also
encapsulates IP in IP and encrypts traffic between two tunnel endpoints)
but at least you have gif-interface you can conveniently tcpdump.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
ill considered safe. But why one need to use that ancient
stuff? Modern protocols (WireGuard, Noise, TLS 1.3) use only
AEAD-algorithms, where "MAC" is some kind of integrated with the
encryption algorithm and they are always used together. IPsec supports
AEAD-ciphers in modern OSes a lo
to set any kind of IP addresses manually (or by SLAAC/DHCP*),
then (at least) WireGuard can work over IPv6 link-local addresses
without any problems (I do it).
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
mputations and the speed of just DH/sign operation can be negligible
and play no role.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
ly
communicate with each node by its 200::/7 IPv6 address.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
*** Sagar Acharya [2023-07-20 07:11]:
>Authoritative suckless DNS server recommendations please!
https://www.nlnetlabs.nl/projects/nsd/about/ by the same developers of Unbound.
And their ldns can be used to do all authoritative DNSSEC-related stuff.
--
Sergey Matveev (http://www.stargrave.
ull
cached DNSSEC support and DNS64.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
se https://ipv6.ip4market.ru/
tunnel broker here to reach that non-legacy modern Internet world.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
e buffers and so on.
Thanks suckless community and its developers for their wonderful
software (I use dwm, st, dmenu, tabbed, slock) and inspiration resources
for non-bloated sane software!
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: 12AD 3268 9C66 0D42 6967 FD75 CB82 0563 2107 AD8A
*** Robert Winkler [2022-06-17 11:19]:
>Which mailing list software is suckless running?
>Is it recommendable?
Definitely mlmmj: http://mlmmj.org/
Very easy to install, no dependencies complications, easy administrate
and works very well.
--
Sergey Matveev (http://www.stargrave.org/)
O
al development tasks, there there are no huge
amounts of data involved. Possibly slightly worse performance, but
perfect reliability and predictability I can rely on.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
, Make just does not work (reliably)
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
ARGV;
while (<>) {
/^#include "([^\/]+)"$/ and ($1 !~ /\.in$/) and $inc{$1} = 1;
};
print join " ", sort keys %inc;
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
e not enough for that task?
read D < "$2".d
redo-ifchange ${D#* }
POSIX "read" out-of-box understands \-newlines that can appear in those
.d-Makefiles and read the whole .d file as a single line, where you just
have to strip the first word ("target:").
red authentication. TLS becomes completely useless,
because IPsec can take all TLS-related use-cases.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
*** Sergey Matveev [2021-04-17 20:47]:
>>What is the preferred hash by Greta?
>What is that?
I was told offlist that (seems) you were refering to Greta Thunberg.
I suppose she would blame us all, because we are using cryptographic
hash functions for the things where simpler, cheaper a
Go 1.4 is written on C and all future Go versions can
use it for compilation of themselves.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
ent modern days.
>If I'm going to write a compiler, I'm going to write it in C
That is good. And nearly everyone does so, or use at least something
that can be build with C-compiler.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
hought about that. Shame on them.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
tforms).
>What is the preferred hash by Greta?
What is that?
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
and so on). I succeeded on Devuan, with taking more than
50GB of diskspace. Could not build it on FreeBSD. So personally even if
I wanted to try Rust, I just have no such powerful hardware for its
bootstrapping and knowledge how to build mrustc on FreeBSD.
--
Sergey Matveev (http://www.stargra
mpression -- my CPU is not a
decompression bottleneck anymore and that was worth of it. I heard that
Arch Linux and Fedora moved to its usage and, however being the BSD-fan,
I respect their move to it.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
protocols without hard-coded algorithms. Nothing wrong
with HMAC-SHA3, except for one more small message hashing at the end,
that is negligible and won't be used for transport traffic because of
AEAD ciphers.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
BLAKE3 beats it. And
SHA512 is preferable SHA256, mostly because it is faster in 64-bit CPUs.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
st, having very high security margin and abilities to
use it as a MAC, add randomization/personalization -- that it why it is
popular.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
ember" that it created "install" with given timestamps, so
it warns you about that.
>Is that correct?
Yes.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
clean.do, all.do,
dist.do and similar targets should not create output at all.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
fo.html:
dst.info.do:
[many other commands and dependencies]
$MAKEINFO $MAKEINFO_OPTS -o $3 index.texi
dst.html.do:
MAKEINFO_OPTS="--html" . dst.info.do
I saw people create single .do with the case/esac to differentiate
info/html, that is much more complex.
exec >&2
Why that exec? There is only one "echo" in that target at the end. It is
better to add redirection to stderr, than to call heavy "exec" for the
whole target.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
*** Greg Reagle [2021-01-03 14:38]:
>https://unix.stackexchange.com/questions/65803/why-is-printf-better-than-echo
Interesting! Thank you for that! Will take into account.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
So anyway you will see what is compiling or linking now
* even if some redo implementation is silent about that, there are, as
you mentioned, options like -x/-v. But explicit progress messages are
useless and even harmful here, in my opinion
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
some temporary $3 file, you should use unrelated to
musl-gcc binary target and use redo-ifchange to prevent forceful building.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
*** Greg Reagle [2020-12-18 07:37]:
>redo-c does *not* capture standard output by default.
You are right. So yes, of course I had to export REDO_STDOUT=1 before,
to make redo-c behaviour the same as DJB suggested.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E
*** Sergey Matveev [2020-12-17 21:44]:
>Now there are pure C https://github.com/leahneukirchen/redo-c
And by the way, it is less than 1kLOC even with completely built-in
SHA256 implementation and no dependencies. Supporint all necessary
redo-ifchange/ifcreate/always commands, jobserver (paral
system,
parallely running all of those pkg-configs. If my $CC, or pkg-config's
output is changed, then only really dependant targets will be rebuild.
And I am silent about ability to generate .do from other .do (.do.do).
https://redo.readthedocs.io/en/latest/ documentation is the best place
to start, in my opinion. However its redoconf autoconf-replacement seems
too complicated for me.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
with short full redo description and
comparison: http://www.stargrave.org/redo-proscons.html
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
comparing to GNU tar: pax is
backward compatible with ustar. Every kind of metainformation that can
not be explicitly stored in ustar will look like subdirectory with
key-value files in pax and can be *extracted* anyway.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E
org/x/crypto/chacha20poly1305) simply
does not allow to create unauthenticated ciphertext at all, for the good
reason.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
signature.asc
Description: PGP signature
(or any
kind processed) before it is authenticated. It is always right.
>Should be fine, but the salt should not be secret (you need to sync it
>between devices where you want to use this system after all).
Agreed, there is no need salt to be any kind of secret. It is safe to
store it clear.
ce (for one
encryption/decruption) -- it is safe to use zero nonce.
--
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
signature.asc
Description: PGP signature
https://stallman.org/apple.html
41 matches
Mail list logo