I finally got around to looking at vodozemac. I'm not impressed. At least it took more than 30 seconds this time.
diff --git a/src/olm/shared_secret.rs b/src/olm/shared_secret.rs
index ebad928..e0edfc6 100644
--- a/src/olm/shared_secret.rs
+++ b/src/olm/shared_secret.rs
@@ -154,4 +154,101 @@ mod test {
| { | |
| "key": "99b663fec7d19267e21cce472b8ff9d3cd7b669632ea4e6985d51ed935581dee", | |
| "block": [ | |
| "e5c39e209702e52a", | |
| "3584c040a6057577", | |
| "044befd864f5d185", | |
| "0f299bd4bee0f063", | |
| "693af86bba325385", | |
| "d38cdca747101f8a", | |
| "62d74de0fcebb5da", |
Ignas Kiela is kind of an idiot online. This, by itself, is a forgiveable condition--even on social media. Everyone has off days. Everyone has silly moments.
Unfortunately, Ignas Kiela is the kind of idiot that doubles, triples, and quadruples down on talking out of their ass.
Today, we're talking about this Fediverse thread.
I posted two threads earlier this week, after being tagged into someone else's argument and subsequently getting a headache. You can read them here:
| Delivered-To: soatok.dhole@gmail.com | |
| Received: by 2002:a05:6358:4b10:b0:1cb:2a1f:10d0 with SMTP id kr16csp5261208rwc; | |
| Tue, 24 Dec 2024 21:09:02 -0800 (PST) | |
| X-Google-Smtp-Source: AGHT+IEt45MWkqbgPWrhCoGhSYiwbFccSqsFktKLMzW+XlvhlDNkmEI0LK9Pe75OBHol8ILXuLje | |
| X-Received: by 2002:a05:620a:4052:b0:7b6:cf71:2788 with SMTP id af79cd13be357-7b9ba716904mr2931608485a.11.1735103342377; | |
| Tue, 24 Dec 2024 21:09:02 -0800 (PST) | |
| ARC-Seal: i=1; a=rsa-sha256; t=1735103342; cv=none; | |
| d=google.com; s=arc-20240605; | |
| b=h8bcnBIufc2ts7AMqwpkkEeksPqsYh9fbI2jkclt5SsgHmmT5XdPYKkw/WiE1zMKaa | |
| U7c6uoh415ALjvgZfXUT9GpJO1JrEfL9zoel+7J8oxxi+5iehySfLpjq6PqM5sXivQ/0 |
2024-05-15: I took a quick look at the Matrix source code. I identified two issues and emailed them to their security@ email address.In my email, I specify that I plan to disclose my findings publicly in 90 days (i.e. on August 14), in adherence with industry best practices for coordinated disclosure, unless they request an extension in writing.
2024-05-16: I checked something else on a whim and find a third issue, which I also email to their security@ email address.
2024-05-17: Matrix security team confirms receipt of my reports.
2024-05-17: I follow up with a suspected fourth finding–the most critical of them all. They point out that it is not actually an issue, because I overlooked an important detail in how the code is architected. Mea culpa!
This is the full email message I received in this screenshot: https://twitter.com/SoatokDhole/status/1486708637422735361
Read more:
| <?php | |
| /** | |
| * Usage: Run this from the command line to generate a secure passphrase in the format | |
| * of stereotypical bottom keymashing. | |
| * | |
| * php bottom-responder.php | xclip | |
| * | |
| * Why? Because furries ruin everything, including bottom jokes. | |
| */ | |
| function random_str(int $length, string $charset): string { |
This code snippet will allow anyone to independently verify the claims of this blog post.
Proctorio is violating Google's Policies about code obfuscation.
| <?php | |
| declare(strict_types=1); | |
| $password = 'OwO what\'s this?'; | |
| $alg = SODIUM_CRYPTO_PWHASH_ALG_DEFAULT; | |
| $opslimit = SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE; | |
| $memlimit = SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE; | |
| $salt = 'YIFFYIFFYIFFYIFF'; |