Benki β†’ All Posts

β‡  previous page next page β‡’
Matthias #

NTRU in OpenSSH

OpenSSH has supported post-quantum cryptography for several years now. sntrup761x25519-sha512@openssh.com (hybrid Streamlined NTRU Prime and X25519) was introduced in OpenSSH 8.5. It was made the default key exchange mechanism in OpenSSH 9.0.

The reason it is a hybrid mechanism is that the security of NTRU is not as well-established as that of X25519 and other classical methods.

Note that this for key exchange, not authentication. But considering that post-quantum cryptanalysis is a future concern rather than one situated in the present, that is what is worth focusing on right now. After all, someone who can break your key exchange in the future can record your encrypted exchanges now and decode them later. But they cannot travel back into the past to impersonate you in the present.

Consolidates an Asciidoc file and all of its transitive includes into a single Asciidoc file.

Useful for places like GitHub, which do not support includes natively.

(I do wonder, however, if it isn’t sometimes preferable to just generate HTML each time you update your user manual and check that into your code repository or upload it someplace you can link toβ€”it is the universal language of the Web, after all.)

A reimagining and clean-room reimplementation of the original PC DOS. The PC DOS 1.0 from an alternate reality where its creators had the foresight of things to come.

Even though they are less targeted than conditional social welfare, unconditional cash benefits still predominantly help the poor because they are often hamstrung by transaction costs more than personal irrational behavior.

What makes unconditional cash benefits particularly attractive politically is that they enjoy wide support across the political spectrum. That is because they do not obviously take something away from one group (social, racial, you name it) to give it to another. Of course in fact that is precisely what they do, but they do it in a socially blind manner.

A vulnerability scanner based on Syft.

Supports various GNU/Linux package formats and distributions (Alpine, Debian, RHEL/UBI, etc.) as well as libraries for various programming language ecosystems (Java, Go, Rust, JavaScript, .NET, etc.).

Example output:

$ grype registry.access.redhat.com/ubi9/ubi-micro:latest

NAME          INSTALLED           FIXED-IN     TYPE  VULNERABILITY   SEVERITY 
bash          5.1.8-4.el9                      rpm   CVE-2022-3715   Medium    
libgcc        11.2.1-9.4.el9                   rpm   CVE-2021-46195  Low       
libgcc        11.2.1-9.4.el9      (won't fix)  rpm   CVE-2022-27943  Low       
ncurses-base  6.2-8.20210508.el9  (won't fix)  rpm   CVE-2022-29458  Low       
ncurses-libs  6.2-8.20210508.el9  (won't fix)  rpm   CVE-2022-29458  Low       

Creates software bills of materials (SBOMs) for container images and directories.

Generates and converts between CycloneDX, SPDX, and a custom format.

Detects various GNU/Linux package formats and distributions (Alpine, Debian, RHEL/UBI, etc.) as well as libraries for various programming language ecosystems (Java, Go, Rust, JavaScript, .NET, etc.).

Example output:

$ syft registry.access.redhat.com/ubi9/ubi-micro:latest

NAME                    VERSION             TYPE 
basesystem              11-13.el9           rpm   
bash                    5.1.8-4.el9         rpm   
coreutils-single        8.32-31.el9         rpm   
filesystem              3.16-2.el9          rpm   
glibc                   2.34-28.el9_0.2     rpm   
glibc-common            2.34-28.el9_0.2     rpm   
glibc-minimal-langpack  2.34-28.el9_0.2     rpm   
libacl                  2.3.1-3.el9         rpm   
libattr                 2.5.1-3.el9         rpm   
libcap                  2.48-8.el9          rpm   
libgcc                  11.2.1-9.4.el9      rpm   
libselinux              3.3-2.el9           rpm   
libsepol                3.3-2.el9           rpm   
ncurses-base            6.2-8.20210508.el9  rpm   
ncurses-libs            6.2-8.20210508.el9  rpm   
pcre2                   10.37-5.el9_0       rpm   
pcre2-syntax            10.37-5.el9_0       rpm   
redhat-release          9.0-2.17.el9        rpm   
setup                   2.13.7-6.el9        rpm   
tzdata                  2022e-1.el9_0       rpm   

Jakarta specification for gRPC in Java. Integrates with other Jakarta specifications such as CDI.

Distributed relational database with a query engine that reuses code from PostgreSQL. Another way to think about it is that it is like Google Cloud Spanner, but Apache-licensed.

β‡  previous page next page β‡’