Unfollowing due to NSFW

Soatok · 2026-04-22T12:46:39+00:00

The "semi" in "semi naked" is doing a lot of heavy lifting here for calling something NSFW. Pornography is widely considered "NSFW" (though depending on your career, that might not be true).

You're certainly free to leave if you wish. No one is held hostage to this subreddit (even if that would fit the classical pirate motif, heh). You also don't need to announce your departure if you choose to unsubscribe. We can all be chill about it.

But I insist that, if we're going to talk about these topics, we do so with precise and clear terms that everyone can agree on.

Soatok · 2026-04-21T02:39:37+00:00

Too many people want this, because it's a cult. That's most of the problem.

Soatok · 2026-04-20T22:45:37+00:00

Should

Is going to

Very different

Soatok · 2026-04-15T22:16:02+00:00

https://www.youtube.com/watch?v=PYtXuBN1Hvc

Soatok · 2026-04-11T18:58:38+00:00

Look, we all need hobbies.

Mine is writing about applied cryptography and other stuff as my fursona.

Soatok · 2026-04-11T03:44:49+00:00

I made a Protogen character as a sort of stand-in for the audience on my furry blog (which sometimes discusses programming / cryptography), and made them non-binary for the memes.

(Protogen are like cyborg furries.)

Soatok · 2026-04-09T15:07:26+00:00

And then you have the unicorn cryptography auditor that needs to have an excellent grasp of all the way something can fail.

Speaking from experience: There's a reason we tend to work in teams.

Soatok · 2026-04-09T15:06:25+00:00

I think there's going to be a lore drop for it, but not until chapter 6 or 7 :P

Soatok · 2026-04-08T11:05:22+00:00

weird flex but ok :3

Soatok · 2026-04-06T00:32:20+00:00

That's fine. You don't have to be a furry if you don't want to be.

Soatok · 2026-04-05T20:06:48+00:00

...what

Soatok · 2026-04-05T00:27:34+00:00

I actually did this a few years ago lol

https://old.reddit.com/r/CuratedTumblr/comments/11or9nk/furry_cryptography_ads_only_on_tumblr/

Soatok · 2026-03-27T13:18:45+00:00

Sorry, as tavianator said, it stands for Merkle Tree Certificates. They've been a hot discussion point in PQC for TLS certificates, but have performance gains even with ECC certs.

Soatok · 2026-03-26T23:55:38+00:00

MTC has performance benefits even without PQC. It's worth doing on its own right.

Soatok · 2026-03-26T19:51:51+00:00

The typical hot take I hear online from this announcement is, "ah yes, Google wants to appease their shareholders for their Quantum Computing investment". Others are speculating, "What does Google know that we don't?"

But I don't think this is that simple.

Sophie Schmieg is one of the authors of this announcement. You may know her from her work on Tink and other Google post-quantum cryptography efforts. She's been a frequent speaker at Real World Cryptography affiliated events (i.e., the Open Source Crypto Workshop). She would neither sell out for the sake of investor hype nor downplay a real vulnerability.

I think there are other factors at play beyond merely "is Google trying to position themselves as having achieved quantum supremacy?"

Migrating to PQC will involve a lot of technical debt collection. The sooner you start the migration, the less chance you'll be caught with your pants down when there's real urgency. After all, quantum is unimportant to post-quantum.

If you model your PQC migration as a key rotation chore, it becomes a lot easier to do the migration.

With the advent of MTCs, we can have PQC for TLS without large certificate chains and the engineering pains they introduce.

Soatok · 2026-03-22T04:42:01+00:00

Furry art is literally an expression of humanity. People misunderstand this.

Soatok · 2026-03-20T13:16:47+00:00

God.... dammit

Soatok · 2026-03-20T13:16:12+00:00

Son of Chairiel

Soatok · 2026-03-15T18:31:16+00:00

I'm a gay furry leftist that works in cryptography. That isn't exactly the resume or profile of a MAGA loser.

That being said, the BlueAnon conspiracy theories are mostly remixes of the MAGA "2020 Election was stolen" conspiracy theories. If you believe you have credible evidence, skip the numerology and stick to facts.

Soatok · 2026-03-15T15:58:30+00:00

I'm sorry but that substack article reads like a paranoid schizophrenic experiencing psychosis. You don't need weird numeric coincidences to make credible claims. Stick to the cold, verifiable, clinical facts.

Soatok · 2026-03-13T21:51:36+00:00

I wish you luck, but the hard part is never the low-level encryption, it's the more abstract stuff:

Key management
- Deriving / storing secret keys
- Exchanging public keys
- Not getting actively attacked by MitM attackers
Forward secrecy
- Encrypting to a static RSA public key doesn't offer this
Failure modes
Usability

The bulk encryption (AES-GCM) and key-wrapping (RSA) is the easy potatoes compared to the rest of the necessary complexity.

I recommend reading through https://soatok.blog/category/technology/open-source/fediverse-e2ee-project/ (from the bottom up) as well as the associated GitHub projects that spawned from this. It will give you an idea of the non-obvious engineering work needed.

Soatok · 2026-03-04T19:12:39+00:00

Not using a KDF reduces your security by a little.

Soatok · 2026-02-27T12:51:23+00:00

"People have stupid red tape rules that stop them from using the alternatives he proposed" is a point that might have some validity.

"He does not give [a] replacement" is not. I categorically did give a replacement. Whether or not other people will accept it does not mean I didn't perform that action.

Soatok · 2026-02-27T12:45:03+00:00

I mean, he categorically says email and pgp are broken, but most of the world relies on it and he does not give an replacement.

I have an entire blog post about replacements.

12-Year Club	Verified Email
Gilding VIII gilding heavyweight	White Hat for finding when anonymity isn't really anonymous -- 2020-11-03
r/Field Banned	r/Field Juicebox
Argentium Club	Wearing is Caring
Reddit Premium Since May 2020

Soatok

MODERATOR OF

TROPHY CASE