HTTPS 証明書クロニクル | blog.jxck.io
Intro Web サービスをデプロイする際に、CA から証明書を取得し HTTPS で暗号化するのが一般的となった。 かつては "SSL 証明書" として、メールでやり取りし有料で購入するのが常識だったが、自動/無料で取得することが増えた。かつては 5~10 年あった有効期限もどんどん短くなり、今では 6 日の証明書も発行されている。 このように、証明書を取り巻く変遷は目覚ましく、それは Web を取り巻く環境の劇的な変化を色濃く反映した結果と言える。 http:// が https:// になった裏で何が起こり、これからどうなっていくのか。まとめていく。 (極力ソースを付記するが、既に消えて WebArchive にも残っていないものも多く、筆者の記憶に頼る情報も多い。) 黎明期 (90 年代後半~2010 年頃) 90 年代の終わり頃、当時は TLS の前身にあたる SSL のデプロ
The Untold Story of SQLite
TranscriptNote: This podcast is designed to be heard. If you are able, we strongly encourage you to listen to the audio, which includes emphasis that's not on the page IntroductionAdam: Hello and welcome to CoRecursive. I’m Adam Gordon Bell. Each episode of CoRecursive, someone shares the fascinating story behind some piece of software being built. On April 1st, 2014, an open source maintainer got
Peter Jay Salzman, Michael Burian, Ori Pomerantz, Bob Mottram, Jim Huang 1 Introduction 1.1 Authorship 1.2 Acknowledgements 1.3 What Is A Kernel Module? 1.4 Kernel module package 1.5 What Modules are in my Kernel? 1.6 Is there a need to download and compile the kernel? 1.7 Before We Begin 2 Headers 3 Examples 4 Hello World 4.1 The Simplest Module 4.2 Hello and Goodbye 4.3 The __init and __exit Mac
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
Cookie Theft 対策と Device Bound Session Credentials | blog.jxck.io
Intro Chrome チームより提案された Device Bound Session Credentials の実装が進み、Flag 付きで試すことができる。 この提案の背景と、解決する問題、現時点での挙動について解説する。 Update 2025/05/15: OT が始まったため、内容を大幅に更新 背景 2FA や Passkey の普及により、認証部分はかなりセキュアになってきた。インシデントによりパスワードが漏洩しても、それだけでなりすましを成立させるのも困難になっている。 そこで攻撃者の注目を集めているのが、Cookie の窃取(Cookie Theft)だ。 認証がいかに堅牢になっても、有効な Session Cookie を盗むことができれば、その値を Cookie フィールドに付与してリクエストするだけで、なりすましを成立させることができる。 いわゆる Session
The MS-DOS Encyclopedia: Section I: The Development of MS-DOS
The MS-DOS Encyclopedia Section I: The Development of MS-DOS To many people who use personal computers, MS-DOS is the key that unlocks the power of the machine. It is their most visible connection to the hardware hidden inside the cabinet, and it is through MS-DOS that they can run applications and manage disks and disk files. In the sense that it opens the door to doing work with a personal compu
Wasmtime Reaches 1.0: Fast, Safe and Production Ready!
