@prologic@twtxt.net earlier you suggested extending hashes to 11 characters, but here’s an argument that they should be even longer than that.

Imagine I found this twt one day at https://example.com/twtxt.txt :

2024-09-14T22:00Z Useful backup command: rsync -a “$HOME” /mnt/backup

Image

and I responded with “(#5dgoirqemeq) Thanks for the tip!”. Then I’ve endorsed the twt, but it could latter get changed to

2024-09-14T22:00Z Useful backup command: rm -rf /some_important_directory

Image

which also has an 11-character base32 hash of 5dgoirqemeq. (I’m using the existing hashing method with https://example.com/twtxt.txt as the feed url, but I’m taking 11 characters instead of 7 from the end of the base32 encoding.)

That’s what I meant by “spoofing” in an earlier twt.

I don’t know if preventing this sort of attack should be a goal, but if it is, the number of bits in the hash should be at least two times log2(number of attempts we want to defend against), where the “two times” is because of the birthday paradox.

Side note: current hashes always end with “a” or “q”, which is a bit wasteful. Maybe we should take the first N characters of the base32 encoding instead of the last N.

Code I used for the above example: https://fossil.falsifian.org/misc/file?name=src/twt_collision/find_collision.c
I only needed to compute 43394987 hashes to find it.

This happened yesterday:

The first give away is the sender, sendgrid@autovitalsinc.com. Not Sengrid. Now, check the URL on the link provided to check the account activity:

https://u906946.ct.sendgrid.net/ls/click?upn=u001.eXk7eIEvNT22LuyWQ0fseoc5VY1jItvxPoavh2wfNVs292YMzvTAPj5D6nek1U6K7UfW_AsM5Hq3TBeAGlZrT-2F3g23iWCcJRPGZ-2B58DJxpgMgOTjgWklNQiAdGiHqmR6FFVhfWZJhnu1PSRslMuKGg1XNZs5e1lGu8kmdKhv7otlghl6qLMXiiXYZcvaUB5NruWwSBFcLdvi31NY-2Fru5oyrcrugm2iLYA0u5TiufyvA7SNTo3sDHx6WtS-2FmfEyN2svb9k1S4QGRFhuDseidMiFm0f9Q-3D-3D

I was curious, so I follow it on my dedicated VM for these kind of things. It took me to a page looking exactly like a Sendgrid login, with a sendgrid.net URL. Upon entering yourmotherisahamster@gmail.com, as username, and yourfathersmellsofelderberries as password, it sent me to https://screenprank.com/gandalf/.

It was well done. This morning the same link renders a blank page with a “Not found” link that takes you to a 404. Hmm…

I’m out of shape. I decided to walk up the local mountain to watch the sunset, but I arrived five minutes late, even though I sped up at the end. Should have started my journey ten or fifteen minutes earlier. I saw the setting sun at foot, but the photos were total disasters.

On the way there I picked two handful of blackberries in the forest. Delicious!

Today was the second time in my life that I saw a grass snake in the wild. They can easily be recognized by the yellow “ears”. Unfortunately, this one was run over. :-( But I jumped at the opportunity to photograph it as it didn’t escape in a fraction of a second like my first encounter three years ago. Still, poor fellow. :-(

Image

On the way home, a deer jumped out of the brush in front of me and headed down the forest road before it went back in the other side. As always, that’s nice.

I also had to slow down a bunch of times because of frogs or toads on the paths. Not sure which ones, it was already after dark. I guesstimate it must have been 60-70 amphibians in total, maybe more. Some of them did not move to the wayside but rather into the middle of the track, right in front of me. Crazy suicide frogs! There were four reeeeaaaallly close calls. I could just avoid stepping on them after they tried to hop right under my boot. Not a centimeter to spare. No toads were harmed during my trip. Phew!

Once I had to stop completely because of the large activity ahead of me. A larger (about the size of half a palm) individual surrounded my foot and then jumped against my heel. Twice! What the heck!? :-D But suuuper cool experience. I’m very glad I actually went out. Totally worth it. I met so many amazing animals. Don’t care about the missed sunset a single bit.

