here are a few ideas you might take into consideration when designing a secure IM https://developer.virgilsecurity.com/docs/e3kit/fundamentals/secure-instant-messaging/

Obviously if you’ve worked on something similar, you already know it, he

I made a draft of an “encrypted public messenger”, which was basically a Feed for an address derivate from the public ket, let’s say ‘abcd..eaea’

Anyone could check, “are there any messages for my address?” and you get a whole list of timestamps and encrypted stuff.

Inside the encrypted message is a signature from the sender. That way you ‘could’ block spam.

Only the owner of the private key could see who sent what, and so…

And even with that my concussion was that users expectations for a private IM might be far away from my experiment.

another one would be to allow changing public keys over time (as it may be a good practice [0]). A syntax like the following could help to know what public key you used to encrypt the message, and which private key the client should use to decrypt it:

!<nick url> <encrypted_message> <public_key_hash_7_chars>

Also I’d remove support for storing the message as hex, only allowing base64 (more compact, aiming for a minimalistic spec, etc.)

[0] https://www.brandonchecketts.com/archives/its-2023-you-should-be-using-an-ed25519-ssh-key-and-other-current-best-practices

my first thought is that encrypting messages with Elliptic keys is not as easy as with RSA, although I tried doing something similar a few months ago with ECIES
https://github.com/eapl-gemugami/owl/blob/main/src/app/controller/ecies_demo.php

interesting idea. I’m not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.

I’d suggest to enable the Discussion section in your Github repo to receive comments, as we did for timeline https://github.com/sorenpeter/timeline/discussions

although I agree that it helps, I don’t see completely correct to leave the nick definition to the source .txt. It could be wrong from the start or outdated with the time.

I’d rather prefer to get it from the mentioned .txt nick metadata (could be cached for performance).
So my vote would to make it mandatory to follow @<name url> but only using that name/nick if the URL doesn’t contain another nick.
A main advantage is that when the destination URL changes the nick, it’ll be automagically updated in the thread view (as happens with some other microblogging platforms, following the Jakob’s Law)

word of the thay, prosoal
Is it a typo of Proposal right? =P (Genuinely asking)

nice! would you mind elaborating a bit?
Is that the scientific method?
I couldn’t find anything related when I searched for it.

If you want a problem solved, you give it to someone as a project. If you don’t want a problem to be solved, you give it to someone as a job

Why you shouldn’t build your career around existential risk
https://guzey.com/existential-risk/

Django channels are cool! I had the chance to make a online gaming framework with Channels and Django Rest and was a great experience.

I’m looking forward to doing something in Django LiveView soon.

and going back to a handle you could input in your client to look for the user/file, like @nick@domain.tls I think Webfinger is the way to go. It has enough information to know where to find that nick’s URL.

@prologic@twtxt.net does that webfinger fork made by darch work OK with yarn as it is now? (I’ve never used it, so I’m researching about it)
https://darch.dk/.well-known/webfinger/

Oh no!
Wife and I agreed on hibernate until January, just visiting relatives but avoiding any kind of shopping. I tried buying something like 2 or 3 days ago and it’s insane :o

Good luck! :)

I’m just having a similar issue with a podcast I just uploaded on Castopod (which supports ActivityPub).

My first thought was creating a subdomain with the name of the podcast mordiscos.eapl.me

Then I watched that the software allows many podcasts in the same domain, so I had to pick a handle:
https://mordiscos.eapl.me/@podcast

So now I have @podcast@mordiscos.eapl.me when this one is ‘more correct’ @mordiscos@podcast.eapl.me or it could even be @mordiscos.eapl.me
I wasn’t aware of all that when I setup Castopod (documentation might improve a lot, IMO)

My point here is that it’s something important to think from the start, otherwise is painful to change if it’s already being used like that.

my 2 cents here…
I agree on displaying a short @nick.

We could hover on the nick to see the full detail which could be @nick@domain.tls or the full URL
Also it could be a display option in Preferences in case your account starts showing many collisions.

The disambiguation for collisions is the .txt URL and the nick inside it, right ?

BTW I’m watching that darch has already worked on that, interesting https://github.com/sorenpeter/timeline/blob/main/_webfinger-endpoint/.well-known/webfinger/index.php

hey!

I think we could discuss on implementation details like URLs and Handles.

@nick@nick (Masto/Yarn style)
vs
@nick.eapl.me and @eapl.me (Bsky style)

I see, for example, that yarn shows my account as @eapl.me@eapl.me which looks ‘weird’ although it’s not wrong since my domain and my nick are the same. Honestly I like more the Bsky approach as in https://bsky.app/profile/eapl.me for @eapl.me, as when you look for https://eapl.me, it’s my home page.

Also, I didn’t get it completely if you are also proposing a URL standard using subdomains, like https://nick.domain.tls. I only want to point out that these are more difficult to handle from shared hostings, so I’d prefer to also allow https://domain.tls/nick/

after thinking and researching about it, yep, I agree that WebFinger is a good idea.

For example reading here: https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
I wasn’t considering some scenarios, like multiple accounts for a single domain (See ‘How can I set and manage multiple subdomain handles?’ in the link above)

since twtxt is based on text files, I think you can consider @domain.tld as an alias of http://domain.com/twtxt.txt (or https://domain.com/tw.txt, among other combinations in the wild).

Or perhaps you can use DNS TXT records?
Although I think that’s a bit more complicated for some environments and users, I’d go with looking for a default /tw*.txt

An inspiring book on making a life around IT security

Troy Hunt: “Pwned”, The Book, Is Now Available for Free
https://www.troyhunt.com/pwned-the-book-is-now-available-for-free/

haha, that’s gold xD.

#randomMemory I remember when I was starting to code, like 30 years ago, not understanding why my Basic file didn’t run when I renamed it to .exe

And nowadays, I’ve seen a few Go apps in a single executable, so twtxt.exe could be a thing, he!

I’ll be using another URL for this twtxt.

The older one will redirect to the new for a while (I’m not sure what would happen if you follow both URLs, I assume it’s better to add the new one and remove the older)

Please update your following list to https://eapl.me/tw.txt !

@anth hehe, cool!

I’m changing mine to tw.txt -> https://eapl.me/tw.txt
And the older twtxt.txt will be redirecting for a while

well, the extension helps to know the file format as in .txt and .html, perhaps .twt, he!

Want to help improve the shoddy code?

Hehe, although it isn’t a fancy language PHP has improved a lot since the old PHP 5 days ¯_(ツ)_/¯ It’s 3 to 5 times slower than Go, so I think that’s not too bad

My bad! My editor was set to use 4 spaces instead of a tab… Making twts by hand is hard =P

Also I’m thinking on adding support for If-Modified-Since since it’ll improve the refreshing process 🤔

Hey! I tried running Timeline on my server with the default PHP version (8.3) and it’s giving me a few errors https://eapl.me/timeline/ I should be sending a PR soon to fix it ;)

Thanks @lyse@lyse.isobeef.org! I’m replying here https://text.eapl.mx/reply-to-lyse-about-twtxt

Damn, it’s certainly broken. Thank you for letting me know! I’m editing my .txt file by hand, and it seems WinSCP editor doesn’t support that character and replaced them all =/

Hehe, thank you guys, I’m still alive :)

I’ve been thinking of a few improvements for the next generation of twtxt spec, let me know if these are useful or interesting :) https://text.eapl.mx/a-few-ideas-for-a-next-twtxt-version