Readit NewsHow confident are you that their log system is resilient, given the state of the rest of their software?
Following that logic it would be literally impossible to trust any part of their infra. They had a bad build container, the rest of their stuff was solid.
MuteXR commented on Security Issues in Matrix's Olm Library soatok.blog/2024/08/14/se... · Posted by u/todsacerdoti
the author literally picked random projects from github tagged as matrix, without considering their prevalence or whether they are actually maintained etc.
if you actually look at % of impacted clients, it’s tiny.
meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago). After all, the limited primitives are commented on in the readme and https://github.com/matrix-org/olm/issues/3 since day 1.
You SHIPPED CODE THAT YOU KNEW HAD A SIDE CHANNEL????? WHAT?
MuteXR commented on Privacy focused platform Skiff is joining Notion, Skiff to be sunset notion.so/blog/meet-skiff... · Posted by u/mirshko
Running mail isn't hard if you know a few bits about how things work. As a matter of fact, if correctly set, it can be left running for years without significant time investment. But I'm getting the impression that anything that can't be set in 2 clicks is hard for a particular HN crowd.
Your tiny Postfix server is nothing compared to what large scale mail hosting entails.
MuteXR commented on Don't Fire People for Making Pornography in Their Free Time theatlantic.com/ideas/arc... · Posted by u/fortran77
I believe in objective morality.
Porn is immoral.
A persons immoral behavior outside of work is a red flag. It means they are also MORE likely to ack immoral at work. Based on that, it could be grounds for dismissal.
Objective morality is how a child sees the world. Not moving on from that is embarrassing.
MuteXR commented on Drew DeVault bullies creator of Hyprland, publishes private chat logs fosstodon.org/@drewdevaul... · Posted by u/penshan
why does any of this even matter?
MuteXR commented on Migrating our backend from Vercel to Fly.io openstatus.dev/blog/migra... · Posted by u/Hooopo
Some people avoid large providers, since large providers have approximately no incentive whatsoever to keep you, specifically, as a customer. I.e. large providers will happily raise their prices, alter the deal, throw you under the bus, disable your account, delete all you data and then refuse to talk to you. They can do this because, when they look at the big picture, you don’t matter to them. And since doing this saves them some money, they all do it.
And a small service can go under anytime, without any real warning.
Most big providers end up being cheaper for you as well. Vercel is insanely expensive.
MuteXR commented on Possible 0day in Signal? Disable link preview hax0rbana.social/@adam/11... · Posted by u/jwildeboer
There is literally no info there except rumors which OP doesn't even specify the source of.
MuteXR commented on Shitoberfest: Free T-shirts ruined Hacktoberfest2020 ongchinhwee.me/shitoberfe... · Posted by u/marcodiego
Feels like an odd thing to post now. It's almost been three years. Hacktoberfest has been opt-in ever since, and is clearly doing fine when it comes to participants. They ran out of shirts completely last time.
If you're trying to make the argument that because they can be insecure, we should not use JWTs. Thats not really a great argument for most people. JWTs provide a lot of value, and the idea of having some secure, validatable, and no network required check for authentication, or transporting information. Is too valuable for businesses. So we all use JWTs, they are a decent standard.
At the very least you should propose an alternative that people use besides JWTs if you're going to vaugly hand wave about the scary security issues of 2021 firebase, and 2020 Npm packages reported by Auth0.