~jpastuszek

Ireland

https://jpastuszek.net/

Webmaster, system administrator, programmer.

Trackers

~jpastuszek/mascot

Last active 1 year, 9 months ago

~jpastuszek/projects

Last active 2 years ago

~jpastuszek/s3-sync

Last active 2 years ago

~jpastuszek/cbradio

Last active 3 years ago

~jpastuszek/blog

Last active 4 years ago

~jpastuszek/format-sql-query

Last active 4 years ago

~jpastuszek/multistream-batch

Last active 4 years ago

~jpastuszek/asn-db

Last active 4 years ago

#1 Consider Cow<'static, str> instead of storing String 1 year, 9 months ago

Ticket created by ~jpastuszek on ~jpastuszek/mascot

For DSL clients this could save some allocations and better communicate the reason of owning data. But in general use case reduction in allocations won't have much impact. Also for CLI API there would be little gain as most things will be String already.

#17 Index my old Gmail inbox 2 years ago

on ~jpastuszek/projects

REPORTED RESOLVED IMPLEMENTED

#16 PC: use https://syncthing.net/ to backup to NAS 2 years ago

on ~jpastuszek/projects

REPORTED RESOLVED FIXED

#58 Post: Protocol encryption: TLS, FLS, MLS 4 years ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

We need 3 layers of security not just transport. Also Federation Layer Security, Message Layer Security.

https://datatracker.ietf.org/wg/mls/about/

#44 Post: security in proprietary and open source software and hardware 4 years ago

Comment by ~jpastuszek on ~jpastuszek/blog

Secrecy of crypto algo vs publishing crypto algo and making it keyed with a secret.

#44 Post: security in proprietary and open source software and hardware 4 years ago

Comment by ~jpastuszek on ~jpastuszek/blog

https://googleprojectzero.blogspot.com/2020/11/oops-i-missed-it-again.html

"but some quick Googling showed that it wasn't open source, which suggested to me that the code had probably undergone substantially less security review, and hence probably had more low-hanging bugs in it, than the open-source parts of the kernel."

"Security researchers rejoice when Apple accidentally releases symbolicated kernelcaches or development libraries, but this is just because it saves time reversing, not because it makes things newly reversible. Any capable attacker will find bugs regardless of the presence or absence of symbols; all the lack of symbols does is keep the bug away from eyes (like mine) that might report it. Hence, withholding symbols is an incredibly weak protection, only deterring the lowest tiers of attackers and serving to make the bugs that have been found last longer"

#30 Post: Rust is fater than C and C++ (in principle) 4 years ago

Comment by ~jpastuszek on ~jpastuszek/blog

Around 19:40; he says that C memory model is PDP-11 and strict memory layout rules inhibit optimization of C programs... something that is not a problem with Rust. https://invidious.xyz/watch?v=9-IWMbJXoLM

#57 Link "The page was designed to last" 4 years ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

#56 Post: Security on Desktop computers is non-existent 4 years ago

Comment by ~jpastuszek on ~jpastuszek/blog

#56 Post: Security on Desktop computers is non-existent 4 years ago

Ticket created by ~jpastuszek on ~jpastuszek/blog

ACLs offer binary protection: your are user or root; and they only protect the system. If you run rm -Rf / system will be OK but all your work and documents will be gone! OS can be reinstalled but your work better be backed up. Worst is that any program running on your computer can exfiltrate your work and ask for ransom.

So ACLs offer no useful protection for Desktop computer user. Also due to fundamental flaw in ACL called "Confused Deputy" this system can be worked around leading to permissions escalation - every year one or more is found in Linux; every month many are found in Windows; so ACLs are broken by design!

http://waterken.sourceforge.net/aclsdont/current.pdf