Dhole Moments
Writings about information security, cryptography, software, and humanity, from a member of the furry fandom.
From the Furry Fandom…
Featured Furries
Can’t get enough of blog posts written by furries? This post aims to curate some of the other blogs written by furries that are worth sharing with my regular readers. Many (but not all) of these furry blogs are focused on technology in some way. Background Information Many years ago, I wrote a post titled…
July 21, 2024August 15, 2024
Soa Talks (Latest Posts)
Ambition, The Fediverse, and Technology Freedom
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you continue to read this blog post. To be very, very clear, this is work I’m doing independent of the W3C or any other standards organization…
October 12, 2024October 12, 2024
Why are furry conventions offering HIV testing to attendees?
Spoiler: It’s nothing scandalous or bad. Every once in a while, someone posts this photo on Twitter to attempt to dunk on furries: Over the years, I’ve seen this discourse play out several times. The people that post this photo usually don’t elaborate on why they think this photo is meaningful, they just let it…
September 30, 2024October 3, 2024
Cryptographic Innuendos
Neil Madden recently wrote a blog post titled, Digital Signatures and How to Avoid Them. One of the major points he raised is: Another way that signatures cause issues is that they are too powerful for the job they are used for. You just wanted to authenticate that an email came from a legitimate server, but now…
September 20, 2024September 20, 2024
What’s This All About?
Hiya, my name is Soatok!I’m a member of the furry fandom. My fursona is a dhole (Cuon Alpinus). You can learn more about my fursona here. My pronouns are he / him.
You can find me on the Fediverse (@soatok@furry.engineer).
What’s the Point of this Blog?
I work on a lot of projects. Some of them are on Github. Most of them are intended to benefit the communities I’m a part of (Furry, LGBTQIA+, Streamer, Software Developer, Indie Game Development, etc.).However, not everything that catches my attention or imagination results in the creation of software. And sometimes I just don’t feel like writing Markdown.
Thus, a blog!
(From my sticker pack created by Khia.)
Why Does Being [x] Matter?
Variants of this question include, “Why does being a furry matter?”, “Why does being gay matter?”, “Why does being a JavaScript developer matter?” etc.The context it’s asked in is usually, “Who cares about [aspect of identity], shouldn’t your blog be about [technical content divorced of humanity]?!”
There’s two parts to the answer to every question in this genre.
First, it’s my blog, I do what I want with it. 😛
Second, representation matters.
People who feel nervous being open and authentic about who they are (especially junior developers) will feel even more pressure to remain hidden (to their own detriment) if no one is relatable to them.
So, I promise, I’m not being loud about my identity or interests to spite you. I’m doing it to comfort people like me. And that distinction matters.
Besides, furry art is cute and improves everything! (From my sticker pack created by Khia.)
If you want to see even more art of Soatok, check out this page.
What Are Some of the Best Hits on This Blog?
I’m glad you asked! Here are some of the most popular blog posts I’ve written, in no particular order. Popularity here means one of two things: Page views or positive feedback.If you’re trying to get a sense of, “Is this blog worth my time?” this list is a good place to start.
- Why AES-GCM Sucks
A list of gripes and complaints about AES, GMAC, and the AES-GCM composition thereof.- Furward Momentum
A guide, written for furries, to transitioning into a technology career for as close to $0 as possible without prior experience.- Commission Prices for Furries and Artists
Basic freelancer advice but geared towards furry artists and commissioners, with the intent of promoting better living conditions for the artists that make the furry fandom possible.- Database Cryptography Fur The Rest Of Us
The intersection of database software and cryptography is surprisingly fertile ground for implementation error and poor design choices. This post explores some of the basics of using cryptography to secure relational (SQL) databases, as well as schema-free (NoSQL) databases.- What We Do in the /etc/shadow – Cryptography with Passwords
A deep dive into password-based cryptography.
The only novel thing in this post (that you wouldn’t learn from a few days hanging around the password cracking community or the cryptographers that frequent said community), is that it coins the term “password-based cryptographic functions (PBCFs)” as a superset of both “password hashing functions” and “password-based KDFs”, which are not the same thing.Also, PAKEs.
- Programmers Don’t Understand Hash Functions
An overview of the wildly different algorithms that get called a “hash function”, how they differ, and when to use them.- Going Bark: A Furry’s Guide to End-to-End Encryption
A blog post that introduces end-to-end encryption. This post builds an implementation of the extended three-way Diffie-Hellman (X3DH) deniable authenticated key exchange using libsodium. The implementation explored in this post was open sourced separately as a TypeScript library called Rawr X3DH on Github. Because “Rawr X3” is the mostfurry trashyiff-raff of memes.- Soatok’s Guide to Side-Channel Attacks
I have an unreasonable amount of knowledge about software side-channel leakage, which I sadly continue to find in cryptography protocols and libraries. This blog post was an attempt to codify some of the basics of side-channels and how to prevent them. To help JavaScript developers avoid these weaknesses in their code, I fully implemented the mitigations discussed in an open source library I call constant-time-js.- Canonicalization Attacks Against MACs and Signatures
The Internet didn’t have a good, generalized overview of canonicalization attacks. Before this post was published, if you plucked that term into a search engine, you would only discover length-extension attacks. I intended to correct this knowledge gap by exploring the topic in detail.- How to Learn Cryptography as a Programmer
Exactly what it says on the label. The path from software developer to cryptography engineer is a perilous and poorly mapped one. This post attempts to outline the various paths that one can take to learn the kind of skills I possess.- Cryptography Interface Design is a Security Concern
Designing cryptography tools that actually accomplish their security goals is extremely difficult, especially when usability undermines security.- Designing New Cryptography for Non-Standard Threat Models
If you find yourself with a set of goals and requirements that is somehow incompatible with any of the standard cryptography protocols and implementations, you’re going to be forced to design your own. This is an extraordinarily dangerous undertaking, with a very high error rate (which are often not discovered for years). As an academic exercise that will never be deployed in production, however, it’s an excellent learning opportunity.- Why Server-Side Input Validation Matters
I was able to change my gender on Twitter to the EICAR string, despite their attempts to limit this custom field to 30 characters. I shared my method publicly on Twitter. Hilarity ensued.- No, You’re Not a “Sigma Male”
A takedown of the so-called “sigma male” phenomenon. The comments I receive, and never approve, on this specific blog post are so toxic that it prompted me to write a follow-up about the kinds of blog comments I won’t approve.
Do You Accept Guest Posts?
No. I will not change my mind on this.Do You Accept Tips or Donations?
Historically, I’ve been reluctant to do so because I want to avoid perverse incentives.However, a lot of people have insisted that I accept them, so here’s my Ko-Fi:
Do You Have an RSS Feed?
Yes: https://soatok.blog/feed/How Can I Contact You?
- Twitter: @SoatokDhole
- Mastodon: soatok@furry.engineer / soatok@queer.party
- Signal Group: Invite Link
- Email: soatok dot dhole at gmail dot com
Art by Kyume.