A secure captive portal browser with automatic DNS detection

Captive portals are the worst. Flaky detection. The OS and browser try to detect these annoying network features but fail quite often, leaving you with broken connections. DID YOU KNOW that probe-based captive portal detection really doesn't work very well, with ~30% FP *and* ~30% FN rate in… »

Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version… »

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and… »

rustgo: calling Rust from Go with near-zero overhead

[русский] Go has good support for calling into assembly, and a lot of the fast cryptographic code in the stdlib is carefully optimized assembly, bringing speedups of over 20 times. However, writing assembly code is hard, reviewing it is possibly harder, and cryptography is unforgiving. Wouldn't it be nice if… »

Cleaning up my GOPATH with Homebrew

tl;dr: use the script at the bottom to go get into the Homebrew "Cellar" and keep your GOPATH clean. I personally like GOPATH and import paths, but while trying to reduce my laptop to a thin reproducible client, I felt the pain of keeping track of the… »