@lyse@lyse.isobeef.org @prologic@twtxt.net very curious… i worked on a very similar track. i built a spider that will trace off any follows = comments and mentions from other users and came up with:

twters:  744
total:  52073

Yesterday was rough. Finding it hard to focus on things today.

@prologic@twtxt.net that I do. lol. I am xuu on hackint.org and freenode

@prologic@twtxt.net sure. I don’t use signal much because I have to disclose my personal phone. Telegram? https://www.t.me/xypheri

@xuu@txt.sour.is @prologic@twtxt.net Your feed was great for catching edge cases ;)

@prologic@twtxt.net https://github.com/JonLundy/twtxt/tree/xuu/integrate-lextwt I made a stats command for the new parser that extracts a bunch of info about a twtxt file. run like: go run ./cmd/stats https://twtxt.net/user/prologic/twtxt.txt

@prologic@twtxt.net yep!some of the lexer is directly copied from monkey-lang. love that book series.

@prologic@twtxt.net ah I need to add an edge case for naked urls with fragments.

@prologic@twtxt.net yep. it actually extracts everything at parse time. like mentions/tags/links/media. so they can be accessed and manipulated without additional parsing. it can then be output as MarkDown

@adi@twtxt.net @prologic@twtxt.net using regex. which can be a rather inexact science ;)

@prologic@twtxt.net kinda.. It can parse the twts into an AST.. but most of the formatting out expects a string to do regex over rather then the parsed AST. thats what i am working out next.

@prologic@twtxt.net as promised! https://github.com/JonLundy/twtxt/blob/xuu/integrate-lextwt/types/lextwt/lextwt_test.go#

the lexer is nearing completion.. the tough part left is rooting out all the formatting code.

@prologic@twtxt.netdd ooh I am adding that to my test suite

@prologic@twtxt.net @gareppa Tis fake.. that is the name of the tower in Die Hard. A movie that takes place on Christmas Eve. The actual name of the Nakatomi Plaza is the FOX Plaza.

@prologic@twtxt.net went over to watch this one in my home town last night. https://youtu.be/kUZB0_Jx3iE

#ChristmasLights #2020

@oevl@twtxt.net @prologic@twtxt.net (#) for the most part a subject is just the content in the perens. Usually it’s a tag. It appears near the start after any mentions. It can also contain text like (re: subjects)

@xuu@txt.sour.is yikes the style sheet for blogs needs help.

@prologic@twtxt.net (#5jqioeq) Wrote up a blog post here: https://txt.sour.is/blog/xuu/2020/12/21/twtxt-auto-discovery

New Blog Post Twtxt Auto Discovery by @xuu@txt.sour.is 📝

@deadguy @prologic@twtxt.net been stewing on a discovery proto for twtxt. support for defining multiple ways to host/mirror a twtxt file. while being low tech enough to still be scriptable with basic Unix commands.

@adi @prologic@twtxt.net I’ll give it a spin first thing in the AM

@prologic@twtxt.net when its ready.. this is still in beta.

@prologic@twtxt.net yeah it would replace rice. best part is that it’s in the go build step so you don’t need to do any prep work with make.

@prologic@twtxt.net after stewing on it. I really like the idea of a wiki. throw it on the roadmap after DMs 😆

@prologic@twtxt.net (#keh22ka) maybe a custom linking method on a pod level? like can pass a template that gets translated. ex https://{domain}/wiki/{nick}/{tag} + !somepage -> https://sour.is/wiki/xuu/somepage

So excited for Go embedded files. https://golangtutorial.dev/tips/embed-files-in-go/

@prologic@twtxt.net found it!

2020-07-25T00:52:27.000000Z a new twtxt/weewiki feature: any word starting with ‘!’ will translate to an internal weewiki reference in my HTML renderer. Example: here is my !wiki_index

@prologic@twtxt.net https://txt.sour.is/twt/cwqmygq

@prologic@twtxt.net I see them is why I ask. like here #cwqmygq they use both hashtag and bangtag?

@prologic@twtxt.net 😁 that is me testing locally. does it notify you somehow when I follow?

@prologic@twtxt.net do you have any info on how the ‘!’ tags are supposed to work? are they just a different kind of hash tag?

@prologic@twtxt.net one.. kinda sorta option would be to tailor a workflow for each of the archs.. see https://github.com/JonLundy/twtxt/runs/1568071072?check_suite_focus=true

@xuu@txt.sour.is @prologic@twtxt.net oh.. you are.. maybe i don’t understand the issue with building?

@prologic@twtxt.net have you tried using the macos github build environment? looks like they have a windows one too.

more or less. :D
what are you using to ci/cd? i dont see a travisci/circleci/etc in the repo.. i can put something together to bump the patch level on master branch merges.

There is.. but we lost the transform file to make it legible.

@prologic@twtxt.net you think its time the version to get bumped? :)

@xuu@txt.sour.is @prologic@twtxt.net had to up my twt size a bit.

@prologic@twtxt.net

-----BEGIN CRYPTUTIL ENCRYPTED MESSAGE-----
l0GwFAQpx3ed+bZlcQ+pexbynFzZOm8EI/FivGbWQ16whyTkToVv8S2GSAjrsJoT
37MdaBDpoitli/f/aP130b6O6SnK/LdHHJ1DTvWgxB14sq9b4mRtk7HvYzA=
-----END CRYPTUTIL ENCRYPTED MESSAGE-----

i have no clue how salt works :|

@xuu@txt.sour.is @prologic@twtxt.net This? Fingerprint: 161c614f08e4ed4d1c8e5410f8c457e6878574dbab7c9ac25d474de67db1bdad

@prologic@twtxt.net I use https://key.sour.is/id/me@sour.is

I would need an out-of-band way to verify your public key’s fingerprint though 🤣

@prologic@twtxt.net Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.

