Posts by stf@chaos.social
(DIR) Post #AaniqHHLs3DtZ9FrsW by stf@chaos.social
2023-10-15T17:19:39Z
0 likes, 2 repeats
woohooo good news! thanks to the awesome @joostvb and some help from @NGIZero libopaque is about to be included in #debian (and all dowstream distros, like #ubuntu, #raspian, #devuan and #kali https://ftp-master.debian.org/new/libopaque_0.99.2-1.htmlit only has to pass the ftp NEW queue manual review.#crypto #opaque #linux #cfrg #irtf
(DIR) Post #AbIz4lpCPeZEZ2tsfo by stf@chaos.social
2023-08-25T15:28:22Z
1 likes, 0 repeats
Oblivious Pseudo-Random Functions are exciting field-tested cryptographic functions enabling strong privacy on any device, keeping your data unconditionally secure even on servers you don't trust. Amongst others OPRFs can be used as building blocks for solving password and access management nightmares, providing resilience against key compromise and loss.https://media.ccc.de/v/camp2023-57085-fantastic_oprfs_and_where_to_find_them #cccamp23 #crypto
(DIR) Post #AbbPJmylZGhWyFI5Mu by stf@chaos.social
2023-11-08T14:31:24Z
0 likes, 1 repeats
austrian public broadcaster is on the fediverse, in case you are into monitoring int'l news: https://orfodon.org/@ORFodon/111375092254666650
(DIR) Post #AbtnZJ0buolU2BoqYK by stf@chaos.social
2023-11-17T13:34:54Z
0 likes, 0 repeats
@tante to all those that say no other engine exists, or is impossible to write, have a look at #servo which just got a grant by #ngi0 so there is active work to write a new engine, very much looking forward to it!
(DIR) Post #AdLLEn5pqiFxxZmfmi by stf@chaos.social
2023-12-30T17:48:29Z
0 likes, 1 repeats
wow, 53.000 hours of volunteer work by angels during #37c3 by a total of 4000 angels. very impressive. this is how you do an independent event. amazing.
(DIR) Post #AjIMEh7hNZTZUY2Trc by stf@chaos.social
2024-06-14T14:59:08Z
0 likes, 0 repeats
@adulau the IEEE just published a new posix: IEEE Std 1003.1-2024 - almost $700...
(DIR) Post #AlEWuBYDD2rTL1gghE by stf@chaos.social
2024-08-20T11:29:07Z
0 likes, 0 repeats
@bert_hubert our inverters have never been connected to the internet, there is absolutely no reason to do so. they are connected to a wifi AP that has no internet connectivity at all, so your phone app can still connect to them and do local management and looking at ugly telemetry. with a small (and non-consumer-grade python tooling i actually fake the cloud and stuff all the telemetry into grafana) and yes, all communication is cleartext and goes to china.... if i would let it.
(DIR) Post #AlEWuCMuAZPXsFPAi8 by stf@chaos.social
2024-08-20T11:33:15Z
0 likes, 0 repeats
@bert_hubert actually the inverters talk zigbee with a central APSystems ECU-R "information gateway" - some fine dutch people did most of the hard work reverse-engineering the protocol and providing nice homeassistant and openhab integration.the people installing the system were shocked that i refused to have it connected to the internet.
(DIR) Post #AloTntpqrCtwU8o4um by stf@chaos.social
2024-09-08T22:19:35Z
1 likes, 2 repeats
pretty cool, someone got their hands on the original zip files containing the encryption sw for operation #vula from the 80ies, they managed to crack the password on the zip files, and now all the source code is available: https://blog.jgc.org/2024/09/cracking-old-zip-file-to-help-open.html
(DIR) Post #AqJuK3Mo4YSriR9xey by stf@chaos.social
2025-01-21T21:32:51Z
0 likes, 1 repeats
ok, this kid knows how to create a proper write-up: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117congrats and respect. on the other hand the response of the "privacy tool" signal is disappointing. and cloudflare is being cloudflare.
