“productpeople” — Fediverse search results on home.social

Johanna Rothman @[email protected] · 2024-10-22 · 20:01 UTC

How to Rethink More Strategic and Tactical Skills for Product People
https://www.jrothman.com/mpd/2024/10/how-to-rethink-more-strategic-and-tactical-skills-for-product-people/
#TechnicalSkills #ProductLeadership

#technicalskills #productleadership

May likes products @[email protected] · 2023-08-04 · 17:54 UTC

What even is an "Enterprise" in the context of #B2E?

As #product people, we spend a lot of time thinking about our specific target market, but rarely about the context of our clients' organizations. Why are B2E salespeople so much more demanding? When we understand the bigger picture of the complexity of huge organizations, we can then make product decisions that make sense for the Whole Product.

Read my latest article:
https://contextsoup.substack.com/p/what-is-a-large-enterprise

#productmanagement #enterprise

#b2e #product #productmanagement #enterprise

Ireland @[email protected] · 2026-04-30 · 18:39 UTC

https://www.europesays.com/ie/461890/ ‘Turning back the years’ 82p-a-day product people say are ‘minimizing wrinkles’ #beauty #BeautyProducts #Éire #Health #IE #Ireland #MakeUp #Nutrition #ShoppingPicks #skincare

#skincare #shoppingpicks #nutrition #makeup #ireland #ie

UK @[email protected] · 2026-04-30 · 13:25 UTC

https://www.europesays.com/uk/928590/ ‘Turning back the years’ 82p-a-day product people say are ‘minimizing wrinkles’ #Beauty #BeautyProducts #Health #MakeUp #Nutrition #ShoppingPicks #Skincare #UK #UnitedKingdom

#unitedkingdom #uk #skincare #shoppingpicks #nutrition #makeup

@reiver ⊼ (Charles) :batman: @[email protected] · 2026-05-03 · 17:47 UTC

I have been thinking about payments on the Fediverse (for a while).

1/

To make sure a Fediverse payment system is useful we should think in terms of a set Archetypes and each of their wants and a pains.

(Product people often call "Archetypes": Personas. Marketers often call "Archetypes": Segments.)

...

#AssetFlow #FediDev

#assetflow #fedidev

Jock Busuttil @[email protected] · 2025-07-21 · 09:32 UTC

PRODUCTHEAD: The discovery trap

» To keep forward momentum, frame discovery around decision making, not just insight

» Product people fight for the users, our teams and the business’s overall health

#prodmgmt #manifesto #productDiscovery

#manifesto #productdiscovery

Bernard Tyers @[email protected] · 2022-12-20 · 16:55 UTC

Today's #FreeSoftwareAdvent calendar post is Penpot, @penpot

Penpot is a wireframing, prototyping for teams - for #UXDesigners, developers, product people, everyone involved in the software creation process.

It is web first - works on all operating systems, uses open web standards (SVG), and open source.

Those with interest can self-host it themselves, or use the public service design.penpot.app. Releases are big with lots added.

#FreeOpenSourceSoftware

#freesoftwareadvent #uxdesigners #freeopensourcesoftware

Jock Busuttil @[email protected] · 2025-07-21 · 09:32 UTC

PRODUCTHEAD: The discovery trap

» To keep forward momentum, frame discovery around decision making, not just insight

» Product people fight for the users, our teams and the business’s overall health

#prodmgmt #manifesto #productDiscovery

#manifesto #productdiscovery

Jock Busuttil @[email protected] · 2025-07-21 · 09:32 UTC

PRODUCTHEAD: The discovery trap

» To keep forward momentum, frame discovery around decision making, not just insight

» Product people fight for the users, our teams and the business’s overall health

#prodmgmt #manifesto #productDiscovery

#manifesto #productdiscovery

Jock Busuttil @[email protected] · 2025-07-21 · 09:32 UTC

PRODUCTHEAD: The discovery trap

» To keep forward momentum, frame discovery around decision making, not just insight

» Product people fight for the users, our teams and the business’s overall health

#prodmgmt #manifesto #productDiscovery

#productdiscovery #manifesto

Jock Busuttil @[email protected] · 2025-07-21 · 09:32 UTC

PRODUCTHEAD: The discovery trap

» To keep forward momentum, frame discovery around decision making, not just insight

» Product people fight for the users, our teams and the business’s overall health

#prodmgmt #manifesto #productDiscovery

#manifesto #productdiscovery

Soatok @[email protected] · 2024-08-14 · 12:00 UTC

Security Issues in Matrix’s Olm Library

I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental.

It should not be this easy to find these kind of issues in any product people purportedly rely on for private messaging, which many people evangelize incorrectly as a Signal alternative.

Later, I thought I identified an additional vulnerability that would have been much worse, but I was wrong about that one. For the sake of transparency and humility, I’ll also describe that in detail.

This post is organized as follows:

Disclosure Timeline
Vulnerabilities in Olm (Technical Details)
Recommendations
Background Information
An Interesting Non-Issue That Looked Critical

I’ve opted to front-load the timeline and vulnerability details to respect the time of busy security professionals.

Please keep in mind that this website is a furry blog, first and foremost, that sometimes happens to cover security and cryptography topics.
Many people have, over the years, assumed the opposite and commented accordingly. The ensuing message board threads are usually is a waste of time and energy for everyone involved. So please adjust your expectations.
Art by Harubaki
If you’re curious, you can learn more here.

