Search
1000 results for “im_a_GDeveloper”
-
Do you want to work for a large organization for a meaningful mission?
I'm hiring again a Python Developer for my team.
#fediwork #FediHire #remotework #pythonjobs
We can hire if you're in DC, VA, MD, PA, TX, NC, GA, TN, RI, NM, WI, FLSee Python developer job listing here: https://artemisconsultinginc.com/list-of-positions/
-
I named my favorite aesthetic #UnixCore or #IbmCore but I'm sure there are better names folks know.
I am too young to not have missed out of this era and it really bums me out. I am fascinated by how under-powered comparative to today these devices are, yet people got their work done on them no problem. Bless the people that maintain and preserve retro hardware. Not a developer or programmer myself rather a writer and I'd love to be able to write on one of these.
-
#Introduction 👋 Hello World!
I’m a proud #dogMom that loves to overshare photos of my #rescue #dog (Cassie).
Bringing #diversityEquitiyInclusion to #tech motivates me.
Professionally, I’ve had a long career in #softwareEngineering, but am now on a journey in the world of #siteReliability #engineering.
Sometimes I’ll also post things about #food, #coffee, #whiskey / #whisky, #wine, #travel, #nba #basketball, and #snowboarding.
-
It's been a wild couple days for Twitter. Just bonkers.
A brief re #introduction post for anyone coming over.
I'm a middle aged dad who works as a #Salesforce admin/declarative developer. I love music, especially #PowerPop, #Grunge, and #HairBands. Born, raised, and still living in #Maine. Laughter is the best.
Sometimes I'm on the #radio at https://wmpg.org playing #MaineMusic or hosting local bands.
I run this #Mastodon instance - Ain't That Cunnin' - for Mainers.
-
It's been a wild couple days for Twitter. Just bonkers.
A brief re #introduction post for anyone coming over.
I'm a middle aged dad who works as a #Salesforce admin/declarative developer. I love music, especially #PowerPop, #Grunge, and #HairBands. Born, raised, and still living in #Maine. Laughter is the best.
Sometimes I'm on the #radio at https://wmpg.org playing #MaineMusic or hosting local bands.
I run this #Mastodon instance - Ain't That Cunnin' - for Mainers.
-
It's been a wild couple days for Twitter. Just bonkers.
A brief re #introduction post for anyone coming over.
I'm a middle aged dad who works as a #Salesforce admin/declarative developer. I love music, especially #PowerPop, #Grunge, and #HairBands. Born, raised, and still living in #Maine. Laughter is the best.
Sometimes I'm on the #radio at https://wmpg.org playing #MaineMusic or hosting local bands.
I run this #Mastodon instance - Ain't That Cunnin' - for Mainers.
-
It's been a wild couple days for Twitter. Just bonkers.
A brief re #introduction post for anyone coming over.
I'm a middle aged dad who works as a #Salesforce admin/declarative developer. I love music, especially #PowerPop, #Grunge, and #HairBands. Born, raised, and still living in #Maine. Laughter is the best.
Sometimes I'm on the #radio at https://wmpg.org playing #MaineMusic or hosting local bands.
I run this #Mastodon instance - Ain't That Cunnin' - for Mainers.
-
#introductionHi! I'm Dan, a software developer from the UK. Before that I worked at Mozilla UK and at Openreach UK. Before that I did UX design at an advertising agency.I enjoy listening to podcasts, reading about psychology and maths, cooking, travelling and gardening.I'm currently in a phase of figuring out my gender identity and hoping to be legally recognised as such by the end of the year.
-
RE: https://nerdculture.de/@rattlesnakestu/106283231492865647
I introduced myself to the #fediverse 5 years ago today.
A lot has happened in the past 5 years, for me personally and in the world. I now live in the opposite corner of the continental US, and I work for a different employer - and from home instead of at a warehouse. I've also published more novels since then.
Allow me to re-introduce myself, as I am now in 2026, by way of a hash of hashtags:
I'm a #writer #photographer and #developer interested in #writing #reading #3dprinting #3dmodeling #bbs #retrotech #retrocomputing #php #codeigniter #indie #publishing #tabletopgaming #hiking #kayaking and so much more.
-
While at #SightCity yesterday, I was introduced to a line of Braille displays called b.note by Eurobraille. Intriguingly, they are powered by a Raspberry Pi, using Debian Linux as their OS. Apparently there's a developer mode, which allows users to connect to it via ssh, and even extend functionality using Python scripts. I'm already in the market for a new display and now very strongly considering getting one of these, especially since I quite liked the keyboard and Braille modules as well.
-
How to Monitor Linux Server Stats in Home Assistant
I’m a long-time Home Assistant user, and have found it an incredible way to control and monitor a wide variety of devices. Home Assistant just keeps getting better at displaying information in a friendly format, and I’ve been using it to show dashboards for everything from office lighting to server stats. The latter is the focus for this blog post: Monitoring Linux servers over MQTT using Home Assistant dashboards!
Just look at these pretty system graphs!Monitoring Linux Server Stats
I’ve been a Unix admin for over 3 decades, and have spent much of that time fighting with various software packages to monitor server stats. SNMP is anything but simple, and commercial packages traditionally made a significant dent on CPU and memory resources. Then there was the issue of collecting, formatting, and filtering stats to create a useful dashboard.
Home Assistant excels at collecting information, organizing it in a database, and displaying useful graphs and dashboards. But it’s not meant to handle system statistics – Home Assistant is primarily a platform for IoT devices. Although there is an official System Monitor service, it’s intended to monitor the local server running Home Assistant, not a remote server.
Happily, there is an excellent lightweight system monitor package designed for exactly this purpose: Linux2MQTT collects system stats and exports them via MQTT. As developer Cyrill Raccaud says, “linux2mqtt is a lightweight wrapper around psutil that publishes CPU utilization, free memory, and other system-level stats to a MQTT broker. The primary use case is to collect system performance metrics for ingestion into Home Assistant (HA) for alerting, reporting, and firing off any number of automations.” I’m happy to report that it works quite well, even if it is a little fiddly.
In case you’re not familiar with MQTT, it’s a lightweight publish-subscribe message queueing protocol that’s found a niche in the IoT space. MQTT clients pass messages through an MQTT broker using “topics” that other clients can subscribe to. Home Assistant has an open source MQTT broker Add-On called Mosquitto as well as an MQTT client, and many IoT devices like my Tasmota lights and Shelly switches already use this protocol for control and metrics. A client like linux2mqtt can easily publish system stats to a broker like Mosquitto for use in Home Assistant.
Installing and Running linux2mqtt in Ubuntu
The linux2mqtt package is written in Python and is available on Pypi, making it easy to install and maintain. But I do have a few tips and tricks to share to get it up and running monitoring Ubuntu servers.
A best practice in Debian and Ubuntu (and frankly all Unix systems) is to install Python packages in a virtual environment to maintain proper version of the Python interpreter and libraries. This functions something like a container (though less isolated or portable) and overcomes many of the headaches of maintaining a usable Python environment.
Note that linux2mqtt runs as a user, not as root. This should be reassuring but also poses some issues we will overcome!
Creating a venv for linux2mqtt is our first step:
sudo apt updatesudo apt install python3-venvpython3 -m venv ~/linux2mqttNow that we have a proper venv set up in our user home directory we can install linux2mqtt inside:
~/linux2mqtt/bin/pip install linux2mqttWe now have a version of linux2mqtt installed and ready to test out!
Preparing Home Assistant
Configuring Mosquitto and the MQTT client in Home Assistant is far beyond the subject of this article. Suffice to say, the built-in Home Assistant Mosquitto broker and client are sufficient for everything we are doing here, though you could also use any other broker if you choose.
