mckinley

twtxt.net

A guy on the internet. https://mckinley.cc/

Recent twts from mckinley

Can anyone recommend a decent Android ROM that strips out as much of the spyware as possible? Is GrapheneOS a good option? I need to get a new phone anyway so I don’t mind buying within a supported device list as long as I can get one on the used market for $300-$400 or less.

If anyone could recommend some learning resources for this stuff I’d really appreciate it.

⤋ Read More
In-reply-to » The tag URI scheme looks interesting. I like that it human read- and writable. And since we already got the timestamp in the twtxt.txt it would be somewhat trivial to parse. But there are still the issue with what the name/id should be... Maybe it doesn't have to bee that stick?

@sorenpeter@darch.dk All valid points. Maybe the correct way to do it should be to start a new feed at the new URL rather than move the feed and break all the hashes.

⤋ Read More
In-reply-to » @sorenpeter

@aelaraji@aelaraji.com

switch a couple of twt timestamps

The hashes would change and your posts would become detached from their replies. Clients might still have the old one cached, so you might just create a duplicate without replies depending on an observer’s client.

add in 3 different twts manually with the same time stamp

The existing hash system should be able to keep them separate as long as the content is different. I’m not sure if there are additional implementation-related caveats there.

⤋ Read More
In-reply-to » The tag URI scheme looks interesting. I like that it human read- and writable. And since we already got the timestamp in the twtxt.txt it would be somewhat trivial to parse. But there are still the issue with what the name/id should be... Maybe it doesn't have to bee that stick?

@sorenpeter@darch.dk That could work. There are a few things that jump out at me.

  1. Nicknames on twtxt have historically been set on the client end. The nick metadata field is an optional add-on to the spec. I’m not sure it should be in the reply tag because it could differ between clients.
  2. URLs are safer to use, and we use them in the hash currently, but they can still change and we’re back to square 1. Feeds ought to have some kind of persistent identifier for this reason, which is why we’ve been discussing cryptographic keys and tag URIs in the first place.
  3. The current twt hash spec mandates collapsing the timestamp to seconds precision. If those rules are kept, two posts made within the same second will not be separate when someone replies.

⤋ Read More
In-reply-to » @prologic Some criticisms and a possible alternative direction:

@falsifian@www.falsifian.org TLS won’t help you if you change your domain name. How will people know if it’s really you? Maybe that’s not the biggest problem for something with such low stakes as twtxt, but it’s a reasonable concern that could be solved using signatures from an unchanging cryptographic key.

This idea is the basis of Nostr. Notes can be posted to many relays and every note is signed with your private key. It doesn’t matter where you get the note from, your client can verify its authenticity. That way, relays don’t need to be trusted.

⤋ Read More
In-reply-to » @prologic Some criticisms and a possible alternative direction:

@falsifian@www.falsifian.org

Key rotation

Key rotation is useful for security reasons, but I don’t think it’s necessary here because it’s only used for verifying one’s identity. It’s no different (to me) than Nostr or a cryptocurrency. You change your key, you change your identity.

It makes maintaining a feed more complicated.

This is an additional step that you’d have to perform, but I definitely wouldn’t want to require it for compatibility reasons. I don’t see it as any more complicated than computing twt hashes for each post, which already requires you to have a non-trivial client application.

Instead, maybe…allow old urls to be rotated out?

That could absolutely work and might be a better solution than signatures.

HTTPS is supposed to do [verification] anyway.

TLS provides verification that nobody is tampering with or snooping on your connection to a server. It doesn’t, for example, verify that a file downloaded from server A is from the same entity as the one from server B.

feed locations [being] URLs gives some flexibility

It does give flexibility, but perhaps we should have made them URIs instead for even more flexibility. Then, you could use a tag URI, urn:uuid:*, or a regular old URL if you wanted to. The spec seems to indicate that the url tag should be a working URL that clients can use to find a copy of the feed, optionally at multiple locations. I’m not very familiar with IP{F,N}S but if it ensures you own an identifier forever and that identifier points to a current copy of your feed, it could be a great way to fix it on an individual basis without breaking any specs :)

⤋ Read More
In-reply-to » On the Subject of Feed Identities; I propose the following:

My first thought when reading this was to go to my typical response and suggest we use Nostr instead of introducing cryptography to Twtxt. The more I thought about it, however, the more it made sense.

  1. It solves the problem elegantly, because the feed can move anywhere and the twt hashes will remain the same.
  2. It provides proof that a post is made by the same entity as another post.
  3. It doesn’t break existing clients.
  4. Everyone already has SSH on their machine, so anyone creating feeds manually could adopt this easily.

There are a couple of elephants in the room that we ought to talk about.

  1. Are SSH signatures standardized and are there robust software libraries that can handle them? We’ll need a library in at least Python and Go to provide verified feed support with the currently used clients.
  2. If we all implemented this, every twt hash would suddenly change and every conversation thread we’ve ever had would at least lose its opening post.

⤋ Read More
In-reply-to » Bluesky Adds 2 Million New Users After Brazil's X Ban In the days following Brazil's shutdown of X, the decentralized social networking startup Bluesky added over 2 million new users, up from just half a million as of Friday. "This rapid growth led some users to encounter the occasional error that would state there were 'Not Enough Resources' to handle requests, as Bluesky engineers scrambled to keep the servers stable un ... ⌘ Read more

@prologic@twtxt.net It’s pretty hard, actually. There will either be more friction than people will accept (BitTorrent) or it won’t be decentralized in practice (LBRY/Odysee).

@bender@twtxt.net , do you depend on first-party Bluesky servers for the client application?

⤋ Read More