I haven’t taken a look into that extension, although I think you could use the OpenSSL library: https://www.php.net/manual/en/function.openssl-encrypt.php

@arne@uplegger.eu I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM I’m using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

Does anybody know a right mouse click save and reduce a screen saver image to a smaller file, say 50KB?
My usual method is slow, place in image program and re-save it smaller.

I used to have a Window’s way to reduce file images from 1MB to 50 KB with right mouse click.

NES86: x86 emulation on the NES
The goal of this project is to emulate an Intel 8086 processor and supporting PC hardware well enough to run the Embeddable Linux Kernel Subset (ELKS), including a shell and utilities. It should be possible to run other x86 software as long as it doesn’t require more than a simple serial terminal. ↫ NES86 GitHub page Is this useful in any meaningful sense? No. Will this change the word? No. Does it have any other purpose than just being fun and cool? Nope. None of that … ⌘ Read more

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

hey @lyse@lyse.isobeef.org I’ve seen your mention from uhhmmm 4months ago just now using my crawler -__-’ / curious to know, do you see my mention now? #meta #twtxt

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.

AIDA64 drops support for Windows 95, 98, and ME
AIDA64, the popular benchmarking tool for Windows, released a new version today. I don’t particularly care about benchmarking – even less so benchmarking on Windows – but this new release comes with an interesting line in the release notes. Discontinued support for Windows 95, 98, Me ↫ AIDA64 v7.60 release notes Seeing a widely-used, popular piece of software drop support for Windows 95, 98, and ME only in this, the year of our lord, 2025 … ⌘ Read more

Researchers found gene linked to origins of human speech + 2 more stories
Scientists identify gene responsible for speech development; North Korea rejects US denuclearization pledge as absurd; Japan increases nuclear energy target to meet rising demands ⌘ Read more

I’m in an article in Quanta Magazine! It’s about the bizarre world of algorithms that re-use memory that’s already full. https://www.quantamagazine.org/catalytic-computing-taps-the-full-power-of-a-full-hard-drive-20250218/ I’m the one with all the snow in the background.

I’m surprised, here you can’t find dial controls anymore. How old are your ovens? The last one my parents had was from the 90s.

I was amazed experimenting with different combinations, for instance instead of 100, using 60 for a minute, 90 for 1:30, and stupid stuff like heating with 11, 22, 55 seconds and so, to make it quicker to type any time.

UNIX man pages
What might be somewhat more surprising though considering its research origins is that Unix almost since the very beginning had a comprehensive set of online reference documentation for all its commands, system calls, file formats, etc. These are the the manual- or man-pages. On Unix systems used interactively, the man-pages have historically always been installed, space permitting. The way the manual pages have evolved and how they are used has changed over the decades. This set of posts is intended … ⌘ Read more

Did the Windows 95 setup team forget that MS-DOS can do graphics?
One of the reactions to my discussion of why Windows 95 setup used three operating systems (and oh there were many) was my explanation that an MS-DOS based setup program would be text-mode. But c’mon, MS-DOS could do graphics! Are you just a bunch of morons? Yes, MS-DOS could do graphics, in the sense that it didn’t actively prevent you from doing graphics. You were still responsible for everything you … ⌘ Read more

Yesterday I was doing a lot of research on how #hyperdrive and the #holepunch project work. Would it be possible to use it to make #twtxt an easier gateway for new users? Could we stop using web servers?
My conclusion: We would end up being a #nostr. On the one hand it would become more complex to use, it would force the user to have software installed, and on the other hand the community would need a central proxy to make the routes accessible via HTTP. In other words, it’s not a good idea.
However, it’s an AMAZING technology. I want to start playing with it.

I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your device’s password (i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now there’s no Password being transmitted, stored or presented to Github.com but still, all an attacker has to do is somehow be on my device and know my login password to my device right? Is that better or worse? 🤔

I’m continuing my tt rewrite in Go and quickly implemented a stack widget for tview. The builtin Pages is similar but way too complicated for my use case. I would have to specify a mandatory name and some additional options for each page. Also, it allows me to randomly jump around between pages using names, but only gives me direct access the first, however, not the last page. Weird. I don’t wanna remember names. All I really need is a classic stack. You open a new fullscreen dialog and maybe another one on top of that. Closing the upper most brings you back to the previous one and so on.

The very first dialog I added is viewing the raw message text. Unlike in @arne@uplegger.eu’s TwtxtReader, I’m not able to include the original timestamp, though. I don’t have it in its original form in the database. :-/

Next up is a URL view.

