Soatok Dreamseeker

@soatok@furry.engineer
7.3K Followers
2.2K Following
7.1K Posts

He/him. Gay/demi dhole (Cuon Alpinus) furry.

Blogger, programmer, security engineer, cryptography nerd. 30+

Too spicy for Twitter (banned with all the prominent journalists on 2022-12-16)

I don't represent any company, individual, or community.

Pronounshe/him
FursonaDhole
OrientationDemi/Gay
Websitehttps://soatok.blog
Soatok Dreamseeker5h ago
tech? no! man, see...Mar 13, 2018
Golang is unusual because in most languages the type system tells you when you made a mistake, but in Golang the type system tells you when Rob Pike made a mistake.
Soatok Dreamseeker5h ago
Finn   5h ago
Difficult hostage situation!!

🐕 smarage, unknown
©️ CC BY-NC-SA 4.0, finnley.dev/license
🔗 www.fxfurtrack.com/p/1040461

#furry #fursuit #photography #fursuitfriday
Soatok Dreamseeker5h ago
Show threadHailey18h ago
I spent a couple of hours yesterday getting Audacity building, reproducing and diagnosing the bug, and wrapping my head around the complex logic in this part of the code so that I could implement a correct fix. To have copilot review my work, which I contributed back for free, is just so incredibly disrespectful to my time and effort.
Soatok Dreamseeker5h ago
Show threadHailey18h ago
You know back in my day, we had static analysis tooling that would give you exactly this kind of feedback, except it was correct. Now we have shit which only looks at the vibes of the source text and does no semantic analysis whatsoever, so of course it's just fucking wrong
Soatok Dreamseeker5h ago
Hailey18h ago

Sent a pull request to Audacity fixing a crash bug I'd been running into frequently. The cause was an out-of-bounds memmove. Classic C++ areas.

Anyway I got a fucking copilot review on my PR which left two comments, both completely wrong, one of which suggesting I reintroduce the out of bounds memory access. I'm furious!

Soatok Dreamseeker7h ago
Show threadThad14h ago
@abacabadabacaba @soatok yeah, I’d second the idea to explicitly not allow multiple recipients for this scheme. KCI seems a bit of an edge case for a two party system, but allowing any member in a multiparty group to spoof any other member seems like a bit of a cliff. Unfortunate that schemes like MLS have to pull in signatures for this and can’t just use something similar to Noise_K.
Soatok Dreamseeker17h ago

I proposed a way to incorporate Sender Authentication in age with the following advantages:

  • No catch-22 between encryption and signing (no rebinding attacks)
  • You have to be able to decrypt the message to verify the sender
  • No new cryptographic primitives (e.g., signcryption)
  • No in-band signaling or downgrade attacks

    • However, it does have one requirement that people accustomed to PGP use cases (and tolerant of PGP footguns) may find annoying:

    You must know, in advance, the public key of the sender in order to be able to decrypt the message.

    https://github.com/FiloSottile/age/discussions/640

    #crypto #encryption #cryptography #age

    Sender Authentication · FiloSottile age · Discussion #640

    This is a rough draft proposal for implementing Sender Authentication in age without introducing any new cryptographic primitives. This has previously been discussed on Cryptography Dispatches and ...

    GitHub
    Soatok Dreamseeker2d ago
    Show threadSteph  2d ago
    @soatok I was thinking something similar a few days ago. What would happen if you flooded GitHub with trivial programs with naming or comments that imply it's doing something different. Like a "shortest path" function, but it's actually just fizzbuzz. How long until AI slop would just think that every problem is fizzbuzz and just offer some variation of fizzbuzz for every prompt?
    Show threadSoatok Dreamseeker2d ago

    If you'd like an example of a threat model I wrote (for the Fediverse Key Transparency specification): https://github.com/fedi-e2ee/public-key-directory-specification/blob/main/Specification.md#threat-model

    Notice that it has:

  • A list of specific technical assumptions.
  • A list of assets in scope.
  • A list of actors, which represent different types of attacks and tactics.
  • Specific risks for various assets, for which the various actors may be relevant.

    • NIST has several documents for writing a threat model.

    You don't need to be as formal as this about it, but trying to rebut me with not-a-goddamn-threat-model is a waste of everyone's time.

    public-key-directory-specification/Specification.md at main · fedi-e2ee/public-key-directory-specification

    Specification for a Fediverse Directory Server for Public Keys - fedi-e2ee/public-key-directory-specification

    GitHub
    Soatok Dreamseeker2d ago

    When I say something like, "The people who tut-tut over the phone number requirement never articulate anything resembling a coherent threat model" (when talking about Signal), I want to be very clear:

    I mean an actual threat model.

    Not a use-case.

    Not a user story.

    Not a set of wants.

    Threat.
    Model.

    Learn what that is before replying.

    ×
    War and Peas 🧿Jun 20

    Half the world’s population lives in countries spending more on debt interest than on health. 2.1 billion live in countries spending more on debt than education. This is the cost of a broken financial system.

    30 top economists—brought together by the Catholic Church—have laid out what must change to establish a fairer system. Their report is out today.

    Let’s hope leaders act at #FfD4

    Show threadWar and Peas 🧿Jun 20
    Read the report by the Jubilee Commission chaired by Joseph Stiglitz:‬ https://bit.ly/4kNj3e8
    The Jubilee Report: A Blueprint for Tackling the Debt and Development Crises and Creating the Financial Foundations for a Sustainable People-Centered Global Economy - Initiative for Policy Dialogue

    On June 20, 2025 the Pontifical Academy of Social Sciences (PASS) and Columbia University’s Initiative for Policy Dialogue (IPD) published a report by a commission of global experts calling for urgent action and systemic reforms to tackle the escalating debt and development crises.

    Initiative for Policy Dialogue -
    Show threadDave6d ago
    @warandpeas Meh. That's blocked here in the clinics WiFi by their Fortiguard content filter.
    (Not meant as a complaint to you, I'm just noticing a pattern on that filter of blocking progressive, queer and climate justice websites.)
    Show threaddisorderlyfJun 20
    @warandpeas Before I even read it, I'm guessing it's socialism with extra steps
    Show threaddisorderlyfJun 20
    @warandpeas The first page is basically: "stop bailing out banks and give more of a shit about finances beyond a single quarter. Also give people receipts so we can call each other out when we make bad takes." So kind of?
    Show threadcorrado937Jun 20

    @warandpeas

    It's just the current way to implement slavery for the many and income for the few

    Show threadLorryJun 20
    @warandpeas Ouch
    Show threadItchi5 illustrationsJun 20

    @warandpeas

    We can get mostly debt-free just by forbidding lobbying and separating corporations & state.

    This will let important things be run by (created) state-services instead of corporations, who are the cause of debt (profit for them) in the first place.

    Show threadafreytes 🇵🇷 ☭Jun 20
    @warandpeas #PuertoRico would like a word... but we can't afford it.
    Show threadCorpomancerJun 20
    @warandpeas Imagine the current economy as a massively inflated collection of black debt holes, all crammed into no financial space at all, just waiting to one day end in an all encompassing big b...
    Show threadjakob :pixelfed:6d ago
    Destroy the Fiatmoney system.
    Deny interest rates...
    Show threadMargret Kuarell6d ago
    @warandpeas not quite true, debt has always been there
    Show threadTFed 🍉🌻4d ago

    @warandpeas what is debt?

    Artificial problem that makes you feel that you have to do something, even tho you wont get anything in return. A force that enslaves you todo thinks you dont wanna do, because you have no other option but to repay the debt back