Go

"Don't communicate by sharing memory, share memory by communicating."

mkcert: valid HTTPS certificates for localhost

(or for any other names) The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happening over HTTP because…

Live streaming Cryptopals

tl;dr: I'm livecoding the Cryptopals in Go on Twitch, one set every Sunday. The recordings are on YouTube. Oh, wow. I love the idea. Would anyone here seriously watch 20 to 40 hours of me doing crypto, math and Go? Mic, screen, and everything. https://t.co/jx3s736bGm—…

A secure captive portal browser with automatic DNS detection

Captive portals are the worst. Flaky detection. The OS and browser try to detect these annoying network features but fail quite often, leaving you with broken connections. DID YOU KNOW that probe-based captive portal detection really doesn't work very well, with ~30% FP *and* ~30% FN rate in…

Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version…

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and…