Disclosure Timeline

2024-05-15: I took a quick look at the Matrix source code. I identified two issues and emailed them to their security@ email address.
In my email, I specify that I plan to disclose my findings publicly in 90 days (i.e. on August 14), in adherence with industry best practices for coordinated disclosure, unless they request an extension in writing.
2024-05-16: I checked something else on a whim and find a third issue, which I also email to their security@ email address.
2024-05-17: Matrix security team confirms receipt of my reports.
2024-05-17: I follow up with a suspected fourth finding–the most critical of them all. They point out that it is not actually an issue, because I overlooked an important detail in how the code is architected. Mea culpa!
2024-05-18: A friend discloses a separate finding with Matrix: Media can be decrypted to multiple valid plaintexts using different keys and Malicious homeservers can trick Element/Schildichat into revealing links in E2EE rooms.
They instructed the Matrix developers to consult with me if they needed cryptography guidance. I never heard from them on this externally reported issue.
2024-07-12: I shared this blog post draft with the Matrix security team while reminding them of the public disclosure date.
2024-07-31: Matrix pushes a commit that announces that libolm is deprecated.
2024-07-31: I email the Matrix security team asking if they plan to fix the reported issues (and if not, if there’s any other reason I should withhold publication).
2024-07-31: Matrix confirms they will not fix these issues (due to its now deprecated status), but ask that I withhold publication until the 14th as originally discussed.
2024-08-14: This blog post is publicly disclosed to the Internet.
2024-08-14: The lead Matrix dev claims they already knew about these issues, and, in fact, knowingly shipped cryptography code that was vulnerable to side-channel attacks for years. See Addendum.
2024-08-23: MITRE has assigned CVE IDs to these three findings.

Vulnerabilities in Olm

I identified the following issues with Olm through a quick skim of their source code on Gitlab:

AES implementation is vulnerable to cache-timing attacks
Ed25519 signatures are malleable
Timing leakage in base64 decoding of private key material

This is sorted by the order in which they were discovered, rather than severity.

AES implementation is vulnerable to cache-timing attacks

a.k.a. CVE-2024-45191

Olm ships a pure-software implementation of AES, rather than leveraging hardware acceleration.

// Substitutes a word using the AES S-Box.WORD SubWord(WORD word){unsigned int result;result = (int)aes_sbox[(word >> 4) & 0x0000000F][word & 0x0000000F];result += (int)aes_sbox[(word >> 12) & 0x0000000F][(word >> 8) & 0x0000000F] << 8;result += (int)aes_sbox[(word >> 20) & 0x0000000F][(word >> 16) & 0x0000000F] << 16;result += (int)aes_sbox[(word >> 28) & 0x0000000F][(word >> 24) & 0x0000000F] << 24;return(result);}

The code in question is called from this code, which is in turn used to actually encrypt messages.

Software implementations of AES that use a look-up table for the SubWord step of the algorithm are famously susceptible to cache-timing attacks.

This kind of vulnerability in software AES was previously used to extract a secret key from OpenSSL and dm-crypt in about 65 milliseconds. Both papers were published in 2005.

A general rule in cryptography is, “attacks only get better; they never get worse“.

As of 2009, you could remotely detect a timing difference of about 15 microseconds over the Internet with under 50,000 samples. Side-channel exploits are generally statistical in nature, so such a sample size is generally not a significant mitigation.

How is this code actually vulnerable?

In the above code snippet, the vulnerability occurs in
aes_sbox[/* ... */][/* ... */].

Due to the details of how the AES block cipher works, the input variable (word) is a sensitive value.

Software written this way allows attackers to detect whether or not a specific value was present in one of the processor’s caches.

To state the obvious: Cache hits are faster than cache misses. This creates an observable timing difference.

Such a timing leak allows the attacker to learn the value that was actually stored in said cache. You can directly learn this from other processes on the same hardware, but it’s also observable over the Internet (with some jitter) through the normal operation of vulnerable software.

How to mitigate this cryptographic side-channel

The correct way to solve this problem is to use hardware accelerated AES, which uses distinct processor features to implement the AES round function and side-steps any cache-timing shenanigans with the S-box.

Not only is this more secure, but it’s faster and uses less energy too!

If you’re also targeting devices that don’t have hardware acceleration available, you should first use hardware acceleration where possible, but then fallback to a bitsliced implementation such as the one in Thomas Pornin’s BearSSL.

Art by AJ

Ed25519 signatures are malleable

a.k.a. CVE-2024-45193

Ed25519 libraries come in various levels of quality regarding signature validation criteria; much to the chagrin of cryptography engineers everywhere. One of those validation criteria involves signature malleability.

Signature malleability usually isn’t a big deal for most protocols, until suddenly you discover a use case where it is. If it matters, that usually that means you’re doing something with cryptocurrency.

Briefly, if your signatures are malleable, that means you can take an existing valid signature for a given message and public key, and generate a second valid signature for the same message. The utility of this flexibility is limited, and the impact depends a lot on how you’re using signatures and what properties you hope to get out of them.

For ECDSA, this means that for a given signature , a second signature is also possible (where is the order of the elliptic curve group you’re working with).

Matrix uses Ed25519, whose malleability is demonstrated between and .

This is trivially possible because S is implicitly reduced modulo the order of the curve, , which is a 253-bit number (0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed) and S is encoded as a 256-bit number.

