# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 196263
# self = https://watcher.sour.is?offset=183180
# next = https://watcher.sour.is?offset=183280
# prev = https://watcher.sour.is?offset=183080
eapl.me
eapl.me
View Thread
here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne I haven't check your repo yet, although you are using sodium, right?
eapl.me
eapl.me
View Thread
@alice U2FsdGVkX187WpPAJXCusqEoTb3/tD62xN+TxudcTsPI+LqOJLPkl9aNE9MLg8lYRLfd9mSE33N6JeA0okLJ6Q==
arne
uplegger.eu
View Thread
@arne Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message:

😭
arne
uplegger.eu
View Thread
@eapl.me Here is what I've got so far: https://github.com/upputter/testing-twtxt-dm

There is a "00_well_known_message.enc" file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is "8" and the PBKDF2 algo is "sha256".
matthias-pfefferle
notiz.blog
View Thread
Open Web Conversations ?~L~X https://notiz.blog/b/DUX
notizblog
notiz.blog
View Thread
Open Web Conversations ?~L~X https://notiz.blog/b/DUX
matthias-pfefferle
notiz.blog
View Thread
Open Web Conversations ⌘ https://notiz.blog/b/DUX
notizblog
notiz.blog
View Thread
Open Web Conversations ⌘ https://notiz.blog/b/DUX
mckinley-cc
mckinley.cc
View Thread
I thought hCaptcha was getting off the rails. Try making an X account using a VPN service!
movq
www.uninformativ.de
View Thread
Those are some impressive wigs: https://imgur.com/gallery/life-imitates-video-game-5KlJBhj I wonder how it feels to wear such a thing for a day – especially in summer. 😅🥵
movq
www.uninformativ.de
View Thread
Those are some impressive wigs: https://imgur.com/gallery/life-imitates-video-game-5KlJBhj I wonder how it feels to wear such a thing for a day – especially in summer. 😅🥵
movq
www.uninformativ.de
View Thread
Those are some impressive wigs: https://imgur.com/gallery/life-imitates-video-game-5KlJBhj I wonder how it feels to wear such a thing for a day – especially in summer. 😅🥵
@jo
comam.es
View Thread
[47°09′29″S, 126°43′41″W] Wind speed: 91kph -- batteries low
eapl.me
eapl.me
View Thread
@andros Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.
eapl.me
eapl.me
View Thread
@alice JmgrTxTqbGBtzGFh30wL0cozfVOZiFSTuZ5c+k+5t9TtGkw4foOA80V2che2f3pXPVzBEZsuXg7y+7G5fD/5Qw==
eapl.me
eapl.me
View Thread
trying to implement it quickly, I get the same questions than you

# https://www.php.net/manual/en/function.openssl-pbkdf2.php
    $password = $sharedKey;
    $salt = openssl_random_pseudo_bytes(16);  # What's the salt length ?
    $keyLength = 20;  # What's the key length here ?
    $iterations = 100000;
    $generatedKey = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
    echo bin2hex($generatedKey)."\n";
    echo base64_encode($generatedKey)."\n";