As of today, the Wasmtime WebAssembly runtime is now at 1.0! This means that all of us in the Bytecode Alliance agree that it is fully ready to use in production. In truth, we could have called Wasmtime production-ready more than a year ago. But we didn’t want to release just any WebAssembly engine. We wanted to have a super fast and super safe WebAssembly engine. We wanted to feel really confiden
This is a companion article to a talk about Docker+WebAssembly that we gave at "Docker Community All Hands 7, Winter Edition" on Dec 15th, 2022. Introduction Recently Docker announced support for WebAssembly in cooperation with WasmEdge. This article will explain what is WebAssembly, why it is relevant to the Docker ecosystem and provide some hands-on examples to try on. We assume you are familiar
Assessing Claude Mythos Preview’s cybersecurity capabilities April 7, 2026 Nicholas Carlini, Newton Cheng, Keane Lucas, Michael Moore, Milad Nasr, Vinay Prabhushankar, Winnie Xiao Hakeem Angulu, Evyatar Ben Asher, Jackie Bow, Keir Bradwell, Ben Buchanan, David Forsythe, Daniel Freeman, Alex Gaynor, Xinyang Ge, Logan Graham, Kyla Guru, Hasnain Lakhani, Matt McNiece, Mojtaba Mehrara, Renee Nichol, A
Bringing Javascript to WebAssembly for Shopify Functions - Shopify
Bringing Javascript to WebAssembly for Shopify FunctionsWhile we’re working on getting our Shopify Functions infrastructure ready for the public beta, we thought we’d use this opportunity to shine some light on how we brought JavaScript to WebAssembly, how we made everything fit within our very tight Shopify Function constraints, and what our plans for the future look like. At Winter Editions 2023
Goodbye to the C++ Implementation of Zig ⚡ Zig Programming Language
← Back to News page Goodbye to the C++ Implementation of Zig December 07, 2022 How we used WebAssembly to annihilate 80,000 lines of legacy codeAuthor: Andrew Kelley It’s funny - I have shared this story a handful of times with friends of mine who are qualified, competent software engineers, and each time the response was confusion about why any of this would be necessary or even remotely helpful.
CUPID: for joyful coding
What started as lighthearted iconoclasm, poking at the bear of SOLID, has developed into something more concrete and tangible. If I do not think the SOLID principles are useful these days, then what would I replace them with? Can any set of principles hold for all software? What do we even mean by principles? I believe that there are properties or characteristics of software that make it a joy to
Improving NGINX Performance with Kernel TLS and SSL_sendfile( )
* Kernel version must be 5.10, not 4.14; see OSs That Do Not Support kTLS and the Amazon Linux 2 FAQ ** Inherits its kTLS support status from RHEL 8 as its upstream source *** See the FreeBSD commit log OSs That Do Not Support kTLSThe following OSs do not support kTLS, for the indicated reason: Alpine Linux 3.11–3.14 – Kernel is built with the CONFIG_TLS=n option, which disables building kTLS as a
Toggle dark mode What follows is a brain dump of everything I know about compiling Rust to WebAssembly. Enjoy. Some time ago, I wrote a blog post on how to compile C to WebAssembly without Emscripten, i.e. without the default tool that makes that process easy. In Rust, the tool that makes WebAssembly easy is called wasm-bindgen, and we are going to ditch it! At the same time, Rust is a bit differe
Introduction to Go 1.17 The latest Go release, version 1.17, arrives six months after Go 1.16. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Changes to the language Go 1.17 includes three small enhancements to the l
WebKit Features in Safari 18.0
ContentsNew in Safari 18Web apps for MacCSSSpatial WebHTMLJavaScriptWeb APICanvasManaged Media SourceWebRTCHTTPSWebGLWeb InspectorPasskeysSafari ExtensionsApple PayDeprecationsBug Fixes and moreUpdating to Safari 18.0Feedback Safari 18.0 is here. Along with iOS 18, iPadOS 18, macOS Sequoia and visionOS 2, today is the day another 53 web platform features, as well as 25 deprecations and 209 resolve
Tue, 26 Aug 2025 08:51:12 -0500 ABSTRACT This guideline focuses on the authentication of subjects who interact with government information systems over networks to establish that a given claimant is a subscriber who has been previously authenticated. The result of the authentication process may be used locally by the system performing the authentication or asserted elsewhere in a federated identit
Linux is an operating system, similar to Windows, but with many different versions due to the nature of being open source and fully customizable. To install Linux, you must choose an install method and choose a Linux distribution. To install Linux: Choose an install method: Windows Subsystem for Linux (WSL), Bare metal Linux; or create a Virtual Machine (VM) to run Linux locally or in the cloud. C