Added support for uploading images to to #Timeline
Right now you need to copy the markdown code yourself, but next up would be to lean some JS or use HTMX to make the process more smooth.

What exact feeds are we talking about that uses spaces instead of tabs or the T’s in timestamp?

The project is a POC (Proof of Concept) that went into production and the company has customers who are using it. The developers had been working for several years, without testing, structure, isolation and so on. The company hired me to transform the project into a real product. There are in my hands 422 python files to transform that they beg me a refactore, architecture and testing. Every developer’s bad dream.
My first step is to read and understand the tree because there are apps inside other apps call each other. I am very determined to work on a new repository.

Fedora should not push its users to its own Flatpak repository
Unlike most (all?) other distributions with built-in Flatpak support, Fedora maintains its own repository of Flatpak applications. Everyone else defaults to using Flathub, where developers of applications themselves tend to publish their Flatpaks. Fedora’s ‘shadow Flathub’ sometimes leads to problems, with Fedora-made Flatpaks containing bugs and brokenness, while presenting themselves as official, develope … ⌘ Read more

@eapl.me@eapl.me Yeah, you need some kind of storage for that. But chances are that there’s already a cache in place. Ideally, the client remembers etags or last modified timestamps in order to reduce unnecessary network traffic when fetching feeds over HTTP(S).

A newsreader without read flags would be totally useless to me. But I also do not subscribe to fire hose feeds, so maybe that’s a different story with these. I don’t know.

To me, filtering read messages out and only showing new messages is the obvious solution. No need for notifications in my opinion.

There are different approaches with read flags. Personally, I like to explicitly mark messages read or unread. This way, I can think about something and easily come back later to reply. Of course, marking messages read could also happen automatically. All decent mail clients I’ve used in my life offered even more advanced features, like delayed automatic marking.

All I can say is that I’m super happy with that for years. It works absolutely great for me. The only downside is that I see heaps of new, despite years old messages when a bug causes a feed to be incorrectly updated (https://twtxt.net/twt/tnsuifa). ;-)

that’s a fair point.

Perhaps, since Twitter in 2006 never implemented read flags, every derivative microblogging system never saw that as an expected feature. This is curious because Twitter started with SMS, where on our phones we can mark messages as read or unread.
I think it all comes from the difference between reading an email (directed to you) vs. reading public posts (like a blog or a ‘wall,’ where you don’t mark posts as read). It’s not necessary to mark it as ‘read’, you just jump over it.

Reading microblogging posts in an email program is not common, I think, and I haven’t really used it, so I cannot say how it works, and whether it would be better for me or not.
However, I’ve used Thunderbird as a feed reader, and I understand the advantages when reading blog posts.

About read flags being simple, well… we just had a discussion this morning about how tracking read messages would require a lot of rethinking for clients such as timeline where no state is stored. Even considering some kind of ‘notification of unread messages or mentions’ is not expected for those minimalist client, so it’s an interesting compromise to think about.

@mckinley@twtxt.net Yeah, all this JS and HTMX garbage messes up a lot of things which used to work better in the earlier days.

@lyse@lyse.isobeef.org on emacs i use elpher

trying to keep it simple but.. perhaps it can be extended to fix timestamp formats like using " " instead of "T"

i made a little twtxt feed fixer for when a feed uses other whitespace instead of tabs.

https://git.mills.io/yarnsocial/go-lextwt/pulls/32

@movq@www.uninformativ.de Yeah, maybe. What browsers are you using again for these two?

Redox’ relibc becomes a stable ABI
The Redox project has posted its usual monthly update, and this time, we’ve got a major milestone creeping within reach. Thanks to Anhad Singh for his amazing work on Dynamic Linking! In this southern-hemisphere-Redox-Summer-of-Code project, Anhad has implemented dynamic linking as the default build method for many recipes, and all new porting can use dynamic linking with relatively little effort. This is a huge step forward for Redox, because relibc can now beco … ⌘ Read more

FreeBSD and hi-fi audio setup: bit-perfect, equalizer, real-time
A complete guide to configuring FreeBSD as an audiophile audio server: setting up system and audio subsystem parameters, real-time operation, bit-perfect signal processing, and the best methods for enabling and parameterising the system graphic equalizer (equalizer) and high-quality audio equalization with FFmpeg filters. Linux users will also find useful information, especially in the context of configuri … ⌘ Read more

Suspension Bridge
⌘ Read more

China announces retaliatory tariffs on US + 2 more stories
China reveals tariffs on U.S. goods; Google faces antitrust action; EU establishes new trade zones; astronauts create oxygen in space; technology aids lunar missions. ⌘ Read more

@sorenpeter@darch.dk It depends on your requirements. If you just want to put your code somewhere for yourself, simply push it over SSH on a server and call it good. That’s what I do with lots of repos. If you want an additional web UI for read access for the public, cgit comes to mind (a mate uses that). Prologic runs Gitea, which offers heaps more functionality like merge requests.