The important thing is that you have the IP address, username, and password of your MQTT broker. For purposes of this illustration I will use the following:
- MQTT Broker IP: 192.168.1.31
- MQTT Broker User: mosquitto
- MQTT Broker Password: password
Make sure the MQTT client is up and running in “Devices & Services” and is configured to query the Mosquitto broker. By default, Home Assistant uses “homeassistant” as the MQTT auto-discovery prefix, and this is also the default for linux2mqtt. If you change this prefix you will need to specify the new one using the –homeassistant-prefix command line parameter.
Happily, Home Assistant will properly receive and organize incoming data from linux2mqtt without any other setup. As soon as you start publishing system data to the broker a new device and associated entities will appear in Home Assistant!
Selecting System Metrics
It’s a good idea to pick out the specific system metrics to send to Home Assistant before running linux2mqtt for the first time. For the purposes of this article, we will send CPU percentage, CPU temperature, network utilization, and filesystem usage. Some of these requires a little preparation work, so let’s dive in!
We’ll build a metric set to send to the MQTT broker interactively, but here’s a good baseline:
~/linux2mqtt/bin/linux2mqtt \--name $HOSTNAME \--cpu=15 \--vm \--temp \--fan \--du='/' \--du='/home' \--net=enp0s1,15 \--host=192.168.1.31 \--username=mosquitto \--password=password \-vvvvvOne of the most important command line parameters is “–name $HOSTNAME“. This identifies all of the state metrics in MQTT and Home Assistant. You can use $HOSTNAME (as I did here) or specify a name manually. I like Initial Capital Letters so I generally specify the hostname manually.
The easiest sensor to add is CPU. Just add “–cpu=60” to the linux2mqtt command line and it will send overall CPU usage plus a number of detailed state attributes (see below) each minute. I actually like to use “–cpu=15” to get more frequent updates (every 15 seconds) but you’re free to choose any value you like.
Another useful sensor is virtual memory. Add “–vm” to the command line to send virtual memory usage plus detailed state attributes. I wish there was more instrumentation for physical memory, but I can’t find it.
Each server platform will have its own set of temperature metrics, and mine are all over the map. Some provide a ton of detailed thermal info with “–temp” for various zones while others just show the CPU. Not all systems will show fan status, but it doesn’t break anything to add “–fan” just in case. If your server doesn’t have fan sensors you could leave this off the final parameter list.
Next we want to collect disk usage stats. Most people will add “–du=’/’” to collect root directory stats. Being a veteran sysadmin and storage nerd I like to use separate filesystems for things that might fill up, including /home, /var/lib/docker, and various application directories in /srv. Just run “df -h” on the command line and decide which volumes you want to include. Then add multiple parameters like “–du=’/home’” to the list.
You can also monitor one or more network interfaces. You will need to specify the specific interface name on the command line, and the easiest way to get this is by typing “ip address show | more” on the command line. If you’re using Docker or similar tools you might have quite a few! I’ve simplified it above to just “–net=enp0s1,15“, which will send stats for the interface called enp0s1 every 15 seconds. You can add multiple parameters with different network names to monitor multiple interfaces.
Next we have to specify the MQTT Broker with “–host=192.168.1.31” and authenticate with “–username=mosquitto” and “–password=password“. Obviously you’ll use your own broker IP address, username, and password.
Finally we can add “-vvvvv” to show verbose debugging info on our first run. We will leave this out when we put this into production.
Now that you have figured out which parameters to use for your particular host, you can simply run linux2mqtt on the command line:
~/linux2mqtt/bin/linux2mqtt --name $HOSTNAME --cpu=15 --vm --temp --fan --du='/' --du='/home' --net=enp0s1,15 --host=192.168.1.31 --username=mosquitto --password=password -vvvvvThis will start collection and begin sending data to the MQTT broker. Within a few seconds you will see this show up in Home Assistant under the MQTT client! Once you’re satisfied you can stop this initial run with ctrl-c and proceed to put linux2mqtt into production!
Creating a Systemd Service for linux2mqtt
I am not a fan of systemd but that’s what Debian and Ubuntu use to run system services. And it works. So we’re going to use it.
