robstradling

-- Step 1: Find the lowest/earliest certificate ID affected by the updated Apple CT Policy.
-- (Assumptions: (i) Certificate notBefore dates are never forward-dated and (ii) Log entry timestamps are always accurate).

certwatch@certwatch=> SELECT min(c.ID)
  FROM certificate c
  WHERE x509_notBefore(c.CERTIFICATE) >= '2021-04-21'::timestamp
    AND c.ID IN (
      SELECT ctle.CERTIFICATE_ID
        FROM ct_log_entry_2021 ctle
        WHERE ctle.ENTRY_TIMESTAMP >= '2021-04-21'::timestamp

lg

Adding tailscale to an EdgeRouter (and surviving system upgrades)

I suggest you run sudo bash on all of these so you're the root user.

Installing

1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your EdgeRouter's processor (ex. ER4 is mips and ERX is mipself)

sudo bash    # if you havent already

tbutts

#!/usr/bin/env python
# vim: set fileencoding=utf-8
#
# USAGE:
# Back up your tmux old config, run the script and redirect stdout to your conf
# file. Example:
#
#   $ cp  ~/.tmux.conf  ~/.tmux.conf.orig
#   $ python ./tmux-migrate-options.py  ~/.tmux.conf.orig  >  ~/.tmux.conf
#

dylanmckay

#! /usr/bin/env ruby

# NOTE: Requires Ruby 2.1 or greater.

# This script can be used to parse and dump the information from
# the 'html/contact_info.htm' file in a Facebook user data ZIP download.
#
# It prints all cell phone call + SMS message + MMS records, plus a summary of each.
#
# It also dumps all of the records into CSV files inside a 'CSV' folder, that is created

jvehent

Symantec distrust impact on the webpki

Sample size: 1236617 HTTPS sites from Cisco Umbrella and Alexa top1m (total of 1868635 sites but 632018 don't support HTTPS)

Distrusted in Firefox 60: 21089 but 7382 of those certs expire before 60 is released so only 13707 need action (1.1% of HTTPS sites, 0.73% of all sites)

Distrusted in Firefox 63: 155847 but 81198 of those certs expire before 63 is released

dillonhafer

# Taken from https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d
# just a copy in case that goes away someday

# eth1 is my WAN
# switch0 is my LAN

configure

# Firewall Rule 1/2
edit firewall ipv6-name WAN6_IN

rmhrisk

WebPKI CA Revenue

• This is intended to be an appendix of sorts for WebPKI and Digital Signature related M&A + Investment + Public Offerings
• I have been in and around this space for a long time, I know some things that are not public just like you probably do, as such I have, and will continue to excluded these sorts of details.

Company	Year	Amount
BuyPass	2015	They reported revenue of 192 million Norweigan Krones in 2015; using today's exchange rate, this is about $23 million US dollars.
Quovadis	2016	WISeKey reported QuoVadis (whom they acquired) had revenue of $18

roycewilliams

CAA Adoption Notes

CA/B mandate

The CA/Browser Forum has voted to mandate that CAs must start checking CAA records to control certificate issuance (to verify what CAs are allowed to issue certificates for a domain) by September 8th, 2017.

https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

Full language of the ballot is here.

rmhrisk

WebPKI and Digital Signature related M&A + Investment + Public Offerings

• This was inspired by Matt Suiche's great post on cyber security M&A related activity; there is some overlap but not much.
• This is all public data.
• I have also intentionally excluded sales of WebPKI key material, not only are these prices not public but they are usually very special cases that are in-essence impossible to compare effectively.
• I have also included HSMs, Smart card, Digital signatures and CA related software companies in this list as it seems relevant.

Purchased	Purchaser	Date	Price	Structure	Notes

darekkay

<?php

/* 
Backup script for trakt.tv (API v2).

Live demo: https://darekkay.com/blog/trakt-tv-backup/
*/

// create a Trakt app to get a client API key: http://docs.trakt.apiary.io/#introduction/create-an-app
$apikey = "CLIENT_API_KEY";