These are good :-)

Bit hard for VMS to support the secure key store when it's a function of the Apple chip. Didn't the Vax and Alpha have special parts to them that VMS exploited, although not security related. We are moving to commodity hardware I guess we have to put up with it's limitations?

Those kids who were learning about ai through neural nets use python to get at the cool stuff underneath which is tensorflow

For something similar although more comprehensive than poetry writing is the Wolfram Language

This video pretty much depicts what I think kids should be learning who need to churn out widgets (the majority of programmers. Those who do things like compiler design or OS design or real time are not under this model but I wonder if one day they could be)

(and this is 4 years ago)

It's still being enhanced today. The latest additions are around quantum computing

A database running within SGX enclave:

https://www.microsoft.com/en-us/research/publication/enclavedb-a-secure-database-using-sgx/


Spectre variant 3a & variant 4 flaws have been disclosed, affecting
various Intel, AMD and Arm processors
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works

CVE-2018-3639, CVE-2018-3640

PGP alternative with Perfect Forward Security (PFS) support:
https://github.com/stealth/opmsg

Fun with WireShark
http://chrissanders.org/2018/05/large-captures1-colorizing-wireshark/

Per Jess Telford, some words that should be avoided using when writing
documentation:
obviously, basically, simply, of course, clearly, just, everyone
knows, however, so, easy

Some Security Resources:
https://www.it-sec-catalog.info/analysis_and_exploitation_unprivileged.html

C Programming Resources
https://notabug.org/koz.ross/awesome-c

Second Factors... Overview of Security Keys (U2F, 2FA, TOTP/HOTP, etc)
https://www.imperialviolet.org/2018/03/27/webauthn.html

The UEFI bootstrap and security
https://trmm.net/LinuxBoot_34c3

RISC-V:
https://riscv.org/risc-v-foundation/

libtls SSL/TLS library application programming interface:
http://www.openbsd.org/papers/libtls-fsec-2015/mgp00001.html
https://www.openbsd.org/papers/linuxconfau2017-libtls

"GDPR Hysteria":
https://jacquesmattheij.com/gdpr-hysteria

Some DEC History, for those folks unfamiliar with the DEC NOD:

http://archive.computerhistory.org/resources/text/DEC/dec.bell.no_output_division_C-I_TF;productivity_review.1982.102630376.pdf

Some more of what's been on the recent reading list...

There's been the occasional porting-related discussions around the
Apple Rosetta as an image translation tool that was used for
application migration from PPC to Intel processors on OS X / macOS, but
that's clearly not the only path that's available:
https://www.highcaffeinecontent.com/blog/20190518-Translating-an-ARM-iOS-App-to-Intel-macOS-Using-Bitcode


Chocolatey, a package manager for Microsoft Windows:
https://chocolatey.org

As was mentioned in an earlier posting of mine, "PCSI lacks
capabilities around maintaining and managing and upgrading
dependencies, requiring end-users and developers to hand-roll their own
unique solutions to API dependencies.   Of these, I happen to like the
approach Oracle Rdb uses, but it's one of many.   For an approach
around dependency management used elsewhere, see the nix package
manager and NixOS", and also see the Gentoo "Slotting" scheme. This to
allow multiple versions and multiple disparate APIs to coexist. Yeah,
I don't like that, but that is increasingly part of the world we're now
in and—like the increasing need to keep applying updates and
upgrades—we can only choose to ignore it, or we can choose to take
steps to better deal with what we're increasingly encountering.
https://nixos.org/nix/
https://nixos.org/
https://devmanual.gentoo.org/general-concepts/slotting/index.html

An experimental LLVM JIT-like code generator:
https://github.com/pdziepak/codegen

From Google Research, "New research: How effective is basic account
hygiene at preventing hijacking"
https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html


An ELF format introduction and ELF is used on OpenVMS, and a prototype
of Linux ELF Universal Binaries that "lets you pack binaries into one
file, seperated [sic] by OS ABI, OS ABI version, byte order and word
size, and most importantly, CPU architecture."
https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
https://icculus.org/fatelf/

Google is currently posting a list of security vulnerabilities that
were first detected through usage of an associated exploit:
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview?sle=true


C++ error handling preferences — though various of this is not yet
available on OpenVMS:
https://hackernoon.com/error-handling-in-c-or-why-you-should-use-eithers-in-favor-of-exceptions-and-error-codes-f0640912eb45


A list of CPU-level security failures—Spectre, Meltdown, Fallout, etc:
https://cpu.fail

RAMbleed:
https://rambleed.com
The most recent OpenSSH has taken some steps to mitigate against
RAMbleed, Spectre, and ilk, by keeping the private keys encrypted when
not in immediate use.
https://marc.info/?l=thn&m=156109087822676

Hacking into a hardware security module (HSM):
https://cryptosense.com/blog/how-ledger-hacked-an-hsm/
In some organizations, HSMs are used as vaults for sensitive
information such as private keys and passwords.

