Egregoros · Phoenix Framework

Timeline

Post

Remote status

Context

Soatok Dreamseeker

@soatok@furry.engineer remote

Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:

Personally I would actively avoid the check,

Hmm. What a weird thing to say.

Loup-Vaillant wrote a cryptography library called Monocypher, which famously had an EdDSA vulnerability mostly caused by their insistence on rolling their own custom EdDSA variant to avoid SHA512.

"I wonder how Monocypher holds up in 2026?"

Who said that? Well, anyway:

https://github.com/LoupVaillant/Monocypher/issues/285

Inex Code

@inex@pony.social remote

@soatok making input validation (with many preconditions and requiring specific knowledge) a user's responsibility sounds like a recipe for disaster

lain, author of the quixote

@lain@lain.com remote

@inex @soatok
> The absence of input validation is core to the design of Monocypher

???? why???

Replying to @lain@lain.com

Site Reliability Enby

@SiteRelEnby@transfem.social remote

@lain@lain.com @soatok@furry.engineer @inex@pony.social

Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets.

"Measuring software development by lines of code is like measuring aircraft design by weight"

Just that in this case, proving that too few is just as bad as too many.

Replies

Fetching replies…