runejuhl

@[email protected]
22 Followers
64 Following
125 Posts

Geek, nerd, IT professional, neutral good, free and open source software enthusiast, pragmatic, pedantic, optimistic, skeptical, carbon-based, agnostic, thoughtful, dad joke emitter, (local, at home) celebrity chef, (often) untalkative, devils advocate, adjectifying. Interested in everything from chemistry to computers (not alphabetically), with a preference for exploring alternatives.

If you already know me you may or may not agree with the above word salad; patches welcome!

mehttps://petardo.dk
githubhttps://github.com/runejuhl
matrixhttps://matrix.to/#/@runejuhl:matrix.org
openstreetmaphttps://www.openstreetmap.org/user/runejuhl
runejuhlFeb 28
hannoFeb 26
This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

runejuhlJan 27
JadeJan 25

I'm really happy to share I'll be at #FOSDEM - I'll be giving a talk with @nex about Continuwuity on Sunday. I'll also be at the @matrix booth 5pm-6pm both days, if you want to track me down to chat!

Schedule link: https://fosdem.org/2026/schedule/event/ETMLM8-signed_sealed_stolen_how_we_patched_critical_vulnerabilities_under_fire/

FOSDEM 2026 - Signed, Sealed, Stolen: How We Patched Critical Vulnerabilities Under Fire

runejuhlOct 11
daniel:// stenberg://Oct 10

A new breed of analyzers.

And they use AI.

https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/

A new breed of analyzers

(See how I cleverly did not mention AI in the title!) You know we have seen more than our fair share of slop reports sent to the curl project so it seems only fair that I also write something about the state of AI when we get to enjoy some positive aspects of this technology. … Continue reading A new breed of analyzers →

daniel.haxx.se
runejuhlOct 7
Bogomil Shopov - БогоOct 7

A few days left to propose a developer room at #FOSDEM

https://fosdem.org/2026/news/2025-09-21-call-for-participation/

#foss

FOSDEM 2026 - FOSDEM 2026 Call for Participation

runejuhlOct 7
sam henri goldOct 7

hey wanna see something kinda interesting? this was the entire fix to the iPhone Antennagate in 2010. 20 bytes.

(this is going to be a very long thread 🧵)

runejuhlSep 17, 2025
daniel:// stenberg://Sep 17, 2025
Who could have figured out that automatically downloading half the internet and ten thousand always-changing dependencies every time you build could actually be a weakness?
runejuhlMar 12, 2025
BellingcatMar 12, 2025
Don't forget Eliot Higgins will be going live on Patreon in 20 minutes, join to see how the Bellingcat founder takes on this month’s Bellingcat Open Source Challenges. The livestream is open to the public, find us here: https://www.patreon.com/bellingcat
Bellingcat | Patreon

Creating Open Source Investigations

Patreon
runejuhlFeb 28, 2025
Fiona  Feb 28, 2025
Since I just checked again for a lemmy post and verified that my complaints are still current:

I explicitly recommend against the use of @threemaapp as a messenger because of their bad #encryption.

I make this recommendation as a professional cryptographer who holds a PhD in that field and give explicit permission to be quoted on it.

The reason for this recommendation is that Threema’s End-to-End encryption offers no forward- or backward secrecy of any kind. This follows directly from the protocol description they themselves publish in their own whitepaper, so if this is a wrong claim, their own publications are wrong, which would be just as much of a reason not to use them!

Any claims about forward-secrecy they make is purely about their transport-layer encryption, which offers zero protection against corrupted servers. If someone corrupts signal’s servers they don’t get anything. If they corrupt Threema’s servers they get everything as ciphertexts that are merely encrypted with a pairwise static key that does not get updated.

A good messenger should not rely on the trustworthiness of the servers, so doing it like that does is not acceptable and enough reason to give the boot to their app.

As much as I dislike its lack of federation (not that Threema is doing any better there), this still means that #Signal remains my recommendation as messenger, with #matrix being an alternative that feels like it makes a degree of sense to me. Other than those two we quickly get into “wouldn’t recommend” territory!

#Threema #itsec #cryptography
runejuhlFeb 28, 2025
BrianKrebsFeb 28, 2025

How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more.

Martin Matishak over at The Record writes that the former Fox news host turned Defense Secretary Pete Hegseth last week ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions.

"Hegseth gave the instruction to Cyber Command chief Gen. Timothy Haugh, who then informed the organization's outgoing director of operations, Marine Corps Maj. Gen. Ryan Heritage, of the new guidance, according to these people, who spoke on the condition of anonymity because of the matter’s sensitivity."

"The order does not apply to the National Security Agency, which Haugh also leads, or its signals intelligence work targeting Russia, the sources said."

"While the full scope of Hegseth’s directive to the command remains unclear, it is more evidence of the White House’s efforts to normalize ties with Moscow after the U.S. and international allies worked to isolate the Kremlin over its 2022 invasion of Ukraine."

https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning

Exclusive: Hegseth orders Cyber Command to stand down on Russia planning

The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.

runejuhlFeb 8, 2025
Simon TournierFeb 8, 2025

The video of my talk about #Guix and @swheritage at #FOSDEM25 is released!

The conclusion is:

• Cite and reference source code using #SoftwareHeritage identifier;

• Use Guix!

Packed in 20 minutes, check out the arguments.

Feel free to raise your questions. 😀

https://fosdem.org/2025/schedule/event/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/

Thanks @FosdemResearch for the organization of this devroom.

FOSDEM 2025 - Guix + Software Heritage: Source Code Archiving to the Rescue of Reproducible Deployment