The Ed25519 library used within Olm does not ensure that , thus signatures are malleable. You can verify this yourself by looking at the Ed25519 verification code.

int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) {    unsigned char h[64];    unsigned char checker[32];    sha512_context hash;    ge_p3 A;    ge_p2 R;    if (signature[63] & 224) {        return 0;    }    if (ge_frombytes_negate_vartime(&A, public_key) != 0) {        return 0;    }    sha512_init(&hash);    sha512_update(&hash, signature, 32);    sha512_update(&hash, public_key, 32);    sha512_update(&hash, message, message_len);    sha512_final(&hash, h);        sc_reduce(h);    ge_double_scalarmult_vartime(&R, h, &A, signature + 32);    ge_tobytes(checker, &R);    if (!consttime_equal(checker, signature)) {        return 0;    }    return 1;}

This is almost certainly a no-impact finding (or low-impact at worst), but still an annoying one to see in 2024.

If you’d like to learn more, this page is a fun demo of Ed25519 malleability.

To mitigate this, I recommend implementing these checks from libsodium.

Art: CMYKat

Timing leakage in base64 decoding of private key material

a.k.a. CVE-2024-45192

If you weren’t already tired of cache-timing attacks based on table look-ups from AES, the Matrix base64 code is also susceptible to the same implementation flaw.

while (pos != end) {    unsigned value = DECODE_BASE64[pos[0] & 0x7F];    value <<= 6; value |= DECODE_BASE64[pos[1] & 0x7F];    value <<= 6; value |= DECODE_BASE64[pos[2] & 0x7F];    value <<= 6; value |= DECODE_BASE64[pos[3] & 0x7F];    pos += 4;    output[2] = value;    value >>= 8; output[1] = value;    value >>= 8; output[0] = value;    output += 3;}

The base64 decoding function in question is used to load the group session key, which means the attack published in this paper almost certainly applies.

How would you mitigate this leakage?

Steve Thomas (one of the judges of the Password Hashing Competition, among other noteworthy contributions) wrote some open source code a while back that implements base64 encoding routines in constant-time.

The real interesting part is how it avoids a table look-up by using arithmetic (from this file):

// Base64 character set:// [A-Z]      [a-z]      [0-9]      +     /// 0x41-0x5a, 0x61-0x7a, 0x30-0x39, 0x2b, 0x2finline int base64Decode6Bits(char src){int ch  = (unsigned char) src;int ret = -1;// if (ch > 0x40 && ch < 0x5b) ret += ch - 0x41 + 1; // -64ret += (((0x40 - ch) & (ch - 0x5b)) >> 8) & (ch - 64);// if (ch > 0x60 && ch < 0x7b) ret += ch - 0x61 + 26 + 1; // -70ret += (((0x60 - ch) & (ch - 0x7b)) >> 8) & (ch - 70);// if (ch > 0x2f && ch < 0x3a) ret += ch - 0x30 + 52 + 1; // 5ret += (((0x2f - ch) & (ch - 0x3a)) >> 8) & (ch + 5);// if (ch == 0x2b) ret += 62 + 1;ret += (((0x2a - ch) & (ch - 0x2c)) >> 8) & 63;// if (ch == 0x2f) ret += 63 + 1;ret += (((0x2e - ch) & (ch - 0x30)) >> 8) & 64;return ret;}

Any C library that handles base64 codecs for private key material should use a similar implementation. It’s fine to have a faster base64 implementation for non-secret data.

Worth noting: Libsodium also provides a reasonable Base64 codec.

Recommendations

These issues are not fixed in libolm.

Instead of fixing libolm, the Matrix team recommends all Matrix clients adopt vodozemac.

I can’t speak to the security of vodozemac.

Art: CMYKat

But I can speak against the security of libolm, so moving to vodozemac is probably a good idea. It was audited by Least Authority at one point, so it’s probably fine.

Most Matrix clients that still depended on libolm should treat this blog as public 0day, unless the Matrix security team already notified you about these issues.

Background Information

If you’re curious about the backstory and context of these findings, read on.
Otherwise, feel free to skip this section. It’s not pertinent to most audiences. The people that need to read it already know who they are.

End-to-end encryption is one of the topics within cryptography that I find myself often writing about.

In 2020, I wrote a blog post covering end-to-end encryption for application developers. This was published several months after another blog I wrote covering gripes with AES-GCM, which included a shallow analysis of how Signal uses the algorithm for local storage.

In 2021, I published weaknesses in another so-called private messaging app called Threema.

In 2022, after Elon Musk took over Twitter, I joined the Fediverse and sought to build end-to-end encryption support for direct messages into ActivityPub, starting with a specification. Work on this effort was stalled while trying to solve Public Key distribution in a federated environment (which I hope to pick up soon, but I digress).

Earlier this year, the Telegram CEO started fearmongering about Signal with assistance from Elon Musk, so I wrote a blog post urging the furry fandom to move away from Telegram and start using Signal more. As I had demonstrated years prior, I was familiar with Signal’s code and felt it was a good recommendation for security purposes (even if its user experience needs significant work).

I thought that would be a nice, self-contained blog post. Some might listen, most would ignore it, but I could move on with my life.

I was mistaken about that last point.

Art by AJ

An overwhelming number of people took it upon themselves to recommend or inquire about Matrix, which prompted me to hastily scribble down my opinion on Matrix so that I might copy/paste a link around and save myself a lot of headache.

Just when I thought the firehose was manageable and I could move onto other topics, one of the Matrix developers responded to my opinion post.

Thus, I decided to briefly look at their source code and see if any major or obvious cryptography issues would fall out of a shallow visual scan.

