aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--TODO.md25
-rw-r--r--content/posts/2023-05-02-bookworm-and-podman.md2
-rw-r--r--content/posts/2025-06-08-armbian-on-odroid-n2l.md1
-rw-r--r--content/posts/2025-10-04-polycvss-v0.2.0.md143
-rw-r--r--content/projects/polycvss.md10
-rw-r--r--data/projects.yaml5
-rw-r--r--static/files/pabs.asc46
7 files changed, 206 insertions, 26 deletions
diff --git a/TODO.md b/TODO.md
index 290aa8e..4f48455 100644
--- a/TODO.md
+++ b/TODO.md
@@ -19,6 +19,7 @@
- wkd for pgp
- home: rename "Archived Posts..." to "Older Posts"
- archive: rename "Archived Posts..." to "Older Posts"
+- index with pagefind: (<https://pagefind.app/>, <https://www.tbray.org/ongoing/When/202x/2025/11/01/Blog-Search-Pagefind>)
## linting
- replace `<img>` in old posts with `{{< figure >}}` (partial work
@@ -145,6 +146,9 @@
<https://blog.tidelift.com/the-state-of-package-signing-across-package-managers>
- declarative install (go)
rationale: <https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack>
+ - counterexamples:
+ - rubygems (arbitrary ruby)
+ - rust (arbitrary rust in `build.rs`)
- typosquatting (see sqo vulns from may email)
- starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d
- ref: https://kerkour.com/rust-crate-backdoor
@@ -223,12 +227,14 @@
https://github.com/gorhill/uBlock/wiki/Procedural-cosmetic-filters
<https://rubyweekly.com/issues/620>
##table.item:has(p.name > .tag-sponsor)
+ - dark reader
+ - tab stash
- hardening
- try out various lsms
- apparmor
- lockdown
- selinux
- - systemd hardening
+ - systemd hardening (examples: spamassassin config)
- owasp guides
- disa stigs
- dropping system calls (firejail)
@@ -236,6 +242,7 @@
- heat pump (pictures/heat-pump-20220930)
- <https://insideevs.com/news/509767/tesla-model3-control-arm-fix/>
- `curl|bash` is madness
+ - vulnerable to clickfix: <https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/>
- gosec vs govulncheck
https://github.com/securego/gosec
https://www.pixelstech.net/article/1667102060-Secure-Your-Go-Code-With-Vulnerability-Check-Tool
@@ -288,6 +295,7 @@
- sorta: elasticsearch (opensearch), redis
- reddit, stackoverflow
- my tools
+ - hnb
- vim: (2 pragbooks vim books, vimhelp.org, learnvimthehardway)
- tried neovim, still like vim more
- irssi
@@ -522,6 +530,8 @@
- run tails in gnome boxes with persistent storage
(see x1 notes for details, but it's `qemu-img convert ... qemu-img resize`)
ref: <https://unix.stackexchange.com/questions/517524/install-tails-with-persistent-storage-on-virtualbox>
+- signal in tails:
+ <https://bisco.org/notes/installing-and-running-signal-on-tails/>
- bot user-agent blocking:
<https://www.jwz.org/blog/2025/05/user-agent-blocking/#comment-259206>
<https://perishablepress.com/ultimate-ai-block-list/> (linked from comment)
@@ -561,6 +571,18 @@
- eff surveillance self-defense: <https://ssd.eff.org/>
- msn good article about facebook snafu with a gratuitous omission: <https://www.msn.com/en-us/news/technology/meta-found-a-new-way-to-violate-your-privacy-here-s-what-you-can-do/ar-AA1GecPs>
- ars comment about ublock origin setting: <https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/?comments=1&post=43767385>
+- spamprobe to spamassassin (notes in v3.txt)
+ - had to disable dnswl check, was causing grief
+ - `sa-check.py`, got 184/200 (~92% true positive rate)
+ - added `sa-train.sh`, runs nightly
+ - updated `~/.mailfilter`
+ - will monitor
+- cwe id in u16, cve id in u32
+ (`~/git/test/rust/nvd-cve/src/lib.rs`)
+- "quick numbers vs accurate numbers"
+ - quick disease test versus blood test
+ - BLS jobs reports
+- `polycvss` article about bit packing and `cvss-calcs`
## linkdump (2022-08-10):
- css bg fade:
@@ -652,6 +674,7 @@
<https://www.jwz.org/blog/2024/06/your-personal-information-is-very-important-to-us/>
- <https://arstechnica.com/gadgets/2024/08/nova-launcher-savior-of-cruft-filled-android-phones-is-on-life-support/>
- software: <https://www.lawfaremedia.org/article/the-crowdstrike-outage-and-market-driven-brittleness>
+- <https://github.com/C2SP/wycheproof>
## done
- add project folders
diff --git a/content/posts/2023-05-02-bookworm-and-podman.md b/content/posts/2023-05-02-bookworm-and-podman.md
index 63b842d..485f03a 100644
--- a/content/posts/2023-05-02-bookworm-and-podman.md
+++ b/content/posts/2023-05-02-bookworm-and-podman.md
@@ -9,7 +9,7 @@ a great release.
