tommd | 5 years ago | on: Become Shell Literate
I love shellcheck. There's no great reason not to have any new shellcheck errors commented on each pull request. It's almost always right and how much you as the developer cares is the big question.
tommd's comments
tommd | 5 years ago | on: Become Shell Literate
And for goodness sakes, use ShellCheck! It can be easy (i.e. there are CI services that will run shellcheck automatically on your PRs and comment bugs).
tommd | 5 years ago | on: Semgrep for Cloud Security
What are your thoughts on the overlap between these tools? I have a CI SaaS with checkov by default. It performs really well and requires no configuration, which was exciting. Tfsec would be easy to add but I'm not sure how duplicative it is of checkov. Anyone here have opinions?
tommd | 5 years ago | on: Semgrep for Cloud Security
It's so neat to see semgrep branching out to support more languages including IaaS. At [muse](https://github.com/marketplace/muse-dev) we went a different path of making a platform to run multiple tools. By default the tools include semgrep and, regarding the IaaS space, checkov.
tommd | 7 years ago | on: DARPA Is Building a $10M, Open-Source, Secure Voting System
That's a huge leap from "arbitrary candidates can't give a satisfactory answer during an interview" to "I don't trust it can be done."
Do you apply the same test to cryptographic algorithms?
tommd | 10 years ago | on: Applying Satisfiability to the Analysis of Cryptography
I think you skimmed a little too fast. The links are chalked full of slides, implementations, and executable examples.
tommd | 10 years ago | on: The story of .io
For obvious reasons, I wanted a `.md` domain but those are expensive... also for obvious reasons. This is a rather unfortunate and common result of our DNS system.
tommd | 11 years ago | on: Cryptol: DSL for specifying cryptographic algorithms
Some recent happenings in Cryptol land include:
* Dylan recently released a literate Cryptol version of the CFRG's ChaCha20/Poly1305 document. Very cool to see more Cryptol code like this.
* Merged the fork of SBV with upstream.
* ABC is now a supported prover.
* Support for parallel (first to finish) proving using ':set prover=any'.
* The type checker has been revamped for v2.3, so we should see simpler constraints "soon".tommd | 11 years ago | on: Mirage v2.0: a recap of the new features
While correct, I always find the declaration of Mirage (and HaLVM for that matter) as an OS to be unhelpful. It is a cross compiler for OCaml (resp. Haskell) to the Xen ABI along with libraries for interacting with Xen primitives (inter-domain communication, etc).
page 1