this post was submitted on 16 Aug 2024
19 points (100.0% liked)

technology

23306 readers
260 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

I'm reposting the article with the developing discussions around it as it probably deserves more reach. Devs are 50% "it's impossible to do anyways, sensationalism it's FUD", the other 50% is in disarray and being wtf. I'm not a cryptographer though

More discussion here, where Nheko devs refuse to update to Vodozemac: https://github.com/Nheko-Reborn/nheko/issues/1786

Others discussions: https://github.com/quotient-im/libQuotient/issues/780

https://github.com/mautrix/go/issues/262

https://github.com/NixOS/nixpkgs/pull/334638

https://github.com/krille-chan/fluffychat/issues/1258

https://github.com/NixOS/nixpkgs/pull/334638/commits/e4767b4727589567da29a90a71947c2bdbe43988

OP's old gist about Matrix: https://web.archive.org/web/20240606031827/https://gist.github.com/soatok/8aef6f67fec9c702f510ee24d19ef92b

Matrix developer reply: https://news.ycombinator.com/item?id=41249371

From what I understand, for now, Vodozemac, the new Rust implementation, is unusable in other languages than Rust because its bindings are broken. FluffyChat developers seem to be working on fixing them, though.

I think what's more worrying than the exploits is the attitude of the client developers, and the Matrix developer that replied.

top 1 comments
sorted by: hot top controversial new old
[–] farting_weedman@hexbear.net 2 points 3 months ago

Many years ago, security meant association with groups powerful enough to ensure it.

As the simple field sabotage methods applied to open source projects reach their culmination, consider ensuring that any security you rely on is backed up by that old concept.