Jarkko Sakkinen
Posts
4943Following
327Followers
492OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
I'm so happy that I've made on full usable computer program with Rust now, including backend code (tpm2-protocol).
It does not really matter if it is good or bad but a psychological barrier has definitely been broken. Program #2 will be so much easier and fun than this ;-)
It does not really matter if it is good or bad but a psychological barrier has definitely been broken. Program #2 will be so much easier and fun than this ;-)
0
0
5
@jwildeboer @pjakobs not to mention that everyone had Atari joystick ports in the 80s and early 90s :-)
0
0
1
@jwildeboer @pjakobs Atari 800 had innovative Atari SIO bus designed by Joe Decuir, who later on took the same basic design, and created USB ;-)
0
0
2
Jarkko Sakkinen
jarkko
Edited 27 days ago
I sometimes wonder Linux Foundation is not involved with Himmelblau IDM, given how important project it is for the Linux ecosystem overall.
https://mytechinsights.wordpress.com/2025/08/06/himmelblau-1-0-released-finally-real-intune-policy-enforcement-on-linux/
#himmelblau #azure #intune @linuxfoundation
https://mytechinsights.wordpress.com/2025/08/06/himmelblau-1-0-released-finally-real-intune-policy-enforcement-on-linux/
#himmelblau #azure #intune @linuxfoundation
0
0
0
Jarkko Sakkinen
jarkko
@Aissen @geal I prefer combinator parsers over PEG because in combinator parsers with the price of higher "initial cost" you get re-usable components, and maintenance costs over long period of time are much lower than with PEG (assuming that grammar is relatively stable). And yeah, everything lives in the same closure (i.e. in the Rust implementation).
0
0
2
Jarkko Sakkinen
jarkko
Edited 28 days ago
Now that I can actually clean up tpm2sh as I reached "zero known relevant bugs" state couple of days ago, some cool features will spun from that.
E.g., most of the time you don't have to specify parent key, the tool will discover it for you.
I'll also implement virtual persistent handles by retaining in cache TPMKey ASN.1 file in addition to context and that enables to implement fake evict operation to 0x81-range.
And already now management of TPM2 sessions is mostly transparent like it should be, and implicitly created HMAC sessions will gain parameter encryption soon.
In pre-existing TPM2 stacks (e.g., tpm2-tool) having sessions exposed out naked to the user is like having a TLS stack where you would need manually implement session key exchange dance. It's just plain fucking wrong imho :-)
#tpm2sh
E.g., most of the time you don't have to specify parent key, the tool will discover it for you.
I'll also implement virtual persistent handles by retaining in cache TPMKey ASN.1 file in addition to context and that enables to implement fake evict operation to 0x81-range.
And already now management of TPM2 sessions is mostly transparent like it should be, and implicitly created HMAC sessions will gain parameter encryption soon.
In pre-existing TPM2 stacks (e.g., tpm2-tool) having sessions exposed out naked to the user is like having a TLS stack where you would need manually implement session key exchange dance. It's just plain fucking wrong imho :-)
#tpm2sh
0
0
0
Jarkko Sakkinen
repeated
repeated
AGRO TURBO.EXE SNAKE 🇺🇦🇨🇿
lkundrak@metalhead.clubbreaking: white house being replaced by a white trailer park
1
1
1
Jarkko Sakkinen
jarkkoFor VM/embedded images socat is pretty alternative to curl as it has 50% less dependencies and you can still web e.g.,
printf 'GET / HTTP/1.1\r\nHost: www.iki.fi\r\nConnection: close\r\n\r\n' | socat OPENSSL:www.iki.fi:443 -
I’ve replaced curl with socat in my BuildRoot images for kernel testing because it is less bloated than curl ;-)
1
0
1
Jarkko Sakkinen
jarkko
Edited 28 days ago
Cargo would be better if it had a separate unique and label names for dependencies, and dependency resolution used the former.
Basing immutablity to a label makes crates.io quite unrobust IMHO, and given that not all projects fly that far, otherwise useful labels stay reserved permanently, up until Sun melts.
Such dual-name scheme could be transparent to Cargo.toml: e.g. Cargo.lock could map a label to a name.
I'm not saying that names would need to have expiration time. I'm thinking more like willingly giving name back to circulation from abandoned project.
C++ has bunch of offerings now for cargo alike package managers. In that front, I'd try to find a solution that is smarter than Cargo before there is a dominating solution.
#rustlang #cargo
Basing immutablity to a label makes crates.io quite unrobust IMHO, and given that not all projects fly that far, otherwise useful labels stay reserved permanently, up until Sun melts.
Such dual-name scheme could be transparent to Cargo.toml: e.g. Cargo.lock could map a label to a name.
I'm not saying that names would need to have expiration time. I'm thinking more like willingly giving name back to circulation from abandoned project.
C++ has bunch of offerings now for cargo alike package managers. In that front, I'd try to find a solution that is smarter than Cargo before there is a dominating solution.
#rustlang #cargo
1
0
0
@securepaul I'll put an abstract about tpm2sh for LSS once there are CfP's available next year (and little bit about protocol stack I've build for it [1]). Has been a while but I haven't had really a topic I wanted to talk about for a long time :-)
[1] https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
[1] https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-protocol.git
0
0
1