190 results for tags
security x
-
Exploring CHERI, RISC-V Linux Ecosystem – The Good Penguin
Found when searching for OpenSBI, which led me to https://www.thegoodpenguin.co.uk/blog/an-overview-of-opensbi/Thu May 21 10:14:55 2026 - permalink -- https://www.thegoodpenguin.co.uk/blog/exploring-cheri-risc-v-linux-ecosystem/
-
Microkernel Characteristics and Features
A capability-based kernel, mentioned on the TUHS mailing list https://www.tuhs.org/pipermail/tuhs/2026-April/033534.htmlTue Apr 21 11:34:09 2026 - permalink -- http://cap-lore.com/CapTheory/KK/UnixOnMicroKernel/ch1.html
-
Web key directory (WKD)
Sandra Snan mentioned WKD on her blog https://idiomdrottning.org/what-delta-chat-wasSat Apr 11 12:15:22 2026 - permalink -- https://www.webkeydirectory.com/set-up-wkd
-
GNU Emacs: Multiple Remote Code Execution Vectors on File Open
Be careful with git repositories, inspect .git/hooks/payload and .git/config for core.fsmonitor.Fri Apr 10 12:05:22 2026 - permalink -
Found on Sacha Chua's blog https://sachachua.com/blog/2026/04/2026-04-06-emacs-news/- https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
-
What is PKI? (A modern day tale) - 1E
Mentioned on the MoHP forum https://www.hpmuseum.org/forum/thread-24890-post-218543.html#pid218543Mon Mar 30 14:34:22 2026 - permalink -- https://www.1e.com/blogs/what-is-pki-a-modern-day-tale/
-
IT-Sicherheit ist nie fertig – Ein persönlicher Weg über viele Jahre • Kuketz IT-Security Blog
Found via Karl Voit's repositories,Fri Feb 20 10:16:13 2026 - permalink -
Sacha Chua https://sachachua.com/blog/2026/02/2026-02-16-emacs-news/ → https://codeberg.org/publicvoit/orgheadingnetwork → https://codeberg.org/publicvoit/graz.social → https://info.graz.social/verein/- https://www.kuketz-blog.de/it-sicherheit-ist-nie-fertig-ein-persoenlicher-weg-ueber-viele-jahre/
-
Fixing a Buffer Overflow in UNIX v4 Like It’s 1973
Nice article about a buffer overflow in su(1) in the recently discovered v4 unix.Mon Jan 5 22:52:02 2026 - permalink -- https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/
-
cocotb | Python verification framework
cocotb is an open source coroutine-based cosimulation testbench environment for verifying VHDL and SystemVerilog RTL using Python.Mon Nov 3 18:17:06 2025 - permalink -
Found via https://www.raspberrypi.com/news/rp2350-hacking-challenge-2-into-extra-time/ and https://connectingindustry.com/the-chipwhisperer-husky-is-a-revolutionary-device-developed-by-newae-technology-inc/.- https://www.cocotb.org/
-
Simplelists Blog - DMARC vs. DKIM: What’s The Difference? | Simplelists
Found via the Scheme mailing lists https://srfi-email.schemers.org/schemeorg/ mentioned on https://planet.scheme.org/Fri Oct 24 16:41:28 2025 - permalink -- https://www.simplelists.com/blog/dmarc-vs-dkim-what-is-the-difference/
-
FreeIPA - Identity, Policy, Audit
Mentioned on the 9fans mailing list https://marc.info/?l=9fans&m=175804582801547&w=2Mon Sep 22 06:24:19 2025 - permalink -
See also https://en.m.wikipedia.org/wiki/FreeIPA- https://www.freeipa.org/
-
Export Google Authenticator secret OTP-keys · GitHub
Explanation and JavaScript code to translate secret OTP keys from Google Authenticator to a format useful for Yubikey.Fri Aug 8 11:13:16 2025 - permalink -
https://alexbakker.me/post/parsing-google-auth-export-qr-code.html has some details about the format. Alex Bakker has written https://github.com/beemdevelopment/Aegis, an {T,H}OTP authenticator app for Android.- https://gist.github.com/mapster/4b8b9f8f6b92cc1ca58ae5506e0508f7
-
Keepass2Android Review
"Keepass2Android (K2A) is an open souse [sic] port of the excellent KeePass password manager for Windows to the Android platform."Fri Aug 8 08:49:02 2025 - permalink -
I just read on https://github.com/android-password-store/Android-Password-Store/discussions/3260 that the password store application has been archived, i.e. development has stopped.- https://proprivacy.com/password-manager/review/keepass2android
-
https://csrc.nist.gov/csrc/media/presentations/2024/crclub-2024-10-16/images-media/crypto-club-20241016--hugo--OPAQUE.pdf
The OPAQUE Password ProtocolTue May 13 13:00:56 2025 - permalink -
Authentication, Secret Retrieval, End-to-end security
Hugo Krawczyk, AWS
NIST Seminar – 10.16.2024
Found after re-reading https://datatracker.ietf.org/doc/html/draft-haase-aucpace-02 where OPAQUE was mentioned as winner of the CFRG password protocol competition.
See https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html- https://csrc.nist.gov/csrc/media/presentations/2024/crclub-2024-10-16/images-media/crypto-club-20241016--hugo--OPAQUE.pdf
-
FSF announces JShelter browser add-on to combat threats from nonfree JavaScript — Free Software Foundation — Working together for free software
he Free Software Foundation (FSF) today announced the JShelter project, an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection.Tue May 13 12:13:26 2025 - permalink -
The project's website is at https://jshelter.org/.- https://www.fsf.org/news/fsf-announces-jshelter-browser-add-on-to-combat-threats-from-nonfree-javascript
-
Ben's Book of the Month: Review of "A Vulnerable System: The History of Information Security in the Computer Age" | RSA Conference
Found on https://www.rsaconference.com/library/Blog/bens-book-of-the-month-review-of-computer-security-and-the-internet, a review of Paul C. van Oorschot's "Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin".Mon May 5 12:45:00 2025 - permalink -
https://www.amazon.com/Vulnerable-System-Information-Security-Computer/dp/1501758942/ref=monarch_sidesheet_title- https://www.rsaconference.com/Library/blog/bens-book-of-the-month-review-of-a-vulnerable-system
-
Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin
Interesting book by Paul C. van Oorschot, recommended by Rik Farrow on the TUHS mailing list https://www.tuhs.org/pipermail/tuhs/2025-May/031832.htmlMon May 5 07:17:33 2025 - permalink -- https://people.scs.carleton.ca/~paulv/toolsjewels.html
-
GitHub repositories of A-Trust
Tools to inspect certificates, test APIs of A-Trust, the provider of signature services such as "Handysignatur" and "ID Austria".Wed Feb 12 08:02:28 2025 - permalink -- https://github.com/A-Trust
-
An exposed apt signing key and how to improve apt security
Fri Dec 13 13:00:16 2024 - permalink -- https://blog.cloudflare.com/dont-use-apt-key/
-
Playing with Oberon in 2019
Blog, mostly about the Plan 9 operating system. Found https://seh.dev/p9sk1/ when searching for information about the dp9ik authentication protocol introduced by 9front.Thu May 23 13:50:16 2024 - permalink -
Other pages I found are
- https://echoline.org/webterm.pdf, explaining Webterm, an HTML5 remote desktop for use with Plan 9[1] which re-
imagines drawterm inside of a browser. The source code is available at https://github.com/echoline/webterm
- https://man.9front.org/6/authsrv- https://seh.dev/oberon/
-
The Language-theoretic approach (LangSec)
The Language-theoretic approach (LangSec) regards the Internet insecurity epidemic as a consequence of ‘ad hoc’ programming of input handling at all layers of network stacks, and in other kinds of software stacks. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a ‘recognizer’ for that language.Mon May 20 16:26:16 2024 - permalink -
The recognition must be feasible, and the recognizer must match the language in required computation power.
Found on the TUHS mailing list https://www.tuhs.org/pipermail/tuhs/2024-May/029846.html- https://langsec.org/