@arne@uplegger.eu Hi! I love that youāre implementing it! Maybe, when weāre both done, we could test the clients by communicating both.
I donāt think Iām going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as Iād like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But Iām not able to answer your questions, sorry.
Iām invoking the commands directly, without any libraries in between. Maybe that would help you?
@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will
- use the content of
shared_key.binas password
- use
PBKDF2with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
- use the
PBKDF2generated key for anaes-256-cbcencryption
The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....
With a dummy script I now can generate a valide shared key within PHP āopenssl_pkey_derive()ā - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.
Question:
- Is the salt, used by
aes-256-cbcandPBKDF2the same, prepended in the encrypted data?
- Witch algorithm/cipher is used within
PBKDF2: sha1, sha256, �
- What is the desired key length of
PBKDF2(https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
To be continued ā¦
oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM Iām using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt
oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM Iām using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

Love my new shed, getting ready to retire
@lyse@lyse.isobeef.org call the @ call the @yarn_police@twtxt.net! š
@arne@uplegger.eu
If I keep the ānonceā, I can decrypt a message with the shared key, like in the direct message specs.
But that is not how it should work. š
@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require ānonceā or āinitialization vectorā on one or the other side. In addition, the āmagic numbersā (āSalted__ā) were not consistent in my tests.
@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasnāt so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.
I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes ⦠itās just bad overall and much easier/better to rent a VPS. š«¤
hey @lyse@lyse.isobeef.org Iāve seen your mention from uhhmmm 4months ago just now using my crawler -__-ā / curious to know, do you see my mention now? #meta #twtxt
hey @lyse@lyse.isobeef.org Iāve seen your mention from uhhmmm 4months ago just now using my crawler -__-ā / curious to know, do you see my mention now? #meta #twtxt
Thanks, @falsifian@www.falsifian.org! Iāll definitely start with the latter one then. Letās see how far I make it. :-)
@falsifian@www.falsifian.org Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.
@prologic@twtxt.net Holly, didnāt know bots and crawlers could do comedy now⦠they shouldāve added āDave Chappelle/69.420ā to their UA.
@prologic@twtxt.net Iām speculating, but if I had to guess Iād say itās probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic⢠⦠you could try with a different password manager to avoid said scenario.
Also, passkeys UX sucks.
@lyse@lyse.isobeef.org I donāt remember exactly. They might have been growing all winter. The trick is to have a badly insulated extension to the house.
@falsifian@www.falsifian.org Hahaha, thatās sick, I love it! :-D I envy you a bit. On the other hand, I have to admit Iām glad that I donāt have to chisel down giant blocks of ice from the house.
@lyse@lyse.isobeef.org I am a big fan of āobviousā math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . Itās written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .
@falsifian@www.falsifian.org Mate, what an amazing video, holy cow! :-D We only get complete jokes of icicles compared to what you had there ealier today. Itās a giant wall. For how many days did that grow on your roof?
@lyse@lyse.isobeef.org Still melting! 
@falsifian@www.falsifian.org Oh, thatās neat! Interesting how āobviouslyā isnāt all that obvious at all, even to the contrary. I reckon I have to read up on that subject on the weekend. :-)
I like how Ianās and your photo complement each other, winter and summer join forces for something special. :-)
@falsifian@www.falsifian.org Wooooaaaahhh! That is BY FAR the biggest icicle Iāve ever seen. Really cool! :-) How long did it take to melt in your sink? The video download is still dripping in, looking forward to that.
twtxt, the microblogging for hackers and friends...
@eapl.me@eapl.me I couldnāt care less about ActivityPub, but twtxt is the thing for hackers by design. Thatās the appealing part for me, personally. I actually do enjoy that not everybody and their dogs are here. :-)
@thecanine@twtxt.net I agree!
@movq@www.uninformativ.de @prologic@twtxt.net I donāt know, I donāt see this happening all that often. Very rarely. The problem I encounter much more often is that tech folks are blindly adopting every new hype without thinking the slightest bit what the consequences might be.
But maybe that also means Iām one of these ātold you soā guys. Not sure.
Today is an important day. We have a new extension: Direct message šŖšØļøšš„³ā¤ļø
https://twtxt.dev/exts/direct-message.html
#twtxt
@sorenpeter@darch.dk Sorry, I realized that shortly after posting. Hereās another attempt to post the images:

@eapl_en@eapl.me Good idea
4, but I like the idea of @eapl_en@eapl.me
What would you like the new twtxt logo to be?
Comments: https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18960

What would you like the new twtxt logo to be?

