This "UK watchdog" can eat shit.
TechRadar
Creating apps like Signal or WhatsApp could be
It
Profile
npub1wfp0...w2m9
npub1wfp0...w2m9
Announcing Key Transparency for the Fediverse
I'm pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implements the Key Transparency specification I've been working on since last year, and is an important stepping stone towards secure end-to-end encryption for the Fediverse. You can find the software publicly available on GitHub: PHP Server software: PHP SDK (client-side):
Dhole Moments
Announcing Key Transparency for the Fediverse - Dhole Moments
I’m pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implement...
If I ever strike it rich, I'm probably going to spend a good 6-8 months working on open source stuff that will make devs' lives easier and improve security overall.
lmao oops someone sent me a follow req and I hit the wrong button on Tusky
Re: https://old.reddit.com/r/crypto/comments/1pca3r8/introducing_constanttime_support_for_llvm_to/nrzywmp/?context=2
It is simultaneously true that:<li>Most data breaches do not require any cryptographic wizardry</li><li>Of the ones that involve cryptography, side-channels (timing, power, etc.) are not an attacker's first choice</li><li>The inability to have guarantees that the compiler will not make code variable-time as part of an "optimization" is a massive pain point in writing secure implementations of cryptography</li>
And, sure, the LLVM work won't stop app developers from fucking up something on the OWASP Top 10 list for a given year. Nor will it stop phishing from being hella effective against most users and services.
But it does reduce compiler doom and various forms of auditor bikeshedding, which makes applied cryptography work a little easier to get done.
And the best mitigation we have for phishing attacks today is WebAuthn... which uses cryptography. :P
Sometimes, naysaying is actually counterproductive.
Don't mind me, just wood-burning the long-term nuclear waste warning messages around glory-holes.
I saw someone a while ago quip something to the tune of "furries only have one joke, and it's their sex life".
And, yeah, but there's a very good reason why that is.
Most people when they join the fandom from a less accepting environment. There's a lot of internalized shame, especially if you were in the closet about your gender or sexual orientation. One way that people cope with adjustments is through humor.
Furry sex jokes are often thinly veiled self-deprecation.
"Haha, look how down bad I am." -> decoder ring -> "I could have never even joked about being a thirsty slut before I found this space, and I'm still not fully comfortable with that."
Not always. But sometines.
Moving Beyond the NPM elliptic Package
If you're in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic package from your project and all dependencies in node_modules. Art: CMYKat Why replace the elliptic package? Yesterday, the Trail of Bits blog published an intern's post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
#npm #crypto #cryptography #elliptic #security #infosec #cve #mitigation #appsec #javascript #js #npm #npmsecurity #npmpackages
Dhole Moments
Moving Beyond the NPM elliptic Package - Dhole Moments
If you’re in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic pack...