    $iv = openssl_random_pseudo_bytes(16); // AES-256-CBC requires 16-byte IV
    $cipherText = openssl_encrypt($message, 'aes-256-cbc', $generatedKey, OPENSSL_RAW_DATA, $iv);
    return base64_encode($iv . $cipherText);
eapl.me
eapl.me
View Thread
I haven't taken a look into that extension, although I think you could use the OpenSSL library: https://www.php.net/manual/en/function.openssl-encrypt.php
arne
uplegger.eu
View Thread
@arne With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn "evpKDF" 😔
arne
uplegger.eu
View Thread
@prologic I've been there yesterday w/o success.
prologic
twtxt.net
View Thread
@arne I _think_ you want to use the sodium_crypto functions/modules for PHP 🤔🤔
andros
twtxt.andros.dev
View Thread
@arne Hi! I love that you're implementing it! Maybe, when we're both done, we could test the clients by communicating both.
I don't think I'm going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I'd like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I'm not able to answer your questions, sorry.
I'm invoking the commands directly, without any libraries in between. Maybe that would help you?
andros
twtxt.andros.dev
View Thread
@arne Hi! I love that you're implementing it! Maybe, when we're both done, we could test the clients by communicating both.
I don't think I'm going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I'd like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I'm not able to answer your questions, sorry.
I'm invoking the commands directly, without any libraries in between. Maybe that would help you?
movq
www.uninformativ.de
View Thread
Had some fun with my old Mandelbrot renderer: https://movq.de/v/83110057f5/
movq
www.uninformativ.de
View Thread
Had some fun with my old Mandelbrot renderer: https://movq.de/v/83110057f5/
movq
www.uninformativ.de
View Thread
Had some fun with my old Mandelbrot renderer: https://movq.de/v/83110057f5/
@marado@ciberlandia.pt
ciberlandia.pt
View Thread
#musiquinta sobre "cachorro", a música que tinha em mente acho que já aqui a divulguei numa outra musiquinta, e em vez disso deixo-vos aqui uma música para chorar:

Ashram - Lucky's Song (My Dog)
https://youtu.be/oJ37mmym_LA
@marado@ciberlandia.pt
ciberlandia.pt
View Thread
#musiquinta sobre "cachorro", a música que tinha em mente acho que já aqui a divulguei numa outra musiquinta, e em vez disso deixo-vos aqui uma música para chorar:

Ashram - Lucky's Song (My Dog)
https://youtu.be/oJ37mmym_LA
GopherChat
magical.fish:70
View Thread
hello @c8e00 ! All the best to you too, despite a very disrupted world... I live in France, lost in the countryside.
prologic
twtxt.net
View Thread
@off_grid_living The smaller the file size the smaller the image's resolution and the less detail you can see. It's a tradeoff between space, bandwidth and pixel density and detail.
arne
uplegger.eu
View Thread
@arne Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
3. use the PBKDF2 generated key for an aes-256-cbc encryption

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP 'openssl_pkey_derive()' - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:
1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, ...?
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?

To be continued ...
ttybitnik
eternodevir.com
View Thread
A dreadful infrastructure side of LLMs: sysadmins taking the burden https://www.emacswiki.org/emacs/2025-02-19
prologic
twtxt.net
View Thread
@movq that used to be me until I lobbied to have fiber optic to the premise
lahvak
lahvak.github.io
View Thread
https://www.project-syndicate.org/commentary/serbia-protests-new-strategy-of-challenging-a-corrupt-authoritarian-state-by-slavoj-zizek-2025-02
@jo
comam.es
View Thread
[47°09′34″S, 126°43′04″W] Wind speed: N/A -- Cannot comunicate
maurice
maurice-renck.de
View Thread
In der neuen Folge von Server Side Stories sprechen wir über unser Kirby-Dev-Setup, welche Tools wir nutzen, worauf wir achten und wie wir am Ende Plugins und Webseiten veröffentlichen:https://konzentrik.de/en/server-side-stories/se01/unser-kirby-dev-setup#getkirby #plugin #webdev #serverSideStories
nff
www.noizhardware.com
View Thread
oh cool @lyse !! and thanks, got rid of that empty line. ATM I'm using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt
juhi.e-worm.club
juhi.e-worm.club
View Thread
Man yalls worms go hard
@jo
comam.es
View Thread
[47°09′14″S, 126°43′07″W] Wind speed: 62kph -- batteries low
doesnm
doesnm.p.psf.lt
View Thread
Noo, please mercy him
@jo
comam.es
View Thread
[47°09′55″S, 126°43′40″W] Weather forecast alert -- storm from SE
stats
yarn.meff.me
View Thread
🧮 USERS:1 FEEDS:2 TWTS:1253 ARCHIVED:84833 CACHE:2744 FOLLOWERS:18 FOLLOWING:14
bender
twtxt.net
View Thread
@lyse call to @yarn_police, call the @yarn_police! 😂
bender
twtxt.net
View Thread
@lyse call the @yarn_police, call the @yarn_police! 😂
bmallred
staystrong.run
View Thread
Running - 7 miles: 7.00 miles, 00:09:33 average pace, 01:06:49 duration

