<channel>
<title>Petter Reinholdtsen - Entries from June 2020</title>
<description>Entries from June 2020</description>
- <link>http://people.skolelinux.org/pere/blog/</link>
+ <link>https://people.skolelinux.org/pere/blog/</link>
+ <item>
+ <title>Secure Socket API - a simple and powerful approach for TLS support in software</title>
+ <link>https://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</link>
+ <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html</guid>
+ <pubDate>Sat, 6 Jun 2020 12:40:00 +0200</pubDate>
+ <description><p>As a member of the <a href="https://www.nuug.no/">Norwegian Unix
+User Group</a>, I have the pleasure of receiving the
+<a href="https://www.usenix.org/">USENIX</a> magazine
+<a href="https://www.usenix.org/publications/login/">;login:</a>
+several times a year. I rarely have time to read all the articles,
+but try to at least skim through them all as there is a lot of nice
+knowledge passed on there. I even carry the latest issue with me most
+of the time to try to get through all the articles when I have a few
+spare minutes.</p>
+
+<p>The other day I came across a nice article titled
+"<a href="https://www.usenix.org/publications/login/winter2018/oneill">The
+Secure Socket API: TLS as an Operating System Service</a>" with a
+marvellous idea I hope can make it all the way into the POSIX standard.
+The idea is as simple as it is powerful. By introducing a new
+socket() option IPPROTO_TLS to use TLS, and a system wide service to
+handle setting up TLS connections, one both make it trivial to add TLS
+support to any program currently using the POSIX socket API, and gain
+system wide control over certificates, TLS versions and encryption
+systems used. Instead of doing this:</p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+</pre></blockquote></p>
+
+<p>the program code would be doing this:<p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);
+</pre></blockquote></p>
+
+<p>According to the ;login: article, converting a C program to use TLS
+would normally modify only 5-10 lines in the code, which is amazing
+when compared to using for example the OpenSSL API.</p>
+
+<p>The project has set up the
+<a href="https://securesocketapi.org/">https://securesocketapi.org/</a>
+web site to spread the idea, and the code for a kernel module and the
+associated system daemon is available from two github repositories:
+<a href="https://github.com/markoneill/ssa">ssa</a> and
+<a href="https://github.com/markoneill/ssa-daemon">ssa-daemon</a>.
+Unfortunately there is no explicit license information with the code,
+so its copyright status is unclear. A
+<a href="https://github.com/markoneill/ssa/issues/2">request to solve
+this</a> about it has been unsolved since 2018-08-17.</p>
+
+<p>I love the idea of extending socket() to gain TLS support, and
+understand why it is an advantage to implement this as a kernel module
+and system wide service daemon, but can not help to think that it
+would be a lot easier to get projects to move to this way of setting
+up TLS if it was done with a user space approach where programs
+wanting to use this API approach could just link with a wrapper
+library.</p>
+
+<p>I recommend you check out this simple and powerful approach to more
+secure network connections. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</description>
+ </item>
+
<item>
<title>Bompenge-Norge, med noen tall fra bompengekalkulator</title>
- <link>http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</guid>
+ <link>https://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</link>
+ <guid isPermaLink="true">https://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html</guid>
<pubDate>Mon, 1 Jun 2020 14:50:00 +0200</pubDate>
<description><p>Det er tett med sensorstasjoner langs veinettet i Norge, som
registrerer hvilke kjøretøy som passerer eller tar bilde av de som
minutter til en norsk bompengebeløp på 71 kroner. Den norske ruten
langs E6 skal derimot ta 23 timer og 16 minutter og beløpe seg til 664
kroner. Beløpene er uten autopass-brikke, slik at en slipper å få
-bilens posisjon registrert i alle bompengeavleserne som ikke også er
-bomstasjoner. For trailere er bompengekostnaden 2-3 ganger så høy som
-for personbil. I tillegg til pengebeløpet, som faktureres
+bilens posisjon registrert i alle bompengebrikkeavleserne som ikke
+også er bomstasjoner. For trailere er bompengekostnaden 2-3 ganger så
+høy som for personbil. I tillegg til pengebeløpet, som faktureres
etterskuddsvis og de siste årene har blitt umulig å gjøre opp kontant
på stedet, så kommer kostnaden med å få sine personopplysninger samlet
inn, lagret og gjort tilgjengelig for fremmede på ubestemt tid. Jeg
projects / homepage.git / blobdiff