(DIR) Post #AqbT1ZPJWSPVfUZb28 by stf@chaos.social
2025-01-29T14:20:38Z
0 likes, 0 repeats
ohno, #letsencrypt is ending notification emails? time to write my own monitoring and notification service? or is there already a free software based one?https://letsencrypt.org/2025/01/22/ending-expiration-emails/
(DIR) Post #AtAd1Cgdnb66wBfqAS by stf@chaos.social
2025-04-11T11:54:37Z
0 likes, 1 repeats
i heard John Young of https://cryptome.org/ passed away last week. #Cryptome #RIP John was an uncompromising rolemodel, publishing all the samizdats he could get his hands on. he even demanded to be included as a defendant together with julian assange. one of the greatest unsung heroes of the past 30 years.shit. i hope this is not true.RIP John.
(DIR) Post #AtkUKqvJ2QrtYLZq40 by stf@chaos.social
2025-05-04T11:24:41Z
0 likes, 0 repeats
@debian how exactly is reproducability protecting against "supply chain attacks"? if as a maintainer or dev backdoor a dependency of some upstream package and then a new backdoored source code version is released, in this case reproducable builds will only make sure that my backdoor is reproducably built, but it will not mitigate my backdoor. i think my scenario is *the* definition of a supply chain attack. no? would your reproducible build have caught jia tan? what am i missing?
(DIR) Post #AuEGCxUp1KzfeY89gG by stf@chaos.social
2025-05-18T14:42:04Z
0 likes, 1 repeats
@bert_hubert with all due respect. for decades now, everything i do is free software, i am a lone dev, who has no intention of having any of my outputs gain wide adoption, even worse, i believe wide adoption is something i try to avoid, it tends to clog up my abilities to do stuff, and instead i have to fix bugs implement features that are outside my original scope, i do free software because i want others to enjoy the 4 freedoms, not because i want to serve others. 1/n
(DIR) Post #AuEGD6PprFLvJgrneq by stf@chaos.social
2025-05-18T14:50:54Z
0 likes, 0 repeats
@bert_hubert when you write opensource will fail if i don't care about UX, that is true if the goal is adoption. i have no such ambition, i have no resources to support wide adoption. i think we need to make a fundamental distinction between free software for the liberties, and this other thing that aspires to replace proprietary software lock-ins without users actually caring about the freedoms. 2/n
(DIR) Post #AuEGDEhV3SEh0nC1Im by stf@chaos.social
2025-05-18T14:53:50Z
0 likes, 0 repeats
@bert_hubert i am cyber bourgeoisie, i truly want the cyber proletariat to rise. while the cyber capitalists want to have them stupid and docile (not even knowing what a file is) to exploit them, to lock them in. i think we are in a southpark scenario with the underpants gnomes:1. free software2. ???3. everyone uses/loves free sw.i am 1. who is gonna do 2? who is gonna pay for that? because clearly 2. is the one that needs to care about UX. and support, and maintenance at scale. 3/n
(DIR) Post #AuEGDNNcmigXvkxm4W by stf@chaos.social
2025-05-18T14:59:16Z
0 likes, 0 repeats
@bert_hubert whether 2. in 3/n is possible based on free sw, is hinging on the answer to the q? how 2 finance customer support, UX, maintenance & the cost of keeping up with a rapidly changing (hw&sw) env (bitrot, planned obsolescence of hw, etc). this is expensive, which is externalised on the cyperproletariat by the capitalists using the surveillance marketing military complex (SMMC). we need to find a way to replace the SMMC with something that is respecting the ideal of free software. 4/n
(DIR) Post #AuEGDXtBiDsIWXo7eq by stf@chaos.social
2025-05-18T15:04:17Z
0 likes, 0 repeats
@bert_hubert and that is the fundamental question, how do you replace the surveillance marketing military industrial complex with something that respects the 4 freedoms? while at the same time also upholds the motivation and quality of the devs working 2.? also how do you actually make the cyberproletariat raise so that they understand, enjoy and use the 4 freedoms?
(DIR) Post #AuEGDh97IMxpEYKTEe by stf@chaos.social
2025-05-18T15:12:11Z
0 likes, 0 repeats
@bert_hubert or maybe i misunderstood, and i'm not part of this open world. or the 4 freedoms are just elitist shit?btw some of my projects i do aspire broad usage, but i lack the competence to do UI/marketing.
(DIR) Post #B2mTYXpZcZ8Ih5JCb2 by stf@chaos.social
2026-01-29T15:13:46Z
0 likes, 0 repeats
@aral in this e2e context Landau's Law is most relevant as well: "A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against." -- https://www.devever.net/~hl/webcrypto