Sometimes I get notifications and end up pleasantly surprised.

Privacy Guides Community

Poll: Is Federation/Decentralization bad? (and notes on XMPP)

poll Arguments for decentralization: users have more control over their data and who to trust, can’t easily be censored, often allows third-party...

Someone shared a dumb blog post that tried to rebut my criticism of XMPP+OMEMO. The discussion thread didn't take their bait.

Regular reminder: If you see someone use the term "porn addict" in a conversation, they are spreading an unscientific belief about human sexuality.

Psychology Today

Science Stopped Believing in Porn Addiction. You Should, Too

Research finds that porn-related problems are predominantly caused by religious conflict. Clinically, this means people need help, but not necessar...

Against the Censorship of Adult Content By Payment Processors This is a furry blog, where I write about whatever interests me and sign it with my fursona's name. I sometimes talk about furry fandom topics, but I sometimes also talk about applied cryptography. If you got a mild bit of emotional whiplash from that sentence, the best list of posts to start reading to get a feel for my usual fare is…

Dhole Moments

Against the Censorship of Adult Content By Payment Processors - Dhole Moments

This is a furry blog, where I write about whatever interests me and sign it with my fursona’s name. I sometimes talk about furry fandom topic...

The Hacker News thread about Go 1.24's crypto/fips140 module being validated by FIPS 140-3 is full of misconceptions and it's too exhausting to reply to them all.

The FIPS 140-3 Go Cryptographic Module - The Go Programming Language

Go now has a built-in, native FIPS 140-3 compliant mode.

https://news.ycombinator.com/item?id=44575607 Before I begin, don't call it "FIPS certified". You have "validated modules", not certifications. This isn't CompTIA. Broadly speaking, FIPS module validation has very little to do with actual cybersecurity. FIPS doesn't make you more secure. FIPS is the minimum bar you must clear in order to sell to US government customers. Some non-US entities also care about it, but mostly you only give a shit if you want to sell to the US gov. If you don't care about that, you don't care about FIPS. You're free! Most developers shouldn't care about FIPS. The handful of developers that *need* to care about FIPS will be well-served by Go's crypto module being validated, as it provides a memory-safe implementation of these algorithms that isn't Java. In short, FIPS ain't what many HN users think it is.

Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a dedicated, singular-focused blog post about this topic without worrying too much about tertiary matters. Here's the TL;DR: If you actually built your cryptography properly, you shouldn't give a shit which country hosts the ciphertext for your…

Dhole Moments

Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps - Dhole Moments

Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a ded...

Checklists Are The Thief Of Joy I have never seen security and privacy checklists used for any other purpose but deception. After pondering this observation, I'm left seriously doubting if comparison checklists have any valid use case except to manipulate the unsuspecting. But before we get into that, I'd like to share why we're talking about this today. Recently, another person beat me to the punch of implementing MLS (RFC 9420) in TypeScript.

Dhole Moments

Checklists Are The Thief Of Joy - Dhole Moments

I have never seen security and privacy comparison tables (henceforth referred to simply as “checklists” for brevity) used for any other...

It is imperative that more of us make records of what is happening in America. Journal. Write letters to friends abroad. Preserve evidence of what the government is doing wrong, when it intersects with your path in life. Don't write anything that puts yourself or activists in legal jeopardy, but rather, the government's own crimes. You cannot rely on the corporate media to do this for you. You cannot rely on the fascists to care about giving you a chance to speak your truth. You have to make records so others can speak it in case the worst happens.

I think it's fair to say that Generative AI is the opposite of art.