PSA: Timeline of Calyx Implosion 🌋
2025-08-08
I highly suspect that Calyx was forced to hand over their signing keys by the Indian government and are not legally allowed to talk about it. Which is why Merrill isn't saying anything and they shut everything down. I have no hard proof of this, but below is a timeline of events from publicly available information.
- 2025-08-05: Calyx provided instructions on how to backup & switch to another OS. We can interpret this as the best warning they can legally provide.
- 2025-08-01: Calyx announced that they are stopping updates, performing a comprehensive audit, are rotating signing keys, that Merrill and Desai are leaving, and that it'll be a 4-6 month delay before updates resume.
- 2025-07-24: Calyx announced they are no longer providing device memberships/sales.
- 2025-07-11: Desai announced in a Reddit post that they were leaving.
- 2025-06-20: Calyx announced they cannot accept cryptocurrency donations due to "technical difficulties".
- 2025-06-11 @21:00 UTC: Chirayu Desai had their access entirely revoked from the CalyxOS GitLab Organization.
- 2025-06-11 @20:00 UTC: Someone used archive.org to snapshot the GitLab members page of the CalyxOS organization.
PSA: Discourse Indefinite IP Logging ⛰️
2025-08-08
This is a follow up to my previous entry. It seems that keeping every IP address ever used with an account is the default and explicitly intended behavior of Discourse for abuse/spam management purposes. I can understand why storing for a time period is necessary, but not for so many months or years. This is quite disgusting. I'm curious at what other forum software does this too. Guess it is just yet another reminder to always use Tor Browser. As for PG specifically, it seems they may try to reduce the length.
A privacy issue on Privacy Guides Forum☔
2025-08-07
I noticed a few months back that the "Request archive" mechanism on the Discourse powered Privacy Guides Forum contained months or even years of IP addresses. Discourse is likely storing them internally and it was likely overlooked. I reported it here. I hope it will be fixed soon.
Unbounded Image Resizing on Open Collective🪛
2025-08-05
Images such as avatars and background images had a height parameter that could be passed and the server would actually resize images to any arbitrary value. This was at most a minor DoS issue, but Open Collective still deployed a fix ~11 hours after I emailed them. Awesome!
A security issue on a donation platform✒️
2025-08-05
I just emailed a report to a popular donation platform for a small security vulnerability. I hope to write more about it soon once they patch it!
New release: shv 🌸
2025-08-05
I just released my first program. I started developing this one back in October of 2024. shv.c is 100% written by my two paws, no AI slop! Check it out here.
First Post: Kitties and Rainbows! 🌈
2025-08-05
Hi everyone! Welcome to my very first blog post! I'm so excited to share my thoughts and creations with you. Today, I've been thinking about how adorable kittens and rainbows are. They just make everything better,
don't they?