Although many of us have mucked about with system services, I was less familiar with using systemd to run user-space services. But that’s the right way to run linux2mqtt, since it does not need root privileges.
We’ll create a systemd service file in our home directory for linux2mqtt:
mkdir -p ~/.config/systemd/uservi ~/.config/systemd/user/linux2mqtt.serviceThis service file will be pretty simple. The most important bit is the command used to run linux2mqtt, which we developed in the previous section. Copy whatever worked at the end there as the “ExecStart” command in the following template. You should specify the complete directory path rather than “/home/username” and the proper hostname in this file. I’ve bolded these below. And don’t include the “-vvvvv”.
[Unit]Description=Log system information via MQTTDefaultDependencies=no[Service]ExecStart=/home/username/linux2mqtt/bin/linux2mqtt --name Hostname --cpu=15 --vm --temp --fan --du='/' --du='/home' --net=enp0s1,15 --host=192.168.1.31 --username=mosquitto --password=passwordType=execRestart=always[Install]WantedBy=default.targetAssuming you’re ready to roll, just enable these using systemd and you’re done on the host side! Note that you need to enable “linger” so systemd can run things when you’re not actively logged in.
sudo loginctl enable-linger $USER systemctl --user daemon-reloadsystemctl --user enable linux2mqtt.servicesystemctl --user start linux2mqtt.serviceHome Assistant State Attributes
Although you only see one metric by default, there are many more hidden under Attributes!The first thing to understand about linux2mqtt is that it sends a basic state plus a number of state attributes for each sensor. For example, the CPU sensor displays percentage used by default but also sends User, Nice, System, Idle, and so on as “Attributes”. These can be seen in the Home Assistant UI by clicking the Attributes dropdown box below the sensor History graph. You can show these attributes in some (but far too few) dashboard cards, or you can create a helper template to use them anywhere.
I don’t love this. But it’s what we have to work with.
The easiest thing to do is simply use the basic/default sensor attributes when building Home Assistant cards. This works pretty well for CPU and temperature sensors, and I’m using those as-is. Total Rate isn’t too bad for network usage, but I would prefer to show transfer and receive rate. And I’m really not happy with a display of bytes used as my disk statistic.
Happily, the default Entity Card can show Attributes right from the GUI. I just selected Percent under Attributes, added “%” as the Unit, and added a sensible Name. Once you add this, Home Assistant will even show you a proper historic graph for this Attribute when you click on the value. Nice!
The Entity Card can use Attributes directly from the Visual EditorLooking in the Code Editor, we can see how the Entity Card specifies this Attribute in yaml:
type: entityentity: sensor.pet_linux_disk_usage_volumeattribute: percentunit: "%"name: /This gives us clues as to how to present this information in other Cards. Some can handle Attributes if you enter them in the Code Editor, while others simply can’t display them. Sadly the Glance Card does not support Attributes, but I was able to create some slick Cards!
This dashboard combines the mini-graph-card with the basic Entity cardThe linux2mqtt page suggests using kalkih’s mini-graph-card to display graphs of sensor data, and I found it to be quite attractive once I customized it. This Card is available in HACS – just search for mini-graph-card!
Although mini-graph-card doesn’t support visual editing, it’s fairly easy to add Attributes to its graphs. For example, here’s my yaml for a slick network graph:
type: custom:mini-graph-cardentities: - entity: sensor.pet_linux_network_throughput_nic_enp2s0 show_graph: false - entity: sensor.pet_linux_network_throughput_nic_enp2s0 attribute: tx_rate name: Transmit - entity: sensor.pet_linux_network_throughput_nic_enp2s0 attribute: rx_rate name: Receivehours_to_show: 24decimals: 0name: Pet Networklower_bound: 0smoothing: falseshow: legend: false fill: false points: falseThe resulting card shows aggregate throughput as well as transmit and receive graphs for the host Pet. You’ll note that the basic aggregate throughput is displayed but not graphed while the transmit and receive stats are graphed on the same scale. I hid the legend, points, and fill since they were simply visual clutter.
