+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Secure_Socket_API___a_simple_and_powerful_approach_for_TLS_support_in_software.html">Secure Socket API - a simple and powerful approach for TLS support in software</a></div>
+ <div class="date"> 6th June 2020</div>
+ <div class="body"><p>As a member of the <a href="https://www.nuug.no/">Norwegian Unix
+User Group</a>, I have the pleasure of receiving the
+<a href="https://www.usenix.org/">USENIX</a> magazine
+<a href="https://www.usenix.org/publications/login/">;login:</a>
+several times a year. I rarely have time to read all the articles,
+but try to at least skim through them all as there is a lot of nice
+knowledge passed on there. I even carry the latest issue with me most
+of the time to try to get through all the articles when I have a few
+spare minutes.</p>
+
+<p>The other day I came across a nice article titled
+"<a href="https://www.usenix.org/publications/login/winter2018/oneill">The
+Secure Socket API: TLS as an Operating System Service</a>" with a
+marvellous idea I hope can make it all the way into the POSIX standard.
+The idea is as simple as it is powerful. By introducing a new
+socket() option IPPROTO_TLS to use TLS, and a system wide service to
+handle setting up TLS connections, one both make it trivial to add TLS
+support to any program currently using the POSIX socket API, and gain
+system wide control over certificates, TLS versions and encryption
+systems used. Instead of doing this:</p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+</pre></blockquote></p>
+
+<p>the program code would be doing this:<p>
+
+<p><blockquote><pre>
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);
+</pre></blockquote></p>
+
+<p>According to the ;login: article, converting a C program to use TLS
+would normally modify only 5-10 lines in the code, which is amazing
+when compared to using for example the OpenSSL API.</p>
+
+<p>The project has set up the
+<a href="https://securesocketapi.org/">https://securesocketapi.org/</a>
+web site to spread the idea, and the code for a kernel module and the
+associated system daemon is available from two github repositories:
+<a href="https://github.com/markoneill/ssa">ssa</a> and
+<a href="https://github.com/markoneill/ssa-daemon">ssa-daemon</a>.
+Unfortunately there is no explicit license information with the code,
+so its copyright status is unclear. A
+<a href="https://github.com/markoneill/ssa/issues/2">request to solve
+this</a> about it has been unsolved since 2018-08-17.</p>
+
+<p>I love the idea of extending socket() to gain TLS support, and
+understand why it is an advantage to implement this as a kernel module
+and system wide service daemon, but can not help to think that it
+would be a lot easier to get projects to move to this way of setting
+up TLS if it was done with a user space approach where programs
+wanting to use this API approach could just link with a wrapper
+library.</p>
+
+<p>I recommend you check out this simple and powerful approach to more
+secure network connections. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/Bompenge_Norge__med_noen_tall_fra_bompengekalkulator.html">Bompenge-Norge, med noen tall fra bompengekalkulator</a></div>
<div class="date"> 1st June 2020</div>
</div>
<div class="padding"></div>
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Redaksjon_p__plass_for_Noark_5_tjenestegrensesnitt.html">Redaksjon på plass for Noark 5 tjenestegrensesnitt</a></div>
- <div class="date"> 5th February 2020</div>
- <div class="body"><p>Arbeidet med å lage et godt, fritt og åpent standardisert maskinelt
-grensesnitt for arkivering, med tilhørende fri
-programvareimplementasjon fortsetter. Jeg snakker om
-<a href="https://github.com/arkivverket/noark5-tjenestegrensesnitt-standard">Noark
-5 Tjenestegrensesnitt</a> og
-<a href="https://gitlab.com/OsloMet-ABI/nikita-noark5-core/">Nikita</a>.
-Siste nytt etter
-<a href="https://www.nuug.no/aktiviteter/20200127-noark-seminar/">seminaret
-for noen dager siden</a>, er vi i Nikita-prosjektet har fått beskjed
-fra Arkivverket at det blir satt ned en redaksjon for å videreutvikle
-spesifikasjonen. Redaksjonen består av Mona Danielsen og Anne Sofie
-Knutsen ved arkivverket, Thomas Sødring ved OsloMet, og meg selv fra
-NUUG. De to sistenevnte tar seg av de åpenbare forbedringene, mens
-hele redaksjonen diskuterer tvilstilfeller. Jeg håper dette vil bidra
-til at vi lykkes i å gjøre denne protokollspesifikasjonen så entydig
-og klar at den vil bidra til et velfungerende marked for
-arkivsystemer, og sikre at programmer som trenger å snakke med
-arkivsystemet kan snakke med enhver implementasjon av
-API-spesifikasjonen. Nikita er den første implementasjonen, men det
-bør blir flere.</p>
-
-<p>Det gjenstår riktig nok endel før vi er i mål, selv om svært mye
-allerede er på plass. Med innspill og forslag til forbedringer fra
-alle som vil ha et leverandøruavhengig og fullstendig
-datamaskinlesbart grensesnitt til arkivet, så tror jeg vi vil
-lykkes.</p>
-
-<p>Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til
-det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner
-til min adresse
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.
-Merk, betaling med bitcoin er ikke anonymt. :)</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/noark5">noark5</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
<p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
<div id="sidebar">
<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/05/">May (3)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/06/">June (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2020/06/">June (2)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (170)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (171)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (159)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (417)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (418)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (57)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (58)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (60)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
projects / homepage.git / blobdiff