Searching yarn

Twts matching #reading
Sort by: Newest, Oldest, Most Relevant
xuu
txt.sour.is
 (4y ago)

@prologic@twtxt.net 

#!/bin/sh

# Validate environment
if ! command -v msgbus > /dev/null; then
    printf "missing msgbus command. Use:  go install git.mills.io/prologic/msgbus/cmd/msgbus@latest"
    exit 1
fi

if ! command -v salty > /dev/null; then
    printf "missing salty command. Use:  go install go.mills.io/salty/cmd/salty@latest"
    exit 1
fi

if ! command -v salty-keygen > /dev/null; then
    printf "missing salty-keygen command. Use:  go install go.mills.io/salty/cmd/salty-keygen@latest"
    exit 1
fi

if [ -z "$SALTY_IDENTITY" ]; then
    export SALTY_IDENTITY="$HOME/.config/salty/$USER.key"
fi

get_user () {
    user=$(grep user: "$SALTY_IDENTITY" | awk '{print $3}')
    if [ -z "$user" ]; then
        user="$USER"
    fi
    echo "$user"
}

stream () {
    if [ -z "$SALTY_IDENTITY" ]; then
        echo "SALTY_IDENTITY not set"
        exit 2
    fi

    jq -r '.payload' | base64 -d | salty -i "$SALTY_IDENTITY" -d
}

lookup () {
    if [ $# -lt 1 ]; then
    printf "Usage: %s nick@domain\n" "$(basename "$0")"
    exit 1
    fi

    user="$1"
    nick="$(echo "$user" | awk -F@ '{ print $1 }')"
    domain="$(echo "$user" | awk -F@ '{ print $2 }')"

    curl -qsSL "https://$domain/.well-known/salty/${nick}.json"
}

readmsgs () {
    topic="$1"

    if [ -z "$topic" ]; then
        topic=$(get_user)
    fi

    export SALTY_IDENTITY="$HOME/.config/salty/$topic.key"
    if [ ! -f "$SALTY_IDENTITY" ]; then
        echo "identity file missing for user $topic" >&2
        exit 1
    fi

    msgbus sub "$topic" "$0"
}

sendmsg () {
    if [ $# -lt 2 ]; then
        printf "Usage: %s nick@domain.tld <message>\n" "$(basename "$0")"
        exit 0
    fi

    if [ -z "$SALTY_IDENTITY" ]; then
        echo "SALTY_IDENTITY not set"
        exit 2
    fi

    user="$1"
    message="$2"

    salty_json="$(mktemp /tmp/salty.XXXXXX)"

    lookup "$user" > "$salty_json"

    endpoint="$(jq -r '.endpoint' < "$salty_json")"
    topic="$(jq -r '.topic' < "$salty_json")"
    key="$(jq -r '.key' < "$salty_json")"

    rm "$salty_json"

    message="[$(date +%FT%TZ)] <$(get_user)> $message"

    echo "$message" \
        | salty -i "$SALTY_IDENTITY" -r "$key" \
        | msgbus -u "$endpoint" pub "$topic"
}

make_user () {
    mkdir -p "$HOME/.config/salty"

    if [ $# -lt 1 ]; then
        user=$USER
    else
        user=$1
    fi

    identity_file="$HOME/.config/salty/$user.key"

    if [ -f "$identity_file" ]; then
        printf "user key exists!"
        exit 1
    fi

    # Check for msgbus env.. probably can make it fallback to looking for a config file?
    if [ -z "$MSGBUS_URI" ]; then
        printf "missing MSGBUS_URI in environment"
        exit 1
    fi


    salty-keygen -o "$identity_file"
    echo "# user: $user" >> "$identity_file"

    pubkey=$(grep key: "$identity_file" | awk '{print $4}')

    cat <<- EOF
Create this file in your webserver well-known folder. https://hostname.tld/.well-known/salty/$user.json

{
  "endpoint": "$MSGBUS_URI",
  "topic": "$user",
  "key": "$pubkey"
}

EOF
}

# check if streaming
if [ ! -t 1 ]; then
    stream
    exit 0
fi

# Show Help
if [ $# -lt 1 ]; then
    printf "Commands: send read lookup"
    exit 0
fi


CMD=$1
shift

case $CMD in
    send)
        sendmsg "$@"
    ;;
    read)
        readmsgs "$@"
    ;;
    lookup)
        lookup "$@"
    ;;
    make-user)
        make_user "$@"
    ;;
esac

⤋ Read More
xuu
txt.sour.is
 (4y ago)
In-reply-to » @prologic Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user's private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.

