HSVSphere on X: "@cyb3rnaut_ Correct. There is zero argument for using PGP in the modern day. It is literal garbage and you should not use it. The soatok article, if you can ignore the furry degeneracy is a good resource." / X | Ghostarchive
 Alright, I clearly need to increase the amount of furry on my blog if people who use the word "degeneracy" unironically can tolerate it. https://rationalwiki.org/wiki/Degenerate
I just had the dumbest shitpost idea of the year. It might be peak slacktivism.<li>Compile a list of all the companies you never shop with.</li><li>Compile a list of companies that have rolled back their DEI programs.</li><li>For companies that are in both lists, email them insisting that you're boycotting them because of their embrace of racist, homophobic, etc. policies.</li><li>Even if nobody changes their shopping behavior, they'll still waste time and resources trying to measure the impact of this policy change, which is a net-negative for their business.</li> (But also, maybe actually boycott the ones that you can.)
In which I discover one of the horrors lurking in the Mastodon software
GitHub
Update HTTP signatures to support IETF draft from October 2021 Β· Issue #21429 Β· mastodon/mastodon
Pitch The current Mastodon implementation supports rsa-sha256 and hs2019 as valid HTTP signature algorithms: mastodon/app/controllers/concerns/sign...
Every once in a while I have a really stupid idea, and then I sit down to write out what it would look like, and immediately spot a flaw in it that renders the whole thing insecure. One of these days, one of my bad ideas is going to look back at me as someone else's implementation, deployed to production.
Maybe I should livestream myself reviewing the Signal codebase someday just so people know I actually do look at it but don't find shit
It's bizarre watching people realize slowly, in real time, that tech companies do not, in fact, have their backs. They never did. They only pretended to because it was fashionable. They would kill you and your entire family if it made their growth in profits increase by 0.1% this quarter, and they'd do it with a song in their hearts. And they would do so without fear of prosecution, because they've basically bought out the entire political system through lobbying and can blatantly bribe Supreme Court Justices without consequence. Why would they be incentivized to *actually* protect your privacy? Especially when your data is so valuable for growing their profits? To a lot of business types, encryption isn't a question about privacy. It's about access controls. And they implicitly believe they get access. So, too, will their buddies in the government. You cannot, and should not, expect billionaires to have your backs. They don't give a fuck about you. They never will. Don't believe them.
Session Round 2 Earlier this week, I wrote a blog post succinctly titled, Don't Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote about using Pollard's rho to attack Session's design (for which, I offered to write a proof of concept and report back with results), and Session wrote a blog claiming to rebut the claims made in that blog post.
Dhole Moments
Session Round 2 - Dhole Moments
Last week, I wrote a blog post succinctly titled, Don&#8217;t Use Session. Two interesting things have happened since I published that blog: A few ...
Huh.
No billionaires at FOSDEM
Don’t Use Session (SignalΒ Fork) Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I'll say today: Don't use Session. The main reason I said to avoid Session, all those months ago, was simply due to…
Dhole Moments
Don&#8217;t Use Session (Signal Fork) - Dhole Moments
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had sev...