This is what ppl have to do. Buy from farmers. Pay the extra of it costs more. Drive the extra 15 minutes.
The cause is structural from the state and their incentives.
Guns don't work here.
@cryptgoat@digitalcourage.social libolm was deprecated less than a month ago. Nheko didn't even have a release since then. The security vulnerabilities found are also basically impossible to abuse remotely to my understanding and were in at least some parts documented since the start of libolm's development.
Calling libolm deprecated "for a while now" is just plain wrong. While it was implicitly communicated, that development would focus on vodozemac, until a few weeks ago there was no statement, that libolm would not receive security fixes. Similarly there were also a few libolm releases after vodozemac development started, some of them I even contributed to. Additionally vodozemac is not a complete replacement for libolm, you kinda need to pull in the crypto-crate for that or reimplement some functionality on your own. The assumption in a lot of projects was, that they would switch, once vodozemac would be a complete libolm replacement. Sadly there is no interest by the maintainers to make it that.
Libolm has been audited twice, in neither case were the current "security issues" raised as a critical concern. They are not great, but they don't really impact the threat model of a normal Matrix client, as far as I am aware. Meanwhile vodozemac had a minor security vulnerability, where it wouldn't zero buffers properly on discard, because some of the rust dependencies changed their default flags.
Basically, the security issues are not a real threat. The blog posts makes it sound like a much bigger issue than it is. There also has not been sufficient time to judge, if libolm actually stays unmaintained or now that it is officially deprecated, maybe someone else picks it up and ports it to use a proper crypto lib underneath (like openssl). There also hasn't been enough time to actually write proper language bindings for vodozemac to make it usable for other clients than Element clients. Basically people are widely overstating the impact of this because of the language in the original post. The real reason to use Element over Nheko is because Element has a proper security team, while Nheko is developed by people in their free time. However that doesn't mean that Nheko didn't avoid some of the security issues Element fell into, but it might have its own security issues, since nobody ever audited it.
A cute, cheap deathtrap? Japanese Kei cars banned by yet another US state
Limited in size and power, Kei cars are like fishes out of water on US roads.
RUDE
Not sure Tim Berners-Leeโs vision was to have 148 requests transfer 5.3 MB of assets to deliver 15 KB of text
So the entire NATO alliance should have attacked Ukraine then...๐ง
Regarding the Ukrainian government blowing up the Nordstrom pipeline, a senior German official told the WSJ:
"An attack of this scale is a sufficient reason to trigger the collective defense clause of NATO [Article 5], but our critical infrastructure was blown up by a country that we support with massive weapons shipments and billions in cash."
state licensed lolbert and hypernatalist with a breeding kink. never watched rick & morty and i'm proud of it.
don't only rely on my words, read what happy customers wrote about me: "10/10 would buy again", "top seller, great value", "wildly incorrect", "teil des problems", "without imagination", "Repeated provocation using copy/paste.", "if you take a dump in my mentions, I just might notice the smell", "log out and never login again", "Du redest wirr.", "My brother in Christ, this is such a ridiculously dumb statement that I will no longer entertain this silly conversation.", "Auf Derailing-Diskussionen habe ich keine Lust. Finger รผber dem Blocken-Knopf.", "Wie gesagt, du kannst der Diskussion inhaltlich nicht folgen."
โก๏ธ NO PRESSURE โฌ ๏ธ ๐NO DIAMOND๐
one day at a time.
backup accounts:
@bonifartius
@bonifartius