2026-04-05T15:39:00Z https://yabu.me Filippo Valsorda https://yabu.me/npub1jzt0dcdqdhz0dmf3xk8fjn56kt45dqemtaz6rqzm9ycyz25p0nzqryjnwm https://cdn.masto.host/abyssdomainexpert/accounts/avatars/109/472/682/376/441/460/original/ac66d0a023e6ef25.jpeg https://cdn.masto.host/abyssdomainexpert/accounts/avatars/109/472/682/376/441/460/original/ac66d0a023e6ef25.jpeg https://yabu.me/nevent1qqsvm8fdpyef8jj786whwfucpl64wcgpvze8u5ew5uspehfn4jjpx7czyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgtt5v84 There&#39;s a bit of commotion on Lobsters because an unpleasant-but-technically-correct user finally got banned, and I realized that an unpopular opinion of mine is that moderators are always right.<br/><br/>I don&#39;t care about the letter of the CoC. I don&#39;t care about transparency, even. Moderation is the fundamentally human and nuanced big-picture job that shapes a community.<br/> <img src="https://cdn.masto.host/abyssdomainexpert/media_attachments/files/115/123/712/178/230/773/original/42748b9cdd676f14.png"> <br/> 2025-08-31T13:54:02Z https://yabu.me/nevent1qqsptp0z6ye6muqn6s54vf47pry9t7srxu72cu08haxaa9zydv4rquczyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgjeuk6s Looks like the same poorly implemented Android CT library that broke a lot of apps a couple years ago... did it again 🤦‍♂️<br/><br/><a href="https://github.com/appmattus/certificatetransparency/issues/143#issuecomment-2993688741">https://github.com/appmattus/certificatetransparency/issues/143#issuecomment-2993688741</a> 2025-06-21T18:29:26Z https://yabu.me/nevent1qqstrz2579ha030f8yz8wmgck9d9xxj5tp7aqnd0dch92hmffqzzl2gzyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgt4vugh If Certificate Transparency logs were available as torrents, would you help seeding them?<br/><br/>If so, with how much storage and with what client?<br/><br/>I’m not sure how we’d update the torrent as the log grows. Does BEP 38 deduplication work with RSS feeds? 2025-05-20T22:08:34Z https://yabu.me/nevent1qqsrp50w98pshfn7yqm3ahe0ljyzljwsd705eu70tac04cawtf4zfpqzyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgdar8nq Three Trail of Bits engineers audited the core Go cryptography packages for a month, and found only one low-sev security issue... in the legacy unsupported Go+BoringCrypto integration we&#39;re replacing! 🍾 <br/><br/>Years of team efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨ <br/><br/>Yes I am taking a victory lap. No I am not sorry. 🏆<br/><br/><a href="https://go.dev/blog/tob-crypto-audit">https://go.dev/blog/tob-crypto-audit</a> 2025-05-19T19:07:59Z https://yabu.me/nevent1qqsdgl2yc46k0ve2dxdmx45a2rf4m8fzzxewtn6nwhwlekcw4j03kjgzyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgctu029 Running a full-network Bluesky relay costs less ($19) than my beefy but ~single user Mastodon hosted instance ($24).<br/><br/>People underestimate how much data optimized software can move through efficient protocols on modern non-cloud hardware.<br/><br/><a href="https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l">https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l</a> 2025-05-02T21:36:51Z https://yabu.me/nevent1qqsdpgp53f7lzhjlvqj4z8nvhtkthshv2qxn06ywcwcma95xq8wtvgczyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgtt7wz8 In reply to <a href='/nevent1qqsdgl2yc46k0ve2dxdmx45a2rf4m8fzzxewtn6nwhwlekcw4j03kjg08e0ak'>nevent1q…e0ak</a><br/>_________________________<br/><br/>The relay is the supposedly centralized part of Bluesky because “too big” to run! $19/month!<br/><br/>The bsky.app AppView is bigger but every Mastodon instance is an AppView (and PDS), and if you were ok with Mastodon-style partial views of the network, AppViews would be cheap too. 2025-05-02T21:36:51Z https://yabu.me/nevent1qqsd0j73kykmw75cly9r4z79jz07w0rkjp74g5ckvppz9zjgh7c4fxgzyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vg94ndfu It’s disheartening to see AI reactionism lead my community to a 180° on copyright.