~hl

Articles

computing The Bootstrapping Exam: Escaping from “Trusting Trust” 20240204
computing I'll be speaking at 37C3 (and have some spare tickets) 20231203
computing Expect-CT Lite: A humble proposal for minimal CT enforcement in TLS certificates 20231028
computing Mitigating the Hetzner/Linode XMPP.ru MitM interception incident, part 2: XMPP-specific mitigations 20231028
computing Mitigating the Hetzner/Linode XMPP.ru MitM interception incident 20231020
computing Why even let users set their own passwords? 20230722
computing The problem with federated web apps 20230701
computing Web-based cryptography is always snake oil 20230625
computing Writing a KVM hypervisor VMM in Python 20230604
computing Modern CPUs have a backstage cast 20230530
computing Patterns in register map design 20230520
computing Binary formats and protocols: LTV is better than TLV 20230510
computing Memoirs from the old web: IE's crazy content rating system 20230506
computing Client certificates aren't universally more secure 20230503
computing Memoirs from the old web: The KEYGEN element 20230429
the world Heterogenous v. homogenous manufacturing 20230427
computing On numbering hegemonies and namespace monopolies 20230423
computing Memoirs from the old web: server-side image maps 20230422
computing The inscrutable nature of UK rail ticketing 20230207
computing Against risk-based authentication (or, why I wouldn't trust Google Cloud) 20230203
computing Netheads vs. bellheads redux: the strange victory of SIP over the telephone network 20230127
computing Producing HTML using string templates has always been the wrong solution 20230115
computing Memoirs from the old web: The GateKeeper access control system 20230107
computing Let's Encrypt now supports ACME-CAA: closing the DV loophole 20221217
computing The Talos II, Blackbird POWER9 systems support tagged memory 20221029
computing Computers are an inherently oppressive technology 20220612
computing The Demise of the Mildly Dynamic Website 20220502
computing Website redesign and editorial changes 20220502
the world Requiem for Strawberry 20211011
computing How the K-line got its name: history of IRC daemon configuration 20210616
computing Freenode commits suicide, is no longer a serious IRC network 20210615
computing I have now been banned from Freenode 20210613
computing Why the GDPR is a threat to a free internet and should be ignored by those outside the EU 20210612
computing A thought experiment: High-Availability IRC 20210527
computing Freenode IRC operators perform mass seizure of channels for mentioning Liberachat 20210526
computing Freenode IRC operators now engaging in routine abuses of power 20210522
computing Having a bank account without having a phone number 20210511
computing Live feed of the HN Top 30 as an IRC Channel 20210402
computing Patterns in application-layer protocol design 20210316
computing A taxonomy of I/O architectures 20210313
computing Attributes of configuration languages 20210219
computing How secure boot and trusted boot can be owner-controlled 20210212
computing In the future, even your RAM will have firmware; and the subject of POWER10 blobs 20210204
computing Modifying and running a binary by recompiling a reverse engineered disassembly 20201205
computing The different kinds of authentication protocols 20200923
computing Serial Attached SCSI (SAS) is a circuit switched computer network 20200920
computing USB Mass Storage and USB-Attached SCSI... are both SCSI 20200911
computing A brief introduction to SCSI 20200909
computing Myths about USB NKRO and how USB HID works 20200409
fiction Kolmogorov's AI 20200306
computing Mis-fitted USB ports, an epidemic 20200109
computing Total Advertising Denial 20191112
computing XML is almost always misused 20191029
computing The evolution of the web, and a eulogy for XHTML2 20191026
computing Cloudflare considered harmful 20191023
the world Lifeforms 20191015
computing The PowerPC AS Tagged Memory Extensions 20190831
computing On the opening of the Power ISA, and the chilling effects of proprietary ISAs 20190828
computing The i.MX8 cannot be deblobbed 20190611
computing Rethinking the filesystem as global mutable state, the root of all evil 20190602
computing Rethinking files 20190602
computing Extended Validation certificates have always been useless 20190523
computing Adventures in reverse engineering Broadcom NIC firmware 20190416
computing Running Baldur's Gate 2 in windowed mode at high resolutions 20190416
computing Grow-up and grow-down technologies 20181130
computing Why Intel will never let owners control the ME 20180722
computing Legal Analysis of the “Admiral” Anti-Adblocker DMCA Incident 20170812
computing Phone numbers must die 20170116
computing Rackmount Improv HSM 20161125
computing Let's Encrypt for IRC Networks: A Deployment Guide 20160321
computing The Cultural Defeat of Microsoft 20160308
computing Microsoft has stopped making Windows 20160305
computing Why I will never use Windows 8 or Windows 10 20160304
computing Psychological effects of coding style 20160302
computing Death to the Win32 console subsystem 20160219
computing Why I don't like smartphones 20160213
computing The Normativity Manifesto 20160210
computing Zero-G Programming 20160207
computing The Bourne Ambiguity 20160206
computing Nexuses Redux: Nativity 20160206
computing Embedding of binary data into programs 20160115
computing There are no secure smartphones. 20160114
computing TLS and the Policy MitM Armageddon 20151203
computing Why the AGPL is often unenforceable 20151124
computing Linux's GPLv2 licence is routinely violated 20151124
computing Why I don't like smartcards, HSMs, YubiKeys, etc. 20151028
computing The Straight Line Principle 20151001
computing On Nexuses 20150904
computing On Normativity in Configuration Management 20141009
computing Insyde BIOS Issues 20130614
computing Coroutines in C 20130314
computing A usable Linux desktop 20130227
computing Notes on building lexers 20130227

Software

Programs

acmetool
A client utility for retrieving certificates from ACME (Let's Encrypt) servers.
memu
ARMv8-M CPU simulator written in C++17 and usable as a library.
compex
GCC/clang plugin for dumping C++ type information. Useful for reflection.

