Running - 4 miles: 4.00 miles, 00:09:31 average pace, 00:38:05 duration
so boring
#running #treadmill

@bender@twtxt.net Hmmm, does that mean it’s not that popular in the US? 🤔

I hope not, @bender@twtxt.net! I haven’t checked, but I’d reckon it to be at most a single digit MiB number. How wrong am I?

@nff@www.noizhardware.com Nice! Yeah, it’s all about having fun. :-) The simplicity got me hooked. Happy hacking!

@off_grid_living@twtxt.net No right click thing, but in the terminal:

convert -strip -quality 70 -resize 300x original.jpg resized.jpg

“original.jpg” being the filename of the input file and “resized.jpg” the filename of the output. You can play around with the width, “300x” means 300 pixels wide and the height is determined automatically to still remain in the same ratio. The quality is how much to compress it. The closer to 0 the value gets, the worse the result, but also smaller in file size. More towards 100 and the quality improves together with a larger file size.

You have to install the package “imagemagick” for this to work, I believe.

@off_grid_living@twtxt.net Oh, I’m ready for my retirement, too. :-D Still have some decades to go, unfortunately.

@off_grid_living@twtxt.net You could try starting it in the terminal in order to spot errors. Just open the GNOME Terminal or something like that and then type in “kolourpaint” and hit Enter.

@eapl.me@eapl.me Nope, I switched to the openssl library in PHP. But our rubberducking 🦆 seems to be working. Your find https://crypto.stackexchange.com/a/79855 for the IV generation may be the breakthrough …

@bender@twtxt.net Lol! :-D

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

@arne@uplegger.eu Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message: 

😭

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

Microsoft unveils experimental quantum chip using new state of matter + 1 more story
Microsoft unveils a new chip that accelerates quantum computing; Nvidia launches Evo 2, largest AI system for genetic research ⌘ Read more

Those are some impressive wigs: https://imgur.com/gallery/life-imitates-video-game-5KlJBhj I wonder how it feels to wear such a thing for a day – especially in summer. 😅🥵

@andros@twtxt.andros.dev Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.

trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);

I haven’t taken a look into that extension, although I think you could use the OpenSSL library: https://www.php.net/manual/en/function.openssl-encrypt.php

@arne@uplegger.eu With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn “evpKDF” 😔

@prologic@twtxt.net I’ve been there yesterday w/o success.

@arne@uplegger.eu I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

Had some fun with my old Mandelbrot renderer: https://movq.de/v/83110057f5/

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM I’m using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

Love my new shed, getting ready to retire

Mozilla once again confirms it’s all about ads and “AI” now
We’ve recognized that Mozilla faces major headwinds in terms of both financial growth and mission impact. While Firefox remains the core of what we do, we also need to take steps to diversify: investing in privacy-respecting advertising to grow new revenue in the near term; developing trustworthy, open source AI to ensure technical and product relevance in the mid term; and creating online fundraising campaigns that … ⌘ Read more

NES86: x86 emulation on the NES
The goal of this project is to emulate an Intel 8086 processor and supporting PC hardware well enough to run the Embeddable Linux Kernel Subset (ELKS), including a shell and utilities. It should be possible to run other x86 software as long as it doesn’t require more than a simple serial terminal. ↫ NES86 GitHub page Is this useful in any meaningful sense? No. Will this change the word? No. Does it have any other purpose than just being fun and cool? Nope. None of that … ⌘ Read more

@lyse@lyse.isobeef.org call the @ call the @yarn_police@twtxt.net! 😂

Running - 7 miles: 7.00 miles, 00:09:33 average pace, 01:06:49 duration

#running #treadmill

@nff@www.noizhardware.com I do! :-) Btw. line 65 in your feed is broken.

@arne@uplegger.eu If I keep the “nonce”, I can decrypt a message with the shared key, like in the direct message specs.
But that is not how it should work. 😒

@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

hey @lyse@lyse.isobeef.org I’ve seen your mention from uhhmmm 4months ago just now using my crawler -__-’ / curious to know, do you see my mention now? #meta #twtxt

Thanks, @falsifian@www.falsifian.org! I’ll definitely start with the latter one then. Let’s see how far I make it. :-)

@falsifian@www.falsifian.org Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.

The generative AI con
Everywhere you look, the media is telling you that OpenAI and their ilk are the future, that they’re building “advanced artificial intelligence” that can take “human-like actions,” but when you look at any of this shit for more than two seconds it’s abundantly clear that it absolutely isn’t and absolutely can’t. Despite the hype, the marketing, the tens of thousands of media articles, the trillions of dollars in market capitalization, none of this feels real, or at least real enough to s … ⌘ Read more

Broadcom, TSMC weigh possible Intel deals that would split storied chip maker
Broadcom has been closely examining Intel’s chip-design and marketing business, according to people familiar with the matter. It has informally discussed with its advisers making a bid but would likely only do so if it finds a partner for Intel’s manufacturing business, the people said.  Nothing has been submitted to Intel, the people cautioned, and Broadcom could decide not to … ⌘ Read more

@prologic@twtxt.net Holly, didn’t know bots and crawlers could do comedy now… they should’ve added “Dave Chappelle/69.420” to their UA.

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

Humane is shutting down the AI Pin and selling its remnants to HP
Humane is selling most of its company to HP for $116 million and will stop selling AI Pin, the company announced today. AI Pins that have already been purchased will continue to function normally until 3PM ET on February 28th, Humane says in a support document. After that date, Pins will “no longer connect to Humane’s servers.” As a result, AI Pin features will “no longer include calling, messaging, A … ⌘ Read more

KM3NeT
⌘ Read more

Running - 4 miles: 4.00 miles, 00:09:32 average pace, 00:38:06 duration
this week is going to be hell. with the travel and all the fires at work i can already tell.
#running #treadmill

AIDA64 drops support for Windows 95, 98, and ME
AIDA64, the popular benchmarking tool for Windows, released a new version today. I don’t particularly care about benchmarking – even less so benchmarking on Windows – but this new release comes with an interesting line in the release notes. Discontinued support for Windows 95, 98, Me ↫ AIDA64 v7.60 release notes Seeing a widely-used, popular piece of software drop support for Windows 95, 98, and ME only in this, the year of our lord, 2025 … ⌘ Read more

https://d4llo.codeberg.page/BloquonsBollore/

@lyse@lyse.isobeef.org I don’t remember exactly. They might have been growing all winter. The trick is to have a badly insulated extension to the house.

@falsifian@www.falsifian.org Hahaha, that’s sick, I love it! :-D I envy you a bit. On the other hand, I have to admit I’m glad that I don’t have to chisel down giant blocks of ice from the house.

@eapl.me@eapl.me I can do that as soon as I get back home. Also, just in case you’ve missed it, Choice 1 is actually 4 different variations.

@lyse@lyse.isobeef.org I am a big fan of “obvious” math facts that turn out to be wrong. If you want to understand how reusing space actually works, you are mostly stuck reading complexity theory papers right now. Ian wrote a good survey: https://iuuk.mff.cuni.cz/~iwmertz/papers/m23.reusing_space.pdf . It’s written for complexity theorists, but some of will make sense to programmers comfortable with math. Alternatively, I wrote an essay a few years ago explaining one technique, with (math-loving) programmers as the intended audience: https://www.falsifian.org/blog/2021/06/04/catalytic/ .

@falsifian@www.falsifian.org Mate, what an amazing video, holy cow! :-D We only get complete jokes of icicles compared to what you had there ealier today. It’s a giant wall. For how many days did that grow on your roof?