Here’s my updated CPU and memory cardHere’s a nice mini-graph-card setup for CPU and memory. Substitute your own sensor IDs as needed:
type: custom:mini-graph-cardentities: - entity: sensor.pet_linux_cpu show_graph: false - entity: sensor.pet_linux_thermal_zone_k10temp_tctl show_state: true show_graph: false - entity: sensor.pet_linux_virtual_memory attribute: percent unit: "% RAM" show_state: true show_graph: false - entity: sensor.pet_linux_cpu attribute: user name: User - entity: sensor.pet_linux_cpu attribute: system name: System - entity: sensor.pet_linux_cpu attribute: iowait name: Waithours_to_show: 24decimals: 1name: Pet CPUsmoothing: falseshow: fill: false points: falseStephen’s Stance
This little project of adding remote system stats to a Dashboard illustrates what I love and hate about Home Assistant. It’s an excellent platform for collecting and displaying metrics and has an incredible ecosystem of add-ons and supported protocols. But actually getting what you want can be frustrating and fidgety, as witnessed by the spotty support for Attributes in various cards. It’s frustrating that Attributes are not supported in the Glance card or the new Badges, for instance. But I was ultimately able to make it all work, and the result was worth the effort.
#HomeAssistant #monitoring #MQTT #Python #systemd #systemsAdministration #Ubuntu #yaml
-
As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.
Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.
BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.
Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).
The vulnerability here is best demonstrated in the form of a shitpost:
“Matt” here is Mullenweg.I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.
Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.
Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.
Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.
Revisit Code-Signing
The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.
I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.
Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.
Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).
I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.
Break-Glass Security with FROST
However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.
Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).
Fortunately, cryptographers already built the tool we would need: Threshold Signatures.
From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.
When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.
The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).
Closing Thoughts
If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.
Promises and intentions don’t matter here. Mechanisms do.
Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.
The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).
One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.
Edit of XKCDIf you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.
But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.
(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)
With all that said, whatever the WordPress community decides is best for them, I’m here to help.
https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/
#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine
-
As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.
Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.
BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.
Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).
The vulnerability here is best demonstrated in the form of a shitpost:
“Matt” here is Mullenweg.I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.
Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.
Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.
Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.
Revisit Code-Signing
The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.
I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.
Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.
Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).
I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.
Break-Glass Security with FROST
However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.
Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).
Fortunately, cryptographers already built the tool we would need: Threshold Signatures.
From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.
When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.
The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).
Closing Thoughts
If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.
Promises and intentions don’t matter here. Mechanisms do.
Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.
The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).
One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.
Edit of XKCDIf you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.
But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.
(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)
With all that said, whatever the WordPress community decides is best for them, I’m here to help.
https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/
#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine
-
As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.
Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.
BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.
Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).
The vulnerability here is best demonstrated in the form of a shitpost:
“Matt” here is Mullenweg.I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.
Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.
Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.
Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.
Revisit Code-Signing
The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.
I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.
Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.
Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).
I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.
Break-Glass Security with FROST
However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.
Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).
Fortunately, cryptographers already built the tool we would need: Threshold Signatures.
From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.
When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.
The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).
Closing Thoughts
If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.
Promises and intentions don’t matter here. Mechanisms do.
Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.
The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).
One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.
Edit of XKCDIf you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.
But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.
(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)
With all that said, whatever the WordPress community decides is best for them, I’m here to help.
https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/
#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine
-
As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.
Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.
BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.
Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).
The vulnerability here is best demonstrated in the form of a shitpost:
“Matt” here is Mullenweg.I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.
Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.
Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.
Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.
Revisit Code-Signing
The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.
I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.
Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.
Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).
I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.
Break-Glass Security with FROST
However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.
Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).
Fortunately, cryptographers already built the tool we would need: Threshold Signatures.
From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.
When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.
The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).
Closing Thoughts
If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.
Promises and intentions don’t matter here. Mechanisms do.
Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.
The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).
One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.