Love the program James has given me, I just edited some 40 webpages from junk viewing to nice, in a few minutes per edit, as shown in the two programs both running in Windows Mode.

On the left is directly to the Webserver files On the right is the webpage running over the www

Really nice and easy to navigate.

Image

Finally fixed so that usernames mentioned in a post shows up as @user , and not with brackets and twtxt file url, looks so much better now! One thing I want to focus on next - is handling replies to a status, that will make it much easier to follow a conversation.

How China Became the World’s Leader on Renewable Energy
ISABEL HILTON,  Contributing Writer  -  Yale 360

Stephan: The Chinese still have a lot of problems, some of which are outlined in this article, but they get very clearly the importance of moving their culture out of the carbon energy era.

Image

Last November, Chinese climate envoy Xie Zhenhua and U.S. climate envoy … ⌘ Read more

Wut?

Helium Synthesis
⌘ Read more

本届奥运会上有没有人完成，足以吊打一个时代的成就？
这是一张有味道的动图，眼前这位身形如同巨石一般的男人，正在闻他刚脱下来的鞋。

Image

可以看到后面的观众在给他鼓掌。

这一套看着十分怪异的举动，被他以一种庄严肃穆的态度完成。

不了解的内情的人会觉得这无非是巴黎奥运会上抽象的一幕，了解内情的人恐怕会认为这一幕满含着深情，苦涩，以及崇敬。

在这一幕发生之前，此人刚刚战胜了智利运动员亚斯马尼·阿科斯塔，成为了本届奥运会130公斤级古典式摔跤男子冠军。

一次冠军而已，至于吗？

你说得对，一次也许不至于，那如果是五次呢？

![](https://pica.zhimg.com/v2-6311480aa3af4a045dc62d7d7f90928a_720w.jpg?source=b1 … ⌘ Read more

The XMPP Standards Foundation: The XMPP Newsletter July 2024

Image

XMPP Newsletter Banner

Welcome to the XMPP Newsletter, great to have you here again!
This issue covers the month of July 2024.

XSF Announcements

If you are interested to join the XMPP Standards Foundation as a member, please apply until August 18th, 2024!.

XMPP and Google Summer of Code 2024

… ⌘ Read more

📣 NEW: Added a new feature for pod operators to optionally configure. Compact Front Page.

When enabled will display only one post per feed on the unauthenticated Discover view (the front page).

Network Configuration
⌘ Read more

Kurzkritik Türkei gegen Georgien: Packender Wassersport

Image

Bei der Menge an EM-Spielberichten kommt man gar nicht mehr hinterher mit dem Lesen. Besser: Die taz-Kurzkritik – das ganze Spiel in nur drei Sätzen. mehr… ⌘ Read more

Not sure what’s going on here though (happened even before I updated my pod just before, but just noticed it this evening). Posts do get added, but get a 404 after hitting the submit…

Image

“Лацио” назначи нов треньор

Image

“Лацио” назначи Марко Барони на поста старши треньор, потвърдиха от италианския клуб във вторник. 60-годишният специалист ще започне да работи при “орлите” от 1 юли, а договорът между двете страни е дългосрочен.
За последно Барони работи във “Верона”. През миналата седмица “Лацио” се раздели с Игор Тудор, след само три месеца работа при столичани ⌘ Read more

Top Stories: WWDC Schedule, iOS 18 Rumors, and Beats Solo Buds Release Date
WWDC month is here! Rumors about what we may see at Apple’s annual developer conference have been building for months, and now we’re just days away from the keynote event where Apple will unveil what it has in store for iOS 18, macOS 15, and more.

Image

Apple’s Beats brand also has some new products that should be launching shortly, while Apple has fi … ⌘ Read more

nextvi for plan9 beta (https://adi.onl/nextvi.tgz), if interested please consider donating to my future https://openbsd.amsterdam/ Plan 9 virtual machine. (target is 127 €)

https://www.paypal.com/donate/?hosted_button_id=7QXC2F3ANCDC2

I guess I’m not missing my GUI Web Browser yet. In fact, I think I’m enjoying this. 😆

Image

I might even drop to TTY to try stuff I read about earlier today.