i kinda click a yarn then a fork and the back button. i have to do a few goes before it does it.
its replacing the contents of body for some reason.
@prologic@twtxt.net Hi. i have noticed sometimes when i hit the back button i lose all the surrounding layout and just have a list of twts.
Oh. looks like its 4 chars. git show 64bf
@prologic@twtxt.net where was that idea?
i feel like we should isolate a subset of markdown that makes sense and built it into lextwt. it already has support for links and images. maybe basic formatting bold, italic. possibly block quote and bullet lists. no tables or footnotes
the stem matching is the same as how GIT does its branch hashes. i think you can stem it down to 2 or 3 sha bytes.
if a client sees someone in a yarn using a byte longer hash it can lengthen to match since it can assume that maybe the other client has a collision that it doesnt know about.
@prologic@twtxt.net the basic idea was to stem the hash.. so you have a hash abcdef0123456789... any sub string of that hash after the first 6 will match. so abcdef, abcdef012, abcdef0123456 all match the same. on the case of a collision i think we decided on matching the newest since we archive off older threads anyway. the third rule was about growing the minimum hash size after some threshold of collisions were detected.
There is nothing wrong with how we currently run a diff to see what has been removed. if i build a merkle tree off all the twt hashes in a feed i can use that to verify a twt should be in a feed or not. and gossip that to my peers.
So.. basically a rehash of the email “unsend” requests? What if i was to make a (delete: 5vbi2ea) .. would it delete someone elses twt?
isn’t the benefit of blake2b that it is a more efficient algo than sha1 and has the same or similar entropy to sha3? i thought we had partially solved this with some type of expanding hash size? additionally we could increase bit density by using base36 or base64/url-safe…
you can just have a web address.. i added mine.. though i think they have changed up the protocol so my key doesn’t seem to work anymore. https://key.sour.is/id/me@sour.is
@prologic@twtxt.net a signature IS encryption in reverse. If my private key becomes compromised then they can impersonate me. Being able to manage promotion and revocation of keys needed even in a system where its used for just signatures.
@sorenpeter@darch.dk There was a client that would generate a unique hash for each twt. It didn’t get wide adoption.
@prologic@twtxt.net identity and content integrity are two different problems.
Key rotation is a very important feature in a system like this.
the right way to solve this is to use public/private key(s) where you actually have a public key fingerprint as your feed’s unique identity that never changes.
i would rather it be a random value signed by a key. That way the key can change but the value stays the same.
Interesting.. QUIC isn’t very quick over fast internet.
QUIC is expected to be a game-changer in improving web application performance. In this paper, we conduct a systematic examination of QUIC’s performance over high-speed networks. We find that over fast Internet, the UDP+QUIC+HTTP/3 stack suffers a data rate reduction of up to 45.2% compared to the TCP+TLS+HTTP/2 counterpart. Moreover, the performance gap between QUIC and HTTP/2 grows as the underlying bandwidth increases. We observe this issue on lightweight data transfer clients and major web browsers (Chrome, Edge, Firefox, Opera), on different hosts (desktop, mobile), and over diverse networks (wired broadband, cellular). It affects not only file transfers, but also various applications such as video streaming (up to 9.8% video bitrate reduction) and web browsing. Through rigorous packet trace analysis and kernel- and user-space profiling, we identify the root cause to be high receiver-side processing overhead, in particular, excessive data packets and QUIC’s user-space ACKs. We make concrete recommendations for mitigating the observed performance issues.
So this is a great thread. I have been thinking about this too.. and what if we are coming at it from the wrong direction? Identity being tied to a given URL has always been a pain point. If i get a new URL its almost as if i have a new identity because not only am I serving at a new location but all my previous communications are broken because the hashes are all wrong.
What if instead we used this idea of signatures to thread the URLs together into one identity? We keep the URL to Hash in place. Changing that now is basically a no go. But we can create a signature chain that can link identities together. So if i move to a new URL i update the chain hosted by my primary identity to include the new URL. If i have an archived feed that the old URL is now dead, we can point to where it is now hosted and use the current convention of hashing based on the first url:
The signature chain can also be used to rotate to new keys over time. Just sign in a new key or revoke an old one. The prior signatures remain valid within the scope of time the signatures were made and the keys were active.
The signature file can be hosted anywhere as long as it can be fetched by a reasonable protocol. So say we could use a webfinger that directs to the signature file? you have an identity like frank@beans.co that will discover a feed at some URL and a signature chain at another URL. Maybe even include the most recent signing key?
From there the client can auto discover old feeds to link them together into one complete timeline. And the signatures can validate that its all correct.
I like the idea of maybe putting the chain in the feed preamble and keeping the single self contained file.. but wonder if that would cause lots of clutter? The signature chain would be something like a log with what is changing (new key, revoke, add url) and a signature of the change + the previous signature.
