• 0 Posts
  • 10 Comments
Joined 2 years ago
cake
Cake day: June 4th, 2023

help-circle




  • Ditching TCP/IP and defining a whole new protocol stack would require your ISP to have routers that know how to route this new protocol without IP addresses. Also, every router between the source and destination would have to support the protocol also. That seems like a huge hurdle. We can’t even get mainstream ISPs to support IPv6 in the last 25 years.

    Unless the author intends to layer this on top of IP, which defeats the defined goal.

    If you did this, you would be running your own “Internet” with only your own routers connecting to each other.




  • In other words, if the sha matches, then it wasn’t corrupted during downloading. If the signature matches, then it wasn’t tampered with before you downloaded it.

    There’s also a third check. Even if the certificate signature is valid, you have to have confidence that the certificate is authentic and trusted to be from the original author. This is usually done by having a trusted third party sign the certificate with another, more trusted, certificate.


  • If you get the sha256 from the same place you got the main file, then anyone tampering with the main file could also recalculate the sha256 to match the tampered file. A signature signed with a certificate uses complex math (public-key asymmetric cryptography) to give some certainty that the signed content (the sha256) is the same sha256 that the original file author created. It’s not mathematically feasible to recalculate the certificate signature. Why don’t we just sign the whole original file with the public-key crypto and skip the sha256? Because asymmetric crypto is much, much slower than plain symmetric crypto or hash functions. It’s faster and easier to generate the valid hash or key, then sign or encrypt just the smaller key.


  • https://www.phoronix.com/news/Debian-GNU-Hurd-2023

    In the Debian GNU/Hurd case it’s even less practical due to the many limitations of Hurd and its primitive hardware support.

    Given the Hurd limitations, Debian GNU/Hurd is mostly practical in VMs.

    Debian GNU/Hurd is currently available for i386 and can build around 65% of the Debian archive.

    Since the prior Debian GNU/Hurd release, APIC, SMP, and 64-bit support has improved a lot but is still a work-in-progress.

    Debian GNU/Hurd has improved a bit over the past decade since last time testing it but is still very much limited and niche compared to Debian GNU/Linux.