This commit is contained in:
linse 2017-09-17 10:00:44 -04:00
parent 138cb614a4
commit 1c2fde2c7d
3 changed files with 12 additions and 12 deletions

View file

@ -17,11 +17,11 @@ Piñata transmits the private key to a bitcoin wallet which is filled with ~10BT
On startup, the Piñata generates its certificate authority on the fly, including On startup, the Piñata generates its certificate authority on the fly, including
certificates and private keys. This means that only the Piñata itself contains certificates and private keys. This means that only the Piñata itself contains
private keys which can authenticate successfully, thus an attacker has to find private keys which can authenticate successfully, and an attacker has to find
an exploitable flaw in any software layer (OCaml runtime, virtual network an exploitable flaw in any software layer (OCaml runtime, virtual network
device, TCP/IP stack, TLS library, X.509 validation, or elsewhere). device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.
The Piñata is online since February 2015, and although thousands of unique IP The Piñata is online since February 2015, and even though thousands of unique IP
addresses initiated connections, the wallet still contains the 10 BTC. addresses initiated connections, the wallet still contains the 10 BTC.
By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody

View file

@ -8,15 +8,15 @@ abstract: ![TLS reverse proxy](/static/img/reverse.png)
The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
listens for TLS connections, and forwards requests to backend services, such as a listens for TLS connections, and forwards requests to backend services, such as a
web server. The specific backend is chosen by inspecting the Server Name web server. The backend is chosen by inspecting the Server Name
Indication, a widely deployed extension of the TLS protocol, where a client Indication, a widely deployed extension of the TLS protocol, where a client
requests the server name to talk with during the TLS handshake. requests the server name to talk with during the TLS handshake.
It is similar to other projects such as stunnel or stud, but uses our TLS The project is similar to others, such as stunnel or stud, but uses our TLS
implementation written in the memory-safe language OCaml, instead of one written implementation written in the memory-safe language OCaml, instead of one written
in the error-prone language C. The backend web servers don't need TLS support, in C. The backend web servers don't need TLS support,
which lowers the maintainence burden. Many security issues in TLS which lowers the maintainence burden. Most security problems in TLS
implementations are due to memory safety and support for outdated ciphersuites. implementations are caused by unsafe memory handling and support for weak cryptographic primitives.
This TLS reverse proxy is deployed on various websites, including [Real World This TLS reverse proxy is deployed on various websites, including [Real World
OCaml](https://realworldocaml.org) since 2015. OCaml](https://realworldocaml.org) since 2015.

View file

@ -167,13 +167,13 @@ simcorp, lexifi) and academia.
The OCaml compiler generates native code for x86, arm, etc., and has a bytecode The OCaml compiler generates native code for x86, arm, etc., and has a bytecode
backend, which can target microcontrollers (PIC18 family in the [OcaPIC project](http://www.algo-prog.info/ocapic/web/?id=OCAPIC:OCAPIC)). backend, which can target microcontrollers (PIC18 family in the [OcaPIC project](http://www.algo-prog.info/ocapic/web/?id=OCAPIC:OCAPIC)).
OCaml can also be compiled to JavaScript, which allow to develop both client OCaml can also be compiled to JavaScript, so both client
and server side of a web application in a single language (more details at the [ocsigen project](http://ocsigen.org/)). and server side of a web application can be developed in the same language with shared interface code (more details at the [ocsigen project](http://ocsigen.org/)).
In 2016, Facebook developed [reason](https://reasonml.github.io/), a dialect of In 2016, Facebook developed [reason](https://reasonml.github.io/), a dialect of
OCaml which syntax is closer to JavaScript, and easier to comprehend for OCaml which syntax is closer to JavaScript, and easier to comprehend for
beginners. Reason and OCaml code can be easily combined in a single beginners. Reason and OCaml code can be easily combined into a single
application, since the same compiler is used. application, since they use the same compiler.
More literature on why OCaml is a good choice has been More literature on why OCaml is a good choice has been
written by Yaron Minsky (Jane Street) in the article [OCaml for the masses](http://queue.acm.org/detail.cfm?id=2038036), and more recently by the crypto-ledger [tezos](https://www.tezos.com/static/papers/position_paper.pdf). written by Yaron Minsky (Jane Street) in the article [OCaml for the masses](http://queue.acm.org/detail.cfm?id=2038036), and more recently by the crypto-ledger [tezos](https://www.tezos.com/static/papers/position_paper.pdf).