I've been looking for a suitable [Docker][] replacement for a few years
because of [their repeated license shenanigans][license-shenanigans].
-Last year I tried switching to [Podman][], but ran into into several
+Last year I tried switching to [Podman][], but ran into several
incompatibilities and minor annoyances.
[Podman 4.3][podman-4.3] ships with [Bookworm][] and seems to fix all
diff --git a/content/posts/2025-06-08-armbian-on-odroid-n2l.md b/content/posts/2025-06-08-armbian-on-odroid-n2l.md
index 561055b..3443adf 100644
--- a/content/posts/2025-06-08-armbian-on-odroid-n2l.md
+++ b/content/posts/2025-06-08-armbian-on-odroid-n2l.md
@@ -2,7 +2,6 @@
slug: armbian-on-odroid-n2l
title: "Armbian on Odroid N2L"
date: "2025-06-08T15:31:00-04:00"
-draft: true
pics:
n2l:
diff --git a/content/posts/2025-10-04-polycvss-v0.2.0.md b/content/posts/2025-10-04-polycvss-v0.2.0.md
new file mode 100644
index 0000000..49d20f7
--- /dev/null
+++ b/content/posts/2025-10-04-polycvss-v0.2.0.md
@@ -0,0 +1,143 @@
+---
+slug: polycvss-v0.2.0
+title: "polycvss v0.2.0"
+date: "2025-10-04T03:15:48-04:00"
+---
+I just released [polycvss][] version 0.2.0.
+
+[polycvss][] is a [Rust][] library to parse and score [CVSS][] vector
+strings.
+
+Features:
+
+- [CVSS v2][doc-v2], [CVSS v3][doc-v3], and [CVSS v4][doc-v4] support.
+- Version-agnostic parsing and scoring [API][].
+- Memory efficient: Vectors are 8 bytes. Scores and severities are 1 byte.
+- No dependencies by default except the standard library.
+- Optional [serde][] integration via the `serde` build feature.
+- Extensive tests: Tested against thousands of vectors and scores from
+ the [NVD][] [CVSS][] calculators.
+
+Here is an example tool which parses the first command-line argument as
+a [CVSS][] vector string, then prints the score and severity:
+
+```rust
+use polycvss::{Err, Score, Severity, Vector};
+
+fn main() -> Result<(), Err> {
+ let args: Vec<String> = std::env::args().collect(); // get cli args
+
+ if args.len() == 2 {
+ let vec: Vector = args[1].parse()?; // parse string
+ let score = Score::from(vec); // get score
+ let severity = Severity::from(score); // get severity
+ println!("{score} {severity}"); // print score and severity
+ } else {
+ let name = args.first().map_or("app", |s| s); // get app name
+ eprintln!("Usage: {name} [VECTOR]"); // print usage
+ }
+
+ Ok(())
+}
+```
+&nbsp;
+
+Here is the example tool output for a [CVSS v2][doc-v2] vector string, a
+[CVSS v3][doc-v3] vector string, and a [CVSS v4][doc-v4] vector string:
+
+```sh
+# test with cvss v2 vector string
+$ cvss-score "AV:A/AC:H/Au:N/C:C/I:C/A:C"
+6.8 MEDIUM
+
+# test with cvss v3 vector string
+$ cvss-score "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+9.8 CRITICAL
+
+# test with cvss v4 vector string
+$ cvss-score "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H"
+5.2 MEDIUM
+```
+&nbsp;
+
+This example tool is included in the [Git repository][] as
+[`src/bin/cvss-score.rs`][cvss-score].
