Ambition, The Fediverse, and Technology Freedom
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you continue to read...
View ArticleWhat To Use Instead of PGP
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be...
View ArticleSome Thoughts on the Twitter Mass Exodus
Another wave of Twitter users are jettisoning the social media website in favor of alternatives. Some are landing in the Fediverse (Mastodon and other ActivityPub-enabled software). Others are going...
View ArticleKey Transparency and the Right to be Forgotten
This post is the first in a new series covering some of the reasoning behind decisions made in my project to build end-to-end encryption for direct messages on the Fediverse. (Collectively,...
View ArticleBeyond Bcrypt
In 2010, Coda Hale wrote How To Safely Store A Password which began with the repeated phrase, “Use bcrypt”, where the word bcrypt was linked to a different implementation for various programming...
View ArticleImagining Private Airspaces for Bluesky
Recently, I shared my thoughts on the Twitter Exodus. The short of that post is: Even though I’m quite happy on the Fediverse, I think the best outcome is for Bluesky to “win” the popularity contest...
View ArticleFurry, Queer, and Lonely
What is it about being queer that makes loneliness, isolation, and rejection so much more intense than enduring than what our straight friends and family purport to experience? Harubaki Are we just...
View ArticleIdeas and Execution
I’ve been known to blog about ideas that I don’t have the time or energy to build myself–from using asynchronous ratcheting trees to support multicast networking in WireGuard (and other Noise-based...
View ArticleThe Better Daemons Of Our Profession
I’ve spent the better part of 2023 and 2024 trying to imagine the specific changes we technology nerds could make to improve things somewhat. Meme remix of Matt Bors’s comic and Stan Kelly’s Sickos...
View ArticleRoasted Christmas Spam from Muhu.ai
I wrote what I thought would be the final blog post of 2024 last week, and was looking forward to starting 2025 strong with a blog I’d been drafting since July 2023. But then, a little after Midnight...
View ArticleCollatzeral Damage: Bitwise and Proof Foolish
Let’s talk about the Collatz Conjecture, which is like mathematicians’ original version of this programmer joke: Except the number of mathematician hours wasted is much larger, possibly too large for...
View ArticleDon’t Use Session (Signal Fork)
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork...
View ArticleSession Round 2
Last week, I wrote a blog post succinctly titled, Don’t Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote about using...
View ArticleToo Many People Don’t Value the Time of Security Researchers
It’s really not my place to ever command respect from anyone; and that’s not just because I’m a furry–which has always been towards the bottom of the geek hierarchy. I am well aware how little weight...
View ArticleHell Is Overconfident Developers Writing Encryption Code
Overconfident developers that choose to write their own cryptography code have plagued the information security industry since before it was even an industry. This in and of itself isn’t inherently a...
View ArticleReviewing the Cryptography Used by Signal
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s cryptography to...
View ArticleShaming Isn’t Shielding: The Moral Panics That Cry Wolf
Content Warning: This blog post talks about adult themes and sexuality. If you’re under 18, sit this one out. If you’ve been around the furry fandom for a while, you will notice that discourse tends...
View ArticleOn The Insecurity of Telecom Stacks in the Wake of Salt Typhoon
Towards the end of last year, we learned that a group (allegedly affiliated with the Chinese government, referred to as “Salt Typhoon”) breached T-Mobile and other telecommunications companies and...
View ArticlePost-Quantum Cryptography Is About The Keys You Don’t Play
(With severe apologies to Miles Davis.) Post-Quantum Cryptography is coming. But in their haste to make headway on algorithm adoption, standards organizations (NIST, IETF) are making a dumb mistake...
View ArticleThe Practical Limitations of End-to-End Encryption
Internet discussions about end-to-end encryption are plagued by misunderstandings, misinformation, and some people totally missing the point. Of course, people being wrong on the Internet isn’t...
View Article