Edit of XKCDIf you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.
But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.
(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)
With all that said, whatever the WordPress community decides is best for them, I’m here to help.
https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/
#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine
-
As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.
Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.
BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.
Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).
The vulnerability here is best demonstrated in the form of a shitpost:
“Matt” here is Mullenweg.I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.
Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.
Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.
Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.
Revisit Code-Signing
The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.
I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.
Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.
Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).
I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.
Break-Glass Security with FROST
However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.
Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).
Fortunately, cryptographers already built the tool we would need: Threshold Signatures.
From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.
When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.
The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).
Closing Thoughts
If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.
Promises and intentions don’t matter here. Mechanisms do.
Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.
The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).
One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.
Edit of XKCDIf you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.
But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.
(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)
With all that said, whatever the WordPress community decides is best for them, I’m here to help.
https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/
#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine
-
I’ve been getting to more events lately (casual meetups, small conferences, academic workshops, etc); but, I’ve been dissatisfied with my answer when I was asked the question “what do you do right now?” – because I often start to talk about a specific project.
I’ve got a number of interesting but limited (in time) pieces of work right now, and I’m excited to be involved with them; but ideally, I don’t want to describe myself and my capabilities in terms of what I’m doing for any one client, since I may not be continuing with a specific role for a longer term. It also hasn’t felt ideal to hand out a card for the studio, podcast, or with one of my client “hats”, since doing so doesn’t signal availability for “other things”.
So, time to refresh my business cards. I’m still using MOO (after all these years) – I’m happy with what they offer. The cards feature details from two different designs of my pen plotter artwork from the studio (original framed pieces, as well as prints, are available in the store). I’ve gone with the recycled cotton finish this time around.
For the tagline, I’ve tried to capture a number of my skills, abilities and interests, without limiting myself to a single niche.
freelance technologist; consultant | speaker | maker | podcaster
- I’ve been working professionally in Developer Relations for ~15 years, most frequently in the Developer Advocate role, but within that I’ve also leaned in to Partner Engineering, management, and team leadership at different times; and, I’ve also worked with public policy and moderation teams, as well as on some complex technical integrations.
- This year, I’ve also run booths at events (including at State of Open Con 2023 for the Open Source Initiative, at tech events for OpenUK, and at FOSDEM 2024 for Mastodon); and, I’ve been speaker coordinator for a major 2-day conference (State of Open Con 2024).
- I love to speak at events myself, and I’m honoured to have been invited to deliver the closing keynote at QCon in London next month.
- Our weekly podcast Games at Work dot Biz is a fun ongoing element of life – it keeps me up-to-date with what is going on at a macro level in technology trends, and has always been a great opportunity to explain and educate. Find us in your favourite podcast app!
- The Forge & Craft maker space and art studio is also a big part of my current identity.
What can I do to help you? Potentially, a range of things: through running a developer program for a technology project, to providing guidance and advice around current technology trends (fractional CTO roles), to senior community leadership and management. I have 20+ years of experience in the Open Source movement, and contributing to projects at every level.
I’m continuing to work on my online presence, but my landing page is a good starting point to find out what I’m working on (plus, the omg lol domain seems to entertain people!)
If you’d like to book time with me for consultation, you can find my bookable calendar here; you can sponsor me on GitHub or book a session with me and your team here; or, simply buy me a coffee / fund my habit of trying out new gadgets over here.
Like it? Share it -
- Click to share on Mastodon (Opens in new window)
- Click to share on LinkedIn (Opens in new window)
- Click to share on Facebook (Opens in new window)
-
Do you live near Montréal? Are you a developer who wants to see how AI can add to your toolbelt? I'm leading an event on February 22nd. I'd love to see you there. #GoogleCloud #DuetAI https://inthecloud.withgoogle.com/gen-ai-labs-montreal-2024/register.html
-
Do you live near Montréal? Are you a developer who wants to see how AI can add to your toolbelt? I'm leading an event on February 22nd. I'd love to see you there. #GoogleCloud #DuetAI https://inthecloud.withgoogle.com/gen-ai-labs-montreal-2024/register.html
-
Do you live near Montréal? Are you a developer who wants to see how AI can add to your toolbelt? I'm leading an event on February 22nd. I'd love to see you there. #GoogleCloud #DuetAI https://inthecloud.withgoogle.com/gen-ai-labs-montreal-2024/register.html
-
CW: A repost of my intro for the local here at Sunny.Garden!