Effective TypeScript › The Saga of the Closure Compiler, and Why TypeScript Won
Here's something that makes me feel old: in just six months, Gmail will celebrate its 20th anniversary. If you weren't actively developing web sites at the time, it's hard to capture just how revolutionary it was. This was a time when JavaScript was held in almost universally low regard. The idea that you could build a sophisticated web app using it was mind-boggling. But it clearly worked and it
Reverse Engineering iOS 18 Inactivity RebootiOS 18 introduced a new inactivity reboot security feature. What does it protect from and how does it work? This blog post covers all the details down to a kernel extension and the Secure Enclave Processor.Security Before First Unlock / After First UnlockDid you know that entering your passcode for the first time after your phone starts is something very
Cloudflare Fonts: enhancing website font privacy and speed
We are thrilled to introduce Cloudflare Fonts! In the coming weeks sites that use Google Fonts will be able to effortlessly load their fonts from the site’s own domain rather than from Google. All at a click of a button. This enhances both privacy and performance. It enhances users' privacy by eliminating the need to load fonts from Google’s third-party servers. It boosts a site's performance by b
Over the course of my Spring 2020 semester at Harvey Mudd College, I developed a self-hosting compiler entirely from scratch. This article walks through many interesting parts of the project. It’s laid out so you can just read from beginning to end, but if you’re more interested in a particular topic, feel free to jump there. Or, take a look at the project on GitHub. Table of contents What the pro
Since I was unable to travel for a couple of years during the pandemic, I decided to take my new-found time and really lean into Rust. After writing over 100k lines of Rust code, I think I am starting to get a feel for the language and like every cranky engineer I have developed opinions and because this is the Internet I’m going to share them. The reason I learned Rust was to flesh out parts of t
How to improve Python packaging, or why fourteen tools are at least tw
There is an area of Python that many developers have problems with. This is an area that has seen many different solutions pop up over the years, with many different opinions, wars, and attempts to solve it. Many have complained about the packaging ecosystem and tools making their lives harder. Many beginners are confused about virtual environments. But does it have to be this way? Are the current
The number of people choosing Linux as their primary operating system to play games has been slowly but steadily going up, at least according to the Steam hardware survey. This is most likely because of the Steam Deck release and the increasingly obnoxious features being added to Windows. If you switch to Linux today, you’ll probably be surprised by how many games run out of the box just fine (mos
Cloudflare just got faster and more secure, powered by Rust
Cloudflare is relentless about building and running the world’s fastest network. We have been tracking and reporting on our network performance since 2021: you can see the latest update here. Building the fastest network requires work in many areas. We invest a lot of time in our hardware, to have efficient and fast machines. We invest in peering arrangements, to make sure we can talk to every par
Go 1.20 Cryptography
The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. (By the way, that’s going great, and I’m going to write more about it here soon!) I’m pretty happy with the work that’s landing in it. There are both exciting new APIs, and invisible deep backend impro
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
The year is 2023 and we’ve released Node.js v20. It’s a significant accomplishment, and this article aims to use scientific numbers to assess the state of Node.js’ performance. All the benchmark results contain a reproducible example and hardware details. To reduce the noise for regular readers, the reproducible steps will be collapsed at the beginning of all sections. This article aims to provide
Reaching the Unix Philosophy's Logical Extreme with Webassembly
Reaching the Unix Philosophy's Logical Extreme with Webassembly YouTube link (please let me know if the iframe doesn't work for you) Good morning Berlin! How're you doing this fine morning? I'm Xe and today I'm gonna talk about something that I'm really excited about: WebAssembly. WebAssembly is a compiler target for an imaginary CPU that your phones, tablets, laptops, gaming towers and even watch
