# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 1328
# self = https://watcher.sour.is?uri=https://txt.sour.is/user/xuu/twtxt.txt&offset=119
# next = https://watcher.sour.is?uri=https://txt.sour.is/user/xuu/twtxt.txt&offset=219
# prev = https://watcher.sour.is?uri=https://txt.sour.is/user/xuu/twtxt.txt&offset=19
xuu
txt.sour.is
View Thread
@prologic I use https://key.sour.is/id/me@sour.is

> I would need an out-of-band way to verify your public key’s fingerprint though 🤣
xuu
txt.sour.is
View Thread
@prologic I use https://key.sour.is/id/me@sour.is

> I would need an out-of-band way to verify your public key’s fingerprint though 🤣
xuu
txt.sour.is
View Thread
@prologic Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.
xuu
txt.sour.is
View Thread
@prologic Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.
xuu
txt.sour.is
View Thread
@prologic
> Can we not have clients sign their own public keys before listing them on their Pod’s account?

Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
xuu
txt.sour.is
View Thread
@prologic \n> Can we not have clients sign their own public keys before listing them on their Pod’s account?\n\nYeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
xuu
txt.sour.is
View Thread
@prologic
> Can we not have clients sign their own public keys before listing them on their Pod’s account?

Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
xuu
txt.sour.is
View Thread
@prologic def would be a wider discussion on preventing the pod from adding its own key to a users device list. Or using device keys to authenticate instead of user/pass.
xuu
txt.sour.is
View Thread
@prologic def would be a wider discussion on preventing the pod from adding its own key to a users device list. Or using device keys to authenticate instead of user/pass.
xuu
txt.sour.is
View Thread
@prologic pod should probably track revocation of device keys and delete the encryptedkeys that are paired with revoked keys
xuu
txt.sour.is
View Thread
@prologic pod should probably track revocation of device keys and delete the encryptedkeys that are paired with revoked keys
xuu
txt.sour.is
View Thread
@prologic device gets the cypertext and uses it's device key to decrypt one of the keys and then decrypts the cypertext.
xuu
txt.sour.is
View Thread
@prologic device gets the cypertext and uses it's device key to decrypt one of the keys and then decrypts the cypertext.
xuu
txt.sour.is
View Thread
@prologic sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.
xuu
txt.sour.is
View Thread
@prologic sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.
xuu
txt.sour.is
View Thread
@prologic for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.
xuu
txt.sour.is
View Thread
@prologic for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.
xuu
txt.sour.is
View Thread
i am guessing you are using some form of webmention to notify the target of the DM? which loads it into a store for the user to read?
xuu
txt.sour.is
View Thread
i am guessing you are using some form of webmention to notify the target of the DM? which loads it into a store for the user to read?
xuu
txt.sour.is
View Thread
@prologic 👋 I can take a stab at it when I am done with the changes I am working on.
xuu
txt.sour.is
View Thread
@prologic 👋 I can take a stab at it when I am done with the changes I am working on.
xuu
txt.sour.is
View Thread
@prologic my bad.. my next one is more fun.
xuu
txt.sour.is
View Thread
@prologic my bad.. my next one is more fun.
xuu
txt.sour.is
View Thread
@prologic I see.. so using an ec25519 key as identity? and some kind of certificate to define the location of a feed? or maybe a DHT like Kademlia? TwTorrent ;)
xuu
txt.sour.is
View Thread
@prologic I see.. so using an ec25519 key as identity? and some kind of certificate to define the location of a feed? or maybe a DHT like Kademlia? TwTorrent ;)
xuu
txt.sour.is
View Thread
@prologic kinda like how MX records work.
xuu
txt.sour.is
View Thread
@prologic kinda like how MX records work.
xuu
txt.sour.is
View Thread
@prologic My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..

I have an idea of using something like SRV records where they can define weighted url endpoints to reach.
xuu
txt.sour.is
View Thread
@prologic My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..

I have an idea of using something like SRV records where they can define weighted url endpoints to reach.
xuu
txt.sour.is
View Thread
@prologic My thoughts on it being if they switched from a different way of hosting the file or multiple locations for redundancy..\n\nI have an idea of using something like SRV records where they can define weighted url endpoints to reach.
xuu
txt.sour.is
View Thread
@prologic just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it's just not store anyplace?

also how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.
xuu
txt.sour.is
View Thread
@prologic just an off the wall question about hashes. why not use the time+message as it was in the original twtxt.txt file? is it because it's just not store anyplace?\n\nalso how set in stone is using user+url? vs user@domain? the latter would mean the url could change without invalidating the hash.
xuu
txt.sour.is
View Thread
@prologic when i get the code up to a shareable level ill ping with what i have.
xuu
txt.sour.is
View Thread
@prologic when i get the code up to a shareable level ill ping with what i have.
xuu
txt.sour.is
View Thread
@prologic so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

o
type Twt interface {
\tTwter()        Twter
\tText()         string
\tMarkdownText() string
\tCreated()      time.Time
    ... 
}
xuu
txt.sour.is
View Thread
@prologic so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

o
type Twt interface {
	Twter()        Twter
	Text()         string
	MarkdownText() string
	Created()      time.Time
    ... 
}
xuu
txt.sour.is
View Thread
@prologic so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.

o
type Twt interface {
	Twter()        Twter
	Text()         string
	MarkdownText() string
	Created()      time.Time
    ... 
}
xuu
txt.sour.is
View Thread
@prologic so.. convert the 4 attributes in the struct to private, add getters plus some the other methods that make sense.\n\n
o
type Twt interface {
\tTwter()        Twter
\tText()         string
\tMarkdownText() string
\tCreated()      time.Time
    ... 
}
xuu
txt.sour.is
View Thread
@prologic yeah I do.

