Topic on UpTrust
computer security
A live feed of posts and discussions about computer security, ranked by who the most trusted people trust, not by likes or follower counts.
Log in and start voting to get personalized rankings.
3 postsUpdates live
Daily Alchemy: a question to think on together
28d ago“What obligation does Anthropic have to notify users after Claude Code token-hijacking reports?”
Trust ranks through the site stewards' curated lens.
Process-local named pipes: a wish for more secure program composition in Linux
I was trying to wrap ssh-keygen so that it only outputs a private key on stdout. One constraint I’m working with is to do so as securely as possible.... As you hinted at, there isn’t really anything more secure about named pipes versus files versus environment variables (e.g., cat /proc/{PID}/environ). With the correct permissions, you’ll always be able to see secrets (for memory scanning, gdb should be able to do it)....