# chain: ADDKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: ADDURL https://txt.sour.is/user/xuu
# sig: BEGIN SALTPACK SIGNED MESSAGE. ...
# chain: REVKEY kex14zwrx68cfkg28kjdstvcw4pslazwtgyeueqlg6z7y3f85h29crjsgfmu0w
# sig: ...
anything with McKinsey on it just means finding reasons to fire staff.
its sad all the links off that page are broken.
UGT timezone. Morning is when you arrive. Night is when you leave.
@bender@twtxt.net and I saw some conspiracy theory that he knew he was going to be arrested. He was working with French intelligence on a plea deal to defect. And now Russia is freaking out that Ukraine allies can have war comms access.
Yikes! If only they had salty.im!
I am just finding out its founded by a Russian national?
oh dang. i think thats the go path not the github path.. missing the branch name. here is the pkg one: https://pkg.go.dev/github.com/quic-go/quic-go/http3
i think maybe they got her to add a forward number for sms and used that to activate on another device..
Its supposed to be tied to your phone number.. but they managed to get it activated on a different device some how. /shrug
@prologic@twtxt.net I think it was some mix of phish and social engineering. She didn’t have the multifactor enabled. But i think she had clicked a message that had a fake login. She talked to someone on a phone and they made her do some things.
I never got the whole story of how it happened.
@movq@www.uninformativ.de pleas no.
My wifes mom nearly got her account fully taken over by some hacker. They were able to get control and change password but I was able to get it recovered before they could get the phone number reset. They sent messages to all her contacts to send cash.
for http3 there is
from my understanding.. i don’t know how the multiplexing works when its being proxied through another server. I know go has support for it if you call it out directly. https://pkg.go.dev/golang.org/x/net/http2
HTTP/2 differs from 1.x by becoming a binary protocol, it also multiplexes multiple channels over the same connection and has the ability to prefetch related content to the browser to lower the perceived latency.
HTTP/3 moves the binary protocol from HTTP/2 over to QUIC which is based on UDP instead of TCP. This makes it better suited to mobile or unstable networks where handling of transmission errors can be handled at a higher level.
Its like old school TV but with youtube videos. Each channel has a subject and the channels play in a sort of realtime. so no going forward or back. Perfect for channel surfing.
With that Heat and more energy to create preasure you can create Coal! The circle is now complete.
@prologic@twtxt.net +1 for FrankenPHP. And built into caddy is also swell.
Wut?
yeah its the same dude.
This project is verrrry alpha. all the configuration is literally in the code.
Kinda cool tool for bringing together all your timeline based data across socials.
[fixed]
[foo] foo ?
@movq@www.uninformativ.de my bad man. I left off a return in the formatter func. I have a PR to fix waiting on @prologic@twtxt.net
@lyse@lyse.isobeef.org wow on my browser it shows up as all stars! •••••••
its not remote… though its on a mountain side where the land grants allowed monopolies to occur. Pretty wild that it happened but only specific vendors have utility right of ways. Its been in litigation with the city for years.
@bender@twtxt.net haha funny! though i just realized my ISP is the only one with fiber pulled to the property so i would have to get a phone line from them some how. The other ISP in the area is basically a mobile hotspot.
We received the abuse report below regarding network abuse from the IP address indicated.
On researching I see that HTTPS (tcp 443) traffic is continuing and originating from you NAT IP address 100.64.x.x
This was further found to be originating from your firewall/router at 192.168.x.x (MAC D8:58:D7:x:x:x).
This abuse is continuing and constitues a violation of [ISP] Acceptable Use Policy and Terms of Service.
Please take action to identify the source of the abuse and prevent it from continuing.
Failure to stop the abuse may result in suspension or cancellation of service.Thank you,
he emailed my ISP about causing logging abuse. This is the only real ISP in my area, its gonna basically send me back to dialup.
Hey so.. i just got an email from my ISP saying they will terminate my service. Did i break something @abucci@anthony.buc.ci ?
i imagine this is the agreement that the lower plebs are stuck in. Larger enterprise accounts wont fall under these agreements. When I worked a hospital we would get agreements like this with contracts and the legal would line out things like this add new language and send them back.
@prologic@twtxt.net Yeah that is probably what was happening. I wish that go build could embed the values that go install does.
I havnt seen any emails about the outage at work. I know i have the mac crowdstrike client though. My buddy that works at a hospital says they wernt affected.
I feel like complexity is measured differently at different levels of a project..
- at the function level you use cyclomatic complexity or how many branches internally and how much you need to keep in mind as it calls out to other functions.
