A hike to the highest mountain in the Odenwald, the Katzenbuckel, lit. cat hillock. It was very windy and the sun very rarely showed its face, so it was quite chilly. Nice scenery, nevertheless. Surprisingly, this ski-jumping hill is still in operation. I’ve never expected this in a hundred years, judging by its state. https://lyse.isobeef.org/katzenbuckel-2025-03-29/

Greek Language Question
Comments ⌘ Read more

Asking Good Questions Is Harder Than Giving Great Answers
Comments ⌘ Read more

@bender@twtxt.net I taught the whole ecosystem 😁
@prologic@twtxt.net @eapl.me@eapl.me The question I was asked the most was: How do I discover people?
Someone came up with a fantastic idea, instead of adding the new twt at the end of the feed, do it at the beginning. So you can paginate by cutting the request every few lines.

Rock Identification
⌘ Read more

You can find the #twtxt-el channel in Libera IRC to talk about the twtxt.el client, I will keep my connection open so you can ask me questions. Thank you!

Google, DuckDuckGo massively expand “AI” search results
Clearly, online search isn’t bad enough yet, so Google is intensifying its efforts to continue speedrunning the downfall of Google Search. They’ve announced they’re going to show even more “AI”-generated answers in Search results, to more people. Today, we’re sharing that we’ve launched Gemini 2.0 for AI Overviews in the U.S. to help with harder questions, starting with coding, advanced math and multimodal queries, with mor … ⌘ Read more

@prologic@twtxt.net @david@collantes.us Good question, was this on live TV? I think it was? 🤔

Mozilla deletes promise not to sell Firefox users’ data
The hits just keep on coming. Mozilla not only changed its Privacy Notice and introduced a Terms of Use for Firefox for the first time with some pretty onerous terms, they also removed a rather specific question and answer pair from their page with frequently asked questions about Firefox, as discovered by David Gerard. The following question and answer were removed: Does Firefox sell your personal data? Nope. Never have, … ⌘ Read more

Question to the twtxt veterans, are we experiencing an explosion of clients or is this a regular occurrence?

Mozilla is going to collect a lot more data from Firefox users
I guess my praise for Mozilla’s and Firefox’ continued support for Manifest v2 had to be balanced out by Mozilla doing something stupid. Mozilla just published Terms of Use for Firefox for the first time, as well as an updated Privacy Notice, that come into effect immediately and include some questionable terms. The Terms of Use state: When you upload or input information through Firefox, you hereby grant u … ⌘ Read more

Microsoft is paywalling features in Notepad and Paint
There’s some bad news for Windows users who want to use all of the built-in features of the operating system and its integrated apps. Going forward, Microsoft is restricting features in two iconic apps, which you’ll need to unlock with a paid subscription. The two apps in question? Notepad and Paint. Windows Insiders were previously able to use these app features free of charge. However, Microsoft is now making it necessary … ⌘ Read more

trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

Something interesting to think about for twtxt, the microblogging for hackers and friends…

The biggest challenge of ActivityPub is that it’s too technical to easily explain to regular people. Nobody is interested in a jargon-laden diatribe about servers and federation. When simple questions have overly complex answers, people tend to switch off.
https://activitypub.ghost.org/your-thoughts-on-onboarding/

@prologic@twtxt.net Of course you don’t notice it when yarnd only shows at most the last n messages of a feed. As an example, check out mckinley’s message from 2023-01-09T22:42:37Z. It has “[Scheduled][Scheduled][Scheduled]“… in it. This text in square brackets is repeated numerous times. If you search his feed for closing square bracket followed by an opening square bracket (][) you will find a bunch more of these. It goes without question he never typed that in his feed. My client saves each twt hash I’ve explicitly marked read. A few days ago, I got plenty of apparently years old, yet suddenly unread messages. Each and every single one of them containing this repeated bracketed text thing. The only conclusion is that something messed up the feed again.

While I now have a somewhat working fix for it in yarnd (https://git.mills.io/yarnsocial/yarn/pulls/1232), I also have the feeling that I should fix literal formatting in lextwt as well. This also uncovered more bugs I believe: https://git.mills.io/yarnsocial/go-lextwt/pulls/28

But then there is also the question why the textarea is populated with @<url> in the first place rather than @<nick url> or yarnd’s own @nick@domain/@nick syntax. It indeed has to do something with whether I follow the mentioned feed or not.

