Profile cover photo
Profile photo
Aldo Cortesi
713 followers -
Coder, security consultant and reader of books.
Coder, security consultant and reader of books.

713 followers
About
Aldo's posts

Post has attachment
I've just released devd v0.2 - binaries and source are available on Github, as usual. This release includes a small set of new features, and the usual slew of bugfixes and consolidations. If you use devd, you should update. 

I love small, modest tools that do one thing well. I wrote devd partly out of nostalgia for thttpd, a tiny web daemon that used to be my rough-and-ready, just-serve-files-now webserver for many years. It was a single, small binary that I could cross-compile for all the platforms I used, and it did its humble job well. Back in the day, it was one of the first things I put on every new box, along with my shell configuration and ssh keys. When it started showing its age, I moved on to the usual combination of built-in interpreter daemons (e.g. "python -m SimpleHTTPServer") and more heavy-handed tools, but not without a touch of sadness. Looking back on it now, it's clear that the thttpd I remember is a somewhat rose-tinted version of the real thing: thttpd actually did both more and less than I really needed. Devd strives to be a tool in the same sprit, that matches more closely what I want in my EDC http daemon. If people think of it as a small, dependable and unobtrusive part of their daily toolset, I'll have done my job well.

This release includes a few new features for devd, and the next release will add a few more. Not long after that, I expect it to be more or less feature complete. It will continue to improve internally, and bugs will always be fixed, but it will never sprout the ability to run PHP or render less on the fly (both feature requests I've had since the first release). Instead, it will focus on doing the few things it does as well as it can: serve files, act as a reverse proxy tying development servers together, and live reload when files change.

Post has attachment
I've just released devd: a small HTTP daemon for developers. It tries to scratch my own personal itches by being cross-platform, entirely self-contained, geared for interactive use on the terminal, and includes useful features like livereload, reverse proxying and simulation of bandwidth and latency. 

Post has attachment
Coffee shop read of the day: Intriguing properties of neural networks. Includes a nice demonstration of adversarial trickery with obvious security applications.

Post has attachment
Coffee shop read of the day: An Astrophysical Explanation for the Great Silence

Post has attachment
Coffee shop read of the day: Don't Thrash: How to Cache Y our Hash on Flash. Introduces the quotient filter, an alternative to the Bloom filter with some really nice properties.

Post has attachment
Coffee shop read of the day: Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed - http://www.umiacs.umd.edu/~tdumitra/papers/IMC-2014.pdf

Post has attachment
Coffee shop read of the day: Bootleggers and Baptists - The education of a regulatory economist. Many of the insights here will seem oddly familiar to old security hands, particularly considering the perverse effects that certain types of security governance can have on organisations.

Post has attachment
I've just published "How mitmproxy works". It's a detailed description of mitmproxy's interception process, and is more or less the overview document I wish I had when I first started the project. I proceed by example, starting with the simplest unencrypted explicit proxying, and working up to the most complicated interaction - transparent proxying of SSL-protected traffic1 in the presence of SNI.

Post has attachment
I'm happy to announce the release of mitmproxy 0.9. This is a major release, with huge improvements to mitmproxy pretty much across the board. So much has happened in the year since the last release that it's difficult to pick out the headlines. Mitmproxy is now faster, more scalable, and works in more tricky corner cases than ever before. Full transparent mode support has landed for both Linux and OSX. Content decoding is much nicer, with a slew of new targets like AMF and Protocol Buffers. We now have a WSGI container that allows you to host web apps right in the proxy. In addition to this, there is a myriad of new features, bugfixes and other small improvements.

There are also changes afoot in the project itself. As a first step, I've moved mitmproxy from the GPLv3 to an MIT license. I hope that this will make it easier for people to use the project in more contexts. Keep an eye out for more changes along these lines soon, geared to broadening participation in the project.

Post has attachment
My reaction to the death of Google Reader: it would have been better for everyone if Google never entered the feed reader space at all.
Wait while more posts are being loaded