#running #treadmill
bmallred
nahongvita.run
View Thread
Running - 7 miles: 7.00 miles, 00:09:33 average pace, 01:06:49 duration

#running #treadmill
bmallred
staystrong.run
View Thread
Running - 7 miles: 7.00 miles, 00:09:33 average pace, 01:06:49 duration

#running #treadmill
lyse
lyse.isobeef.org
View Thread
@nff I do! :-) Btw. line 65 in your feed is broken.
lyse
lyse.isobeef.org
View Thread
@nff I do! :-) Btw. line 65 in your feed is broken.
baldo
baldo.cat
View Thread
Siesta felina
#catsoftwtxt
baldo
baldo.cat
View Thread
Siesta felina
#catsoftwtxt
baldo
baldo.cat
View Thread
Siesta felina
/https://baldo.cat/media/photos/IMG_3694.jpeg) #catsoftwtxt
baldo
baldo.cat
View Thread
Junta de vecinos: organizando los turnos para maullar por la noche.
/https://baldo.cat/media/photos/IMG_3727.jpeg) #catsoftwtxt
baldo
baldo.cat
View Thread
Junta de vecinos: organizando los turnos para maullar por la noche.
#catsoftwtxt
baldo
baldo.cat
View Thread
Junta de vecinos: organizando los turnos para maullar por la noche.
#catsoftwtxt
GopherChat
magical.fish:70
View Thread
anyway, all the best@😀
GopherChat
magical.fish:70
View Thread
no body to say hello?
GopherChat
magical.fish:70
View Thread
happy to be here!
arne
uplegger.eu
View Thread
@arne current progress If I keep the "nonce", I can decrypt a message with the shared key, like in the direct message specs.
But that is not how it should work. 😒
arne
uplegger.eu
View Thread
@andros I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.
@jo
comam.es
View Thread
[47°09′15″S, 126°43′42″W] Transponder fixed
movq
www.uninformativ.de
View Thread
@prologic I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need *some* rented VPS.

I *could* go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤
movq
www.uninformativ.de
View Thread
@prologic I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need *some* rented VPS.

I *could* go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤
movq
www.uninformativ.de
View Thread
@prologic I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need *some* rented VPS.

