Using Capsicum For Sandboxing
FreeBSD 9.0, released in January 2012, has experimental Capsicum support in the kernel, disabled by default. In FreeBSD 10, Capsicum will be enabled by default.
But unless code uses it, we get no benefit. So far, very little code uses Capsicum, mostly just experiments we did for our paper. I figured it was time to start...
Persian Pulled Lamb
I don’t usually link to existing recipes, but this was so good, I had to: http://uktv.co.uk/food/recipe/aid/647703. We only let it marinade for one day, which seemed to work fine.
Share This
Salmon and Peas in a Saffron Cream Sauce
An impromptu and fast recipe that worked really well.
saffron
butter
olive oil
salt
pepper
mixed herbs
salmon steak fillets
frozen peas
cream
Put the saffron in a small amount of hot water. Get the butter and oil hot enough to bubble, add salt, pepper, mixed herbs. Shortly after, add the salmon, skin side down. Fry until the skin is crispy, then turn onto a...
EFF Finally Notice 0day Market
Six years after I first blogged about it, the EFF have decided that selling 0days may not be so great.
Maybe they should be reading my blog?
Share This
Certificate Transparency: Spec and Working Code
Quite a few people have said to me that Certificate Transparency (CT) sounds like a good idea, but they’d like to see a proper spec.
Well, there’s been one of those for quite a while, you can find the latest version in the code repository, or for your viewing convenience, I just made an HTML version.
Today,...
Certificate Transparency: Spec and Working Code
Quite a few people have said to me that Certificate Transparency (CT) sounds like a good idea, but they’d like to see a proper spec.
Well, there’s been one of those for quite a while, you can find the latest version in the code repository, or for your viewing convenience, I just made an HTML version.
Today,...
How “Free” Leads to Closed
The FSF is fond of banging on about how the GPL is more “free” than other open source licences, even though it is actually a more restrictive licence than many others (for example, the Apache Licence).
So I find it ironic that the much anticipated Raspberry Pi is about as un-free as it is possible to...
Certificate Transparency Sites
I may not have said much more about Certificate Transparency, but we’ve been working on it. So, those interested in following along (or joining in) are welcome to look at…
Website.
Mailing list.
Code repository.
The code repository also inc...
Fixing CAs
Adam Langley and I have a proposal to bolster up the rather fragile Certificate Authority infrastructure.
TL;DNR: certificates are registered in a public audit log. Servers present proofs that their certificate is registered, along with the certificate itself. Clients check these proofs and domain owners monitor the logs. If a CA mis-issues a certificate then either
There...
Open Source Transcription Software Developer
Since we set up FreeBMD, FreeREG and FreeCEN things have come a long way, and so we’re revisiting how we do transcription. Those great guys at Zooniverse have released their Scribe transcription software, which they developed to use with Old Weather and Ancient Lives (and more to come), as open source.
We are working with them...
Open Source Transcription Software Developer
Since we set up FreeBMD, FreeREG and FreeCEN things have come a long way, and so we’re revisiting how we do transcription. Those great guys at Zooniverse have released their Scribe transcription software, which they developed to use with Old Weather and Ancient Lives (and more to come), as open source.
We are working with them...
Lessons Not Learned
Anyone who has not had their head under a rock knows about the DigiNotar fiasco.
And those who’ve been paying attention will also know that DigiNotar’s failure is only the most recent in a long series of proofs of what we’ve known for a long time: Certificate Authorities are nothing but a money-making scam. They provide...
