@deetwenty@todon.nl cover
@deetwenty@todon.nl avatar

deetwenty

@[email protected]

Dutch | Furry | Applied Physicist | Amateur Photographer |(Secular) Humanist | They/Them | Coffee Adict | from the fine year of 1986

This profile is from a federated server and may be incomplete. View on remote instance

@soatok@furry.engineer avatar soatok , to random
deetwenty ,
@deetwenty@todon.nl avatar

@soatok really get the feeling even I as a crypto noob could do better, sure still won't be good, but better than what matrix has done here. (E.g. rust type system is strong enough that you could make a type that can't be zero, and you can enforce the use of that)

@deetwenty@todon.nl avatar deetwenty , to random

And we also have a first Squeaky Saturday! Here is to many more!

A bunch of big inflatable creatures (2 wolves, 2 foxes if you look closely) looking out of a window into a dark night, seems very cozy inside!
ALT
@deetwenty@todon.nl avatar deetwenty , to random

Happy new year! Hopefully it is a very squeaky one!

A wolf fursuiter standing between to giant inflates, a fox on the left and a wolf on the right. Superimposed is the text "Happy 2026\ May it be a squeaky new year"
ALT
@deetwenty@todon.nl avatar deetwenty , to random

Happy wolfenoot!

A pair of arctic wolves one lying down and the other standing over the fist in an almost protective way with a lush green foresty background
ALT
@deetwenty@todon.nl avatar deetwenty , to random

For some reason fursuiter really like this big inflatable collie, not complaining since it makes for adorable pictures!

A wolf fursuiter using a big pink inflatable collie dog as a backpack, it is an extremely cute combination!
ALT
@soatok@furry.engineer avatar soatok , to random
deetwenty ,
@deetwenty@todon.nl avatar

@soatok @cadey nice! I might want to steal this for my own (hobby) projects!

@deetwenty@todon.nl avatar deetwenty , to random

Play a game of spot the fursuiter!

A wolf fursuiter standing between the legs of a giant inflatable wolf, the fursuiter isn't even as tall as the legs!
ALT
@soatok@furry.engineer avatar soatok , to random
deetwenty ,
@deetwenty@todon.nl avatar

@soatok this is "real name policy" amplified a 1000x fold, and if anyone thinks that makes people behave then I've a bridge or two to sell to those people

@deetwenty@todon.nl avatar deetwenty , to random

Big inflates are best inflates!
Featuring: https://bsky.app/profile/alex.poolwolf.net in pooltoy form
Fursuit by: https://bsky.app/profile/sarahcatfursuits.com

A wolf futsuiter standing next to an absolutely massive inflatable wolf, the inflatable just towers over the fursuiter!
ALT
@deetwenty@todon.nl avatar deetwenty , to random

Cross foxes have pretty patterns!

A cross fox fursuiter posing for a portrait
ALT
@soatok@furry.engineer avatar soatok , to random

It's really funny watching career programmers that have strong opinions about design patterns and the single responsibility principle defend PGP.

My dudes, it's the God Class of cryptographic fucking risk.

deetwenty ,
@deetwenty@todon.nl avatar

@soatok From an historical perspective PGP kinda makes sense, in the 80s, and early 90s it wasn't considered something everybody would need, was to be mostly used by people in the know, and the whole idea of cryptography was still in its infancy (so e.g. it was deemed possible to set up a web of trust). In short "the 80s called and it wants it cryptographic design back"

deetwenty ,
@deetwenty@todon.nl avatar

@orman @soatok the problem with Web of Trust is that it is surprisingly hard to explain to non technical people. Yes you could provide QR codes which makes it easier, but you still need to explain the why, and it is still a barrier to entry. On top of that a web of trust becomes a lot less useful if not a majority of users participate. In theory web of trust is nice, in practice it comes with a lot of headaches. That said at a small scale for smaller groups it might still be a useful concept, but will never really scale up to work at large (read internet wide) scales

@jerry@infosec.exchange avatar jerry , to random
deetwenty ,
@deetwenty@todon.nl avatar

@jerry recently learned that this kind of abuse of device flow sign up has been known about for years (e.g. https://blog.christophetd.fr/phishing-for-aws-credentials-via-aws-sso-device-code-authentication/ ), and thus we probably should really rethink how we do this kind of thing (a good first step would be to stop using device flows like this for any place outside it originally intended purpose of authenticating devices like TVs, so no do not use it for that cli app! Either let people require an API key for cli interaction or launch a normal flow by launching a browser and use a scheme or localhost redirect)

@soatok@furry.engineer avatar soatok , to random

Y'know those hug consent badges?

They should make them for "does [not] know how to flirt" and "can [not] recognize flirting"

deetwenty ,
@deetwenty@todon.nl avatar

@soatok I need this (and a "not interested in flirting" one probably as well)

@soatok@furry.engineer avatar soatok , to random

https://opossum-attack.com/

Document contains a :3

deetwenty ,
@deetwenty@todon.nl avatar

@soatok if I read this right if you send http code 301 on http requests to move user agent to https it shouldn't be a problem?

@soatok@furry.engineer avatar soatok , to random

Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps

Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a dedicated, singular-focused blog post about this topic without worrying too much about tertiary matters. Here's the TL;DR: If you actually built your cryptography properly, you shouldn't give a shit which country hosts the ciphertext for your…

http://soatok.blog/2025/07/09/jurisdiction-is-nearly-irrelevant-to-the-security-of-encrypted-messaging-apps/

deetwenty ,
@deetwenty@todon.nl avatar

@soatok I think a large part of the reason Europeans over value jurisdiction is due to how over the last few decades we have been screwed over by American tech organizations, and thus have a rather inflated distrust in anything backed by such. That said with proper designed e2e this problem does go away in large parts.

@gamingonlinux@mastodon.social avatar gamingonlinux , to random
deetwenty ,
@deetwenty@todon.nl avatar

@gamingonlinux more devs need to learn the lesson MMORPG devs learned decades ago, which is "never trust the client", even with kernel level anti-cheat people will find ways to cheat (be that with expensive pcie debugging cards that can dma system memory, or with obs stream to an external system that manipulates usb device stream to create an aimbot). And for various reasons kernel level anti-cheat will be nearly impossible on linux. In shorts dev should have moved away from 90s net code, yes that will be hard for twitchy shooters, but will fully eliminate the rat race that is anti-cheat