Yet another supply-chain attack, this time against some Android devices:
https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices/


"The Influence of Organizational Structure on Software Quality: an
Empirical Case Study"
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-2008-11.pdf

"the organizational metrics when applied to data from Windows Vista
were statistically significant predictors of failure-proneness."

x86 Rust-based OS paging intro—some background for how another
operating system implements virtual memory paging and memory protection
on x86, for those interested in details:
https://os.phil-opp.com/paging-introduction/

"Zanzibar: Google’s Consistent, Global Authorization System"
https://ai.google/research/pubs/pub48190
"Zanzibar scales to trillions of access control lists and millions of
authorization requests per second to support services used by billions
of people. It has maintained 95th-percentile latency of less than 10
milliseconds and availability of greater than 99.999% over 3 years of
production use."

Some cryptography source code programming examples:
http://www.herongyang.com/Cryptography/

C++11 and multi-threading, given a C++11 compiler implementation is
planned for VSI OpenVMS x86-64...
https://stackoverflow.com/questions/6319146/c11-introduced-a-standardized-memory-model-what-does-it-mean-and-how-is-it-g


KLEE, automated test coverage using LLVM compilers:
https://klee.github.io

"Netflix has identified several TCP networking vulnerabilities in
FreeBSD and Linux kernels."
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

There's no reproducer/test available quite yet, but that'll undoubtedly
be posted online (somewhere) fairly soon...

"TaxDC: A Taxonomy of Non-Deterministic Concurrency Bugs in Datacenter
Distributed Systems"
"We present TaxDC, the largest and most comprehensive taxonomy of
non-deterministic concurrency bugs in distributed systems..."
https://ucare.cs.uchicago.edu/pdf/asplos16-TaxDC.pdf

Wanna learn vim?
https://github.com/jmoon018/PacVim

In addition to the existing MiTM Proxy, there's now PolarProxy:
https://www.netresec.com/?page=PolarProxy

VSI OpenVMS with VAFS is incompatible with host-based volume shadowing
(host-based RAID-1):
"The new file system will support disks > 2TB.  Shadowing doesn't, and
cannot without a lot of work."
https://groups.google.com/d/msg/comp.os.vms/Xgy7-vqgByc/v53aDpFhCAAJ
(The addressing limit here is technically 2 TiB, and not 2 TB.)

Cloud hosting for security-conscious customers is very big business.
This particular cloud-hosting contract process has been going for a
while for those that might have missed earlier discussions, too.
Oracle, Amazon AWS, Microsoft Azure, IBM, and US DoD contracts:
"Yesterday, I had a story taken down on Forbes for a post about Jedi DoD"
"Title: Modern Star Wars: JEDI, the Dark Side and the Fight for the
Future of the Military"
https://medium.com/@furrier/yesterday-i-had-a-story-taken-down-on-forbes-for-a-post-about-jedi-dod-33675fd89a01

Some other related reading:
https://www.lite1065.com/2019/06/19/amazon-pentagon-accused-of-swampy-dealings-over-10b-contract/

https://www.washingtonpost.com/business/2019/04/10/pentagon-cloud-contract-investigation-uncovers-potential-ethical-violations-narrows-competition-two/?utm_term=.d8115b7d3744

https://fcw.com/articles/2019/06/21/jedi-lawsuit-oracle-aws.aspx

ps: There's a nasty Firefox bug around, and one that's reportedly being
exploited in targeted attacks. Patch to current, if you're using
Firefox or Firefox ESR...

