. But now I can use Microsoft’s Reading Coach. This is a new AI tool for practicing reading (in English). ⌘ Read more
https://galusik.fr/fridayrockmetal/big_fridayrockmetal_playlist.m3u Yess, all broken invidious links cleaned up. Enjoy!
Humm, have to clean up all fridayrockmetal playlists because some invidious links are broken. Will replace them with youtuve one and then, build a big playlist that rule them alllll \m/
IOL HAT: Enhancing Smart Sensor Integration for Raspberry Pi and Industrial Applications.
Pinetek Networks is set to launch the IOL HAT on Crowdsupply soon, a versatile solution designed for integrating industrial sensors into single-board computer-based projects, such as the Raspberry Pi. This device facilitates data exchange with smart SDCI sensors and actuators, adhering to the IEC 61131-9 standards, commonly referred to as IO-Link. There will be two [… … ⌘ Read more
Twtxt spec enhancement proposal thread 🧵
Adding attributes to individual twts similar to adding feed attributes in the heading comments.
https://git.mills.io/yarnsocial/go-lextwt/pulls/17
The basic use case would be for multilingual feeds where there is a default language and some twts will be written a different language.
As seen in the wild: https://eapl.mx/twtxt.txt
The attributes are formatted as [key=value]
They can show up in the twt anywhere it is not enclosed by another element such as codeblock or part of a markdown link.
↳
In-reply-to
»
(#fytbg6a) What about using the blockquote format with
⤋ Read More
> ?
@sorenpeter@darch.dk this makes sense as a quote twt that references a direct URL. If we go back to how it developed on twitter originally it was RT @nick: original text because it contained the original text the twitter algorithm would boost that text into trending.
i like the format (#hash) @<nick url> > "Quoted text"\nThen a comment
as it preserves the human read able. and has the hash for linking to the yarn. The comment part could be optional for just boosting the twt.
The only issue i think i would have would be that that yarn could then become a mess of repeated quotes. Unless the client knows to interpret them as multiple users have reposted/boosted the thread.
The format is also how iphone does reactions to SMS messages with +number liked: original SMS
↳
In-reply-to
»
(#fytbg6a) What about using the blockquote format with
⤋ Read More
> ?
I’m also more in favor of #reposts being human readable and writable. A client might implement a bottom that posts something simple like: #repost Look at this cool stuff, because bla bla [alt](url)
This will then make it possible to also “repost” stuff from other platforms/protocols.
The reader part of a client, can then render a preview of the link, which we talked about would be a nice (optional) feature to have in yarnd.
Fix Step Count in Health App Updating Slowly on iPhone
If you’re the type of person who likes to keep track of their daily step count by using iPhone as a step counter, it is frustrating when the iPhone Health app step counter does not update as frequently as you’d like. Additionally, there are some challenges that are linked to specific step counts, and many … Read More ⌘ Read more
Made infamous by former links to the mafia, one of NSW’s biggest wineries is changing hands
Warburn Estate winery, established in 1968 by a man known as the “don of dons”, is sold to a family business best known for processing orange juice. ⌘ Read more
Seeing a video like this from Jeff Geerling about the MNT Reform Laptop, I am both amazed and puzzled. It’s probably a cool project to work on such an open hardware and source project as a hobby. And it’s great that there’s still the alternative to proprietary hardware. But has this any other use than just being a toy for people that have more than a thousand bucks to spend on such a thing? Especially given that it’s the opposite of powerful. Thinking about it more, the only thing that comes to mind are people wh … ⌘ Read more
Cost-efficient $39.90 Travel Router with Dual GbE Ports and Flexible Storage Options
Recently, SeeedStudio introduced the LinkStar-H28K-0408, a compact, pocket-sized router that offers advanced connectivity options. This device is equipped with Dual Gigabit Ethernet ports for high-speed internet access and includes a versatile USB Type-C port with Power Delivery support, enhancing its usability and convenience for various applications. Differing from the LinkS … ⌘ Read more
How to Delete a Threads Account Without Leaving Instagram
When Threads debuted from Meta (FaceBook), it was intricately linked to Instagram, and initially when you went to delete or deactivate a Threads account, it had the unfortunate side effect of also deleting the related Instagram account. But that is no longer the case. Now you can choose to delete a Threads account without impacting … [Read More](https://osxdaily.com/2023/12/31/how-to-delete-a-threads-account-without-le … ⌘ Read more
Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
The post Securing our home labs: Frigate code review appeared first on The GitHub Blog. ⌘ Read more
Lunduke Journal prices going up (to match inflation)
All the details in the video – changes happening on January 1st. How to grab a Lifetime or Yearly Triple Pass: https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm Or grab a Monthly or Standard Yearly subscription here: https://lunduke.locals.com/support ⌘ Read more
“HTML compression on popular websites”
Danny van Kooten did an interesting experiment and checked the top 10 thousand websites whether they are compressing their HTML. About 8% of them do not apply any kind of compression, resulting in many terabytes of unnecessary transmitted data, not helping to save energy. ⌘ Read more
Okokok, I added my twtxt link on my sites social media icon section
I just realised my redirection on oh.mg shows me as link.storjshare.io so I fixed that