Notices by Soatok Dreamseeker (soatok@furry.engineer)

I hate video content. Not because I'm worried about media codec 1-click 0days, but because I read faster than people talk and am sure of what I read (but not always what I heard).

My aversion to unsolicited QR codes is similar

@feld @gsuberland @jkmcnk Because one-time-pads don't offer protection against chosen-ciphertext attack.

@feld @gsuberland @jkmcnk I think this is asking the wrong question

Building PFS into a protocol costs almost nothing and makes security proofs easier, simplifies analysis, and lets us focus on other areas of the attack surface.

PFS should be the default for any protocol designed after the 1990s, and any design that doesn't include it should justify their choice to exclude it, rather than the converse.

@feld @gsuberland @jkmcnk Making things ephemeral eliminates so many attack vectors. Long-lived secrets are undesirable.

@jkmcnk @gsuberland Didn't Session also remove forward security?

Session be like

"We're metadata-resistant. Also, we recently passed the 1 million user milestone. Don't ask how we distinguish unique users!"

https://www.404media.co/email/9ee8f6a1-348a-4fb1-b1b3-30c8898d7581/?ref=daily-stories-newsletter

If you miss what Twitter used to be, BlueSky is mostly that.

(It still needs locked accounts to be 1:1.)

If your experience with Twitter consisted a lot of Wishing Things Were Different, the Fediverse is a better fit for you.

That's how I've interpreted people's opinioms so far.

The Continued Trajectory of Idiocy in the Tech Industry

Every hype cycle in the technology industry continues a steady march towards a shitty future that nobody wants. CMYKat The Road to Hell Once upon a time, everyone was all hot and bothered about Big Data: Having lots of information--far too much to process with commodity software--was supposed to magically transform business. How do you build technology that can process that much information at scale?

http://soatok.blog/2024/09/18/the-continued-trajectory-of-idiocy-in-the-tech-industry/

E2EE for the Fediverse Update – We’re Going Post-Quantum

In 2022, I wrote about my plan to build end-to-end encryption for the Fediverse. The goals were simple: Provide secure encryption of message content and media attachments between Fediverse users, as a new type of Direct Message which is encrypted between participants. Do not pretend to be a Signal competitor. The primary concern at the time was "honest but curious" Fediverse instance admins who might snoop on…

https://soatok.blog/2024/09/13/e2ee-for-the-fediverse-update-were-going-post-quantum/

Most people who have heard of Kamala Harris' plan to tax unrealized capital gains were not told about the scope of the proposal.

https://www.nbcnews.com/business/taxes/harris-plans-tax-unrealized-stock-gains-only-people-100-million-rcna168819

They don't know it only applies to people worth over $100 million.

They don't know it wouldn't apply to real estate at all.

I've listened to many conversations about how bad it would screw over first time homebuyers... based on the media's lies through omission.

Emphasize these details when you discuss them. Remind people of those conditions, and that it's not a tax that will hurt poor or middle class Americans.

PSA - don't do this:

1. https://ghostarchive.org/archive/L4l1M
2. https://ghostarchive.org/archive/oDeCl

Don't demand someone explain side-channel cryptanalysis, call an attack that recovers a full plaintext for a target message a "nothing-burger", bark demands at the other person, then continue to harass them after they tell you to stop.

This is apparently acceptable behavior to the Matrix community.

Seeing FurAffinity get hacked by fucking crypto scammers is sickening

This Matrix story just keeps getting worse.

https://news.ycombinator.com/item?id=41249371

https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/#addendum-2024-08-14

"Project lead admits to knowingly shipping side-channel vulnerabilities in their crypto library" was not on my Matrix vuln disclosure reaction bingo card

Not gonna lie this is a new one even for me

Security Issues in Matrix’s Olm Library

I don't consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix's Olm library with so little effort that it was nearly accidental. It should not be this easy to find these kind of issues in any product people purportedly rely on for private messaging, which many people evangelize incorrectly as a Signal alternative…

http://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

Does PortSwigger have a newsletter that updated recently that I can't find on their website, or something?

The number of reply guys has been steadily increasing lately and I don't know where they're all coming from

Are you all on a Discord server together or something?

Anyway get a hobby

An appeal to social media users everywhere:

Just say the goddamn word you're trying to say. Whether it's "rape" or "suicide" or "pedophile".

The reason YouTubers avoid it is because they're poorly attempting filter evasion to keep the ad bucks rolling in.

You're not going to get penalized for saying the word "rape". You don't need to censor it as "r*pe".

In fact, it's worse that you do, because it will bypass people's mute lists. Use a content warning if you're worried about triggering anyone.

This is starting to become a pet peeve of mine.

It's kind of funny when non-technical people talk about software like it's this powerful force of nature.

Software is not powerful. People are powerful. Software is at its best when it's helping people live their best lives. Without us, it's feeble.

More: https://akko.chir.rs/notice/AkX7KrtNkxjg3EMvDc