I would HIGHLY recommend reading up on the keybase architecture. They designed device key system for real time chat that is e2e secure. https://book.keybase.io/security

A property of ec keys is deriving new keys that can be determined to be “on curve.” bitcoin has some BIPs that derive single use keys for every transaction connected to a wallet. And be derived as either public or private chains. https://qvault.io/security/bip-32-watch-only-wallets/

⤋ Read More
slashdot
feeds.twtxt.net
 (4y ago)

Startup Aims To Help Software Companies Shift To Usage-Based Pricing Models
The startup Metronome “claims to have developed a billing and data infrastructure platform that is capable of ‘reliably’ processing data at scale so that usage-based companies can iterate on business models without code changes,” reports TechCrunch. “It does this by providing businesses with real-time APIs for their customer … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (4y ago)

Cloud Computing and Virtualization Company Citrix To Be Acquired for $16.5B
Citrix, a cloud computing and virtualization company used by companies including Microsoft, Google, and SAP, has revealed plans to be acquired by affiliates of global investment firm Vista Equity Partners, and an affiliate of Elliott Investment Management called Evergreen Coast Capital Corporation. From a report: The all-cash deal i … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (4y ago)

The Feds Are Investigating a YouTuber Accused of Crashing a Plane For Views
A YouTuber and former Olympic snowboarder has been accused of crashing his plane on purpose for clicks, and the FAA has opened an investigation to get to the bottom of the growing mess. The Drive reports: Trevor Jacob has been the subject of online criticism after posting a YouTube video where he parachuted from a Taylorcraf … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (4y ago)

Netflix Raises Monthly Subscription Prices in US, Canada
Netflix has raised its monthly subscription price by $1 to $2 per month in the United States depending on the plan, the company said on Friday, to help pay for new programming to compete in the crowded streaming TV market. From a report: The standard plan, which allows for two simultaneous streams, now costs $15.49 per month, up from $13.99, in the Unite … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (4y ago)

Jerome Powell Says the Fed is Prepared To Raise Rates To Tame Inflation
Jerome H. Powell, the Federal Reserve chair, told lawmakers on Tuesday that a rapidly healing economy no longer needed as much help from the central bank and that keeping inflation in check – including by raising interest rates – would be critical for enabling a stable expansion that benefits workers. From a report: Mr. Powell, … ⌘ Read more

⤋ Read More
prologic
twtxt.net
 (4y ago)
In-reply-to » Sorry if anyone saw my last Yarn here... I deleted it, I was wrong. Looks like everything is encrypted attachments phew but my other concerns above still stand.

@tamer@twtxt.net We’re not trying to compete with anything… If you’ve read About Yarn.social – In a nutshell I want to create an open, transparent social platform that respect’s folks privacy and freedoms. It must also be easy to use and down-to-earth where human interactions actually matter. None of this rubbish of manipulating what you see, driving up engagement numbers to serve your advertisers and all that garbage

⤋ Read More
prologic
twtxt.net
 (4y ago)

Autocrypt - Wikipedia

Just reading in-depth and trying to understand the security model of Delta.Chat a bit more… There’s a few things that really concern me about how Delta.Chat which relies on Autocrypt work:

  • There is no Perfect Forward Secrecy
  • No verification of keys
    • Is therefore susceptible to Man-in-the-Middle attacks
  • Metadata is a BIG problem with Delta.Chat:
    • The To and From and Date are trackable by your Mail provider (amongst many other headers)

Hmmm 🤔 cc @deebs@twtxt.net

⤋ Read More