@prologic@twtxt.net

Can we not have clients sign their own public keys before listing them on their Pod’s account?

Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.

@prologic@twtxt.net def would be a wider discussion on preventing the pod from adding its own key to a users device list. Or using device keys to authenticate instead of user/pass.

@prologic@twtxt.net pod should probably track revocation of device keys and delete the encryptedkeys that are paired with revoked keys

@prologic@twtxt.net device gets the cypertext and uses it’s device key to decrypt one of the keys and then decrypts the cypertext.

@prologic@twtxt.net sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.

@prologic@twtxt.net for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.

i am guessing you are using some form of webmention to notify the target of the DM? which loads it into a store for the user to read?

@prologic@twtxt.net 👋 I can take a stab at it when I am done with the changes I am working on.

@prologic@twtxt.net my bad.. my next one is more fun.

@prologic@twtxt.net I see.. so using an ec25519 key as identity? and some kind of certificate to define the location of a feed? or maybe a DHT like Kademlia? TwTorrent ;)

@prologic@twtxt.net kinda like how MX records work.

@prologic@twtxt.net My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..

I have an idea of using something like SRV records where they can define weighted url endpoints to reach.

@prologic@twtxt.net just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it’s just not store anyplace?

also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.

@prologic@twtxt.net when i get the code up to a shareable level ill ping with what i have.

@prologic@twtxt.netd so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

type Twt interface {
	Twter()        Twter
	Text()         string
	MarkdownText() string
	Created()      time.Time
    ... 
}

@prologic@twtxt.net yeah I do.

It seems a bit wonky that it imports from your packages in some places. I’m guessing that’s some legacy bits that need updates?

@prologic@twtxt.net I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for ParseFile

Kinda wish types.Twt was an interface. it’s sooo close.

@lyxal@twtxt.net @prologic@twtxt.net yah. the service can have a flag for allowing non-TLS for development. but by default ignores.

are there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔

My latest work over the last few days. a twtxt parser. so far looking promising. Faster and less memory than the regex version. 😁

@prologic@twtxt.net @lyxal@twtxt.net blocking http would be a good start

@admin @lyxal@twtxt.net hax?

@prologic@twtxt.net ❤️

@prologic@twtxt.net an added benefit of the avatar: would be the user could put their gravatar/libravatar image url like https://key.sour.is/avatar/01bc6186d015218c23dec55447e502e669ca4c61c7566dfcaa1cac256108dff0

@prologic@twtxt.net Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.

New Blog Post Test Blog by @xuu@txt.sour.is 📝

@lyxal@twtxt.net @prologic@twtxt.net if we edit the txt file does it update on web?

@prologic@twtxt.net the HKP is http keyserver protocol. it’s what happens when you do gpg --send-keys

makes a POST to the keyserver with your pubkey.

@prologic@twtxt.net looking through the drafts it looks like it actually used SRV records as recently as 2018 😵

@prologic@twtxt.net Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.

it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>

@xuu@txt.sour.is With SRV you can set what hostname to be used (and port/priority/etc)

@xuu@txt.sour.is Not too happy with WKD’s use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the RFC..

Did some work on WKD handling. Can update keys with HKP posts :) Ugh need to work on docs and unit tests. Boooorrring.

Happy Friday.

@prologic@twtxt.net also :)

@adi @prologic@twtxt.net One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.

@prologic@twtxt.net @twtxt@txt.sour.is I have noticed that I will get some duplicate web mention notifications. some kind of dedup would be helpful.

@prologic@twtxt.net (#gqg3gea) ha yeah. COVID makes for a timey-wimey mish-mash. Worked on some WKD and fought with my XMPP client a bit.

@prologic@twtxt.net Herro! 👋

@prologic@twtxt.net well nice chat. it’s off to bed for me.

@prologic@twtxt.net do you think twt will ever add ActivityPub integration?

@prologic@twtxt.net Yep! installed it yesterday. I like the simplicity of twt. I am quite happy with how little memory the pod seems to use. Mastodon and the “lightweight” Pleroma don’t work well in small VMs.

@prologic@twtxt.net

That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™

i like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.

@prologic@twtxt.net huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.

@xuu@txt.sour.is @prologic@twtxt.net something that would be interesting would be libravatar for the user image. i made one that does the same for a profile cover image.

@xuu@txt.sour.is @prologic@twtxt.net The gpg command line leaves much to be desired…

@prologic@twtxt.net it is some interesting work to decentralize all the things.. tricky part is finding tooling. i am using a self hacked version of the go openpgp library. A tool to add and remove notations would need to be local since it needs your private key.

@prologic@twtxt.net this is a go version of Keyoxide.org that runs all server side. which is based on work from https://metacode.biz/openpgp/

OpenPGP has a part of the self signature reserved for notatinal data. which is basically a bunch of key/values.

this site tries to emulate the identity proofs of keybase but in a more decentralized/federation way.

my next steps are to have this project host WKD keys which is kinda like a self hosting of your pgp key that are also discoverable with http requests.

then to add a new notation for following other keys. where you can do a kind of web of trust.

This is an OpenPGP proof that connects my OpenPGP key to this Twtxt account. See https://key.sour.is/id/me@sour.is for more.

[Verifying my OpenPGP key: openpgp4fpr:20AE2F310A74EA7CEC3AE69F8B3B0604F164E04F]

@prologic@twtxt.net Oh snap. that’s what i get for copy paste! ill just have to repost and update my key.

@xuu@txt.sour.is can i notify myself?

@prologic@twtxt.net this is a very curious project. I would love to see how it manages to do its federation between pods.

hello twt!