technology

23306 readers

259 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

Jadzia_Dax@hexbear.net

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

Security Issues in Matrix’s Olm Library (Including ongoing discussion) (soatok.blog)

submitted 3 months ago* (last edited 3 months ago) by rainn@hexbear.net to c/technology@hexbear.net

1 comments fedilink hide all child comments

I'm reposting the article with the developing discussions around it as it probably deserves more reach. Devs are 50% "it's impossible to do anyways, sensationalism it's FUD", the other 50% is in disarray and being wtf. I'm not a cryptographer though

More discussion here, where Nheko devs refuse to update to Vodozemac: https://github.com/Nheko-Reborn/nheko/issues/1786

Others discussions: https://github.com/quotient-im/libQuotient/issues/780

https://github.com/mautrix/go/issues/262

https://github.com/NixOS/nixpkgs/pull/334638

https://github.com/krille-chan/fluffychat/issues/1258

https://github.com/NixOS/nixpkgs/pull/334638/commits/e4767b4727589567da29a90a71947c2bdbe43988

OP's old gist about Matrix: https://web.archive.org/web/20240606031827/https://gist.github.com/soatok/8aef6f67fec9c702f510ee24d19ef92b

Matrix developer reply: https://news.ycombinator.com/item?id=41249371

From what I understand, for now, Vodozemac, the new Rust implementation, is unusable in other languages than Rust because its bindings are broken. FluffyChat developers seem to be working on fixing them, though.

I think what's more worrying than the exploits is the attitude of the client developers, and the Matrix developer that replied.

top 1 comments

sorted by: hot top controversial new old

[–] farting_weedman@hexbear.net 2 points 3 months ago

Many years ago, security meant association with groups powerful enough to ensure it.

As the simple field sabotage methods applied to open source projects reach their culmination, consider ensuring that any security you rely on is backed up by that old concept.