To properly compile a static C++ binary on Linux you have to supply
-static-libstdc++ when linking.
It said that unlike Arping 2.09, in Arping 2.11 the ARP cache was not updated after successful reply. I thought that was odd, since there's no code to touch the ARP cache, neither read nor write. Surely this behaviour hasn't changed?Read the rest of this entry »
If you split up code into different libraries you can get a diamond dependency problem.
That is you have two parts of your code that depend on different incompatible versions of the same library.
Normally you shouldn't get in this situation. Only someone who hates their users makes a non backwards compatible change to a library ABI. You don't hate your users, do you?Read the rest of this entry »
As you remember from long ago hashes are
O(1) best case, but can be
if you get hash collisions. And if you're adding
n new entries
I thought I'd take a look at the hash_set/hash_map GNU C++ extension.Read the rest of this entry »
This is a short howto on setting up TPM-backed SSL. This means that the secret key belonging to an SSL cert is protected by the TPM and cannot be copied off of the machine or otherwise inspected.
Meaning even if you get hacked the attackers cannot impersonate you, if you manage to kick them off or just shut down the server. The secret key is safe. It has never been outside the TPM and never will be.
This can be used for both client and server certs.Read the rest of this entry »
Yubico and their products are awesome.
That pretty much sums up this blog post but I'm going to go on anyway. If you're thinking of introducing two-factor authentication to your company, or you're using something that's fundamentally broken (like RSA SecureID) you simply must at least take Yubikeys into consideration.Read the rest of this entry »
gettimeofday() and time() should only be used to get the current time if the current wall-clock time is actually what you want. They should never be used to measure time or schedule an event X time into the future.Read the rest of this entry »
I've started writing a replacement for SSH.
Why? Because SSH has some drawbacks that sometimes annoy me. I also wanted an authentication scheme that's more similar to SSL/TLS than what SSH does.
With tlssh you don't specify username or password, you simply connect to the server using a client-side certificate to log in as the user specified in the certificate. No interaction until you reach the shell prompt on the server.Read the rest of this entry »