Since you’re reading this post, you already know how that ended.

Credit: CMYKat

Since the first draft of this blog post was penned, I also outlined what I mean when I say an encrypted messaging app is a Signal competitor or not, and published my opinion on XMPP+OMEMO (which people also recommend for private messaging).

Why mention all this?

Because it’s important to know that I have not audited the Olm or Megolm codebases, nor even glanced at their new Rust codebase.

The fact is, I never intended to study Matrix. I was annoyed into looking at it in the first place.

My opinion of their project was already calcified by the previously discovered practically-exploitable cryptographic vulnerabilities in Matrix in 2022.

The bugs described above are the sort of thing I mentally scan for when I first look at a project just to get a feel for the maturity of the codebase. I do this with the expectation (hope, really) of not finding anything at all.

(If you want two specific projects that I’ve subjected to a similar treatment, and failed to discover anything interesting in: Signal and WireGuard. These two set the bar for cryptographic designs.)

It’s absolutely bonkers that an AES cache timing vulnerability was present in their code in 2024.

It’s even worse when you remember that I was inundated with Matrix evangelism in response to recommending furries use Signal.
I’m a little outraged because of how irresponsible this is, in context.

It’s so bad that I didn’t even need to clone their git repository, let alone run basic static analysis tools locally.

So if you take nothing else away from this blog post, let it be this:

There is roughly a 0% chance that I got extremely lucky in my mental grep and found the only cryptography implementation flaws in their source code. I barely tried at all and found these issues.

I would bet money on there being more bugs or design flaws that I didn’t find, because this discovery was the result of an extremely half-assed effort to blow off steam.

Wasn’t libolm deprecated in May 2022?

The Matrix developers like to insist that their new Rust hotness “vodozemac” is what people should be using today.

I haven’t looked at vodozemac at all, but let’s pretend, for the sake of argument, that its cryptography is actually secure.

(This is very likely if they turn out to be using RustCrypto for their primitives, but I don’t have the time or energy for that nerd snipe, so I’m not going to look. Least Authority did audit their Rust library, for what it’s worth, and Least Authority isn’t clownshoes.)

It’s been more than 2 years since they released vodozemac. What does the ecosystem penetration for this new library look like, in practice?

A quick survey of the various Matrix clients on GitHub says that libolm is still the most widely used cryptography implementation in the Matrix ecosystem (as of this writing):

Matrix ClientCryptography Backendhttps://github.com/tulir/gomukslibolm (1, 2)https://github.com/niochat/niolibolm (1, 2)https://github.com/ulyssa/iambvodozemac (1, 2)https://github.com/mirukana/miragelibolm (1)https://github.com/Pony-House/Clientlibolm (1)https://github.com/MTRNord/cetirizinevodozemac (1)https://github.com/nadams/go-matrixclinonehttps://github.com/mustang-im/mustanglibolm (1)https://github.com/marekvospel/libretrixlibolm (1)https://github.com/yusdacra/icy_matrixnonehttps://github.com/ierho/elementlibolm (through the python SDK)https://github.com/mtorials/cordlessnonehttps://github.com/hwipl/nuqql-matrixdlibolm (through the python SDK)https://github.com/maxkratz/element-webvodozemac (1, 2, 3, 4)https://github.com/asozialesnetzwerk/riotlibolm (wasm file)https://github.com/NotAlexNoyle/Versilibolm (1, 2)

3 of the 16 clients surveyed use the new vodozemac library. 10 still use libolm, and 3 don’t appear to implement end-to-end encryption at all.

If we only focus on clients that support E2EE, vodozemac has successfully been adopted by 19% of the open source Matrix clients on GitHub.

I deliberately excluded any repositories that were archived or clearly marked as “old” or “legacy” software, because including those would artificially inflate the representation of libolm. It would make for a more compelling narrative to do so, but I’m not trying to be persuasive here.

Deprecation policies are a beautiful lie. The impact of a vulnerability in Olm or Megolm is still far-reaching, and should be taken seriously by the Matrix community.

Worth calling out: this quick survey, which is based on a GitHub Topic, certainly misses other implementations. Both FluffyChat and Cinny, which were not tagged with this GitHub Topic, depend a language-specific Olm binding.
These bindings in turn wrap libolm rather than the Rust replacement, vodozemac.

But the official clients…

I thought the whole point of choosing Matrix over something like Signal is to be federated, and run your own third-party clients?

If we’re going to insist that everyone should be using Element if they want to be secure, that defeats the entire marketing point about third-party clients that Matrix evangelists cite when they decry Signal’s centralization.

So I really don’t want to hear it.

CMYKat

An Interesting Non-Issue That Looked Critical

As I mentioned in the timeline at the top, I thought I found a fourth issue with Matrix’s codebase. Had I been correct, this would have been a critical severity finding that the entire Matrix ecosystem would need to melt down to remediate.

Fortunately for everyone, I made a mistake, and there is no fourth vulnerability after all.

However, I thought it would be interesting to write about what I thought I found, the impact it would have had if it were real, and why I believed it to be an issue.