Anyway, something to investigate for future Lyse or maybe @prologic@twtxt.net and/or @xuu@txt.sour.is. G’night!

@lyse@lyse.isobeef.org The one in question is more like the javascript version for unwrapping errors when accessing methods.

 const value = some?.deeply?.nested?.object?.value

but for handling errors returned by methods. So if you wanted to chain a bunch of function calls together and if any error return immediately. It would be something like this:

b:= SomeAPIWithErrorsInAllCalls()
b.DoThing1() ?
b.DoThing2() ?

// Though its not in the threads I assume one could do like this to chain.
b.Chain1()?.Chain2()?.End()?

I am however infavor of having a sort of ternary ? in go.

PS. @prologic@twtxt.net for some reason this is eating my response without throwing an error :( I assume it has something to do with the CSRF. Can i not have multiple tabs open with yarn?

@kat@yarn.girlonthemoon.xyz You mean the ? as suffix for boolean returning functions or as ternary operator (condition ? true_value : false_value)?

Interestingly, I just had to look up the first case. I was under the wrong impression that the question mark at the end would be some shortcut for chained function or method calls that handles nil return values in a graceful way without actually dereferencing and thus crashing. I probably never wrote more than 30 lines of Ruby in my entire life. Must have been some other language.

Today I learned that Jordan Peterson got his start as a public figure answering questions on Quora 😆

What is clean architecture? That’s a good question.

You think of a pattern for ordering code with good decisions isolating technologies (you can change the web framework or database without break the business logic), easy to test (you only test interfaces and use cases), sharing code between frameworks (entities and use cases), scalability, modulations and standardizing names. Clean architecture is not perfect, it has a learning curve and some abstraction in each technology. You can even find rejection with yours colleagues.
I have a good article on this topic.
https://programadorwebvalencia.com/implementando-arquitectura-limpia-en-python/
#python

@johanbove@johanbove.info But which one(s)? 🤔🤔 Serious question; my neighbor next door swears by the BBC and ABC (I’m Australian); but honestly even those news sources are full of political rhetoric and non-facts (opinions, etc) – I have yet to see a single news source of actual facts and nothing more.

Yeah, @bender@twtxt.net, I absolutely love it! :-D Monty Python just rocks!

This very knight inspired me to make myself a knight helmet with opening visor out of an old washing machine sheet metal years ago for a theater play. It was really great fun, both making the helmet as well as using it during the week in the play as a silly and shady prince who got all his tracts of land by winning dubious games.

I just couldn’t really hear very well in it. And if somebody hit me on the head or just slightly knocked on the helmet, it was incredibly loud. No fine craftmanship by any means and obviously historically extremely questionable at best, but it did the job well enough. One of the running gags was that I had to open the visor when I wanted to talk. Here are some photos in action, you’ll find many more when surfing through the gallery:

• https://wawuwo.de/2016/woche2/montag/017.html#image
  
• https://wawuwo.de/2016/woche2/dienstag/019.html#image
  
• https://wawuwo.de/2016/woche2/mittwoch/156.html#image
  
• https://wawuwo.de/2016/woche2/donnerstag/008.html#image
  
• https://wawuwo.de/2016/woche2/freitag/036.html#image In one lunch break my page and I decided to dress up and play a game of dice against the kids. However, we used badly cogged dice. We just added a few dots of paint on one of the two dice, so that it had two fours, two fives and two sixes or something like that. I always told my opponents: “You can choose whatever dice you want. Except for the red one, that’s my lucky dice!” As well-behaved children, they then selected the blue, unbiased one. And usually lost. However, I remember there was one kid that beat me with four sixes in row. :-D Although we thought, we make it halfway obvious that this game is truly not fair, it took them extremely long to figure out that we had messed with my lucky dice. When they finally did, they got super angry. Some of them were on the brink of beating me up. That was really nice to see their sense of justice kick it. :-)
  
• https://wawuwo.de/2016/woche2/freitag/169.html#image

@andros@twtxt.andros.dev Sorry I missed your messages to #twtxt on IRC. There are people there, but it can take several hours to get a response. E.g. I check it every day or two. I recommend using an IRC bouncer. To answer your question about registries, I used a couple of registries when I first started out, to try to find feeds to follow, but haven’t since then. I don’t remember which ones, but they were easy to find with web searches.

