HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Thom2000

21 karmajoined il y a 4 ans

Submissions

HardenedBSD Migrates to Radicle

hardenedbsd.org
5 points·by Thom2000·le mois dernier·0 comments

A year of work on the ALPM project

devblog.archlinux.page
2 points·by Thom2000·il y a 6 mois·0 comments

comments

Thom2000
·il y a 22 heures·discuss
Yep. Especially with non-wildcard certs this leaks all service names (privacy concern).
Thom2000
·il y a 22 heures·discuss
Sadly most tools still doesn't support it: https://github.com/cert-manager/cert-manager/issues/8373#iss...

And then the issue is protecting the private key of the issuer and monitoring certificates (it's a good idea to do that anyway).
Thom2000
·le mois dernier·discuss
> The artist, JT Nimoy, was an Emacs user but still thought it would be fun to set up a dichotomy--some fun details on this blog

I don't see any details about setting up a dichotomy in that article (just that the author was a happy Emacs user). Or maybe that was in that HN meetup you mention?
Thom2000
·il y a 2 mois·discuss
Github still doesn't support SHA-256 git repos (https://github.com/orgs/community/discussions/12490) even though their competitors (Gitlab, Codeberg) have that for ages now.
Thom2000
·il y a 3 mois·discuss
Sadly services such as Github don't support these so it's mostly good for internal infrastructure.
Thom2000
·il y a 7 mois·discuss
> PGP supports RSA. That's enough reason to avoid it.

I hate to break the narrative but age also supports RSA, for SSH compat:

https://man.archlinux.org/man/age.1#SSH_keys
Thom2000
·il y a 7 mois·discuss
I wonder if they think of a deeper integration of this into the age binary. Currently the invocation looks extremely ugly:

    age -r $(go run filippo.io/torchwood/cmd/age-keylookup@main [email protected])
Thom2000
·il y a 9 mois·discuss
> My biggest hurdle was getting it to export to a nice looking PDF that could be emailed or printed later.

If you can export to structured data such as JSON, I guess Typst would be a perfect fit for that job.
Thom2000
·il y a 9 mois·discuss
Exactly!

Bearer tokens should be replaced with schemes based on signing and the private keys should never be directly exposed (if they are there's no difference between them and a bearer token). Signing agents do just that. Github's API is based on HTTP but mutual TLS authentication with a signing agent should be sufficient.
Thom2000
·il y a 9 mois·discuss
FWIW it's possible to run readme examples automatically add part of tests: https://github.com/parallaxsecond/rust-cryptoki/blob/main/cr...
Thom2000
·il y a 9 mois·discuss
You don't need any third party modules and can proxy based on ALPN (https://wiki.xmpp.org/web/Tech_pages/XEP-0368#nginx) thus running everything on port 443. Note that ALPN is not encrypted AFAIK but public wifi services don't care.
Thom2000
·il y a 9 mois·discuss
It's hard to answer your question without repeating the arguments made in the post itself.

Are you implying that djb blew the matter out of proportion?