If you’ve worked with Mastodon (or possibly other ActivityPub implementations too) HTTP Signatures might sound familiar. When notifying another server of an event, the request can be signed thus proving its authenticity, meaning that the receiving server doesn’t need to go and fetch the authoritative version from the origin. This reduces load on both the receiver of the event (less requests to send) and the origin (less requests to serve).
A while back I was trying to implement HTTP signatures to use with ActivityPub interactions with Mastodon. In Clojure. There is a go-to library for Clojure when it comes to crypto stuff, but I couldn’t get it to do the specific thing I needed: SHA-256 / RSA signatures. I looked at other options too, but as I’m not familiar with NaCl, that was just a confusing mess of wrappers around Java wrapped around C.
In the end I went with using Java interop to call Bouncy Castle stuff directly. I hate Java and interop in Clojure just feels wrong, but at least I could get it to work. Not to mention if something, Bouncy Castle is maintained. It wasn’t exactly a joyride, but it works. Check out the source if you’re interested (or want to use it). I didn’t make it stand-alone or put it up on Clojars (yet).
Occasionally I work from home, and access to certain development resources is restricted to either the office IP or the use of a secure VPN. Since everyone uses Macs or Windows at the office there are no manuals or guides to set it up on linux, so I had to figure stuff out myself.
First of all, Ubuntu doesn’t have L2TP support out of the box currently, but luckily Ask Ubuntu has plenty of questions on the topic. Apparently L2TP was removed at 16.04 for some dependency reason, and replaced with a package called StrongSwan. Luckily it’s in the main repository, so it can be installed without much hassle. (However, I tried it on 18.04 and I was unable to add a VPN as the Save/Apply button simply wouldn’t work.)
I just applied for a summer internship at one of my credit card providers (Mitsui-Sumitomo) and guess what, they sent me my username and the password i set in a plaintext email.
The only single time i can accept that they email me my password after registration is when the initial pass is random generated and i’m required to change it at the first login. But sending me the password i set myself and been using for the past month? What the hell?
