HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Thom2000

21 karmajoined 4 ปีที่แล้ว

Submissions

HardenedBSD Migrates to Radicle

hardenedbsd.org
5 points·by Thom2000·เดือนที่แล้ว·0 comments

A year of work on the ALPM project

devblog.archlinux.page
2 points·by Thom2000·6 เดือนที่ผ่านมา·0 comments

comments

Thom2000
·18 ชั่วโมงที่ผ่านมา·discuss
Yep. Especially with non-wildcard certs this leaks all service names (privacy concern).
Thom2000
·18 ชั่วโมงที่ผ่านมา·discuss
Sadly most tools still doesn't support it: https://github.com/cert-manager/cert-manager/issues/8373#iss...

And then the issue is protecting the private key of the issuer and monitoring certificates (it's a good idea to do that anyway).
Thom2000
·เดือนที่แล้ว·discuss
> The artist, JT Nimoy, was an Emacs user but still thought it would be fun to set up a dichotomy--some fun details on this blog

I don't see any details about setting up a dichotomy in that article (just that the author was a happy Emacs user). Or maybe that was in that HN meetup you mention?
Thom2000
·2 เดือนที่ผ่านมา·discuss
Github still doesn't support SHA-256 git repos (https://github.com/orgs/community/discussions/12490) even though their competitors (Gitlab, Codeberg) have that for ages now.
Thom2000
·3 เดือนที่ผ่านมา·discuss
Sadly services such as Github don't support these so it's mostly good for internal infrastructure.
Thom2000
·7 เดือนที่ผ่านมา·discuss
> PGP supports RSA. That's enough reason to avoid it.

I hate to break the narrative but age also supports RSA, for SSH compat:

https://man.archlinux.org/man/age.1#SSH_keys
Thom2000
·7 เดือนที่ผ่านมา·discuss
I wonder if they think of a deeper integration of this into the age binary. Currently the invocation looks extremely ugly:

    age -r $(go run filippo.io/torchwood/cmd/age-keylookup@main [email protected])
Thom2000
·9 เดือนที่ผ่านมา·discuss
> My biggest hurdle was getting it to export to a nice looking PDF that could be emailed or printed later.

If you can export to structured data such as JSON, I guess Typst would be a perfect fit for that job.
Thom2000
·9 เดือนที่ผ่านมา·discuss
Exactly!

Bearer tokens should be replaced with schemes based on signing and the private keys should never be directly exposed (if they are there's no difference between them and a bearer token). Signing agents do just that. Github's API is based on HTTP but mutual TLS authentication with a signing agent should be sufficient.
Thom2000
·9 เดือนที่ผ่านมา·discuss
FWIW it's possible to run readme examples automatically add part of tests: https://github.com/parallaxsecond/rust-cryptoki/blob/main/cr...
Thom2000
·9 เดือนที่ผ่านมา·discuss
You don't need any third party modules and can proxy based on ALPN (https://wiki.xmpp.org/web/Tech_pages/XEP-0368#nginx) thus running everything on port 443. Note that ALPN is not encrypted AFAIK but public wifi services don't care.
Thom2000
·9 เดือนที่ผ่านมา·discuss
It's hard to answer your question without repeating the arguments made in the post itself.

Are you implying that djb blew the matter out of proportion?