I *could* go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤
nff
www.noizhardware.com
View Thread
hey @lyse I've seen your mention from uhhmmm 4months ago just now using my crawler --' / curious to know, do you see my mention now? #meta #twtxt
lyse
lyse.isobeef.org
View Thread
Thanks, @falsifian! I'll definitely start with the latter one then. Let's see how far I make it. :-)
lyse
lyse.isobeef.org
View Thread
Thanks, @falsifian! I'll definitely start with the latter one then. Let's see how far I make it. :-)
lyse
lyse.isobeef.org
View Thread
@falsifian Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.
lyse
lyse.isobeef.org
View Thread
@falsifian Phew, okay. So, it took a few months to grow that big. I feared that it could have been just a week or so. Yeah, insulation always is a good idea.
movq
www.uninformativ.de
View Thread
@prologic … what am I looking at? 🤔
movq
www.uninformativ.de
View Thread
@prologic … what am I looking at? 🤔
movq
www.uninformativ.de
View Thread
@prologic … what am I looking at? 🤔
movq
www.uninformativ.de
View Thread
@prologic … what am I looking at? 🤔
@jo
comam.es
View Thread
[47°09′49″S, 126°43′44″W] Reading: 1.07 Sv
klaxzy
klaxzy.net
View Thread
nowadays laptop youtube reviews be like, this is probably the best laptop I've ever reviewed, it's an amazing AMD Fryzer AMX++ Pro Max 335599x with 66core + 99 performace/enthusiast cores chips, with the best multicore-quad ratio and 45,98TB of super fast next-gen GDDR+ RAM. The GPU is just on a whole other level, this has the 86DS+ Radeon chip with the quad GeForce 55660MNSP-G chip with an astonishing 20GB of dedicated low-latency GDDR9 RAM, it is incredible how this performs at 1068 fps, and this can do it!
maurice
maurice-renck.de
View Thread
With a simple trick, I hide fields that cannot be translated in the Kirby panel.#getkirby #panel #csshttps://maurice-renck.de/en/learn/built-with-kirby/quicktip-custom-panel-css
ttybitnik
eternodevir.com
View Thread
Today I almost dropped my favorite fountain pen. The nib survived the scare, though I can't say the same about me lol
aquilax
aquilax.avtobiografia.com
View Thread
❤️ 🎶: Those Days by KIM KI TAE
@jo
comam.es
View Thread
[47°09′22″S, 126°43′39″W] --white noise--
prologic
twtxt.net
View Thread
I am so sorry Maggie Forest, but I won't be voting for you for the Ryan electorate. I will continue to vote for and support Elizabeth Watson-Brown a voice for the people of Ryan who actually gets things done!
@jo
comam.es
View Thread
[47°09′40″S, 126°43′36″W] Reading: 1.24000 PPM
aquilax
aquilax.avtobiografia.com
View Thread
❤️ 🎶: Pray by Younha
@jo
comam.es
View Thread
[47°09′24″S, 126°43′24″W] Non-significative results -- sampling finished
aelaraji
aelaraji.com
View Thread
"loud baby cries, wettings of bed."
aelaraji
aelaraji.com
View Thread
"loud baby cries, wettings of bed."
aelaraji
aelaraji.com
View Thread
@prologic Holly, didn't know bots and crawlers could do comedy now... they should've added "Dave Chappelle/69.420" to their UA.
aelaraji
aelaraji.com
View Thread
@prologic Holly, didn't know bots and crawlers could do comedy now... they should've added "Dave Chappelle/69.420" to their UA.
aelaraji
aelaraji.com
View Thread
@prologic I'm speculating, but if I had to guess I'd say it's probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys _/ME doing air quotes_ Magic™ ... you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.
aelaraji
aelaraji.com
View Thread
@prologic I'm speculating, but if I had to guess I'd say it's probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys _/ME doing air quotes_ Magic™ ... you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.
stats
yarn.meff.me
View Thread
🧮 USERS:1 FEEDS:2 TWTS:1252 ARCHIVED:84826 CACHE:2761 FOLLOWERS:18 FOLLOWING:14
bmallred
staystrong.run
View Thread
Running - 4 miles: 4.00 miles, 00:09:32 average pace, 00:38:06 duration
this week is going to be hell. with the travel and all the fires at work i can already tell.
#running #treadmill
bmallred
staystrong.run
View Thread
Running - 4 miles: 4.00 miles, 00:09:32 average pace, 00:38:06 duration
this week is going to be hell. with the travel and all the fires at work i can already tell.
#running #treadmill
bmallred
nahongvita.run
View Thread
Running - 4 miles: 4.00 miles, 00:09:32 average pace, 00:38:06 duration
this week is going to be hell. with the travel and all the fires at work i can already tell.
#running #treadmill
sorenpeter
darch.dk
View Thread
yes it works now :)
sorenpeter
darch.dk
View Thread
yes it works now :)
sorenpeter
darch.dk
View Thread
yes it works now :)
sorenpeter
darch.dk
View Thread
yes it works now :)
movq
www.uninformativ.de
View Thread
@lyse Well, I envy you. 😅 I see this behavior everywhere. 🫤
movq
www.uninformativ.de
View Thread
@lyse Well, I envy you. 😅 I see this behavior everywhere. 🫤
movq
www.uninformativ.de
View Thread
@lyse Well, I envy you. 😅 I see this behavior everywhere. 🫤
movq
www.uninformativ.de
View Thread
@lyse Well, I envy you. 😅 I see this behavior everywhere. 🫤