jm + colmmacc   5

Excellent Twitter thread from colmmacc on how s2n avoids protocol-state errors
using a linearized set of state transitions, and Cryptol and SAW to perform verification of the TLS state machine
cryptol  saw  formal-verification  twitter  threads  colmmacc  security  s2n 
27 days ago by jm
Colm MacCárthaigh on TLS 1.3 and the risks of 0-RTT
here's my advice: if you see a server supporting 0-RTT and that server doesn't give you an iron-clad guarantee that when the key is used, it's deleted, and that your EARLY CONVERSATION can't be repeated ... don't use it.
colmmacc  tls  security  ssl  0rtt  risks  networking  crypto 
march 2018 by jm
VPC NAT gateways : transactional uniqueness at scale
colmmacc introducing the VPC NAT gateway product from AWS, in a guest post on James Hamilton's blog no less!:
you can think of it as a new “even bigger” [NAT] box, but under the hood NAT gateways are different. The connections are managed by a fault-tolerant co-operation of devices in the VPC network fabric. Each new connection is assigned a port in a robust and transactional way, while also being replicated across an extensible set of multiple devices. In other words: the NAT gateway is internally horizontally scalable and resilient.
amazon  ec2  nat  networking  aws  colmmacc 
january 2016 by jm
Amazon Route 53 Infima
Colm McCarthaigh has open sourced Infima, 'a library for managing service-level fault isolation using Amazon Route 53'.
Infima provides a Lattice container framework that allows you to categorize each endpoint along one or more fault-isolation dimensions such as availability-zone, software implementation, underlying datastore or any other common point of dependency endpoints may share.

Infima also introduces a new ShuffleShard sharding type that can exponentially increase the endpoint-level isolation between customer/object access patterns or any other identifier you choose to shard on.

Both Infima Lattices and ShuffleShards can also be automatically expressed in Route 53 DNS failover configurations using AnswerSet and RubberTree.
infima  colmmacc  dns  route-53  fault-tolerance  failover  multi-az  sharding  service-discovery 
november 2013 by jm
/~colmmacc/ » Prime and Proper
algorithm to perform set membership tests on enumerated sets quickly and memory-efficiently, using multiplication by primes. Nice trick
hacks  colmmacc  prime-numbers  set-membership  bloom-filters  bignums  algorithms  programming  from delicious
september 2010 by jm

Copy this bookmark:



description:


tags: