Recruiters, contacting me at my job email is wholly unprofessional and I absolutely refuse to engage with any recruiting company that does this. It’s easy enough to find my personal contact information, do try harder. This brought to you by a recruiter whose entire company will now never even make it to my email inbox.
Adapted from this recipe. 1 bunch cilantro leaves and steps, roughly chopped 1 cup plain Greek yogurt 4 cloves garlic 2 oz lime juice 2 oz olive oil 1 jalapeno, seeded and minced Salt and pepper to taste Blend everything in a food processor until nice and creamy. Chill. Works well with cilantro-lime chicken
Adapted from this recipe. 1 bunch cilantro, roughly chopped 4 cloves garlic 2 oz lime juice 1 oz olive oil 1 tbsp salt 1 tsp chili powder 1 tsp ground cumin 1 tsp onion powder 1/2 tsp smoked paprika 1/2 tsp pepper 1/2 tsp cayenne or chili powder
HashiCorp Consul is a distributed, highly-available service which provides service discovery with corresponding health checks, a distributed key/value store, and a service mesh solution, which can run on a variety of platforms and environments. It is designed so that every node which provides services (things to be registered in service discovery, or participate in the service mesh) runs a Consul agent, which acts as a sort of intermediary: providing an easy interface for registering services, running local health checks for both services and the node upon which it is running, and acting as a control plane for service mesh components running on that local node, amongst other things.
Make no mistake, this is a terrorist attack on the United States Capitol. There must be no reconciliation, there is no reconciling this. There must be serious consequences to performing, and inciting, a terrorist attack on our seat of government, all the way up to and including the Executive. If we don’t, next time we won’t get the building back.
Earlier this week I had ATT Business fiber installed in the new apartment. This building was gutted and rebuilt in the mid-2010s, so there was already ATT UVerse fiber in the utility closet. Installation was fairly trivial; the technician showed up with a gateway (looks like a BGW210-700). Four ethernet ports on the back, one port which goes to the PON (the thing already screwed on the wall with the fiber going into it), and power.
This weekend I made another addition to age-pkcs11, to follow best practices for HKDF key expansion from the shared secret at the core of the program. I’d been wanting to do this for a while, after reviewing some stuff I wrote about age and looking at the new V1 API there. If you recall back in June when I went into detail on the X25519 cryptography in Age, near the end Age builds up a salt which, when combined with a label and supplied to the HKDF function ties the derived key to a specific context.
I’ve been dealing a lot with the age encryption protocol lately, and had a rough idea of how the scheme worked, but I finally wanted to sit down and work it out until it actually made sense. As background, we have two parties, a sender, someone who wants to encrypt and send a file. We denote that party as U. Second, we have the recipient, that will receive that file and be able to decrypt it.
I came across this pull request in rage, the Rust implementation of age. There’s been some discussion of building a plugin system for age, and the rage implementer has started work for using a PIV device to store an age-compatible key. When the plugin system for age is decided, this will likely be the first implementation. Looking at it, parts of it are remarkably similar to what I came up with, which is reassuring to me, as I was at least heading down a similar path.
My code to use age encryption with a PKCS11 token has drastically improved in the past couple days. Fewer things hardcoded, although it still assumes you have a NIST P-256 curve on both sides of the exchange. But it derives a shared secret, passes that through a HKDF to make it a reliable key, and can output an age-formatted private or public key. It’s rapidly approaching rough usability. Some TODO items remain: