Skip to content

Instantly share code, notes, and snippets.

View soatok's full-sized avatar

Soatok Dreamseeker soatok

View GitHub Profile
@soatok
soatok / matrix.md
Last active May 22, 2024 04:11
Why I Don't Trust Matrix Developers to Produce a Secure Protocol

Update (2024-05-17)

Oh hey, this rant of mine is making the rounds.

After I wrote this, one of the Matrix leads commented on it, which prompted me to look at their code. I have since found, uh, 4 3 different cryptographic issues in Matrix's Olm and Megolm code.

Expect a blog post on Dhole Moments at some point in August.

One of them is extremely bad, and will put a lot of burden on Matrix users to mitigate effectively. False alarm: I was mistaken about this one. I'll include it in the write-up, though.

@soatok
soatok / onepiece.md
Created February 22, 2024 06:56
Soatok's One Piece Theory

I don't know if this is an original theory or if someone else has already suggested it before, but I thought it was an interesting one to share. I tried to search for it before, but didn't find anything close. Apologies if you've heard it before and my google kung-fu is just weak today.


What is the One Piece?

The One Piece is the unification of all Pieces of Eight, and is capable of a supernatural ability (e.g., granting a wish, as in Dragon Ball Z, which like One Piece is inspired by Journey to the West, but maybe not as reality-altering as that).

It has to be something powerful, though. Otherwise, why would anyone covet it? Why would Whitebeard make it a point to announce that the One Piece is real if it wasn't an artifact of legendary power?

@soatok
soatok / idleon.md
Last active May 15, 2024 17:13
Legends of IdleOn RNG Manipulation

Disclosure Timeline

Note: All dates are in YYYY-MM-DD format (as per ISO 8601 and other standards).

Date Action
2023-07-06 Emailed lava at lavaflame2 dot com with these details and a recommended fix.
2023-08-06 A month later, I follow up just asking if Lava has received my messages.
2023-11-15 Additional follow-up email
2023-11-15 Mentioned knowing an exploit in Discord, passed details onto moderator (Hotair)
@soatok
soatok / logic.md
Last active March 8, 2023 02:32
"Government Censorship" and Faux News

In response to this tweet, concerning this article.

A veterans group has called on the Pentagon to ban some Fox News personalities from being broadcast in U.S. military facilities.

Quoth Matthew van Eerde:

Blocking a news channel (or "news" channel, if you prefer) on military bases, because of anti-government content (even if false,) would absolutely be government censorship

Let's break this down a bit.

@soatok
soatok / demo.php
Last active March 1, 2023 05:28
HMAC Truncation
<?php
function canonicalize(string ...$pieces) {
$output []= pack('J', count($pieces));
foreach ($pieces as $piece) {
$output []= pack('J', mb_strlen($piece, '8bit'));
$output []= $piece;
}
return implode($output);
}
@soatok
soatok / furaffinity.md
Created October 19, 2022 21:53
Towards A Better FurAffinity

After witnessing FurAffinity get flooded with CSAM last night, and subsequently losing sleep because of it, I thought I'd enumerate the mechanisms that FurAffinity could implement to make this problem tractible.

  1. Report Button
  2. Asynchronous PhotoDNA Integration
  3. Account Suspension Automation
  4. Make the Block feature more powerful

I'll explain each of these four in detail.

Report Button

@soatok
soatok / hallam.md
Last active April 5, 2022 14:41
The Conduct of Phillip Hallam-Baker

Why Does This Even Matter?

Twitter disagreements are a daily occurrence, and even when they result in blocking, they're usually not worthy of any follow-up.

"Never argue with stupid people, they will drag you down to their level and then beat you with experience." - Mark Twain

However, Phillip Hallam-Baker is a noteworthy exception for multiple reasons:

  1. He claims expertise in cryptography, and self-describes as an "expert witness" in his Twitter bio.
  • Experts aren't stupid, categorically.
@soatok
soatok / 00-readme.md
Last active February 4, 2022 14:38
Email with full headers
@soatok
soatok / bottom-responder.php
Last active September 14, 2023 20:03
Bottom Responder
<?php
/**
* Usage: Run this from the command line to generate a secure passphrase in the format
* of stereotypical bottom keymashing.
*
* php bottom-responder.php | xclip
*
* Why? Because furries ruin everything, including bottom jokes.
*/
function random_str(int $length, string $charset): string {
@soatok
soatok / README.md
Last active December 11, 2021 02:08
Proctorio .7z deobfuscation script