@retr0id@retr0.id avatar

retr0id

@retr0id@retr0.id

Reverse Engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time. Occasional CTF player. he/him

aka @david3141593, previously @retr0id

All my memes are freely re-shareable under the CC0 license.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

arcanicanis, to random
@arcanicanis@were.social avatar

I guess I successfully created a did:plc and have it published to (sorta) Bluesky's backend did:plc registry: https://plc.directory/did:plc:s2m7kbq2unki7rager5aw6sw/log

Instead of endorsing any sort of a ATProto PDS or anything, I instead have it pointing to my ActivityPub (and other) identifiers in varying forms.

I'm probably the only [non-employee] user (or at least: one of very few) on Bluesky's infrastructure that has full custody and control over their own private keys for their did:plc identity, and yet I don't even have a Bluesky account. Unless I'm just uninformed of something buried somewhere allowing you to export at least one of your rotationKeys (not the signingKey, which is just for signing posts, etc). Because without that, you don't really control your identity at all, only Bluesky exclusively does.

Meanwhile, in this endeavor, I "only" had to:

  • Write a DAG-CBOR and CIDv1 encoder
  • Write a Multibase and Multikey encoder and decoder
  • Write a base58btc encoder/decoder
  • Write a base32 encoder
  • Write functions to compress and decompress a secp256k1 public key (involves crypto maths, for decompression)
  • Write some very adhoc ASN.1 DER encoding/decoding functions (just to encode a raw secp256k1 public key into PEM encoding, to feed to OpenSSL; and then extract the r and s values from the outputted signature from OpenSSL)
  • Write a function to generate a did:plc identifier, from the genesis operation
  • Write a lot of test code

With how scarcely some topics are documented, and how scattered many tidbits of info is: I swear some of this is almost intentionally a trap to sell consultancy.

retr0id,
@retr0id@retr0.id avatar

@arcanicanis Welcome to the club ;)

I've also been writing things from scratch, but mostly to ensure I have a full understanding so I can find bugs in everyone else's impls, not because I felt I had to. What language/environment are you programming in that does not have library for all these primitives already?

The only thing that really stuck out to me is support for signature canonicalization ("low-s") and serialization ("compact" format), which are fairly widely implemented (because they're useful) but not standardized anywhere super official yet (and therefore aren't in standards-oriented libraries like openssl). The closest thing to a spec I've found for the compact format is https://datatracker.ietf.org/doc/draft-mattsson-tls-compact-ecc/ (it's also specified as part of JWT, but they don't give it a name)

retr0id, to random
@retr0id@retr0.id avatar

the old world is dying

the new world struggles to comply with openai's content policy

retr0id, to random
@retr0id@retr0.id avatar

compilation failed at line 27: unlawful algorithm detected

retr0id, to random
@retr0id@retr0.id avatar

I'm migrating from Spotify to self-hosted Jellyfin.

With the exception of my liked songs list, my spotify "music library" only exists as weights in their algorithmic black box.

Exporting playlists is easy, but is there anything I can do to export The Algorithm?

retr0id,
@retr0id@retr0.id avatar

My current plan is just to grab the discographies of every artist I've ever liked a song from

retr0id,
@retr0id@retr0.id avatar

@gsuberland I guess there's two halves to the problem. The first half, which is probably the easiest half, is just "give me the big list of songs that I've listened to before, and probably like".

Once I have that list, I'm happy enough with shuffle, manual playlist curation, etc.

And the second half of the problem is finding new music to listen to - which "people who listened to X also liked Y" etc. would probably help with.

retr0id, to random
@retr0id@retr0.id avatar

defederating from large instances not for ideological reasons, but for performance reasons

retr0id,
@retr0id@retr0.id avatar

@nf3xn that wasn't my intention, but it's true, it doesn't, at least not like that

retr0id, to random
@retr0id@retr0.id avatar

I finally got around to explaining how I made this partial hash collision https://www.da.vidbuchanan.co.uk/blog/colliding-secure-hashes.html

retr0id, to random
@retr0id@retr0.id avatar

beware the "what do you mean it has better typesetting, it looks the same to me?" to "bro that hbox is lowkey underfull" pipeline

retr0id, to random
@retr0id@retr0.id avatar

Does anyone have some real-world examples of hash truncation I can cite? It doesn't have to be in a security context either - a trivial example is referencing git commits by the first 7 hex digits.

Ideally I'm looking for it being done in part of a protocol, as a space-saving measure.

retr0id, to random
@retr0id@retr0.id avatar

10 years ago I thought the "barrel" iOS tweak was the height of coolness, and I still do.

retr0id, to random
@retr0id@retr0.id avatar

JSON is bouba and XML is kiki

astrid, to random
@astrid@fedi.astrid.tech avatar

can we have a moment of silence for the engineers at threads who had to implement the fucking activitystreams protocol

retr0id,
@retr0id@retr0.id avatar

@astrid the fediverse was just a prank to force meta engineers to read the JSON-LD spec

retr0id, to random
@retr0id@retr0.id avatar

starting a new religion based on margarine

unlike heathens, we believe it's not butter

retr0id, to random
@retr0id@retr0.id avatar

🧵👇 Why every instance should limit post lengths to 80 chars or less. [1/37]

retr0id, to random
@retr0id@retr0.id avatar

stop doing executable file formats

  • code was never supposed to have "sections"

  • years development and yet no real world use found for having more than one big rwx segment

  • "please make certain sections read-only after relocation", "please strip symbols" - statements dreamed up by the utterly deranged

hannah, to random
@hannah@posts.rat.pictures avatar

At work today i had to find some social media icons to put on a site footer and one of them was bluesky and i couldnt find anything so i checked the “business” section of their site if there was like an official one i could borrow and i guess its just.. square

retr0id,
@retr0id@retr0.id avatar

@hannah btw the new icon is a butterfly, but it hasn't made it into a release build yet https://github.com/bluesky-social/social-app/blob/d59340017860c9d2ec9f4927b329a9c14dc6f7f7/assets/favicon.png

retr0id, to random
@retr0id@retr0.id avatar
retr0id, to random
@retr0id@retr0.id avatar

The best hashtag for finding people talking about C is

retr0id, to random
@retr0id@retr0.id avatar

SIZEOF_CHAR (sizeof 'A')

retr0id, to random
@retr0id@retr0.id avatar

federation is when gmail blocks inbound mail from low-reputation IP addresses

retr0id, to random
@retr0id@retr0.id avatar

don't even think about it

retr0id, to random
@retr0id@retr0.id avatar

What if instead of burning down the library of Alexandria, we generated an infinite soup of replacement books, and randomly added them to the shelves.

retr0id, to random
@retr0id@retr0.id avatar

Normalize responding to questions with "I don't know!"

We need to make sure that AIs trained on our conversations refuse to say anything useful.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • khanakhh
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • everett
  • ngwrru68w68
  • Durango
  • JUstTest
  • InstantRegret
  • GTA5RPClips
  • modclub
  • cubers
  • ethstaker
  • osvaldo12
  • cisconetworking
  • tester
  • anitta
  • provamag3
  • Leos
  • normalnudes
  • lostlight
  • All magazines
    •