Hello, I'm Sisu. I'm a nerd, gamer, artist, and developer like half the #fediverse and I'm finally making an #introduction!
I've seen so many lovely people, cats, and soon-to-be-cats join lately and decided I aught to say hello :BlobCat_Love: .
Primary features of Sisu: :apartyblobcat:
#art #pixelart #godot #linux #blender #gamedev #rust #python #foss #music #adhd #gad #bloomscrolling #animalsI'm here to socialize, create positive vibes, and friendship. I'm NOT here to argue, talk about politics, or tolerate any level of racism, sexism, homo/trans - phobias. I'm an ally and I don't need bad energy in my life.
Otherwise, feel free to follow. I'll probably follow back if you have a filled in profile and good vibes <3
-
The more I think about it, the more I’m confident that it’ll be possible to test a #RealityOS application directly from an iPhone ARKit context. The platform would be far more successful for developers to onboard on if they don’t necessary have to invest 3k to start building things. At least as long as we have a developer account around 🙃 #iOSdev #Apple
-
The more I think about it, the more I’m confident that it’ll be possible to test a #RealityOS application directly from an iPhone ARKit context. The platform would be far more successful for developers to onboard on if they don’t necessary have to invest 3k to start building things. At least as long as we have a developer account around 🙃 #iOSdev #Apple
-
The more I think about it, the more I’m confident that it’ll be possible to test a #RealityOS application directly from an iPhone ARKit context. The platform would be far more successful for developers to onboard on if they don’t necessary have to invest 3k to start building things. At least as long as we have a developer account around 🙃 #iOSdev #Apple
-
The more I think about it, the more I’m confident that it’ll be possible to test a #RealityOS application directly from an iPhone ARKit context. The platform would be far more successful for developers to onboard on if they don’t necessary have to invest 3k to start building things. At least as long as we have a developer account around 🙃 #iOSdev #Apple
-
The more I think about it, the more I’m confident that it’ll be possible to test a #RealityOS application directly from an iPhone ARKit context. The platform would be far more successful for developers to onboard on if they don’t necessary have to invest 3k to start building things. At least as long as we have a developer account around 🙃 #iOSdev #Apple
-
#Introduction 👋 Hello World!
I’m a proud #dogMom that loves to overshare photos of my #rescue #dog (Cassie).
Bringing #diversityEquitiyInclusion to #tech motivates me.
Professionally, I’ve had a long career in #softwareEngineering, but am now on a journey in the world of #siteReliability #engineering.
Sometimes I’ll also post things about #food, #coffee, #whiskey / #whisky, #wine, #travel, #nba #basketball, and #snowboarding.
-
#Introduction 👋 Hello World!
I’m a proud #dogMom that loves to overshare photos of my #rescue #dog (Cassie).
Bringing #diversityEquitiyInclusion to #tech motivates me.
Professionally, I’ve had a long career in #softwareEngineering, but am now on a journey in the world of #siteReliability #engineering.
Sometimes I’ll also post things about #food, #coffee, #whiskey / #whisky, #wine, #travel, #nba #basketball, and #snowboarding.
-
#Introduction 👋 Hello World!
I’m a proud #dogMom that loves to overshare photos of my #rescue #dog (Cassie).
Bringing #diversityEquitiyInclusion to #tech motivates me.
Professionally, I’ve had a long career in #softwareEngineering, but am now on a journey in the world of #siteReliability #engineering.
Sometimes I’ll also post things about #food, #coffee, #whiskey / #whisky, #wine, #travel, #nba #basketball, and #snowboarding.
