today's leftovers
A Software Carol
The clock ticked past 7:15 PM, its luminescent hands glowing faintly in the deepening twilight. Victor Grimwald, his shoulders hunched like a bird of prey, stared out the expansive window of his corner office. Below, the city lights flickered to life, a shimmering expanse of indifferent stars. It had been seven years since this monotonous grayscale had replaced the vibrant hues of life.
He swiveled his chair, groaning softly beneath him, and reached for the heavy crystal decanter on his desk. Two glasses flanked it, one perpetually unused, gathering dust like a forgotten tombstone. He poured a generous measure of amber liquid into the other, the ice clinking mournfully against the glass.
The scotch burned a familiar path down his throat, a momentary distraction from the gnawing emptiness. He closed his eyes, the image of Marcus Greaves, his long-dead partner, flashing vividly behind his eyelids. Marcus, with his unruly mop of brown hair and that infectious laugh that could fill a room. Marcus, who could turn lines of code into poetry and find joy in the most mundane of tasks.
-
Confidentiality
-
Ruben Schade ☛ Blocked when using a VPN
This is unfortunately all too common. The number of CAPTCHAs I have to fill out absolutely skyrockets when using my entirely pedestrian WireGuard or OpenVPN connections, across all manner of providers and IP ranges. Despite what those VPN advertisers may suggest, your use of a VPNs is trivial for web server software to detect.
This also leads me to suspect that these network security vendors must maintain lists of ranges in use by large VPN providers. I know people who use these services who don’t encounter these problems. It’s… interesting to think about the implications, especially if one is using a commercial VPN provider under the illusion that it offers total privacy. You may be more identifiable than you think.
-
Simon Josefsson ☛ Simon Josefsson: OpenSSH and Git on a Post-Quantum SPHINCS+
Are you aware that Git commits and tags may be signed using OpenSSH? Git signatures may be used to improve integrity and authentication of our software supply-chain. Popular signature algorithms include Ed25519, ECDSA and RSA. Did you consider that these algorithms may not be safe if someone builds a post-quantum computer?
As you may recall, I have earlier blogged about the efficient post-quantum key agreement mechanism called Streamlined NTRU Prime and its use in SSH and I have attempted to promote the conservatively designed Classic McEliece in a similar way, although it remains to be adopted.
What post-quantum signature algorithms are available? There is an effort by NIST to standardize post-quantum algorithms, and they have a category for signature algorithms. According to wikipedia, after round three the selected algorithms are CRYSTALS-Dilithium, FALCON and SPHINCS+. Of these, SPHINCS+ appears to be a conservative choice suitable for long-term digital signatures. Can we get this to work?
Recall that Git uses the
ssh-keygen
tool from OpenSSH to perform signing and verification. -
SequoiaPGP ☛ Blog - RFC9580 preview release
The Sequoia PGP team is happy to announce the preview release of version 2.0.0-alpha.0 of sequoia-openpgp. sequoia-openpgp is our low-level crate providing OpenPGP data types and associated machinery
-
Daniel Jakots ☛ Synchronizing TLS certificates across machines
A while ago, I had the need to synchronize certificates across machines. I was able to answer it using a perhaps uncommon trick which I thought might be worth sharing.
Let's say you have one domain for which you want multiple machines answering requests. Of course, you choose to provide that service over TLS (doesn't matter whether it's http or another layer 7 protocol).
-
PC World ☛ The Zero Trust era is coming: What that means for VPNs and your data
In this time of ultimate shareability and interconnectedness, threats can come from any angle—including inside your network. Enter the Zero Trust security framework. By trusting none and verifying all, Zero Trust can make any network, home of business, become Fort Knox.
With the old “castle and moat” style of protecting networks going by the wayside, many speculate that VPNs will follow suit. So what does this all mean for the security of your data and will you still be using a VPN in a few years time? Let’s dig in to find out more and see what the future holds for your network security.
-
-
Windows TCO
-
Security Week ☛ LockBit Ransomware Developer Arrested in Israel at Request of US
The US Department of Justice has unsealed charges against a man with dual Russian and Israeli nationality accused of being involved in the development of the LockBit ransomware.
-
Security Week ☛ 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension
Ascension Health is notifying roughly 5.6 million individuals that their personal, medical, and payment information was compromised in a ransomware attack in May 2024.
The incident occurred on May 8 and resulted in service disruptions that prompted hospitals around the country to revert to downtime procedures and divert emergency medical services.
-
-
Instructionals/Technical
-
HowTo Geek ☛ How to Configure the GRUB2 Boot Loader's Settings
Ubuntu and most other Linux distributions now use the GRUB2 boot loader. You can change its settings to select a default operating system, set a background image, and choose how long GRUB counts down before automatically booting the default OS.
We configured GRUB2 on Ubuntu 24.04.1 here, but the process should be similar for other Linux distributions. You may have customized the original GRUB's settings by editing its menu.lst file in the past, but the process is now different.
-