It seems a bit wonky that it imports from your packages in some places. I'm guessing that's some legacy bits that need updates?
xuu
txt.sour.is
View Thread
@prologic yeah I do. \n\nIt seems a bit wonky that it imports from your packages in some places. I'm guessing that's some legacy bits that need updates?
xuu
txt.sour.is
View Thread
@prologic yeah I do.

It seems a bit wonky that it imports from your packages in some places. I'm guessing that's some legacy bits that need updates?
xuu
txt.sour.is
View Thread
@prologic I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for [ParseFile](https://github.com/jointwt/twtxt/blob/master/internal/twt.go#)

Kinda wish [types.Twt](https://github.com/jointwt/twtxt/blob/master/types/twt.go#) was an interface. it's sooo close.
xuu
txt.sour.is
View Thread
@prologic I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for [ParseFile](https://github.com/jointwt/twtxt/blob/master/internal/twt.go#) \n\nKinda wish [types.Twt](https://github.com/jointwt/twtxt/blob/master/types/twt.go#) was an interface. it's sooo close.
xuu
txt.sour.is
View Thread
@prologic I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for ParseFile](https://github.com/jointwt/twtxt/blob/master/internal/twt.go# https://txt.sour.is/search?tag=L284>) \n\nKinda wish types.Twt](https://github.com/jointwt/twtxt/blob/master/types/twt.go# https://txt.sour.is/search?tag=L53>) was an interface. it's sooo close.
xuu
txt.sour.is
View Thread
@prologic I have some ideas to improve on twtxt. figure I can contribute some. 😁 bit more work and it will almost be a drop in replacement for [ParseFile](https://github.com/jointwt/twtxt/blob/master/internal/twt.go#)

Kinda wish [types.Twt](https://github.com/jointwt/twtxt/blob/master/types/twt.go#) was an interface. it's sooo close.
xuu
txt.sour.is
View Thread
@lyxal @prologic yah. the service can have a flag for allowing non-TLS for development. but by default ignores.

are there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔
xuu
txt.sour.is
View Thread
@lyxal @prologic yah. the service can have a flag for allowing non-TLS for development. but by default ignores.

are there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔
xuu
txt.sour.is
View Thread
@lyxal @prologic yah. the service can have a flag for allowing non-TLS for development. but by default ignores. \n\nare there some users that use alternative protos for twtxt? like ftp/gopher/dnsfs 🤔
xuu
txt.sour.is
View Thread
My latest work over the last few days. a twtxt parser. so far looking promising. Faster and less memory than the regex version. 😁
xuu
txt.sour.is
View Thread
@prologic @lyxal blocking http would be a good start
xuu
txt.sour.is
View Thread
@prologic @lyxal blocking http would be a good start
xuu
txt.sour.is
View Thread
@admin @lyxal hax?
xuu
txt.sour.is
View Thread
@admin @lyxal hax?
xuu
txt.sour.is
View Thread
@prologic ❤️
xuu
txt.sour.is
View Thread
@prologic ❤️
xuu
txt.sour.is
View Thread
@prologic an added benefit of the avatar: would be the user could put their gravatar/libravatar image url like https://key.sour.is/avatar/01bc6186d015218c23dec55447e502e669ca4c61c7566dfcaa1cac256108dff0
xuu
txt.sour.is
View Thread
@prologic an added benefit of the avatar: would be the user could put their gravatar/libravatar image url like https://key.sour.is/avatar/01bc6186d015218c23dec55447e502e669ca4c61c7566dfcaa1cac256108dff0
xuu
txt.sour.is
View Thread
@prologic Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.
xuu
txt.sour.is
View Thread
@prologic Could the config be embeded into the head comment of the twtxt.txt file and parsed out? If it also had an avatar: field that pointed to where the avatar image is located it can be almost all self contained.
xuu
txt.sour.is
View Thread
New Blog Post Test Blog by @xuu 📝
xuu
txt.sour.is
View Thread
New Blog Post Test Blog by @xuu 📝
xuu
txt.sour.is
View Thread
@lyxal @prologic if we edit the txt file does it update on web?
xuu
txt.sour.is
View Thread
@lyxal @prologic if we edit the txt file does it update on web?
xuu
txt.sour.is
View Thread
@prologic the HKP is http keyserver protocol. it's what happens when you do gpg --send-keys

makes a POST to the keyserver with your pubkey.
xuu
txt.sour.is
View Thread
@prologic the HKP is http keyserver protocol. it's what happens when you do gpg --send-keys

makes a POST to the keyserver with your pubkey.
xuu
txt.sour.is
View Thread
@prologic the HKP is http keyserver protocol. it's what happens when you do gpg --send-keys\n\nmakes a POST to the keyserver with your pubkey.
xuu
txt.sour.is
View Thread
@prologic looking through the drafts it looks like it actually used SRV records as recently as 2018 😵
xuu
txt.sour.is
View Thread
@prologic looking through the drafts it looks like it actually used SRV records as recently as 2018 😵
xuu
txt.sour.is
View Thread
@prologic Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.