Let’s start with the code in question:

void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) {    sha512_context hash;    unsigned char hram[64];    unsigned char r[64];    ge_p3 R;    sha512_init(&hash);    sha512_update(&hash, private_key + 32, 32);    sha512_update(&hash, message, message_len);    sha512_final(&hash, r);    sc_reduce(r);    ge_scalarmult_base(&R, r);    ge_p3_tobytes(signature, &R);    sha512_init(&hash);    sha512_update(&hash, signature, 32);    sha512_update(&hash, public_key, 32);    sha512_update(&hash, message, message_len);    sha512_final(&hash, hram);    sc_reduce(hram);    sc_muladd(signature + 32, hram, private_key, r);}

The highlighted segment is doing pointer arithmetic. This means it’s reading 32 bytes, starting from the 32nd byte in private_key.

What’s actually happening here is: private_key is the SHA512 hash of a 256-bit seed. If you look at the function prototype, you’ll notice that public_key is a separate input.

Virtually every other Ed25519 implementation I’ve ever looked at before expected users to provide a 32 byte seed followed by the public key as a single input.

This led me to believe that this private_key + 32 pointer arithmetic was actually using the public key for calculating r.

The variable r (not to be confused with big R) generated via the first SHA512 is the nonce for a given signature, it must remain secret for Ed25519 to remain secure.

If r is known to an attacker, you can do some arithmetic to recover the secret key from a single signature.

Because I had mistakenly believed that r was calculated from the SHA512 of only public inputs (the public key and message), which I must emphasize isn’t correct, I had falsely concluded that any previously intercepted signature could be used to steal user’s private keys.

Credit: CMYKat

But because private_key was actually the full SHA512 hash of the seed, rather than the seed concatenated with the public key, this pointer arithmetic did NOT use the public key for the calculation of r, so this vulnerability does not exist.

If the code did what I thought it did, however, this would have been a complete fucking disaster for the Matrix ecosystem. Any previously intercepted message would have allowed an attacker to recover a user’s secret key and impersonate them. It wouldn’t be enough to fix the code; every key in the ecosystem would need to be revoked and rotated.

Whew!

I’m happy to be wrong about this one, because that outcome is a headache nobody wants.

So no action is needed, right?

Well, maybe.

Matrix’s library was not vulnerable, but I honestly wouldn’t put it past software developers at large to somehow, somewhere, use the public key (rather than a secret value) to calculate the EdDSA signature nonces as described in the previous section.

To that end, I would like to propose a test vector be added to the Wycheproof test suite to catch any EdDSA implementation that misuses the public key in this way.

Then, if someone else screws up their Ed25519 implementation in the exact way I thought Matrix was, the Wycheproof tests will catch it.

For example, here’s a vulnerable test input for Ed25519:

{    "should-fail":        true,    "secret-key":        "d1d0ef849f9ec88b4713878442aeebca5c7a43e18883265f7f864a8eaaa56c1ef3dbb3b71132206b81f0f3782c8df417524463d2daa8a7c458775c9af725b3fd",    "public-key":        "f3dbb3b71132206b81f0f3782c8df417524463d2daa8a7c458775c9af725b3fd",    "message":        "Test message",    "signature":        "ffc39da0ce356efb49eb0c08ed0d48a1cadddf17e34f921a8d2732a33b980f4ae32d6f5937a5ed25e03a998e4c4f5910c931b31416e143965e6ce85b0ea93c09"}

A similar test vector would also be worth creating for Ed448, but the only real users of Ed448 were the authors of the xz backdoor, so I didn’t bother with that.

(None of the Project Wycheproof maintainers knew this suggestion is coming, by the way, because I was respecting the terms of the coordinated disclosure.)

Closing Thoughts

Despite finding cryptography implementation flaws in Matric’s Olm library, my personal opinion on Matrix remains largely unchanged from 2022. I had already assumed it would not meet my bar for security.

Cryptography engineering is difficult because the vulnerabilities you’re usually dealing with are extremely subtle. (Here’s an unrelated example if you’re not convinced of this general observation.) As SwiftOnSecurity once wrote:

https://twitter.com/SwiftOnSecurity/status/832058185049579524

The people that developed Olm and Megolm has not proven themselves ready to build a Signal competitor. In balance, most teams are not qualified to do so.

I really wish the Matrix evangelists would accept this and stop trying to cram Matrix down other people’s throats when they’re talking about problems with other platforms entirely.

More important for the communities of messaging apps:
You don’t need to be a Signal competitor. Having E2EE is a good thing on its own merits, and really should be table stakes for any social application in 2024.
It’s only when people try to advertise their apps as a Signal alternative (or try to recommend it instead of Signal), and offer less security, that I take offense.
Just be your own thing.
My work-in-progress proposal to bring end-to-end encryption to the Fediverse doesn’t aim to compete with Signal. It’s just meant to improve privacy, which is a good thing to do on its own merits.

If I never hear Matrix evangelism again after today, it would be far too soon.

If anyone feels like I’m picking on Matrix, don’t worry: I have far worse things to say about Telegram, Threema, XMPP+OMEMO, Tox, and a myriad other projects that are hungry for Signal’s market share but don’t measure up from a cryptographic security perspective.

If Signal fucked up as bad as these projects, my criticism of Signal would be equally harsh. (And remember, I have looked at Signal before.)

Addendum (2024-08-14)

One of the lead Matrix devs posted a comment on Hacker News after this blog post went live that I will duplicate here:

the author literally picked random projects from github tagged as matrix, without considering their prevalence or whether they are actually maintained etc.
if you actually look at % of impacted clients, it’s tiny.
meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago). After all, the limited primitives are commented on in the readme and https://github.com/matrix-org/olm/issues/3 since day 1.

So the Matrix developers already knew about these vulnerabilities, but deliberately didn’t fix them, for years.

