Dhole Moments

2020-04-21 10:46:36

What’s This All About?

Hiya, my name is Soatok!

I’m a member of the furry fandom. My fursona is a dhole (Cuon Alpinus). You can learn more about my fursona here. My pronouns are he / him.

You can find me on the Fediverse (@soatok@furry.engineer).

What’s the Point of this Blog?

I work on a lot of projects. Some of them are on Github. Most of them are intended to benefit the communities I’m a part of (Furry, LGBTQIA+, Streamer, Software Developer, Indie Game Development, etc.).

However, not everything that catches my attention or imagination results in the creation of software. And sometimes I just don’t feel like writing Markdown.

Thus, a blog!

(From my sticker pack created by Khia.)

Why Does Being [x] Matter?

Variants of this question include, “Why does being a furry matter?”, “Why does being gay matter?”, “Why does being a JavaScript developer matter?” etc.

The context it’s asked in is usually, “Who cares about [aspect of identity], shouldn’t your blog be about [technical content divorced of humanity]?!”

There’s two parts to the answer to every question in this genre.

First, it’s my blog, I do what I want with it. 😛

Second, representation matters.

People who feel nervous being open and authentic about who they are (especially junior developers) will feel even more pressure to remain hidden (to their own detriment) if no one is relatable to them.

So, I promise, I’m not being loud about my identity or interests to spite you. I’m doing it to comfort people like me. And that distinction matters.

Besides, furry art is cute and improves everything! (From my sticker pack created by Khia.)

If you want to see even more art of Soatok, check out this page.

What Are Some of the Best Hits on This Blog?

I’m glad you asked! Here are some of the most popular blog posts I’ve written, in no particular order. Popularity here means one of two things: Page views or positive feedback.

If you’re trying to get a sense of, “Is this blog worth my time?” this list is a good place to start.

• Why AES-GCM Sucks
  A list of gripes and complaints about AES, GMAC, and the AES-GCM composition thereof.
• Furward Momentum
  A guide, written for furries, to transitioning into a technology career for as close to $0 as possible without prior experience.
• Commission Prices for Furries and Artists
  Basic freelancer advice but geared towards furry artists and commissioners, with the intent of promoting better living conditions for the artists that make the furry fandom possible.
• Database Cryptography Fur The Rest Of Us
  The intersection of database software and cryptography is surprisingly fertile ground for implementation error and poor design choices. This post explores some of the basics of using cryptography to secure relational (SQL) databases, as well as schema-free (NoSQL) databases.
• What We Do in the /etc/shadow – Cryptography with Passwords
  A deep dive into password-based cryptography.
  The only novel thing in this post (that you wouldn’t learn from a few days hanging around the password cracking community or the cryptographers that frequent said community), is that it coins the term “password-based cryptographic functions (PBCFs)” as a superset of both “password hashing functions” and “password-based KDFs”, which are not the same thing.

  Also, PAKEs.

• Programmers Don’t Understand Hash Functions
  An overview of the wildly different algorithms that get called a “hash function”, how they differ, and when to use them.
• Going Bark: A Furry’s Guide to End-to-End Encryption
  A blog post that introduces end-to-end encryption. This post builds an implementation of the extended three-way Diffie-Hellman (X3DH) deniable authenticated key exchange using libsodium. The implementation explored in this post was open sourced separately as a TypeScript library called Rawr X3DH on Github. Because “Rawr X3” is the most furry trash yiff-raff of memes.
• Soatok’s Guide to Side-Channel Attacks
  I have an unreasonable amount of knowledge about software side-channel leakage, which I sadly continue to find in cryptography protocols and libraries. This blog post was an attempt to codify some of the basics of side-channels and how to prevent them. To help JavaScript developers avoid these weaknesses in their code, I fully implemented the mitigations discussed in an open source library I call constant-time-js.
• Canonicalization Attacks Against MACs and Signatures
  The Internet didn’t have a good, generalized overview of canonicalization attacks. Before this post was published, if you plucked that term into a search engine, you would only discover length-extension attacks. I intended to correct this knowledge gap by exploring the topic in detail.
• How to Learn Cryptography as a Programmer
  Exactly what it says on the label. The path from software developer to cryptography engineer is a perilous and poorly mapped one. This post attempts to outline the various paths that one can take to learn the kind of skills I possess.
• Cryptography Interface Design is a Security Concern
  Designing cryptography tools that actually accomplish their security goals is extremely difficult, especially when usability undermines security.
• Designing New Cryptography for Non-Standard Threat Models
  If you find yourself with a set of goals and requirements that is somehow incompatible with any of the standard cryptography protocols and implementations, you’re going to be forced to design your own. This is an extraordinarily dangerous undertaking, with a very high error rate (which are often not discovered for years). As an academic exercise that will never be deployed in production, however, it’s an excellent learning opportunity.
• Why Server-Side Input Validation Matters
  I was able to change my gender on Twitter to the EICAR string, despite their attempts to limit this custom field to 30 characters. I shared my method publicly on Twitter. Hilarity ensued.
• No, You’re Not a “Sigma Male”
  A takedown of the so-called “sigma male” phenomenon. The comments I receive, and never approve, on this specific blog post are so toxic that it prompted me to write a follow-up about the kinds of blog comments I won’t approve.

Do You Accept Guest Posts?

No. I will not change my mind on this.

Do You Accept Tips or Donations?

Historically, I’ve been reluctant to do so because I want to avoid perverse incentives.

However, a lot of people have insisted that I accept them, so here’s my Ko-Fi:

https://ko-fi.com/soatok

Do You Have an RSS Feed?

Yes: https://soatok.blog/feed/

How Can I Contact You?

• Twitter: @SoatokDhole
• Mastodon: soatok@furry.engineer / soatok@queer.party
• Signal Group: Invite Link
• Email: soatok dot dhole at gmail dot com

Art by Kyume.

https://soatok.blog/about/