@prologic@twtxt.net It’s hosted at home on an computer I didn’t use anymore. It worked well for a few months, and since maybe the beginning of December, it begun to be very slow. But like I said, I have no time for that now, but if I have questions when I’ll look, I’ll think of you 😅 (but I was thinking about installing a new OS before these problems, I may just do that).

Wanted to share that we’re so proud of our six year old son; after taking skating lessons himself, he taught me and my wife how to stop on skates today. He was so proud about that he could teach us something good. Enjoyed also playing table tennis with him in the park, even-though it got windy, we had fun and didn’t give up trying to have a decent game. And at the guided tour at the old hot-metal plant in Duisburg yesterday, he asked the best questions and could be the guide’s assistant - holding the flashlight.

once the minibase work is done and i have my testnet up, i can start to consider the question of brokerless pub/sub. i found state vector sync pub sub in the name-data research and i wonder what a toy version of that would look like. i started work on a demo of gemini pub/sub as a soft fork of molly-brown we we’ll see where that takes me!

Sharing the comments of the poll (anonymous so I have no idea whom the comments are from):

your poll should include questions about markdown. personally i think inline bits like style, links, images are yes. block quotes, code blocks, bullet lists are mid. but tables and footnotes are no.

Yes sorry about this, I wasn’t able to change much after publishing the poll 😅

I demand full 9 digit nano second timestamps and the full TZ identifier as documented in the tz 2024b database! I need to know if there was a change in daylight savings as per the locality in question as of the provided date.

@quark@ferengi.one At the moment, the twt in question exists in the sixth archive:

$ jenny -D https://twtxt.net/user/prologic/twtxt.txt/6 | head
[o6dsrga] [2020-07-18 12:39:52+00:00] [Hello World! 😊]

Does that work for you? 🤔

@mckinley@twtxt.net To answer some of your questions:

Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.

We already have this. Ed25519 libraries exist for all major languages. Aside from using ssh-keygen -Y sign and ssh-keygen -Y verify, you can also use the salty CLI itself (https://git.mills.io/prologic/salty), and I’m sure there are other command-line tools that could be used too.

If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

Yes. This would happen, so we’d have to make a decision around this, either a) a cut-off point or b) some way to progressively transition.

Serious open (for anyone) question: what makes you follow someone on twtxt? Will you just follow anyone that you come across, simply because that someone using the “decentralised, minimalist microblogging service for hackers” microblog?

@abucci@anthony.buc.ci their main question is worrisome:

“The main question is, does it disappear during this re-entry?” says Löhle. “Is everything evaporating, or are there pieces that eventually impact on the ground?”

He expects some parts, such as the satellite’s fuel tanks, to survive. “You could learn from the re-entry that if you build a fuel tank differently, it can break up,” he says.

Archived article at: https://archive.ph/WdUvx

@movq@www.uninformativ.de Now, the Question is: Who’s body was in the garbage bag!? 😏😂

@stigatle@yarn.stigatle.no @xuu@txt.sour.is @lyse@lyse.isobeef.org “Not cool”? I was receiving many broken (HTTP 400 error) requests per second from an IP address I didn’t recognize, right after having my VPS crash because the hard drive filled up with bogus data. None of this had happened on this VPS before, so it was a new problem that I didn’t understand and I took immediate action to get it under control. Of course I reported the IP address to its abuse email. That’s a 100% normal, natural, and “cool” thing to do in such a situation. At the time I had no idea it was @xuu@txt.sour.is .

The moment I realized it was @xuu@txt.sour.is and definitely a false alarm, I emailed the ISP and told them this was a false positive and to not ban or block the IP in question because it was not abusive traffic. They haven’t yet responded but I do hope they’ve stopped taking action, and if there’s anything else I can do to certify to them that this is not abuse then I will do that.

I run numerous services on that VPS that I rely on, and I spent most of my day today cleaning up the mess all this has caused. I get that this caused @xuu@txt.sour.is a lot of stress and I’m sincerely sorry about that and am doing what I can to rectify the situation. But calling me “not cool” isn’t necessary. This was an unfortunate situation that we’re trying to make right and there’s no need for criticizing anyone.

