[remark] Musing about a secure computer for sensitive data(on 2024-07-23)How about splitting the usage and storage of sensitive documents and data? Plus a few ideas on how to implement a small custom "secure" computer for the storage part.
[remark] Lightweight container building blocks(on 2023-09-12)Documenting various open-source tools and projects that I've found while experimenting with the Linux container technology.
[remark] We need deterministic installs, not just immutable OSs(on 2023-09-11)Immutable OSs are just a minor step towards reliable OS installations. However, for a complete solution we also need reproducible and thus deterministic installations, which implies cleaning-up and modernizing our package managers.
[remark] Linux becoming a Windows / OSX clone(on 2023-09-07)A rant about the complexity of modern Linux distributions, which places them on par with the opaqueness of Windows and OSX.
[remark] Misusing random oracles for practical purposes(on 2023-05-13)Experimenting with various real-world instantiations of cryptographic random oracles, with applicability from multi-factor encryption, to database record encryption.
[remark] SSH authorization keys experiments(on 2023-04-02)Experimenting with OpenSSH authorization keys resolution; from skeleton-key providing emergency access, to simple centralized key management.
[remark] Privatizing our digital identities(on 2023-03-09)Trying to make the case for permanent irrevocable digital identities, which unfortunately today, by de-facto, are email addresses.
Another take on the binary to text encoding(on 2023-02-05)A few words about one of my latest open-source projects, z-tokens, that among other thinks, also tries to tackle this problem but providing more added value compared to existing solutions.
Binary to text encoding -- state of the art and missed opportunities(on 2023-02-04)Although many software engineers know about the topic, especially through their exposure to Base64, there are however many issues and missed opportunities not tackled by the broad community.
[remark] Securing my static site server with seccomp(on 2022-09-11)Given a simple enough HTTP server, and by employing seccomp, one could easily achieve a quite secure(er) server, with a small enough attack surface that the potential attacker might want to look elsewhere in the stack for vulnerabilities.
Static site hosting hurdles(on 2022-09-03)When it comes to static sites, there are a myriad of solutions for authoring and compiling, but talk about hosting these static sites, and we are still in the early 2000s. I discuss the challenges one faces when hosting, and even make a proposal to solve some of these.
The many flavors of hashing(on 2022-07-29)About the many types of hash functions, their use-cases, dos and don'ts, with suggestions for currently accepted algorithms.
Single binary executable packages(on 2022-01-25)In support of software packages that come in the form of a single binary executable (statically linked or portable), that one can just copy anywhere in ${PATH} and execute, without needing sudo, or downloading half the distribution's packages as dependencies.
Security through stupidity, Banca Transilvania style(on 2021-03-23)About how the largest romanian bank tries to give its clients a "warm-fuzzy-feeling" of security, that is actually zero in real security terms.
In Go-land you pay even for what you don't use(on 2021-02-14)About the hidden costs of forced automatic initialization of dependencies. And a plea for library developers (in any language) to think about their global state initialization requirements.
The curious case of shell commands, or how "this bug is required by POSIX"(on 2021-01-03)About the fatal perils and traps of many modern tools that handle "shell commands" as passed through system(3) or sh -c. Or, how by the end of 2020, we still haven't given up on shell's equivalent "SQL building", or how shell's equivalent "SQL injection" still thrives in our engineering world... Plus a glibc bug, then a Linux man pages bug, then a POSIX specification bug...
[snippet] Properly sorting FQDNs in Bash(on 2020-05-04)How to properly sort a list of FQDNs in Bash, first by TLD, then by domain, then by sub-domain and so on.
The before time -- microsoft.com(on 2020-03-08)A visual history of microsoft.com (thanks to the Internet Archive and its Wayback Machine).
The before time -- google.com(on 2020-03-07)A visual history of google.com (thanks to the Internet Archive and its Wayback Machine).
Exfiltrating Go current goroutine ID(on 2019-08-04)About obtaining Go current goroutine ID, and why sometimes we should trust the developer to do the right thing... Else the developer is forced to embark on a journey that looks more like a mission impossible data exfiltration movie, than a day-to-day job...
Good to know -- issue 2019.01(on 2019-06-28)Articles and tools I've found interesting in the last few days; and about the start of a new "column".