I saw someone a while ago quip something to the tune of "furries only have one joke, and it's their sex life".
And, yeah, but there's a very good reason why that is.
Most people when they join the fandom from a less accepting environment. There's a lot of internalized shame, especially if you were in the closet about your gender or sexual orientation. One way that people cope with adjustments is through humor.
Furry sex jokes are often thinly veiled self-deprecation.
"Haha, look how down bad I am." -> decoder ring -> "I could have never even joked about being a thirsty slut before I found this space, and I'm still not fully comfortable with that."
Not always. But sometines.
Moving Beyond the NPM ellipticΒ Package
If you're in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic package from your project and all dependencies in node_modules. Art: CMYKat Why replace the elliptic package? Yesterday, the Trail of Bits blog published an intern's post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
2015: "Not using AWS or CloudFlare is an availability risk, because DDoS"
2025: "Using AWS or CloudFlare is an availability risk, because surprise outages"
I know it will take time, but the Fediverse developers should strongly consider making the following opinionated technical decisions:<li>Use RFC 9421 instead of the earlier HTTP Signature spec.</li><li>Make Ed25519 the default algorithm, not 2048-bit RSA.</li>
Ed25519 has a lot of advantages over RSA and ECDSA.
Over 2048-bit RSA:<li>Shorter signatures</li><li>Shorter keys (both secret and public), less storage/bandwidth overhead</li><li>More security (112-bit vs 126-bit)</li>
Over ECDSA:<li>It's much faster than ECDSA</li><li>You don't have to worry about biased nonces leaking your secret key through lattice reduction</li><li>Tuned for security (no weird parameters)</li>
Over **both RSA and ECDSA**:<li>EdDSA is constructed to provide Exclusive Ownership, which is a stronger notion of security</li><li>Easier to implement in constant-time</li>
Bonus:<li>Ed25519 is approved for use in FedRAMP systems (FIPS 186-5), which Common Criteria sometimes cares about.</li>
See more here:
Does anyone have an Ed25519 public key configured to show up via WebFinger for their Fedi account?
I know Mastodon stupidly only supports RSA. That's a thing I plan to fix eventually.
Once this is implemented, I'm going to update the specification with anything I learned while writing the server osftware.
One thing I already learned: I need to be specific about how HPKE ciphertexts are serialized. The current spec draft doesn't tell implementors what to do here.
Once the spec + implementation are in a good place, I'll deploy a test instance and release a PHP client (using the same crypto library).
Separately, a Rust client is being developed.
The main idea here is to FFI the Rust implementation in other languages (Ruby, etc.).
Once *all this* is done, we get to go through a few cycles of peer review until we calcify the spec with a major version 1.0 release
Oh btw
I grabbed the domain name, fedipurse.com, before my latest blog post went live.
Wouldn't want some asshat tech bro to squat it for a crypto scam, after all.
