Links 2020-02-10
On crypto and security …
- Cryptographic Right Answers – Latacora
You should keep things simple and conventional and easy to analyze; ‘boring’, as the Google TLS people would say.
- The PGP Problem – Latacora
Serious cryptographers have largely given up on PGP and don’t spend much time publishing on it anymore (with a notable exception). Well-understood problems in PGP have gone unaddressed for over a decade because of this.
- The New Illustrated TLS Connection – Michael Driscoll
A revised edition in which we dissect the new manner of secure and authenticated data exchange, the TLS 1.3 cryptographic protocol.
- Curl to shell isn’t so bad – Martin Tournoij
[It] is a very direct way to run code from the internet, whereas the other methods are running code from the internet, but with extra steps. It may ‘feel’ different, but in reality it’s just the same.
- Why Don’t People Use Formal Methods? – Hillel Wayne
Verifying code is a hard problem. More and more people are doing it, though, as theorem provers and SMT solvers get more sophisticated. It will probably remain a specialist thing for the foreseeable future.
- Running servers (and services) well is not trivial – Chris Siebenmann
These days, it’s often relatively easy to ‘just set up a server’ or a service, especially if you already work in the cloud. Spin up a VM or a Docker image, install some stuff, done, right? Well, not if you want this to be reliable infrastructure.