If you take someone with intermediate knowledge of computing in the right areas, and ask them how an x86 machine boots, they'll probably start telling you about how the CPU first comes up in real mode and starts executing code from the 8086 reset vector of FFFF:FFF0. This understanding of how an x86 machine boots has remained remarkably persistent, as far as I can tell because this basic narrative
This paper reflects work done in late 2022 and 2023 to audit for vulnerabilities in terminal emulators, with a focus on open source software. The results of this work were 10 CVEs against terminal emulators that could result in Remote Code Execution (RCE), in addition various other bugs and hardening opportunities were found. The exact context and severity of these vulnerabilities varied, but some
Emulating an iPod Touch 1G and iPhoneOS 1.0 using QEMU (Part I) | Martijn de Vos
Around a year ago, I started working on emulating an iPod Touch 1G using the QEMU emulation software. After months of reverse engineering, figuring out the specifications of various hardware components, and countless debugging runs with GDB, I now have a functional emulation of an iPod Touch that includes display rendering and multitouch support. The emulated device runs the first firmware ever re
NVIDIA Transitioning To Official, Open-Source Linux GPU Kernel Driver - Phoronix
NVIDIA Transitioning To Official, Open-Source Linux GPU Kernel Driver Written by Michael Larabel in Display Drivers on 11 May 2022 at 04:05 PM EDT. Page 1 of 1. 239 Comments. The day has finally come: NVIDIA IS PUBLISHING THEIR LINUX GPU KERNEL MODULES AS OPEN-SOURCE! To much excitement and a sign of the times, the embargo has just expired on this super-exciting milestone that many of us have been
Last week, I went on an adventure through the electromagnetic spectrum! It’s like an invisible world that always surrounds us, and allows us to do many amazing things: It’s how radio and TV are transmitted, it’s how we communicate using Wi-Fi or our phones. And there are many more things to discover there, from all over the world. In this post, I’ll show you fifty things you can find there – all y
A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive
A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption.1 The FAA published an airworthiness directive elaborating on the issue, and I was curious to see wha
Jun 10, 2024 by Jen Simmons, Jon Davis, Karl Dubost, Anne van Kesteren, Marcos Cáceres, Ada Rose Canon, Tim Nguyen, Sanjana Aithal, Pascoe, and Garrett Davidson ContentsWebXRCSSWeb apps for MacSafari ExtensionsSpatial mediaHTMLMediaWebRTCPasskeysHTTPSJavaScriptWeb APICanvasWebGLWeb InspectorWKWebViewApple PayDeprecationsBug Fixes and moreHelp us Beta TestFeedback The last year has been a great one
Open-source software vs. the proposed Cyber Resilience Act
Open-source software vs. the proposed Cyber Resilience Act Photo by Christian Lue / Unsplash By Maarten Aertsen NLnet Labs is closely following a legislative proposal by the European Commission affecting almost all hardware and software on the European market. The Cyber Resilience Act (CRA) intends to ensure cybersecurity of products with digital elements by laying down requirements and obligation
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
In preparation for our upcoming release of Wasmtime 1.0 on September 20, we have prepared two blog posts describing the work we have put into the compiler and runtime recently. This first post will describe performance-related projects: making the compiler generate faster code, making the compiler itself run faster, making Wasmtime instantiate a compiled module faster, and making Wasmtime’s runtim
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
The Linux Kernel Module Programming Guide
WebAssembly: Docker without containers!
Claude Mythos Preview \ red.anthropic.com
Rust to WebAssembly the hard way — surma.dev
Go 1.17 Release Notes - The Go Programming Language
NIST Special Publication 800-63B
How to download and install Linux
Reverse Engineering iOS 18 Inactivity Reboot
Kalyn: a self-hosting compiler for x86-64
Rust: A Critical Retrospective « bunnie's blog
The issue of anti-cheat on Linux | Samuel Tulach
0.8.0 Release Notes ⚡ The Zig Programming Language
State of Node.js Performance 2023
Modern CPUs have a backstage cast
"�[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs
Fifty Things you can do with a Software Defined Radio 📻
News from WWDC24: WebKit in Safari 18 beta
0.10.0 Release Notes ⚡ The Zig Programming Language
Wasmtime 1.0: A Look at Performance