# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 9
# self = https://watcher.sour.is/conv/v7hpcnq
prologic
twtxt.net
View Thread
Bahahahaha very clever @lyse I look forward to reading your report ! 🤣 However...


$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0


I very quickly proved that Twt was never from me 🤣
prologic
twtxt.net
View Thread
Bahahahaha very clever @lyse I look forward to reading your report ! 🤣 However...


$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0


I very quickly proved that Twt was never from me 🤣
bender
twtxt.net
View Thread
@prologic right, because it was deleted, and purged from cache, of course! Good try, mister, you are in trouble. Call the Yarn Police! 😂
prologic
twtxt.net
View Thread
@bender Bahahahahaha 🤣
prologic
twtxt.net
View Thread
@bender Bahahahahaha 🤣
aelaraji
aelaraji.com
View Thread
@prologic Care to explain how that proves anything when someone else already got the spoofed twt with no way to tell it was? can't an old twt just be deleted and give a similar result when grep-ed for?

Le me is worried! 😅
aelaraji
aelaraji.com
View Thread
@prologic Care to explain how that proves anything when someone else already got the spoofed twt with no way to tell it was? can't an old twt just be deleted and give a similar result when grep-ed for?

Le me is worried! 😅
prologic
twtxt.net
View Thread
@aelaraji No that is absolutely correct. Without cryptographic identities and signatures there is no way to verify authenticity. That is correct. And I don't think we need to necessarily. What I was just showing and proving was that I didn't write that spoofed Twt in the first place, which was only provable at the time of @lyse short-lived attack 🤣 He essentially forked yarnd, hosted it temporarily (_I think locally_) and used it to poison the caches of a few production pods.

Thankfully the gossip protocol used by yarnd as part of its "peering" between pods isn't fully trusted, twts are not archived for example into permanent storage. So the moment my pod re-fetched my own feed, the spoofed Twt was obliterated 😅

Eventual consistency 🤣
prologic
twtxt.net
View Thread
@aelaraji No that is absolutely correct. Without cryptographic identities and signatures there is no way to verify authenticity. That is correct. And I don't think we need to necessarily. What I was just showing and proving was that I didn't write that spoofed Twt in the first place, which was only provable at the time of @lyse short-lived attack 🤣 He essentially forked yarnd, hosted it temporarily (_I think locally_) and used it to poison the caches of a few production pods.

Thankfully the gossip protocol used by yarnd as part of its "peering" between pods isn't fully trusted, twts are not archived for example into permanent storage. So the moment my pod re-fetched my own feed, the spoofed Twt was obliterated 😅

Eventual consistency 🤣