Go Libraries

passlib
Modern password hashing library for Go.
service
Easily write daemonizable services in Go.
configurable
An integration nexus for managing configuration in Go.
easyconfig
configurable-based configuration management utilities for Go.
madns
DNS server library for Go supporting DNSSEC.
portmap
NAT port-mapping library for Go supporting UPnP and NAT-PMP.
captcha
A rather severe image-only CAPTCHA library for Go.

Hμblog » (view all)

Hire me

20240623 #

Looking for a new role. Expertise in cryptography, security, networking, reversing. Dev, ops, security. Amongst other things I've authored a QUIC implementation, a Let's Encrypt client and an RFC. I gave a talk about reverse engineering an Ethernet controller's firmware at 37C3. LinkedIn / contact details.

37C3 talk recording: Adventures in Reverse Engineering Broadcom NIC Firmware

20240203 talk, firmware, broadcom, ortega #

For those that missed it, a recording of my talk at 37C3 can be found here.

Libreboot 10-year anniversary

20231213 foss, firmware, history #

Leah Rowe has written an interesting article about the history of the Libreboot project on the project's 10th anniversary. Recommended reading if you're interested in the open source firmware ecosystem.

Towards Greater Accountability: A Proposal for CA Issuance Decision Logs Exploring the Potential of Domain Control Notaries for MPDV in WebPKI

20231125 security, webpki, pki, cryptography, ct #

Interesting articles by Ryan Hurst about possible improvements to WebPKI security via more certificate transparency (CT)-like technologies. There's also my own writings on CT.

Stop deploying web application firewalls

20231114 cloudflare, web, security #

Excellent writeup by Mac Chaffee about how web application firewalls are universally a terrible idea. I've been meaning to write an article on this subject for some time, but this is a good overview of many issues with them.

Make the web great again IRC is the only viable chat protocol How "Normiefication" causes everything to go to the dogs

20230729 indieweb #

Interesting writings by Koshka, who has a fantastic Web 1.0/Geocities-esque website of great depth and variation.

I don't trust Signal

20230625 security, cryptography, signal #

Re: my article Web-based cryptography is always snake oil, this is another good article focused on Signal specifically and why it should not be considered trustworthy or secure.

Thoughts on Apache, .htaccess and the hackish state

20230526 web #

This article on how Apache httpd is actually nice resonated with me a lot; I continue to use Apache myself for reasons I've articulated in the comment above.

That people produce HTML with string templates is telling us something HN comment with my thoughts (HN comment)

20230526 web, HN comment #

Chris Siebenmann has written an interesting response to my article “Producing HTML using string templates has always been the wrong solution”. While I don't necessarily agree with his views, I think it's an interesting response and worth reading. I've also written up my thoughts on the article as an HN comment. (Read more...)

Chicken Scheme's internal data representation

20230422 lisp, scheme, virtual machine, cs #

Fascinating writeup on the internal representation of values in Chicken Scheme. The design of value representations in a Scheme implementation needs to balance performance and memory usage while supporting a finite number of value types, so seeing the strategies chosen by a real-world implementation is always interesting. The further reading section provides links to information on the internal representation used by several other languages.

Pushup, a framework for mildly dynamic websites Comment by author (HN comment)Author's website

20230106 web, mildly dynamic, go, HN comment #

This is an interesting web framework in Go emphasising PHP-esque page-oriented development. The author cites my article The Demise of the Mildly Dynamic Website as inspiration.

Webrings

20220502 webrings, web, history, indieweb #

This is an interesting writeup about webrings, a now forgotten phenomenon of the early web.

mynoise.net (noise generator)

20220502 listening to, noise generator, lotd #

Current listening — while reading Dune. Massive index of ambient noise generators.

Dialog (language)Linus Akesson

20220501 interactive fiction, virtual machine, compiler, prolog, z-machine, inform, homepage, indieweb #

This is an interesting alternative compiler for producing Z-Machine images (.z5/.z8), taking inspiration from Prolog.

The author's website also appears an interesting homepage.

Inform 7 is now open source (HN comment)

20220501 interactive fiction, inform, foss, virtual machine, cs, wasm, HN comment #

I have quite a bit of respect for the fact that this is a successful, real-world program developed using Literate Programming. It's a style of programming which has interested me before, but like many other people, I've found it hard to do in practice, and tools to be lacking.

As an aside, the interactive fiction community is from a technological perspective a fascinating microcosm, including from a CS perspective. You have not just one toolchain, but an entire ecosystem of competing virtual machine specifications (Z-Machine, Glulx, TADS, Hugo), compilers, and source languages, all intending to deliver architecture-independence and the ability to preserve IF for the ages, yet apart from all general-purpose technologies typically used for the task. (Read more...)

See all entries »

Hugo Landau

Articles

Software

Programs

Go Libraries

Hμblog » (view all)