Soatok DreamseekerHe/him. Gay/demi dhole (Cuon Alpinus) furry.
Blogger, programmer, security engineer, cryptography nerd. 30+
Too spicy for Twitter (banned with all the prominent journalists on 2022-12-16)
I don't represent any company, individual, or community.
Soatok DreamseekerI've disabled the ActivityPub plugin for my blog, for the following reasons:
It kept breaking for people (returning JSON instead of HTML, sporadically).
Every time someone liked/boosted one of my blog pages, it created a comment for me to approve/reject, which got very annoying.
It was a fun experiment, but it's more trouble than it's worth.
Soatok DreamseekerThis is a good move for Bandcamp.
https://consequence.net/2026/01/bandcamp-bans-all-ai-music/
Soatok DreamseekerDon't mind me, just posting the truth on Hacker News and making the VC brown-nosers upset https://news.ycombinator.com/item?id=46300183
EDIT: Given everything else I've seen, Waterfox seems like it's headed in a good direction -- https://www.waterfox.com/blog/no-ai-here-response-to-mozilla/
Soatok DreamseekerAnnouncing Key Transparency for the Fediverse
I'm pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implements the Key Transparency specification I've been working on since last year, and is an important stepping stone towards secure end-to-end encryption for the Fediverse. You can find the software publicly available on GitHub: PHP Server software: PHP SDK (client-side):
https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/
Soatok DreamseekerCodecs are a font of insanity.
See: previous threads about base-58-btc and timing side-channels. https://bsky.app/profile/did:plc:qfqibtrg2k7r2p345p4pbgpi/post/3m4ygfrrxlk2q
But also, a lot of Iota's problems were their obsession with ternary logic (as if "binary" is somehow inferior), except you need your implementations of base-2 and base-3 to be isomorphic in order for the outputs of cryptographic functions to be meaningful.
But hackers have done crazy and stupid things with codecs.
For example: have you ever heard of base-1 encoding? You might think, "But you can't logically go smaller than binary!"
Not true. Just repeat the number 1 until the string length is isomorphic to the number you're trying to represent.
I never said it was fast :P
Soatok DreamseekerIt's really funny watching career programmers that have strong opinions about design patterns and the single responsibility principle defend PGP.
My dudes, it's the God Class of cryptographic fucking risk.
Soatok Dreamseeker@ra6bit@infosec.exchange spotted in the airport on the way out from DEFCON
Soatok DreamseekerBy the end of 2026, I'd like it to be true that:
You can send E2EE messages over ActivityPub, with key transparency as a first-class implementation detail.
Applications can leverage the Auxiliary Data feature of the Public Key Directory project to establish a root of identity controlled by users.
FOSS teams can use tools like Freon (and others that Freon will surely inspire) to decentralize their code signing, with whatever bells, whistles, and DevSecOps requirements satisfied.
I'll finally have sat down and specified AWOO, which is my idea for an E2EE-first email replacement.
Will we get there? Only one way to find out.
Soatok DreamseekerImproving Geographical Resilience For Distributed Open Source Teams with FREON
In a recent blog post, I laid out the argument that, if you have securely implemented end-to-end encryption in your software, then the jurisdiction where your ciphertext is stored is almost irrelevant. Where jurisdiction does come into play, unfortunately, is where your software is developed and whether or not the local government will employ rubber-hose cryptanalysis to backdoor your…
http://soatok.blog/2025/08/09/improving-geographical-resilience-for-distributed-open-source-teams-with-freon/
Soatok DreamseekerWell, this is gonna be fun
Gotta traverse to the nightclub in suit
It's 102 degrees outside
I somehow didn't pack my neck fans
Let's go
Soatok DreamseekerSo it turns out living in FL my whole life prepared me for this
Soatok DreamseekerWell, this is gonna be fun
Gotta traverse to the nightclub in suit
It's 102 degrees outside
I somehow didn't pack my neck fans
Let's go