Congratulations, you’ve changed my stance. It used to be “I don’t consider Matrix a Signal alternative and they’ve had some embarrassing and impactful crypto bugs but otherwise I don’t care”. Now it’s a stronger stance:

Don’t use Matrix.

I had incorrectly assumed ignorance, when it was in fact negligence.

There’s no reasonable world in which anyone should trust the developers of cryptographic software (i.e., libolm) that deliberately ships with side-channels for years, knowing they’re present, and never bother to fix them.

This is fucking clownshoes.

If you’re curious about the cryptography used by other messaging apps, please refer to this page that collects my blogs about this topic.

#crypto #cryptography #endToEndEncryption #Matrix #sideChannels #vuln

#crypto #cryptography #endtoendencryption #matrix #sidechannels #vuln

Freezenet @[email protected] · 2025-11-24 · 10:36 UTC

"“We have s--t for f**king poor people. Who buys our s--t? I don’t buy Campbell’s products barely anymore. It’s not healthy now that I know what the f---‘s in it,” part of the recording said. “Bioengineered meat -- I don’t wanna eat a piece of chicken that came from a 3-D printer.”"

https://www.clickondetroit.com/news/local/2025/11/22/campbell-soup-exec-caught-on-secret-recording-slamming-product-people-who-buy-it/

Well, that sure is a ringing endorsement from a Campbell's executive. Wonder if they'll use that for their marketing material.

#Food #Campbells #Soup #CEO #FAIL

#fail #ceo #soup #campbells #food

Yuna @[email protected] · 2025-08-15 · 15:52 UTC

We don't need more. We need less.

Every week:
🧠 A new framework.
⚙️ A new "layer".
🤖 A new AI wrapper.
🔄 A new YAML format to abstract what used to be a shell script.

And then we wonder:
"Why is our software hard to debug?"
"Why do our builds break randomly?"
"Why is onboarding a 6-month journey through tribal folklore?"

I once said I write bug-free software that can be finished.
People laughed, especially product people.
Not because it's wrong.
But because they’ve forgotten it's possible.

We build complexity on top of confusion:
A + B becomes C.
C + D becomes E.
Now, E is broken, and we would create a new layer, but nobody knows how A or B worked in the first place. For example HTML/JavaScript, we leave it there and just add layers around it.

Take XML.
Everyone says it's ugly.
But you could validate it automatically, generate diagrams, enforce structure.
Now we're parsing YAML with 7 linters and still can't tell if a space is a bug.

Take Gradle.
You can define catalogues, versioning, and settings, but can't update a dependency without reading 3 blogs and sacrificing a goat.
This is called "developer experience" now?

Take Spring Boot.
I wouldn't trust a Spring Boot or any java Framework powered airplane.
Too many CVEs. Too much magic. Too little control.

We don't need "smarter" tools.
We need dumber, boring, reliable defaults.

Start boring.
Start small.
Then only change the 1% that needs to be fast, clever, or shiny.
You'll rarely even reach that point.
Like everyone says, "Y is more performant and faster than X", but no one reached the limit of X. Why should I care? Meanwhile, we use performant AI.

Real engineering is not chasing hype.
It's understanding the system so deeply that you no longer need most of it.

We've replaced curiosity with cargo cults.
We've replaced learning with LLM prompting.

And somehow, we're surprised when AI loses to a 1980s Atari in a chess game.
At least the Atari understood its own memory.

Simplicity = less maintenance = fewer bugs = happier teams.

We need less. Not more.
#devex #simplicity #softwareengineering #nocodependency#stopthehype #bugfree #springboot #gradle #xml #yamlhell #boringisgood #minimalism #AIhype #infrastructure #cleancode #pragmatism #java #NanoNative

#devex #simplicity #softwareengineering #nocodependency #bugfree #springboot

Think Different @[email protected] · 2025-06-18 · 05:09 UTC

Do Project Managers Realise They’re Obsolete?

The Tech Industry’s Quiet Revolution Against Traditional PM Roles

The tech industry has been running a quiet experiment for the past decade, and the results are brutal for traditional project managers. Whilst PMPs keep updating their LinkedIn profiles with shiny new certifications, most successful tech companies have quietly ditched project management roles. They’re using self-organising teams and product-focused approaches instead.

The harsh truth? Many project managers in tech are desperately hanging onto jobs that the industry has already moved past.

What’s Wrong with Projects Anyway?

Before we talk about why project coordinators are becoming irrelevant, let’s be honest about why the whole project approach is broken in tech. (See also: #NoProjects)

Projects create fake deadlines for work that never really ends. Your app doesn’t magically stop needing updates when the ‘project’ finishes. But projects pretend everything has a neat beginning, middle, and end. This is ridiculous in tech where products need more or less constant updates.

Projects also focus on the wrong stuff. Instead of asking ‘did we solve the customer’s problem?’ they ask ‘did we hit our deadline and stay on budget?’ Teams end up caring more about finishing the project than building something people actually need.

And here’s the kicker—projects waste tons of time on planning and meetings. How many hours do tech teams spend in status meetings, writing reports, and sitting through steering committee presentations? All that time could be spent actually building stuff.

The biggest problem? Projects break up teams just when they’re getting good at working together. You spend months learning how the code works, understanding the business, and figuring out how to collaborate. Then the project ends and everyone gets shuffled to different teams. It’s insane.

The #NoProjects Revolution

The #NoProjects movement, started by folks like P G Rule and FlowChainSensei, isn’t just complaining about projects. They’ve got a better way.

