this post was submitted on 01 Feb 2025

1836 points (98.3% liked)

Fediverse

29537 readers

3480 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago

MODERATORS

ruud@lemmy.world

Xylinna@lemmy.world

MrCenny@lemmy.world

TragicNotCute@lemmy.world

automodbeta@lemmy.world

woelkchen@lemmy.world

1836

Happy #GlobalSwitchDay (discuss.tchncs.de)

submitted 1 day ago by squirrel@discuss.tchncs.de to c/fediverse@lemmy.world

469 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] acockworkorange@mander.xyz 1 points 11 hours ago (1 children)

the author literally picked random projects from github tagged as matrix, without considering their prevalence or whether they are actually maintained etc.

if you actually look at % of impacted clients, it’s tiny.

meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago). After all, the limited primitives are commented on in the readme and https://github.com/matrix-org/olm/issues/3 since day 1.

From your link.

[–] e8d79@discuss.tchncs.de 1 points 10 hours ago

That is exactly what it says. They knew about security issues in their library and didn't fix them for years. This isn't being ignorant, this is negligence.