<br/><br/>Everyone is merrily attacking LibGen now. If it didn’t exist, big tech companies would still find training data, it just wouldn’t be accessible to regular people. 2025-03-21T09:22:48Z https://yabu.me/nevent1qqst8e4wsqpylajuukxyjtzrnllgn3a9p7u7v96ms6kywts2ezqdn0czyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgyfrza3 Would you pay for Cryptography Dispatches? I am considering using Buttondown&#39;s new per-email subscriptions to trick myself into writing more in 2025.<br/><br/>This would be voluntary. Max 1–3 issues per month.<br/><br/>There would be no subscriber-only issues. What you get for your money is motivating me to write more, if that&#39;s something you like.<br/><br/>Conversely, this would not be a major source of income. What I get out of it is tricking my brain into doing more writing by setting up a reward system. 2024-12-11T19:12:39Z https://yabu.me/nevent1qqsdlmz9pp369zjrd42gv9atns2exuy40rsvz929lgr7hswmudtfd6czyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgxwn32s Is there an open-source web UI for servers that displays system information like pstree, zpool status, fdisk -l, df, ip addr, etc?<br/><br/>I want it to just show current info about the machine it&#39;s running on, not rely on a metrics pipeline.<br/><br/>Ideally it would be read-only, extensible, and a single-binary Go program, or something as simple to deploy. 2024-11-23T13:52:05Z https://yabu.me/nevent1qqstzmjaa0p4cv6ak65wuj5kp4qzk7j74v6tqjq0quldhe8nmuj8dvczyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgcgwkva Cat&#39;s out of the bag: I am pursuing a native FIPS 140-3 validation for the Go standard library.<br/><br/>Trying to do it right, making it seamless and without compromising on security.<br/><br/>First time a Go module is validated. Wish me well. And consider sponsoring!<br/><br/><a href="https://go.dev/issue/69536">https://go.dev/issue/69536</a> 2024-09-19T15:03:10Z https://yabu.me/nevent1qqs0dxq0cywqxyls99jk2ewdqxxf5k68dq9mucx5wayj3yjetskpfqszyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgv0tuul Oh shit the vDSO implementation of getrandom() landed in Linux 6.11.<br/><br/>Might remove one of the last performance objections ot using the kernel CSPRNG for everything, the syscall overhead.<br/><br/>I have a large CL chain for crypto/rand, might as well add support for that... 2024-09-16T13:35:58Z https://yabu.me/nevent1qqsde7dx3u2jypzd3dzjyaz455uq2v4afqa8d99nd56r2pzj4g0wnyszyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vg0aeljx A couple notes about the Infineon timing side channel affecting most YubiKeys.<br/><br/>1. yubikey-agent is unaffected in the evil maid threat model as the attacker needs physical access *and PIN*<br/><br/>2. lol, Infineon<br/><br/>3. Go mitigates timing side-channels in ECDSA nonce inversion by not being clever and just using Fermat&#39;s little theorem, which is as simple as a constant time exponentiation by p - 2 (which can be optimized with <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub18qvc5gvnn04pk9g5cwksjqdadfrhk63f04rkndcr0a27778q7mjq4cvtfq" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Michael McLoughlin</span> (<span class="italic">npub18qv…vtfq</span>)</a></span>&#39;s addchain)<br/><br/><a href="https://ninjalab.io/eucleak/">https://ninjalab.io/eucleak/</a><br/><a href="https://www.yubico.com/support/security-advisories/ysa-2024-03/">https://www.yubico.com/support/security-advisories/ysa-2024-03/</a> 2024-09-03T16:44:40Z https://yabu.me/nevent1qqsymzemg0jdvj0zxf3lg6f3q3jw47mn6a3yskxampvag8nmdhz7hngzyzgfdahp5pkufahdxy6cax2wn2ewk35r8d05tgvqtv5nqsf2s97vgtzj5sa In reply to <a href='/nevent1qqs0ug6jrdmsj2htxrnzvvllj680k2qlw8kwkapljy5geezwu34j4jczjz9jg'>nevent1q…z9jg</a><br/>_________________________<br/><br/>I’d argue PuTTY is just wrong. No one should use DSA keys, Ed448 is mostly unimplemented, and what does EdDSA even mean as a separate option. 2024-08-05T22:19:49Z