Instead of temporary projects, successful tech companies now use persistent product teams. These teams stick together and own their product long-term. No more ‘hand it off to maintenance’ nonsense. If you build it, you keep updating it.

This isn’t just theory. Companies like Spotify, Netflix, and Amazon prove it works. They organise around products, not projects. Their teams stay together, learn deeply about their domain, and can move fast because they’re not constantly starting over.

The #NoProjects crowd figured out that the problem wasn’t bad project coordination—it was the whole idea of projects in the first place. When you stop trying to force continuous work into temporary boxes, everything gets easier.

Self-Organising Teams: The Coordinator Killer

Self-organising teams in tech have basically made traditional project managers irrelevant. These teams have developers, designers, product people, and QA folks who collectively own their work. They don’t need someone else to coordinate for them.

Here’s what’s wild—these teams often move faster than teams with dedicated project managers. When six smart people can figure out their own priorities, plan their own work, and make their own decisions, why add another layer of oversight?

The best part? These teams actually understand the technical work they’re doing. They can make smart tradeoffs between features and technical debt. They know when to cut scope and when to push back on unrealistic deadlines. Traditional project managers usually don’t have that technical depth.

Product People Ate Their Lunch

Whilst project managers were busy updating their Gantt charts, product specialists swooped in and took over the strategic parts of their job. Product people combine market knowledge, technical understanding, and execution skills in ways project managers never did.

Product specialists own outcomes, not just timelines. They decide what to build, understand why it matters, and can make calls about technical tradeoffs. They’re not just coordinating other people’s work—they’re directly contributing to the product’s success.

Many companies discovered that a strong product specialist working with a self-organising engineering team gets better results than the old project manager + team structure. Product people bring strategic thinking that traditional PMs usually lacked. Better yet, have the self-organising engineering team also be or become the product domain specialists.

Agile Killed the Project Manager Star

Agile development pretty much destroyed the traditional project management playbook. Agile is all about working software over documentation, people over processes, and responding to change over following plans. That’s the exact opposite of traditional project management.

Most companies that have adopted Agile have tried to rebrand their project managers as Scrum Masters at first. But that mostly fails because good Scrum Masters need to understand the technical work, whilst traditional project managers usually don’t have that background.

The DevOps Bump

DevOps eliminated a lot of the handoff problems that project managers used to handle. When development teams own their own deployment, monitoring, and production support, there’s way less coordination needed.

Modern tech teams do continuous integration, infrastructure as code, and automated testing. Code flows from development to production with minimal human coordination. When this stuff is automated, what exactly is the project manager coordinating?

The ‘you build it, you run it’ philosophy means teams are responsible for their stuff end-to-end. This eliminates the need for someone to handle handoffs between development and operations teams.

Startups Don’t Use Project Managers

The most telling evidence comes from startups. Most successful tech startups operate without any dedicated project managers. They use self-organising teams, clear product vision, and direct communication.

Startups that try to add traditional project management usually find it slows them down. All the planning meetings and status reporting kill their ability to move fast and adapt quickly.

When startups do eventually need more coordination, they hire product specialists, engineering leads, or technical programme leads—roles that combine coordination with domain expertise and direct value creation.

Enterprise Companies Are Catching On

Even big, slow enterprise companies are starting to figure this out. Their most innovative teams usually operate with minimal traditional project management oversight. Internal studies keep showing that self-organising teams with clear product ownership deliver better results faster.

The enterprises still clinging to traditional project management are finding themselves at a competitive disadvantage. They’re slower to market and less able to adapt than competitors who’ve embraced product-focused, team-based approaches.

The Desperate Rebranding Campaign

Seeing the writing on the wall, lots of project managers are frantically trying to rebrand themselves. They’re getting Scrum Master certifications, learning basic coding, or calling themselves ‘technical programme managers’ or ‘delivery leads.’

This rebranding reveals the profession’s fundamental problem. If traditional project management skills were still valuable, there wouldn’t be any need to constantly learn new skills and change job titles.

The most honest take? These aren’t career progressions—they’re career pivots. Project managers who successfully move into product roles, engineering leadership, or technical roles have basically admitted that traditional project management wasn’t enough.

The Bigger Picture: All Traditional Oversight Is Under Threat

But here’s the thing—project managers aren’t the only ones feeling the heat. The whole traditional hierarchy of ‘oversight’ and ‘supervision’ is crumbling in modern organisations, especially in tech.

Think about it: when teams are self-organising, when knowledge workers can make their own decisions, when tools automate most management tasks, what exactly do traditional supervisors do all day? The same forces killing project management are questioning the need for layers of oversight, period.

Netflix famously operates with minimal traditional hierarchy. Their teams make decisions, own outcomes, and course-correct without multiple layers of approval. Amazon’s two-pizza teams work similarly—small, autonomous groups that don’t need constant supervision to function effectively.

The pattern is clear: high-performing organisations are flattening their structures and empowering teams to operate independently. A few traditional command-and-control hierarchies are being replaced by networks of autonomous teams with clear missions and accountability for results.

Even the concept of ‘people oversight’ is evolving. Instead of supervisors who assign work and monitor progress, successful companies are moving towards coaching, mentoring, and servant leadership models. The focus shifts from controlling people to enabling them.

This isn’t just happening in tech startups. Even massive organisations like Spotify, Haier, and Morning Star have demonstrated that you can scale to thousands of employees without traditional hierarchical structures. When people are trusted to do their jobs and held accountable for outcomes, most traditional oversight becomes unnecessary toxic overhead.

