Brian Smith

@BRIAN_____

Code farmer. Security, crypto, performance, networking, usability. Rust, C++, C, Haskell, DSLs, etc. *ring*, webpki, crypto-bench, mozilla::pkix.

Honolulu & San Francisco
Vrijeme pridruživanja: travanj 2008.

Tweetovi

Blokirali ste korisnika/cu @BRIAN_____

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @BRIAN_____

  1. prije 22 sata

    “When the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.” sudo shouldn’t be written in C.

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    Ada results in about a 2x reduction in dev compared to C-family or asm. 4x reduction in post-deployment errors, and a 10x reduction in the effort to fix such an error, for about a 40x reduction of post-deployment effort.

    Poništi
  3. proslijedio/la je Tweet
    30. sij

    A lesson in how healthcare in the US works for most people. THREAD. I am the CEO of a company with about 2,000 employees. My company is owned by private equity. /1

    Tweet je nedostupan.
    Prikaži ovu nit
    Poništi
  4. 30. sij

    This “Kids pay their age” all-you-can-eat sushi place lost real money on my 4-year-old daughter tonight. Plus she pulled her ponytail holder out of her hair to make training chopsticks from the regular chopsticks, which genuinely impressed me. (I made the ponytail this morning.)

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    Document unto others as you would have others document unto you.

    Poništi
  6. proslijedio/la je Tweet
    28. sij

    You can now see which privacy-violating companies send your browsing activity to Facebook and disable these integrations here:

    Poništi
  7. proslijedio/la je Tweet

    We updated the Security Servicing Criteria for Windows today clarifying a non-boundary (Hyper-V Administrator Group) & expanding the Administrator-to-Kernel non-boundary. We do this periodically in response to research trends; feedback is always welcome.

    Poništi
  8. proslijedio/la je Tweet
    22. sij

    Apple/Safari Intelligent Tracking Prevention is a mechanism intended to improve privacy. It was found to have privacy vulnerabilities allowing sites to track the user (and fingerprint), and to stealing web browser history of a user. Incredible find.

    Prikaži ovu nit
    Poništi
  9. 16. sij

    “ On architectures with stack probes (like x86), this can be used for denial of service attacks, while on architectures without stack probes (like ARM) overflowing the stack is unsound and can result in potential memory corruption (or even RCE).” /cc

    Poništi
  10. proslijedio/la je Tweet
    16. sij

    If you haven’t heard of Crypto Workshop before, they’re the Bouncy Castle library developers.

    Poništi
  11. 14. sij

    Also, a few years ago one or two formally-verified x509 certificate validation projects started. I thought those would supplant my webpki crate by now, or soon. But, I learned last week that those projects have stalled (IIUC). So maybe we should start working on webpki again.

    Poništi
  12. 14. sij

    Oh, yeah. If you’re using the native-tls crate then your application is vulnerable to this Windows validation bug (when run on Windows). If you’re using Rustls and you haven’t overridden its default use of webpki then you’re golden (at least w.r.t. this issue). IDK the RUSTSEC #.

    Poništi
  13. 14. sij

    Nice! My webpki crate (and even good ol’ mozilla::pkix) prevents this kind of issue from happening by design, by deliberately restricting itself to a whitelist of named curves, encoded by name in certs. Plus memory safety and stuff.

    Poništi
  14. 12. sij

    s/gate/ticket counter/. Note I had already checked in. My guess is there is another Brian Smith on the flight. Perhaps the same one that was on my high school football team.

    Prikaži ovu nit
    Poništi
  15. 12. sij

    Somebody managed to check in two bags under my reservation for my flight from IAD. I only noticed because they also managed to cancel my reservation at the gate. I hope they had a Real ID.

    Prikaži ovu nit
    Poništi
  16. 10. sij

    I am a naturally shy person. Attending conferences and whatnot isn’t really my cup of tea. But, every time I go I meet another attendee who helps me BIGLY. The more I fight shyness the more I win. The sooner I share my less-than-perfect work and ideas the more I win. FYI.

    Poništi
  17. 10. sij

    NYC🚊DC. It was great meeting all the people at RWC and the other events around it. Somehow I managed to miss out on meeting so many people I was hoping to encounter; next time! Thanks to all the people who took time out of their busy schedules to chat with me and teach me stuff!

    Poništi
  18. 9. sij

    Great talk by on CRLite. Fascinating to see k8s + GCP being used. How much bandwidth/storage and code is OK to require a non-browser revocation-capable client to reserve for revocation? What is the smallest reasonable consumer for the Web PKI?

    Poništi
  19. 9. sij

    Hash DRBG is the best! Well, probably not. But convenient for me to hear somebody else say so, since that’s what i ended up using in my previous project. Now I can just say I am following experts’ advice. Would be good to agree on a better hash-based (not cipher-based) DRBG.

    Poništi
  20. 2. sij

    In fact, they told me they would even have accepted a *personal* check.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·