@prologic@twtxt.net All the URL are missing the protocol part (https://) and my markdown parser does not know how to handle but I see yarnd does it just fine.
@falsifian@www.falsifian.org
it look like your markdown image tags are missing the protocol part (https://) so they donāt render at least on my server: https://darch.dk/timeline/conv/3vtnszq
robots.txt that I have on https://git.mills.io/robots.txt with content:
@prologic@twtxt.net Have you tried Googleās robots.txt report? https://support.google.com/webmasters/answer/6062598?hl=en . I would expect Google to be pretty good about this sort of thing. If you have the energy to dig into it and, for example, post on support.google.com, Iād be curious to hear what you find out.
Something interesting to think about for twtxt, the microblogging for hackers and friendsā¦
The biggest challenge of ActivityPub is that itās too technical to easily explain to regular people. Nobody is interested in a jargon-laden diatribe about servers and federation. When simple questions have overly complex answers, people tend to switch off.
https://activitypub.ghost.org/your-thoughts-on-onboarding/
@bender@twtxt.net @prologic@twtxt.net the markdown list in #jr6ywrq is a ālooseā list, e.g. https://github.com/erusev/parsedown/issues/474#issuecomment-280874843
My markdown parser (parsedown PHP) renders the list with p-tags also.
@andros@twtxt.andros.dev Thank you :-)
@andros@twtxt.andros.dev screenshots plz :=!
Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, itās not a good idea.
However, itās an AMAZING technology. I want to start playing with it.
@prologic@twtxt.net š¤£š¤£š¤£ thanks! I didnāt even notice š
@prologic@twtxt.net It seems like the typical problem of an unneutered cat š
@prologic@twtxt.net That boycott didnāt last very long, eh!?
Yeah, sounds like another hype train arriving at the station.
tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don't wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.
@doesnm@doesnm.p.psf.lt Iāll let you know once it reaches a point where it might be barely usable by someone else than myself. There are long ways to go, though. Right now, you donāt wanna even look at it. :-)
tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don't wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.
Thinking about trying tt. If it really usable i will abandon twtxtdon (service to read twtxt feeds from mastodon client), which currently has only authorization implemented
It would appear that Googleās web crawlers are ignoring the robots.txt that I have on https://git.mills.io/robots.txt with content:
User-agent: *
Disallow: /
Evidence attached (see screenshots):
ā I think its the the Small Web community band together and file a class action suit(s) against Microsoft.com Google.com and any other assholes out there (OpenAI?) that violate our rights and ignore requests to be āpoliteā on the web. Thoughts? š
Iām continuing my tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I donāt wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.
The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.euās TwtxtReader, Iām not able to include the original timestamp, though. I donāt have it in its original form in the database. :-/
Next up is a URL view.
@movq@www.uninformativ.de Thatās what I immediately thought as well. :-D @eapl.me@eapl.me Unfortunately, no fancy buttons. What does your model do?
Added support for uploading images to to #Timeline
Right now you need to copy the markdown code yourself, but next up would be to lean some JS or use HTMX to make the process more smooth.
@prologic@twtxt.net Of course you donāt notice it when yarnd only shows at most the last n messages of a feed. As an example, check out mckinleyās message from 2023-01-09T22:42:37Z. It has ā[Scheduled][Scheduled][Scheduled]ā⦠in it. This text in square brackets is repeated numerous times. If you search his feed for closing square bracket followed by an opening square bracket (][) you will find a bunch more of these. It goes without question he never typed that in his feed. My client saves each twt hash Iāve explicitly marked read. A few days ago, I got plenty of apparently years old, yet suddenly unread messages. Each and every single one of them containing this repeated bracketed text thing. The only conclusion is that something messed up the feed again.
@eapl.me@eapl.me I like this idea. Another option would be to show a limited number of posts, with an option to see the omitted ones by user. Either way, I wonder how well that works with threading.