To all my EU friends out there, is it this hard™ to reach a human in European companies that allow, perform or permit silly shenanigans? 🤔 Or is it just US companies? 🤔

This Sculpt OS video walkthrough explains how to use Sculpt OS
We talk about the Genode project and Sculpt OS quite regularly on OSNews, but every time I’ve tried using Sculpt OS, I’ve always found it so different and so unique compared to everything else that I just couldn’t wrap my head around it. I assume this stems from nothing but my own shortcomings, because the Genode project often hammers on the fact that Sculpt OS is in daily-driver use by a lot of people with … ⌘ Read more

@prologic@twtxt.net Yes, C has it. I even thought that C invented it, but it seems to stem from CPL.

The closest to get to if expressions at the moment is to use a lambda:

foo := func() {
    if bar {
        return "spam"
    }
    return "eggs"
}()

But that’s also not elegant at all.

Let’s Encrypt ends support for expiration notification emails
Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us. We will be ending this service on June 4, 2025. ↫ Josh Aas on the Let’s Encrypt website They’re ending the expiration notification service because it’s costly, adds a ton of complexity to their systems, and constitutes a privacy risk because of all the email addresses the … ⌘ Read more

The Heirloom Project
The Heirloom Project provides traditional implementations of standard Unix utilities. In many cases, they have been derived from original Unix material released as Open Source by Caldera and Sun. Interfaces follow traditional practice; they remain generally compatible with System V, although extensions that have become common use over the course of time are sometimes provided. Most utilities are also included in a variant that aims at POSIX conformance. On the interior, technologies for th … ⌘ Read more

@thecanine@twtxt.net That’s one of the cool properties, you can use it at whatever frequency you like.

@movq@www.uninformativ.de That’s an interesting setup! What MUA do you use?

Doomsday Clock hits 89 seconds + 4 more stories
The Doomsday Clock moves to 89 seconds; Germany’s Bundestag passes new immigration plan; Scientists succeed in DNA storage using 5D crystal; AI report highlights emerging dangers; NASA discovers life’s building blocks in asteroid samples. ⌘ Read more

For many years I have found Flask to be too basic a tool for modern development. But since I create APIs using Flask with Pydantic to validate the input data, some middlewares for parsing and Blueprint to separate the code into modules… I must admit that I am super comfortable, fast and easy to test.
#flask #python #pydantic

General is “peoples”. Our community want replies and reactions minimum. Currently used Telegram+Matrix (most on Telegram and me from bridge)

yes it is! although, I’ve only used it to send files and links back and fourth between devices xD none of my relatives wanted to give it a try, which is kinda fair enough (I wouldn’t use WhatsApp if they asked) xD

OpenAI doesn’t like it when you use “their” generated slop without permission
OpenAI says it has found evidence that Chinese artificial intelligence start-up DeepSeek used the US company’s proprietary models to train its own open-source competitor, as concerns grow over a potential breach of intellectual property. ↫ Cristina Criddle and Eleanor Olcott for the FT This is more ironic than writing a song called Ironic that lists situations that aren’t actually … ⌘ Read more

OpenAI Says It Has Evidence DeepSeek Used Its Model To Train Competitor
OpenAI says it has evidence suggesting Chinese AI startup DeepSeek used its proprietary models to train a competing open-source system through “distillation,” a technique where smaller models learn from larger ones’ outputs.

The San Francisco-based company, along with partner Microsoft, blocked suspected DeepSeek accounts from accessing … ⌘ Read more

Hey, I like this simple Web game:
https://wordswithrobots.isotropic.us

2 players Codenames vs (or along) gpt-4o-mini

Google Maps is run by cowards
Google, on its Google Maps naming policy, back in 2008: By saying “common”, we mean to include names which are in widespread daily use, rather than giving immediate recognition to any arbitrary governmental re-naming. In other words, if a ruler announced that henceforth the Pacific Ocean would be named after her mother, we would not add that placemark unless and until the name came into common usage. Google, today, in 2025: Google has confirmed that Google Maps will soon … ⌘ Read more