aelaraji
aelaraji.com
 (41w ago)
In-reply-to » The tag URI scheme looks interesting. I like that it human read- and writable. And since we already got the timestamp in the twtxt.txt it would be somewhat trivial to parse. But there are still the issue with what the name/id should be... Maybe it doesn't have to bee that stick?

@sorenpeter@darch.dk

Also what are the change that the same human will make two different posts within the same second?!

Just out of curiosity, What would happen someday if I (maybe trolling) edit my twtxt.txt-file manually and switch/switch a couple of twt timestamps, or add in 3 different twts manually with the same time stamp?

⤋ Read More
falsifian
www.falsifian.org
 (41w ago)

@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

⤋ Read More
prx
si3t.ch
 (42w ago)

aujourd’hui, j’ai configuré un serveur caldav pour éviter les oublis de rendez-vous avec ma chérie, et j’ai configuré unbound pour qu’il fasse le résolveur DNS en même temps qu’être le point de sortie de mon VPN #wireguard. Ça traînait depuis trop longtemps. C’était pas une si mauvaise journée ^^

⤋ Read More
prx
si3t.ch
 (42w ago)

Cette nuit, j’ai rêvé de PV Nova qui reprenait RATM et modifiait très légèrement le rythme, c’était vraiment excellent. J’ai maintenant la musique dans la tête :)

⤋ Read More
github_blog
feeds.twtxt.net
 (42w ago)

Streamlining your MLOps pipeline with GitHub Actions and Arm64 runners
Explore how Arm’s optimized performance and cost-efficient architecture, coupled with PyTorch, can enhance machine learning operations, from model training to deployment and learn how to leverage CI/CD for machine learning workflows, while reducing time, cost, and errors in the process.

The post [Streamlining your MLOps pipeline with GitHub Actions and Arm64 runners](https://githu … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (42w ago)

Ford Seeks Patent For Tech That Listens To Driver Conversations To Serve Ads
Ford is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car’s historical location and other data, according to a patent application published late last month. The Record: “In one example, the controller may moni … ⌘ Read more

⤋ Read More
falsifian
www.falsifian.org
 (42w ago)
In-reply-to » @prologic Some criticisms and a possible alternative direction:

@lyse@lyse.isobeef.org This looks like a nice way to do it.

Another thought: if clients can’t agree on the url (for example, if we switch to this new way, but some old clients still do it the old way), that could be mitigated by computing many hashes for each twt: one for every url in the feed. So, if a feed has three URLs, every twt is associated with three hashes when it comes time to put threads together.

A client stills need to choose one url to use for the hash when composing a reply, but this might add some breathing room if there’s a period when clients are doing different things.

(From what I understand of jenny, this would be difficult to implement there since each pseudo-email can only have one msgid to match to the in-reply-to headers. I don’t know about other clients.)

⤋ Read More
falsifian
www.falsifian.org
 (42w ago)
In-reply-to » All this hash breakage made me wonder if we should try to introduce “message IDs” after all. 😅

@movq@www.uninformativ.de Another idea: just hash the feed url and time, without the message content. And don’t twt more than once per second.

Maybe you could even just use the time, and rely on @-mentions to disambiguate. Not sure how that would work out.

Though I kind of like the idea of twts being immutable. At least, it’s clear which version of a twt you’re replying to (assuming nobody is engineering hash collisions).

⤋ Read More
falsifian
www.falsifian.org
 (42w ago)
In-reply-to » On the Subject of Feed Identities; I propose the following:

In fact, maybe your public key idea is compatible with my last point. Just come up with a url scheme that means “this feed’s primary URL is actually a public key”, and then feed authors can optionally switch to that.

⤋ Read More
falsifian
www.falsifian.org
 (42w ago)
In-reply-to » On the Subject of Feed Identities; I propose the following:

@prologic@twtxt.net Some criticisms and a possible alternative direction:

  1. Key rotation. I’m not a security person, but my understanding is that it’s good to be able to give keys an expiry date and replace them with new ones periodically.

  2. It makes maintaining a feed more complicated. Now instead of just needing to put a file on a web server (and scan the logs for user agents) I also need to do this. What brought me to twtxt was its radical simplicity.

Instead, maybe we should think about a way to allow old urls to be rotated out? Like, my metadata could somehow say that X used to be my primary URL, but going forward from date D onward my primary url is Y. (Or, if you really want to use public key cryptography, maybe something similar could be used for key rotation there.)

It’s nice that your scheme would add a way to verify the twts you download, but https is supposed to do that anyway. If you don’t trust https to do that (maybe you don’t like relying on root CAs?) then maybe your preferred solution should be reflected by your primary feed url. E.g. if you prefer the security offered by IPFS, then maybe an IPNS url would do the trick. The fact that feed locations are URLs gives some flexibility. (But then rotation is still an issue, if I understand ipns right.)

⤋ Read More
falsifian
www.falsifian.org
 (42w ago)
In-reply-to » All this hash breakage made me wonder if we should try to introduce “message IDs” after all. 😅

@movq@www.uninformativ.de @prologic@twtxt.net Another option would be: when you edit a twt, prefix the new one with (#[old hash]) and some indication that it’s an edited version of the original tweet with that hash. E.g. if the hash used to be abcd123, the new version should start “(#abcd123) (redit)”.

What I like about this is that clients that don’t know this convention will still stick it in the same thread. And I feel it’s in the spirit of the old pre-hash (subject) convention, though that’s before my time.

I guess it may not work when the edited twt itself is a reply, and there are replies to it. Maybe that could be solved by letting twts have more than one (subject) prefix.

But the great thing about the current system is that nobody can spoof message IDs.

I don’t think twtxt hashes are long enough to prevent spoofing.

⤋ Read More
slashdot
feeds.twtxt.net
 (42w ago)

Telegram Disables ‘Misused’ Features As CEO Faces Criminal Charges
Following the arrest of its CEO Pavel Durov last month, the encrypted messaging service said it has disabled some “outdated” and “misused” features used by anonymous users. The Verge reports: The first changes to the app following his arrest in France last month affect its built-in blog posts and a “People Nearby” location-based feature. […] … ⌘ Read more

⤋ Read More
slashdot
feeds.twtxt.net
 (43w ago)

PwC ‘Tipping the Balance’ of Hybrid Working and Will Start Tracking Its Workers’ Locations
PwC has demanded staff spend less time working from home – and it’s going to start tracking their location to ensure they comply. From a report: The accountancy firm informed its 26,000 U.K. employees in a memo that from January they’ll be expected to be at their desks – or with clients – at leas … ⌘ Read more

⤋ Read More
falsifian
www.falsifian.org
 (43w ago)
In-reply-to » @movq Is there a good way to get jenny to do a one-off fetch of a feed, for when you want to fill in missing parts of a thread? I just added @slashdot to my private follow file just because @prologic keeps responding to the feed :-P and I want to know what he's commenting on even though I don't want to see every new slashdot twt.

@prologic@twtxt.net I guess I thought they were search engines. Anyway, the registry API looks like a decent one for searching for tweets. Could/should yarn.social pods implement the same API?

⤋ Read More
slashdot
feeds.twtxt.net
 (43w ago)

Bluesky Adds 2 Million New Users After Brazil’s X Ban
In the days following Brazil’s shutdown of X, the decentralized social networking startup Bluesky added over 2 million new users, up from just half a million as of Friday. “This rapid growth led some users to encounter the occasional error that would state there were ‘Not Enough Resources’ to handle requests, as Bluesky engineers scrambled to keep the servers stable un … ⌘ Read more

⤋ Read More