it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>
xuu
txt.sour.is
View Thread
@prologic Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own.

it takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>
xuu
txt.sour.is
View Thread
@prologic Web Key Directory: a way to self host your public key. instead of using a central system like pgp.mit.net or OpenPGP.org you have your key on a server you own. \n\nit takes an email@address.com hashes the part before the @ and turns it into [openpgpkey.]address.com/.well-known/openpgpkey[/address.com]/<hash>
xuu
txt.sour.is
View Thread
@xuu With SRV you can set what hostname to be used (and port/priority/etc)
xuu
txt.sour.is
View Thread
@xuu With SRV you can set what hostname to be used (and port/priority/etc)
xuu
txt.sour.is
View Thread
@xuu Not too happy with WKD's use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the [RFC..](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-11#.1)
xuu
txt.sour.is
View Thread
@xuu Not too happy with WKD's use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the [RFC..](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-11#.1)
xuu
txt.sour.is
View Thread
@xuu Not too happy with WKD's use of CNAME over SRV for discovery of openpgpkey.. That breaks using SNI pretty quick. I suppose it was setup as a temporary workaround anyhow in the RFC..](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-11# https://txt.sour.is/search?tag=section-3>.1)
xuu
txt.sour.is
View Thread
Did some work on WKD handling. Can update keys with HKP posts :) Ugh need to work on docs and unit tests. Boooorrring.
xuu
txt.sour.is
View Thread
Happy Friday.
xuu
txt.sour.is
View Thread
@prologic also :)
xuu
txt.sour.is
View Thread
@prologic also :)
xuu
txt.sour.is
View Thread
@adi @prologic One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.
xuu
txt.sour.is
View Thread
@adi @prologic One reservation about using it with a small community would be the expectation that the discussions at some level stay within the circle as opposed to the internet at large.
xuu
txt.sour.is
View Thread
@prologic @twtxt I have noticed that I will get some duplicate web mention notifications. some kind of dedup would be helpful.
xuu
txt.sour.is
View Thread
@prologic @twtxt I have noticed that I will get some duplicate web mention notifications. some kind of dedup would be helpful.
xuu
txt.sour.is
View Thread
@prologic (#gqg3gea) ha yeah. COVID makes for a timey-wimey mish-mash. Worked on some WKD and fought with my XMPP client a bit.
xuu
txt.sour.is
View Thread
@prologic (#gqg3gea) ha yeah. COVID makes for a timey-wimey mish-mash. Worked on some WKD and fought with my XMPP client a bit.
xuu
txt.sour.is
View Thread
@prologic Herro! 👋
xuu
txt.sour.is
View Thread
@prologic Herro! 👋
xuu
txt.sour.is
View Thread
@prologic well nice chat. it's off to bed for me.
xuu
txt.sour.is
View Thread
@prologic well nice chat. it's off to bed for me.
xuu
txt.sour.is
View Thread
@prologic do you think twt will ever add ActivityPub integration?
xuu
txt.sour.is
View Thread
@prologic do you think twt will ever add ActivityPub integration?
xuu
txt.sour.is
View Thread
@prologic Yep! installed it yesterday. I like the simplicity of twt. I am quite happy with how little memory the pod seems to use. Mastodon and the "lightweight" Pleroma don't work well in small VMs.
xuu
txt.sour.is
View Thread
@prologic Yep! installed it yesterday. I like the simplicity of twt. I am quite happy with how little memory the pod seems to use. Mastodon and the "lightweight" Pleroma don't work well in small VMs.
xuu
txt.sour.is
View Thread
@prologic
> That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™

i like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.
xuu
txt.sour.is
View Thread
@prologic \n> That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™\n\ni like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.
xuu
txt.sour.is
View Thread
@prologic
> That way at least we can form some kind of cryptographic “identity” without having to involve the users that much, it just works™

i like some of the work that keys.pub is doing with ed25519 crypto keys with something like that.
xuu
txt.sour.is
View Thread
@prologic huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.
xuu
txt.sour.is
View Thread
@prologic huh.. true.. the email is md5/sha256 before storing.. if twtxt acted as provider you would store that hash and point the SRV record to the pod. .. to act as a client it would need to store the hash and the server that hosts the image.
xuu
txt.sour.is
View Thread
@xuu @prologic something that would be interesting would be libravatar for the user image. i made one that does the same for a profile cover image.