~jpastuszek

Trackers

~jpastuszek/blog

Last active 2 months ago

~jpastuszek/projects

Last active 6 months ago

~jpastuszek/format-sql-query

Last active 9 months ago

~jpastuszek/multistream-batch

Last active 10 months ago

~jpastuszek/asn-db

Last active 11 months ago

#58 Post: Protocol encryption: TLS, FLS, MLS 2 months ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

We need 3 layers of security not just transport. Also Federation Layer Security, Message Layer Security.

https://datatracker.ietf.org/wg/mls/about/

#44 Post: security in proprietary and open source software and hardware 3 months ago

Comment by ~jpastuszek on ~jpastuszek/blog

Secrecy of crypto algo vs publishing crypto algo and making it keyed with a secret.

#44 Post: security in proprietary and open source software and hardware 4 months ago

Comment by ~jpastuszek on ~jpastuszek/blog

https://googleprojectzero.blogspot.com/2020/11/oops-i-missed-it-again.html

"but some quick Googling showed that it wasn't open source, which suggested to me that the code had probably undergone substantially less security review, and hence probably had more low-hanging bugs in it, than the open-source parts of the kernel."

"Security researchers rejoice when Apple accidentally releases symbolicated kernelcaches or development libraries, but this is just because it saves time reversing, not because it makes things newly reversible. Any capable attacker will find bugs regardless of the presence or absence of symbols; all the lack of symbols does is keep the bug away from eyes (like mine) that might report it. Hence, withholding symbols is an incredibly weak protection, only deterring the lowest tiers of attackers and serving to make the bugs that have been found last longer"

#30 Post: Rust is fater than C and C++ (in principle) 4 months ago

Comment by ~jpastuszek on ~jpastuszek/blog

Around 19:40; he says that C memory model is PDP-11 and strict memory layout rules inhibit optimization of C programs... something that is not a problem with Rust. https://invidious.xyz/watch?v=9-IWMbJXoLM

#57 Link "The page was designed to last" 5 months ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

#56 Post: Security on Desktop computers is non-existent 5 months ago

Comment by ~jpastuszek on ~jpastuszek/blog

#56 Post: Security on Desktop computers is non-existent 5 months ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

ACLs offer binary protection: your are user or root; and they only protect the system. If you run rm -Rf / system will be OK but all your work and documents will be gone! OS can be reinstalled but your work better be backed up. Worst is that any program running on your computer can exfiltrate your work and ask for ransom.

So ACLs offer no useful protection for Desktop computer user. Also due to fundamental flaw in ACL called "Confused Deputy" this system can be worked around leading to permissions escalation - every year one or more is found in Linux; every month many are found in Windows; so ACLs are broken by design!

http://waterken.sourceforge.net/aclsdont/current.pdf

#55 Consider ActivityPub or IndieWeb integration 5 months ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

Something akin to: https://github.com/dariusk/rss-to-activitypub So that one can subscribe to my blog updates over ActivityPub (e.g. via Mastodon) and receive posts; also mentions could be provided on the blog as comments.

#54 Fix issies form internet.nl test 6 months ago

Comment by ~jpastuszek on ~jpastuszek/blog

Add support:

  • IPv6? Is my provider assigning IPv6 IPs?
  • DNSSEC - investigate into it and also in DANE
  • Add OCSP stapling support
  • Add blanket HTTP security headers in case I ever hosts something that could be exploited

#54 Fix issies form internet.nl test 6 months ago

Ticket created by ~jpastuszek on ~jpastuszek/blog