316 private links
Oh shit we are in deep trouble: names are complex to handle.
My rules of thumbs:
- they can't be identifiers
- they are mutable
- the format is so complex that a single "display name" field should be used
- create dynamic models (or SQL tables) if you need details for legal reasons
- UTF-8 encoding is a must. All characters are allowed because I can't verify Japanese, Chinese and all the possible character dataset
As always: test on the data.
XZ stays my favorite though.
An app on the web performs better on many points. Definitely.
- distribution
- maintenance
- releases
- adoption (shareware funnel to get the desktop app running)
About the AI fatigue
La Deutsche Telekom Red Team vient en effet de publier Pack2theRoot (CVE-2026-41651), une faille notée 8.8/10 qui permet à n'importe quel utilisateur local de devenir root sans mot de passe.
Source:
C'est clairement une mauvaise idée
A self version of Shazam
La merditude des choses est un fait, mais le narratif du déclin inéluctable est un choix.
A quizz with 20 questions
hashing: SHA-512
Password or one time code hashing: Argo2id
Key derivation: SHAKE256 or HKDF-SHA512
Api key: prefix + version + Base32LowerCase.encode(UUID || 32-byte secret); hash function: SHAKE256 with a 512 bit output, or SHA3-512 or SHA-512
Encryption: AES-256 has too short nonces, jey / nonce reuse is catastrophic and it's also lacking context commitment. XChaCha20-Poly1305 lacks context commitment, that's why ChaCha20-BLAKE3 is recommended.
Encrypting secrets: use a Key Management Service
Symmetric Key signature: HMAC-SHA512
Asymmetric key signature: ML-DSA-65, or ML-DSA-87
JSON Web TOkens: ML-DSA-65 for asymmetric signatures or HMAC-SHA512 for symmetric signatures
End-to-end encryption
While you probably need more advanced protocols for your specific use case (e.g. The Messaging Layer Security (MLS) Protocol, RFC 9420, for messaging), basic end-to-end encryption to a public key has been standardized in RFC 9180 - Hybrid Public Key Encryption (HPKE). In this context hybrid means that we combine both symmetric and asymmetric cryptography.
Therefore, I recommend the following algorithms for use with HPKE to encrypt data to a public key:
- KEM: X-Wing
- AEAD: AES-256-GCM
- KDF: HKDF-SHA512
TLS
Today, the only quantum-resistant key exchange algorithm available for TLS is the hybrid X25519MLKEM768. Ensure that your load balancers / reverse proxies support it.
# the api key generation
fn hash_api_key(api_key_id: Uuid, version i16, organization_id: Uuid, secret: &[u8]) -> [u8; API_KEY_HASH_SIZE] {
let mut hasher = sha3::Sha3_512::new();
hasher.write(api_key_id.as_bytes());
hasher.write(&version.to_le_bytes());
hasher.write(organization_id.as_bytes());
hasher.write(secret);
return hasher.sum();
}
the storage in the database
CREATE TABLE api_keys (
id UUID PRIMARY KEY,
created_at TIMESTAMP WITH TIME ZONE NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE NOT NULL,
name TEXT NOT NULL,
expires_at TIMESTAMP WITH TIME ZONE,
version SMALLINT NOT NULL,
secret_hash BYTEA NOT NULL,
organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
UNIQUE (name, organization_id)
);
CREATE INDEX index_api_keys_on_organization_id_and_expires_at ON api_keys (organization_id, expires_at);X.400 is arguably a better standard than SMTP, but the simple email address and the ease of implementation won.
GitHub - rapina-rs/rapina: A Rust web framework for APIs. So simple it feels like cheating. · GitHub
Read from a reddit post
« Les attaquants bénéficient d’un avantage asymétrique, puisqu’il leur suffit d’exploiter une seule brèche», alors que les défenseurs doivent couvrir une surface d’attaque qui n’est certes pas infinie, mais suffisamment étendue pour laisser des trous dans la raquette. Les développeurs de Firefox ne peuvent pas se permettre de « réécrire des décennies de code en C++ ».
De l'autre côté, l'IA peut détecter ces failles rapidement. Il est probable que ce genre de détection de faille soit inclus dans les processus avant la livraison d'une nouvelle version par exemple.
l’éditeur PDF intégré, qui permet de réorganiser, copier, coller, supprimer et exporter des pages dans un document PDF.
Oh pas mal