Simon Josefsson's blog

Independently Reproducible Git Bundles

Building Debian in a GitLab Pipeline

GitLab Runner with Rootless Privilege-less Capability-less Podman on riscv64

Verified Reproducible Tarballs

On Binary Distribution Rebuilds

Reproducible Software Releases

OpenSSH and Git on a Post-Quantum SPHINCS+

Guix Container Images for GitLab CI/CD

Towards Idempotent Rebuilds?

Reproducible and minimal source-only tarballs

Towards reproducible minimal source code tarballs? On *-src.tar.gz

Apt archive mirrors in Git-LFS

Trisquel on arm64: Ampere Altra

Validating debian/copyright: licenserecon

Classic McEliece goes to IETF and OpenSSH

Trisquel on ppc64el: Talos II

Enforcing wrap-and-sort -satb

Coping with non-free software in Debian

Streamlined NTRU Prime sntrup761 goes to IETF

How To Trust A Machine

A Security Device Threat Model: The Substitution Attack

Sigstore for Apt Archives: apt-cosign

More on Differential Reproducible Builds: Devuan is 46% reproducible!

Sigstore protects Apt archives: apt-verify & apt-sigstore

Trisquel is 42% Reproducible!

OpenPGP master key on Nitrokey Start

Apt Archive Transparency: debdistdiff & apt-canary

Understanding Trisquel

Preseeding Trisquel Virtual Machines Using “netinst” Images

OpenPGP key on FST-01SZ

Second impressions of Guix 1.4

Guix 1.4 on NV41PZ

Trisquel 11 on NV41PZ: First impressions

How to complicate buying a laptop

On language bindings & Relaunching Guile-GnuTLS

Privilege separation of GSS-API credentials for Apache

Static network config with Debian Cloud images

Towards pluggable GSS-API modules

What’s wrong with SCRAM?

OpenPGP smartcard with GNOME on Debian 11 Bullseye

Passive Icinga Checks: icinga-pusher

OpenPGP smartcard under GNOME on Debian 10 Buster

Offline Ed25519 OpenPGP key with subkeys on FST-01G running Gnuk

Installing Gnuk on FST-01G running NeuG

OpenPGP 2019 Key Transition Statement

Planning for a new OpenPGP key

Vikings D16 server first impressions

OpenPGP smartcard under GNOME on Debian 9.0 Stretch

GPS on Replicant 6

Why I don’t Use 2048 or 4096 RSA Key Sizes

Let’s Encrypt Clients

Automatic Replicant Backup over USB using rsync

Combining Dnsmasq and Unbound

Cosmos – A Simple Configuration Management System

SSH Host Certificates with YubiKey NEO

Scrypt in IETF

Certificates for XMPP/Jabber

Laptop decision fatigue

Laptop indecision

EdDSA and Ed25519 goes to IETF

Laptop Buying Advice?

Replicant 4.2 0003 on I9300

OpenPGP Smartcards and GNOME

Dice Random Numbers

The Case for Short OpenPGP Key Validity Periods

Wifi on S3 with Replicant

Replicant 4.2 0002 and NFC on I9300

Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard

OpenPGP Key Transition Statement

Creating a small JPEG photo for your OpenPGP key

Replicant 4.2 on Samsung S3

Necrotizing Fasciitis

Replicant 4.0 on Samsung Galaxy S III

BLURB: Software repository metadata convention

Portable Symmetric Key Container (PSKC) Library

Using OATH Toolkit with Dropbox

Small syslog server

Unattended SSH with Smartcard

OpenWRT with Huawei E367 and TP-Link TL-WR1043ND

Introducing the OATH Toolkit

On Password Hashing and RFC 6070

GNU SASL with SCRAM-SHA-1-PLUS

Debian on Lenovo X201

GS2-KRB5 using GNU SASL and MIT Kerberos for Windows

Bridging SASL and GSS-API: GS2

OpenWRT 10.03 “Backfire”

GS2-KRB5 in GNU SASL 1.5.0

Fellowship interview

Nordic Free Software Award 2009

Storing OpenPGP keys in the DNS

Thread Safe Functions

CACert and GnuTLS

OpenWRT 8.09 plus Huawei E220

Redmine on Debian Lenny Using Lighttpd

FSCONS / Nordic Free Software Award Nomination

Cyclomatic Code Complexity

My blog uses Yubikey authentication

Home Wireless Network

Real-world Performance Tuning with Callgrind

IDNA flaws with regard to U+2024

PAM module for Yubico

Response to GnuTLS in Exim Debate

FSCONS

On TLS-AUTHZ

Home Audio Server

GnuTLS v2.0

Building GnuTLS and GNU SASL without running ./configure

1 TeraByte

OpenMoko first impressions

OpenMoko Neo1973 order confirmed

Linksys WRT54G3G + Huawei E600 + OpenWRT Kamikaze = Internet at summer house

Neo1973 / OpenMoko ordered

GNU General Public License version 3

Porting to uClinux

Libidn now uses Git

Free-ietf-review

Youbico

Hacking Jobo device

First TLS v1.2 HTTPS browser in the world?

Buggy IMAP authentication on Nokia 6233

Jobo Giga Vu Pro Evolution 80GB

TLS-AUTHZ Patent Concerns

Boycott scan.coverity.com!

EnigForm – HTML/HTTP forms with OpenPGP

Password-based Authentication Protocol

New SASL GS2 document published

Libntlm 0.3.13

Debian etch on Dell Precision M65

Announcing krb5dissect

gitco

LibIDN 0.6.11

Cypak LoginKey

Base encoding

Update of Kerberos V5 over TLS draft

Kerberos 5 Credential Cache file format