This reminds me of this video: The Biggest Gap in Science: Complexity

However you might end up with more questions (complexity?) than answers (simplicity?)

I’ve been thinking about a new term I’ve come across whilst reading a book. It’s called “Complexity Budget” and I think it has relevant in lots of difficult fields. I specifically think it has a lot of relevant in the Software Industry and organizations in this field. When doing further research on this concept, I was only able find talks on complexity budget in the context of medical care, especially phychiratistic care. In this talk it was describe as, complexity:

• Complexity is confusing
  
• Complexity is costly
  
• Complexity kills
  

When we think of “complexity” in terms of software and software development, we have a sort-of intuitive about this right? We know when software has become too complex. We know when an organization has grown in complexity, or even a system. So we have a good intuition of the concept already.

My question to y’all is; how can we concretely think about “Complexity Budget” and define it in terms that can be leveraged and used to control the complexity of software dns ystems?

Speaking of “AI” … I guess I gotta find out soon how to disable/sabotage Microsoft’s “Recall”, before this garbage takes over the family computers. 😩

(There’s no way the people in question will switch operating systems. I’ve tried, countless times.)

I don’t pretend to have all the answers. I don’t pretend to even know what the questions are. Hey, where am I? - wigums

Pub Trivia
⌘ Read more

Un peu de lecture, questionnaire de Proust amélioré. Je n’ai pas le courage de me remettre ainsi en question, mais lire l’arpi donne envie de lui ressembler: https://blog.arpinux.org/posts/2024/2024-01-28-le-questionnaire-pasdeproust.html

Yeah, the lack of comments makes regular JSON not a good configuration format in my view. Also, putting all keys in quotes and the use of commas is annoying. The big upside is that’s in lots of standard libraries.

I think the appeal with YAML is that is has comments, is kind of easy to write and read and also provides unlimited nesting levels. But it has all its drawbacks, no question. Forbidding tabs, thousands of different string flavors, having so many boolean options (poor Norwegians) etc. I use it, but I don’t particularly enjoy it.

Among simple key value pairs, I like INI files, but with # for comments, not ;. I never used TOML, read up on it yesteray before writing this question, but it looks a bit weird and has some strange rules. I guess I have to give it a try one day.

And yes, as mentioned by several of you, it always depends on the complexity of the configuration at hand.

I’m developing something for the scouts at the moment with rather simple requirements on the config. Currently, there are just four settings. Even INI would be overkill with its section. I selected JSON for now, because that’s readily available with Go’s std lib. But I do not like it.

Btw. what’s your own config format, @xuu@txt.sour.is?

Question of the day: What configuration file formats do you all like and use?

US Survey Foot
⌘ Read more

@xuu@txt.sour.is Despite that these AoC math text problems are rather silly in my opinion (reminds me of an exercise in our math book where somebody wanted to carry a railroad rail around an L-shaped corner in the house and the question was how long that rail could be so that it still fits — sure, we’ve all carried several meter long railroad rails in our houses by ourselves numerous times…), these algorithms are really neat!

Voici un livre que j’aurais bien aimé avoir sous la main dans mon enfance, qui m’aurait évité bien des tracas, des questions, des gênes qui pour certains ne s’estompent que doucement avec l’âge (j’ai 34 ans…) : Le petit illustré de l’intimité. Il existe plutôt à propos des garçons, à propos des filles, mais aussi de la puberté, du consentement, de la sexualité en général. Je recommande! https://www.babelio.com/livres/Dieumegard-Le-petit-illustre-de-lintimite–De-la-vulve-du-v/1314908 https://www.babelio.com/livres/Baudy-Le-petit-illustre-de-lintimite–Du-penis-des-tes/1360904

Yet another study strongly calling into question the concept of “echo chambers”. I’ve argued it here before and people pushed back, but there is growing evidence that “echo chambers” are a moral panic and not a real phenomenon that we need to worry about. It’s time to throw it out and re-think, in my opinion.

https://www.nature.com/articles/s41598-021-81531-x

@prologic #k25mwaq why must you question everything

Question de rentrée à mes élèves : Si tu échouais sur une île déserte, que voudrais-tu avec toi? Réponse : Ma mère. 😆