- at a file/module level is a balance of the module doing too much against being so granular that you have cross dependency across modules. I have trouble with keeping things dry at this level because it can lead to parts being so abstract or generalized that it adds complexity.
- at a project level i suppose its a matter of how coupled things are across sub-modules.
@prologic@twtxt.net hey testing a rebuild of yarnd
The delete twt is not working.
What the heck? Mentioning is busted too?
The delete button doesn’t work either.. @prologictwtxt.net?
So updated. Seems to duplicate here in the ui. And what is this “Read More” on every twt now?
@prologic@twtxt.net Well ain’t that grand? I’ll get it updated.
@prologic@twtxt.net Well ain’t that grand? I’ll get it updated
Here has been north of 38C all week. Its pretty ick. I would love a bit of rain to cool down.
it works fine if you properly escape your urls!
URIs include components and subcomponents that are delimited by
characters in the "reserved" set. These characters are called
"reserved" because they may (or may not) be defined as delimiters by
the generic syntax, by each scheme-specific syntax, or by the
implementation-specific syntax of a URI's dereferencing algorithm.
If data for a URI component would conflict with a reserved
character's purpose as a delimiter, then the conflicting data must be
percent-encoded before the URI is formed.
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
@bender@twtxt.net https://x.com/mortenjust/status/1805190952358650251
@bender@twtxt.net He is running on the latest macbook pro with 128G memory. though the chrome app seems to be sitting at 125MB. i am a bit suspicious about that stat since we dont see all the worker threads and he is currently sitting on 40GB of non cache ram.
Google Chrome will have Gemini LLM built into the browser.
Testing something.. can someone mention me in a twt?
@prologic@twtxt.net on the the timeline with mentions filter I missing the latest mention that comes up in the mentions page.
Oh.. And you are mentioning my dev instance here 😄
Also.. why different?
@prologic@twtxt.net how do i enable htmx? i built latest main
🥳 NEW FEED: @marado@ciberlandia.pt
Probably the @ after the < is causing it to break out
@movq@www.uninformativ.de Product activation? Oh.. I never had to deal with that. I always had the CD-R XP Pro version with the enterprise key written in sharpie that my brother got somehow.
@anth@a.9srv.net If you can find a UL 150 certified media safe it should stay at or below 150°F which should protect tape, CDs, etc.
@movq@www.uninformativ.de Just don’t install windows 11. I believe XP is peak Windows OS anyhow.
We should hold one when it is 4AM for prologic :D
so still 6AM MDT? oof
Its quite nice. I have been half tempted to make a twtxt client with it
@shreyan@twtxt.net first you must clearly explain what a monad is.
@prologic@twtxt.net because the downside of over-leveraging yourself is you lose your house.. or more.
in the matter of political voice in the US money is speech and therefore companies use their “free speech” to donate and gain access to politicians. Therefore companies are people. Thanks a lot “citizens united”
it is an addon in the download tool. Or you can use xcaddy to build it in.
its a notebook tool like evernote. @sorenpeter@darch.dk linked it above: https://joplinapp.org/
and you can even mount it on windows/linux/os x!
password is generated using caddy hash-password
https://dav.sour.is {
tls jon@xuu.cc
basicauth /xuu {
xuu $2a$...
}
webdav * {
root /var/www/dav
}
}
yup! just need to add the webdav extension and configure it up a path and user/pass. caddy handles everything else.
UDF is where its at. Not some silly red or blue book that cant even have more than 8+3 filenames!
@mckinley@twtxt.net its hosted on the mini at home and ingress is handled through my MTR vm.
@mckinley@twtxt.net for me:
- a wall mount 6U rack which has:
- 1U patch panel
- 1U switch
- 2U UPS
- 1U server, intel atom 4G ram, debian (used to be main. now just has prometheus)
- 1U patch panel
- a mini ryzon 16 core 64G ram, fedora (new main)
- multiple docker services hosted.
- multiple docker services hosted.
- synology nas with 4 2TB drives
- turris omnia WRT router -> fiber uplink
network is a mix of wireguard, zerotier.
- wireguard to my external vms hosted in various global regions.
- this allows me ingress since my ISP has me behind CG-NAT
- this allows me ingress since my ISP has me behind CG-NAT
- zerotier is more for devices for transparent vpn into my network
i use ssh and remote desktop to get in and about. typically via zerotier vpn. I have one of my VMs with ssh on a backup port for break glass to get back into the network if needed.
everything has ipv6 though my ISP does not provide it. I have to tunnel it in from my VMs.
@bender@twtxt.net It is the new “politically correct”. Something that was used to describe acting in a more civilized way with one another. Turned into a scapegoat for the other side to label, demonize, and attack.
My email is such a cluster of noise. The only time i actually use it is to find out I have to do my security training or something. All communication is slack now days.
well @username@username rather…