home.social

#libolm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #libolm, aggregated by home.social.

  1. Any #nixos maintainer here who'd be up to reviewing a PR ? The cryptographic library #libolm no longer builds on nixpkgs for macOS - this sadly still is a critical dependency for a major share of the matrix ecosystem, I'd appreciate to just get the fix merged quickly.

    github.com/NixOS/nixpkgs/pull/

    (Boost ok)

  2. @Forbearance
    > An irate blue wolf told me that Matrix was afflicted with a Library of Olms and we shouldn't use it

    This person is spreading FUD.

    "The CVEs have since been edited post-submission to conflate libolm with the Olm protocol itself. A genuine protocol vulnerability would be much more serious so we are working with MITRE to clarify."

    matrix.org/blog/2024/08/libolm

    libolm has been formally deprecated in favour of a new Olm library.

    #Matrix #Olm #LibOlm #vodozemac

    @drwho @matthew

  3. FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
    soatok.blog/2024/08/14/securit
    libolm has now been deprecated: gitlab.matrix.org/matrix-org/o
    These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

    There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

    #FluffyChat and #Nheko are working on their clients:
    github.com/krille-chan/fluffyc
    github.com/Nheko-Reborn/nheko/
    Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

    Edit: This post has been edited to include some corrections

    #Security #Messenger #Olm #FOSS #Privacy

  4. FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
    soatok.blog/2024/08/14/securit
    libolm has now been deprecated: gitlab.matrix.org/matrix-org/o
    These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

    There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

    #FluffyChat and #Nheko are working on their clients:
    github.com/krille-chan/fluffyc
    github.com/Nheko-Reborn/nheko/
    Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

    Edit: This post has been edited to include some corrections

    #Security #Messenger #Olm #FOSS #Privacy

  5. FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
    soatok.blog/2024/08/14/securit
    libolm has now been deprecated: gitlab.matrix.org/matrix-org/o
    These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

    There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

    #FluffyChat and #Nheko are working on their clients:
    github.com/krille-chan/fluffyc
    github.com/Nheko-Reborn/nheko/
    Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

    Edit: This post has been edited to include some corrections

    #Security #Messenger #Olm #FOSS #Privacy

  6. FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
    soatok.blog/2024/08/14/securit
    libolm has now been deprecated: gitlab.matrix.org/matrix-org/o
    These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

    There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

    #FluffyChat and #Nheko are working on their clients:
    github.com/krille-chan/fluffyc
    github.com/Nheko-Reborn/nheko/
    Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

    Edit: This post has been edited to include some corrections

    #Security #Messenger #Olm #FOSS #Privacy

  7. FYI: A ton of third party #Matrix clients use the deprecated #libolm library for end-to-end encryption which suffers from multiple vulnerabilities:
    soatok.blog/2024/08/14/securit
    libolm has now been deprecated: gitlab.matrix.org/matrix-org/o
    These vulnerabilities appear to be known for quite a while now but are not a considered serious issues by authors of other Matrix clients.

    There is a "new" #Rust based crypto library called #vodezemac that has been used by the official #Element clients for about 2 years.

    #FluffyChat and #Nheko are working on their clients:
    github.com/krille-chan/fluffyc
    github.com/Nheko-Reborn/nheko/
    Keep in mind that these clients are personal projects maintained by their authors in their free time. Element has a dedicated team for security aspects.

    Edit: This post has been edited to include some corrections

    #Security #Messenger #Olm #FOSS #Privacy

  8. I am disappointed that @matrix didn't publish any response to the Soatok post.

    At least to provide some context about
    - Why was an insecure crypto implementation knowingly chosen for libolm?
    - Why was the fact that libolm is potentially insecure not clearly communicated?
    - Why was the crypto implementation not replaced sooner?
    - Why is the ecosystem so slow to start using the Rust rewrite?
    - Does the foundation plan to do anything about that?

    #matrix #libolm

  9. Work on the [#matrix] POSIX SDK is now in a stage that runtime configuration and object initialization is finally working - using pure POSIX shell 🎉 !

    Though there are only some few Client Server API endpoints implemented yet, the SDK is on a good way to an alpha version.

    #matrix #bash #posix #libolm #MatrixPosixSdk

  10. Started working on a proper [#matrix] Bash SDK - aiming to be POSIX compatible, minimal in dependencies and to support E2E encryption.

    #matrix #bash #libolm

  11. Got #FluffyChat builds on Windows working with #libolm bundled for encryption support. I hope we can officially ship Windows builds with the next release 🎉!

    #matrix #flutter #dart #windows #olm