Skip to content

Instantly share code, notes, and snippets.

Footguns and factorisation: how to make users of your cryptographic library successful

Cryptography forms the backbone of how we securely use information online, but most developers don’t have more than a surface level understanding of cryptography.

Shannon's maxim states that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”. Open source makes this feasible for cryptography, with open source cryptographic libraries handling a huge proportion of information on the internet in flight and at rest.

Developers place a lot of trust in the authors of these libraries to get the cryptography engineering right.

But when basic usability issues result in developers using the libraries incorrectly, that trust and painstaking cryptography engineering can be for naught. Worse still, developers often believe they have used the libraries to build something that is secure. But that belief is often mistaken — their use of these libraries is actually insecur

Levelling up database security by thinking in APIs

2020 saw an escalation in the volume, intensity, and tempo of cyber attacks against critical information systems. In Australia, data breaches cost $3.9m on average. Globally, ransomware cost $20B+.

One contributing factor is how we build systems to handle data about our users. No matter if you're using SQL or NoSQL — you're likely still using many of the same techniques from the advent of the web to read and write data.

The last five years have seen big leaps in how developers are designing and building APIs. What if we apply those same techniques to databases? What sort of security improvements can we unlock?

In this talk, attendees will learn about:

Background:

Why the CSCP + CCSL existed:

  • Make security and risk assessments more efficient by doing centralized vetting of cloud service providers, by our top intelligence agency (ASD)
  • This eliminated the need for each federal government entity (of which there are 300+) to do their own risk assessment.
#!/bin/bash
if [ $# == 0 ]; then
echo "Usage: $0 <filename>"
exit 1
fi
source_filename=$1
target_filename="$(mktemp -d)/$(basename $1)-highlight.html"
tap "cloudfoundry/tap"
tap "cockroachdb/tap"
tap "heroku/brew"
tap "homebrew/bundle"
tap "homebrew/cask"
tap "homebrew/cask-versions"
tap "homebrew/core"
tap "homebrew/services"
tap "jmespath/jmespath"
tap "nektos/tap"

Highlights:

  • Update: Make upload timeout configurable (#17)
  • Update: Improve debug messages when running sectionctl deploy (#19)
  • Bugfix: Send the account + app ID when uploading an app with sectionctl deploy (#17)
  • Bugfix: Ensure version tags are prefixed with v, so GitHub Actions are triggered correctly
name: Deploy app to edge
on:
push:
branch: master
jobs:
deploy:
name: Build + deploy to Section's edge
runs-on: ubuntu-latest
#!/bin/bash
if [ -z "$1" ]; then
echo "Usage: $0 <start|versions|ps|backup>"
exit 1
fi
BASE=/usr/local/minecraft-bedrock
COMMAND="$1"