The uncomfortable truth for anyone in a traditional oversight role: if your primary function is coordinating other people’s work, monitoring their progress, or making decisions they could make themselves, your role is probably next on the chopping block.

The Evidence Is Overwhelming

The #NoProjects movement isn’t just talk—it’s backed by real results. Companies that ditched traditional project structures report faster delivery, happier teams, better products, and lower costs.

These companies organise around persistent teams rather than temporary projects. They fund product areas instead of specific initiatives. They measure customer outcomes instead of just project completion metrics.

The success of these approaches proves that the problem wasn’t insufficient project management—it was the overhead and artificial constraints that project management created.

What This Means for Project Managers

The evidence from the tech industry is crystal clear: traditional project management has become largely obsolete in modern technology companies. Self-organising teams, product-focused structures, DevOps practices, and the #NoProjects movement have eliminated most of the management work that once justified project coordinator roles.

For project managers currently working in tech, the choice is simple: evolve or become irrelevant. You might choose to transition into a role that creates direct value through technical skills, product expertise, or strategic thinking.

The project managers who acknowledge this reality and successfully move into product roles, technical positions, or engineering leadership will survive. Those who keep insisting that traditional project management is still relevant will likely find themselves out of work as the industry continues moving forward without them.

The tech industry’s revolution against traditional project management is basically complete. The only question is whether individual project managers will adapt in time, or whether they’ll keep clinging to an obsolete profession whilst the industry moves on.

#NoProjects

#noprojects

Road Not Taken @[email protected] · 2023-01-06 · 14:04 UTC

#VARep #DonBeyer @RepDonBeyer is taking preliminary courses to earn a #mastersDegree in #AI #artificialIntelligence #machineLearning.

Why?

To #useAI to help #preventSuicide #avertSuicide by #predictingBehaviors/conditions that might indicate its imminence.

#Kudos #UnderstandTheTechnology #helpPeople #protectPeople
#chooseLife

#government #InformedGovernment #computerScience #computers #CS #Masters

https://www.washingtonpost.com/dc-md-va/2022/12/28/beyer-student-artificial-intelligence-degree/
#GMU #GeorgeMasonUniversity via @washingtonpost #suicide

#varep #donbeyer #mastersdegree #ai #artificialintelligence #machinelearning

nuagezero @[email protected] · 2026-04-24 · 16:04 UTC

Encountering ICE

Public library directors share tips for dealing with federal immigration activity

https://americanlibrariesmagazine.org/2026/03/26/encountering-ice/

#ICE #immigration #libraries #publiclibraries #police #protectpeople #bibliotheques #bibliotheque @libraries

#ice #immigration #libraries #publiclibraries #police #protectpeople

Johan Moir (Mastodon) @[email protected] · 2026-01-21 · 13:24 UTC

#BigTech is trying to break the rules - again. #Google and #Musk were held accountable, but lobbyists now want to weaken the laws that protect our safety, privacy, and money online ✍️ Tell #EUleaders: #protectPeople, not #billionaires!

https://action.wemove.eu/sign/2026-01-omnibus-tech-petition-EN?akid=s6902965..PaM4tg

#bigtech #google #musk #euleaders #protectpeople #billionaires

Johan Moir (Mastodon) @[email protected] · 2026-01-21 · 13:24 UTC

#BigTech is trying to break the rules - again. #Google and #Musk were held accountable, but lobbyists now want to weaken the laws that protect our safety, privacy, and money online ✍️ Tell #EUleaders: #protectPeople, not #billionaires!

https://action.wemove.eu/sign/2026-01-omnibus-tech-petition-EN?akid=s6902965..PaM4tg

#bigtech #google #musk #euleaders #protectpeople #billionaires

Johan Moir (Bluesky) @[email protected] · 2026-01-21 · 13:23 UTC

#BigTech is trying to break the rules - again. #Google and #Musk were held accountable, but lobbyists now want to weaken the laws that protect our safety, privacy, and money online ✍️ Tell #EUleaders: #protectPeople, not #billionaires! action.wemove.eu/sign/2026-01...

#bigtech #google #musk #euleaders #protectpeople #billionaires

Johan Moir (Bluesky) @[email protected] · 2026-01-21 · 13:23 UTC

#BigTech is trying to break the rules - again. #Google and #Musk were held accountable, but lobbyists now want to weaken the laws that protect our safety, privacy, and money online ✍️ Tell #EUleaders: #protectPeople, not #billionaires! action.wemove.eu/sign/2026-01...

#billionaires #protectpeople #euleaders #musk #google #bigtech

Johan Moir (Bluesky) @[email protected] · 2026-01-21 · 13:23 UTC

#BigTech is trying to break the rules - again. #Google and #Musk were held accountable, but lobbyists now want to weaken the laws that protect our safety, privacy, and money online ✍️ Tell #EUleaders: #protectPeople, not #billionaires! action.wemove.eu/sign/2026-01...

#bigtech #google #musk #euleaders #protectpeople #billionaires

JZ Murdock @[email protected] · 2026-02-20 · 21:31 UTC

We’ve seen far too much of someone attacking another in public from an ideological perspective.
Esp., these past few decades.
While surely historically and before today, so much of this now has to do with social media...
#CallOutCruelty
#ProtectPeople
https://substack.com/profile/289465856-jz-murdock/note/c-217393018

#calloutcruelty #protectpeople