Soatok DreamseekerFeb 20

I've had a few people ask why I didn't post the full Matrix email on my Fedi thread. There are two reasons:

  • It wouldn't fit in 1k characters.
  • Listen carefully:

    • Y'know how "just getting caught cheating on your monogamous partner" isn't the right time to discuss exploring ethical nonmonogamy?

    In a similar vein, asking for information while dismissing a report as "no practical security impact" is still dismissing the goddamn report.

    I excerpted the part of their email where they dismissed my report. That was the part that initiated the immediate disclosure. The inciting turn of phrase.

    It doesn't matter how much you piss on my leg, I'm not going to believe it's raining.

    Show threadSoatok DreamseekerFeb 20

    Matrix has many incentives to lie or mislead. Their leadership includes the CEO of a company whose product is a Matrix client. There's active political talks about the EU investing heavily in Matrix. He's got a vested interest in looking good, even at the expense of doing or even being good.

    On the other hand, I have nothing to gain. If everyone switches to Matrix tomorrow, nothing in my life changes. If Matrix self-implodes and everyone goes back to XMPP tomorrow, nothing in my lfie changes.

    The only things I want are:

  • End-to-end encryption to be better.
  • End-to-end encryption to become ubiquitous for communication protocols and apps.
  • The large tech companies whose business models involve privacy violations and stealing from artists and other creative workers to burn down so gloriously that society forgets the word "billionaire" in twenty years.
    • Show threadSoatok DreamseekerFeb 20

    But what about "don't make perfect the enemy of good"?

    If your cryptography isn't damn near-perfect, it's shit. There aren't many cryptographic solutions that get a C+ in the world. It's either an A, A-, or an F.

    Show threadSoatok DreamseekerFeb 20

    An F in cryptography is aes-js / pyaes, as this Trail of Bits blog by Opal Wright explains:

    Mistakes in cryptography are not a sin, even if they can have a serious impact. They’re simply a fact of life. As somebody once said, “cryptography is nightmare magic math that cares what color pen you use.” We’re all going to get stuff wrong if we stick around long enough to do something interesting, and there’s no reason to deride somebody for making a mistake.

    What matters—what separates carelessness from craftsmanship—is the response to a mistake. A careless developer will write off a mistake as no big deal or insist that it isn’t really a problem—yadda, yadda, yadda. A craftsman will respond by fixing what’s broken, examining their tools and processes, and doing what they can to prevent it from happening again.

    Does this sound familiar?

    Carelessness versus craftsmanship in cryptography

    Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.

    The Trail of Bits Blog
    Show thread🏳️‍⚧️Claire 🏳️‍⚧️
    @soatok
    I think you could apply this same maxim to all domains of engineering
    Feb 20 at 6:59pmWeb
    Show threadSoatok DreamseekerFeb 20
    @elfieclaire Safety Engineering and Security Engineering are two sides of the same coin!