Great reading on security principles for system design. 70+ simple statements to ponder when designing systems.
More from my code attic, this is “libpigeon” – the (carrier) pigeon for messaging in a nomadic filesystem I built between 2002-2007. In hindsight this should have been 2 separate libraries, isolating the communication transport from the messaging. The entire API generated here utilizes state machines and callbacks to avoid any blocking network or disk operations outside of the initialization.
Here are some highlights:
This is the entire specification for the over-the-wire message format. Implementing in ASN.1 allowed the use of automatic code generation to handle all wire traffic, and automatically created structures for use in code that exactly matched the specification. Inside are definitions for locking behaviour, rights & permissions, crypto tokens, data protection, and much more.
The heavy lifting of setting up the GSSAPI security context, ensuring both client and server are valid principals, and enabling encryption & signatures. It uses the libevent bufferevent API to handle network IO. Connection principals are surfaced for access control by the caller.
Fully asynchronous DNS resolver capable of handling SRV records in addition to standard queries. From an age when libc resolvers blocked and suffered race conditions.
That’s all for today, hope you enjoy!