+
+### Links
+
+- [polycvss Git repository][polycvss]
+- [polycvss package on crates.io][crates-io-polycvss]
+- [polycvss API Documentation on docs.rs][docs-rs-polycvss]
+
+**Updates**
+
+- 2025-10-12: [polycvss v0.2.1][]: Add [`polycvss::v4::Nomenclature`][v4-nomenclature] and improve documentation.
+- 2025-10-18: [polycvss v0.3.0][]: Add user-friendly `Error` messages, remove unreleased CVSS v2.x `Version` variants, and improve documentation.
+- 2025-10-19: [polycvss v0.3.1][]: Documentation improvements.
+- 2025-11-16: [polycvss v0.3.2][]: Add `impl From<Vector> for Severity`
+ and `examples/` directory.
+
+[html]: https://en.wikipedia.org/wiki/HTML
+ "HyperText Markup Language"
+[rust]: https://rust-lang.org/
+ "Rust programming language."
+[cvss]: https://www.first.org/cvss/
+ "Common Vulnerability Scoring System (CVSS)"
+[doc-v2]: https://www.first.org/cvss/v2/guide
+ "CVSS v2.0 Documentation"
+[doc-v3]: https://www.first.org/cvss/v3-1/specification-document
+ "CVSS v3.1 Specification"
+[doc-v4]: https://www.first.org/cvss/v4-0/specification-document
+ "Common Vulnerability Scoring System (CVSS) version 4.0 Specification"
+[bit-field]: https://en.wikipedia.org/wiki/Bit_field
+ "Bit field (Wikipedia)"
+[cvss-score]: https://github.com/pablotron/polycvss/blob/main/src/bin/cvss-score.rs
+ "Example command-line tool which parses a CVSS vector and prints the score and severity to standard output."
+[git repository]: https://github.com/pablotron/polycvss
+ "polycvss git repository"
+[polycvss]: https://github.com/pablotron/polycvss
+ "polycvss Rust library"
+[v2-calc]: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator
+ "NVD CVSS v2 calculator"
+[v3-calc]: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
+ "NVD CVSS v3 calculator"
+[v4-calc]: https://nvd.nist.gov/site-scripts/cvss-v4-calculator-main/
+ "NVD CVSS v4 calculator"
+[cargo]: https://doc.rust-lang.org/cargo/
+ "Rust package manager"
+[podman]: https://podman.io/
+ "Podman container management tool"
+[docker]: https://docker.com/
+ "Docker container management tool"
+[api]: https://en.wikipedia.org/wiki/API
+ "Application Programming Interface (API)"
+[linter]: https://en.wikipedia.org/wiki/Lint_(software)
+ "Static code analysis tool to catch common mistakes"
+[src-v2-rs]: src/v2.rs
+ "CVSS v2 parsing and scoring"
+[src-v3-rs]: src/v3.rs
+ "CVSS v3 parsing and scoring"
+[src-v4-rs]: src/v4.rs
+ "CVSS v4 parsing and scoring"
+[nvd]: https://nvd.nist.gov/
+ "National Vulnerability Database (NVD)"
+[cvss-calcs]: https://github.com/pablotron/cvss-calcs
+ "Generate random CVSS vector strings and score them."
+[crates.io]: https://crates.io/
+ "Rust package registry"
+[docs-rs-polycvss]: https://docs.rs/polycvss
+ "polycvss API documentation on docs.rs"
+[crates-io-polycvss]: https://crates.io/crates/polycvss
+ "polycvss on crates.io"
+[serde]: https://serde.rs/
+ "Rust serializing and deserializing framework."
+[polycvss v0.2.1]: https://github.com/pablotron/polycvss/releases/tag/0.2.1
+ "polycvss version 0.2.1"
+[polycvss v0.3.0]: https://github.com/pablotron/polycvss/releases/tag/0.3.0
+ "polycvss version 0.3.0"
+[polycvss v0.3.1]: https://github.com/pablotron/polycvss/releases/tag/0.3.1
+ "polycvss version 0.3.1"
+[polycvss v0.3.2]: https://github.com/pablotron/polycvss/releases/tag/0.3.2
+ "polycvss version 0.3.2"
+[v4-nomenclature]: https://docs.rs/polycvss/latest/polycvss/v4/enum.Nomenclature.html
+ "polycvss::v4::Nomenclature documentation."
diff --git a/content/projects/polycvss.md b/content/projects/polycvss.md
new file mode 100644
index 0000000..eddea7a
--- /dev/null
+++ b/content/projects/polycvss.md
@@ -0,0 +1,10 @@
+---
+title: "polycvss"
+slug: "polycvss"
+active: true
+repo: "https://github.com/pablotron/polycvss"
+text: "Self-contained C11 SHA-3 implementation."
+text: "Rust library for CVSS vector string parsing and score calculation."
+text: "Rust library to parse and score CVSS vector strings."
+---
+Rust library to parse and score CVSS vector strings.
diff --git a/data/projects.yaml b/data/projects.yaml
index 60e8a48..f800edd 100644
--- a/data/projects.yaml
+++ b/data/projects.yaml
@@ -16,6 +16,11 @@
repo: "https://github.com/pablotron/luigi-template"
text: "String templating library for Java, JavaScript, PHP, and Ruby."
+- name: "polycvss"
+ slug: "polycvss"
+ repo: "https://github.com/pablotron/polycvss"
+ text: "Rust library to parse and score CVSS vector strings."
+
- name: "SHA2"
slug: "sha2"
repo: "https://github.com/pablotron/sha2"
diff --git a/static/files/pabs.asc b/static/files/pabs.asc
index 9bda0d2..555912f 100644
--- a/static/files/pabs.asc
+++ b/static/files/pabs.asc
@@ -2,27 +2,27 @@
mDMEZPpC4BYJKwYBBAHaRw8BAQdAozyRcx2w+Eb6m6VBVEp3EnfdOsH1SGgY7Bf0
7F7zP2C0H1BhdWwgRHVuY2FuIDxncGdAcGFibG90cm9uLm9yZz6ImQQTFggAQQIb
-AQUJA+MNIAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBAIRNlIVSOsZj2T/c44Y
-JTTN0fK4BQJk+kTGAhkBAAoJEI4YJTTN0fK4bnMA/RAZ5S31GTIrZUA3JmZvCvwq
-k3rtWxL6BDhco8yQOdQuAQCM6qSHN4rXr+6ztIe3EvkpWU8lXh1Uc3Krki5kTzQA
-ArQrUGF1bCBEdW5jYW4gKGdpdGh1YikgPGdpdGh1YkBwYWJsb3Ryb24ub3JnPoiW
-BBMWCAA+FiEEAhE2UhVI6xmPZP9zjhglNM3R8rgFAmT6RJ4CGwEFCQPjDSAFCwkI
-BwIGFQoJCAsCBBYCAwECHgECF4AACgkQjhglNM3R8rjyvwD+PbyFukeFU6SMTGa0
-5ciR5WbhXhRHm19f0i+i8dfjRGQA/ifcNa6L+jefQUY5r2eIcjo+5AyANKeQQX1E
-atOoS14HtCtQYXVsIER1bmNhbiAocGVyc29uYWwpIDxwYWJzQHBhYmxvdHJvbi5v
-cmc+iJYEExYIAD4WIQQCETZSFUjrGY9k/3OOGCU0zdHyuAUCZPpEvAIbAQUJA+MN
-IAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCOGCU0zdHyuPdVAQCktsGno4Rs
-2F+mpkBL/XAZygGcXTex87GBk+9UHTIFoAD/W2IxS3sXhG84+dVuXawEjbVAsZnY
-JXgo/Yp89t3FcQO4MwRk+kMGFgkrBgEEAdpHDwEBB0CXyafK+3r6c+foOGSypcN3
-DDpRJ4E08hZrLlMDo66tmYj1BBgWCAAmFiEEAhE2UhVI6xmPZP9zjhglNM3R8rgF
-AmT6QwYCGwIFCQPjDPoAgQkQjhglNM3R8rh2IAQZFggAHRYhBMxaPAkB8qSbHzks
-9w9m3LNb0xXvBQJk+kMGAAoJEA9m3LNb0xXvnlsA/2XAWLXyMSTTGBVLN3V96gpT
-L/jm2fincNSBkk5heOT3AP0SM6I8I7yBN8a9HyRW7of7dISp1DPRej7zjba+w2DW
-D02/AQDOFVyNA8nFU8VIply2q0f5cWremdEyKZsMQOoV7h8YrwEAkZPruamwJOhb
-dERvNLzLRfTy4Ur21AZQCbNDO1PiEgi4OARk+kMWEgorBgEEAZdVAQUBAQdAnLxb
-gFTx1NB4SrLsKOV/3zZkwGiPHhwNy1rf8czSlCUDAQgHiH4EGBYIACYWIQQCETZS
-FUjrGY9k/3OOGCU0zdHyuAUCZPpDFgIbDAUJA+MM6gAKCRCOGCU0zdHyuH71AQCL
-EetpJgsLGwm0qqwPMIwk38h/VfsG5B4cSOiP5KFfKQD+Ko6KWtGkgwS2k8IgqEng
-GdWY8q5PwXp8FHsdOC7QuQI=
-=84QG
+AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBAIRNlIVSOsZj2T/c44YJTTN
+0fK4BQJozgCMBQkHliSsAAoJEI4YJTTN0fK4fNkBAN0ytDOHZbjWJIuGRp/VvtAn
+EIz5ngsqEr60uMvv5t7eAQC0AgQ2o2J/AHwou7V0fz2uISH9QSHMGw/Y5Hjn6RX+
+BbQrUGF1bCBEdW5jYW4gKGdpdGh1YikgPGdpdGh1YkBwYWJsb3Ryb24ub3JnPoiW
+BBMWCAA+AhsBBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEAhE2UhVI6xmPZP9z
+jhglNM3R8rgFAmjOAIwFCQeWJKwACgkQjhglNM3R8rilewEA19Lc/7iWIkmIWSTI
+veXUZD0dCNzOg0nhhl7GEMoK/foA/24+KVQUWU2AJka4RNb4glVqo1b6UNq2IOZr
+rLmZv5sLtCtQYXVsIER1bmNhbiAocGVyc29uYWwpIDxwYWJzQHBhYmxvdHJvbi5v
+cmc+iJYEExYIAD4CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQCETZSFUjr
+GY9k/3OOGCU0zdHyuAUCaM4AjAUJB5YkrAAKCRCOGCU0zdHyuLUSAQDSQS2OQa/E
+VdAyRd1LR8jR7WPaHAyXbPanOC8x+3AksQEAx3gwp0ZBxAhj7lwlzuqAdxWy1Eiu
++9O1gAcEyDzULgS4MwRk+kMGFgkrBgEEAdpHDwEBB0CXyafK+3r6c+foOGSypcN3
+DDpRJ4E08hZrLlMDo66tmYj1BBgWCAAmAhsCFiEEAhE2UhVI6xmPZP9zjhglNM3R
+8rgFAmjOATAFCQeWJSoAgXYgBBkWCAAdFiEEzFo8CQHypJsfOSz3D2bcs1vTFe8F
+AmT6QwYACgkQD2bcs1vTFe+eWwD/ZcBYtfIxJNMYFUs3dX3qClMv+ObZ+Kdw1IGS
+TmF45PcA/RIzojwjvIE3xr0fJFbuh/t0hKnUM9F6PvONtr7DYNYPCRCOGCU0zdHy
+uGg/AP9Vj/sL5GoNcvgx8d7SdKV+GWAmJnGFAszAkPsA4vCULgD/cSP+mafM9Xdf
+mCEYA2Wcps/nPOkJoXJDfFcyO0vMVwO4OARk+kMWEgorBgEEAZdVAQUBAQdAnLxb
+gFTx1NB4SrLsKOV/3zZkwGiPHhwNy1rf8czSlCUDAQgHiH4EGBYIACYCGwwWIQQC
+ETZSFUjrGY9k/3OOGCU0zdHyuAUCaM4BEwUJB5Yk/QAKCRCOGCU0zdHyuOehAP0W
+QeLan4L834js6/UJ3Cow8T+QLEaJxCKGrEhYOwjrQQD8CU/3XuO6FKRFIZsC57Lw
+uWmtrMiaRtxcEjoL7GEsOw0=
+=qJVW
-----END PGP PUBLIC KEY BLOCK-----
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-13 08:06:24 +0000