How CDNs Generate Certificates
> Obviously, to do stuff like this, you need to generate certificates. The reasonable way to do that in 2020 is with LetsEncrypt. We do that for our users automatically, but “it just works” makes for a pretty boring writeup, so let’s see how complicated and meandering I can make this.
> It’s time to talk about certificate infrastructure.
> I still believe it would be possible to build a high quality editor based on the original design. But I also believe that this would be quite a complex system, and require significantly more work than necessary.
A few good ideas and observations could be mined out of this post.
Fakecracker: NetBSD as a Function Based MicroVM
> This is fun and all, but we can’t really talk about security only with chroot, and the Firecracker solution seemed about right for this matter, yet the overall NetBSD boot process was a bit too long for my taste. So how exactly can we significantly improve NetBSD‘s boot speed?
Why is there a "V" in SIGSEGV Segmentation Fault?
> My program received a SIGSEGV signal and crashed with “Segmentation Fault” message. Where does the “V” come from?
Dumbindent: When 93% of the Time was Spent in Clang-Format
> Summary: The Wuffs compiler outputs C code. When compiling its standard library, over 93% of the time (2.680 out of 2.855 seconds) was spent formatting that C code with clang-format. dumbindent is a new command-line tool (and Go package) that formats C code. Its output is not as ‘pretty’, but it can be over 80 times faster than clang-format (0.008 versus 0.668 seconds to format 12k lines of C code).
> Greetings and salutations internet person! Have you ever pissed off a customer so much they bought a domain and stood up a website to shit on your asinine and boneheaded business practices? GE just did.
> I just wanted a tall, cold, refreshing glass of water at 3am only to be greeted by a fucking atomic countdown on my trusty cold water and ice dispensing pal.
The Deprecated *nix API
> But for “*nix”, without any clarifying context, I for one think in terms of shell scripts and their utilities. And the problem is that my own naïve scripts, despite being written on a legit *nix variant, simply will not run on a vanilla Linux, macOS, or *BSD installation. They certainly can—I can install fish, and sd, and ripgrep, and whatever else I’m using, very easily—but those tools aren’t available out-of-the-box, any more than, I dunno, the PowerShell 6 for Linux is.
Experiences with email-based login
> The way it originally worked is that you would sign up with your email, and to login a “magic link” with a secret token would be emailed to you, which will set the cookie and log you in. I did it like this after a suggestions/discussion at Lobste.rs last year, and I thought it would be easier to implement (it’s not) and easier for users (it’s not).
OpenBSD on the Microsoft Surface Go 2
> I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-small USB-A-to-USB-C adapter. Microsoft has switched to Intel WiFi chips on their recent Surface devices, making the Surface Go 2 slightly more compatible with OpenBSD.
Five Years of Rust
> With all that’s going on in the world you’d be forgiven for forgetting that as of today, it has been five years since we released 1.0 in 2015! Rust has changed a lot these past five years, so we wanted reflect back on all of our contributors’ work since the stabilization of the language.
Exploring munmap() on page zero and on unmapped address space
> The difference between Linux and FreeBSD is in what they consider to be ‘outside the valid range for the address space of a process’. FreeBSD evidently considers page zero (and probably low memory in general) to always be outside this range, and thus munmap() fails. Linux does not; while it doesn’t normally let you mmap() memory in that area, for good reasons, it is not intrinsically outside the address space. If I’m reading the Linux kernel code correctly, no low address range is ever considered invalid, only address ranges that cross above the top of user space.
In Praise of AutoHotKey
> People think it’s weird that I do all my development on a Windows machine. It’s definitely a second-class citizen experience in the wider development world, and Windows has a lot of really frustrating issues, but it’s still my favorite operating system. This is for exactly one reason: AutoHotKey.
> AHK is an engine for mapping keystrokes to scripts. I wouldn’t call it particularly elegant, and it’s filled with tons of redundancy and quirks. Even its fans admit how nasty the language can be. But it hooks into the whole Windows system and makes it easy to augment my workflow. It’s given me a far greater degree of control over my computer than I ever managed to achieve with another OS.
The Original Cookie specification from 1997 was GDPR compliant
> We were never supposed to be able to do what most publishers and tech companies do today. In fact, what if I were to tell you that the original specification for how cookies should be implemented in browsers pretty much defined what GDPR is today?
Imagine back to a time when people thought user agents would be agents for the user.
Notes on Parsing in Rust
> I’ve recently been writing a bit of parsing code in Rust, and I’ve been jumping back and forth between a few different parsing libraries - they all have different advantages and disadvantages, so I wanted to write up some notes here to help folks who are undecided choose what libraries and techniques to consider, and also to offer some suggestions for the future of the Rust parsing ecosystem.
is-promise post mortem
> I had been intending to set up more of my projects to be automatically published via CI, instead of manually published from my local machine, but because is-promise is such a tiny library, I figured it probably wasn’t worth the effort. This was definitely a mistake. However, even if I had setup publishing via CI is-promise may not have had sufficiently thorough tests.
A Warm Welcome to ASN.1 and DER
> This document provides a gentle introduction to the data structures and formats that define the certificates used in HTTPS. It should be accessible to anyone with a little bit of computer science experience and a bit of familiarity with certificates.
Making Illegal States Unrepresentable
> It’s a concept I find very helpful. But if you look for examples online almost everything either “let’s prevent dividing-by-zero” or “let’s enumerate the cases in a data type”. We can more creative than that! Some examples of “illegal states unrepresentable” that I found useful but have not seen anyone else talk about online:
The Decline of Usability
> In which we delve into the world of user interface design.
It’s different and therefore must be better.
Surrounded by Elligators: Implementing Crypto With Nothing to Compare to
> When I first learned about Elligator, I sought the reference implementation so I could get a feel of what was going on. There were none, though. Even SUPERCOP limited itself to a Curve448goldilocks instantiation, there was nothing for Curve25519. Oh well, at least there’s no harm in looking at the paper for now.
And then the murders began.
Pixel Art In GIMP
> I’ve always been an admirer of pixel art, because of it’s simplicity and it’s resemblance to bitmap font design. Recently, I decided to take the dive and make some art of my own. I used GIMP because I am fairly familiar with it. Aseprite seems to be the editor of choice for animated pixel art though.