"Understanding modern UEFI-based platform boot"
https://depletionmode.com/uefi-boot.html

"Find and fix floating-point problems"
https://herbie.uwplse.org

SQLite performance, as compared to some file systems:
https://www.sqlite.org/fasterthanfs.html

RunBMC / OpenBMC:
https://blogs.dropbox.com/tech/2019/08/runbmc-ocp-hardware-spec-solves-data-center-bmc-pain-points/


NetFlix has added in-kernel support for TLS into FreeBSD:
https://svnweb.freebsd.org/base?view=revision&revision=351522

C security-related reading:
https://multun.net/obscure-c-features.html
https://github.com/git/git/blob/master/banned.h
https://github.com/leafsr/gcc-poison
https://www.openbsd.org/papers/portability.pdf

From a recent C99-support-additions posting from VSI, and information
from elsewhere:
fpclassify, isblankiswblankisgreater, isgreaterequal, isless,
islessequal, islessgreater, isunordered, llrint, llrintf, llrintl,
llround, llroundf, llroundl, nearbyint, nearbyintf, nearbyintl, round,
roundf, roundl, scalbln, scalblnf, scalblnl, scalbn, scalbnf, scalbnl,
strtof, strtold, wcstofwcstold, va_copy, wcstoll, wcstoull—various
C99-related headers were added, too.

Dublin Traceroute:
https://dublin-traceroute.net/README.md
Alas, this requires C++11, which eliminates OpenVMS.

A TLS library written in Rust:
https://github.com/ctz/rustls
Rust won't be available on OpenVMS for a while, and not until after the
port at the earliest.

Microsoft ExFAT file system documentation now has a less-constrained license:
https://cloudblogs.microsoft.com/opensource/2019/08/28/exfat-linux-kernel/
Using a FAT partition from EFI as OpenVMS does is apparently less than
common, too.

Apropos of nothing:
https://nextcloud.atypical.net/s/Z5ymZLkfjaAizsb#pdfviewer

Just dumping some more links here...

Security Book Bundle:
https://www.humblebundle.com/books/cybersecurity-2020-wiley-books

"A simple, modern and secure encryption tool with small explicit keys,
no config options...:
https://github.com/FiloSottile/age

"Minisign is a dead simple tool to sign files and verify signatures"
Uses Ed255519
https://jedisct1.github.io/minisign/

clang improvements:
https://developers.redhat.com/blog/2020/02/11/toward-_fortify_source-parity-between-clang-and-gcc/


ssh with FIDO/U2F two-factor authentication support:
https://www.openssh.com/releasenotes.html#8.2

Modern back-end server components, a roadmap:
https://roadmap.sh/backend

OS experimentation / research / hackery:
In Rust: https://robbertkrebbers.nl/research/articles/safe_programming_rust.pdf
In Go: https://labs.f-secure.com/blog/tamago/

For folks interested in C++:
https://github.com/abseil/abseil-cpp

The libc link mostly for the folks at VSI:
https://www.openwall.com/lists/libc-coord/2020/01/30/1

Building Secure and Reliable Systems book:
https://landing.google.com/sre/books/

Usenix presentations:
https://www.usenix.org/conferences/multimedia

One of many lists of security-related presentations:
https://mobile.twitter.com/shorttelegrams/status/1243919159617974274

Archive of vendor firmware—more for what VSI will be experiencing as
they start to contend with maintaining x86-64 hardware:
https://fwupd.org

HPE hardware EOSL dates:
https://www.parkplacetechnologies.com/end-of-service-life/hpe/

Understanding how security breaches work on HP Windows systems, and
which can help understand how to harden your own network-connected apps
on OpenVMS:
https://d4stiny.github.io/Several-Critical-Vulnerabilities-on-most-HP-machines-running-Windows/


MUST, SHOULD, DON'T CARE: TCP Conformance in the Wild:
https://arxiv.org/abs/2002.05400

How Does SSH Port Forwarding Work?
https://ophirharpaz.github.io/posts/how-does-ssh-port-forwarding-work/

A tool for reversing firmware images, binwalk is really handy:
https://github.com/ReFirmLabs/binwalk

wcc might be interesting to play with, particularly as OpenVMS x86-64
becomes available:
https://github.com/endrazine/wcc

Kernel lock-down; preventing root from making kernel modifications.
https://mjg59.dreamwidth.org/55105.html
VSI will probably be looking to address this for OpenVMS, though there
are presently many other security and isolation issues ahead of this.

TLSv1.3 and performance:
https://netflixtechblog.com/how-netflix-brings-safer-and-faster-streaming-experience-to-the-living-room-on-crowded-networks-78b8de7f758c


And US pandemic response data:
https://www.justsecurity.org/69650/timeline-of-the-coronavirus-pandemic-and-u-s-response/

Mostly not-OpenVMS topics, this trip...

Some recommendations on multi-factor authentication from the US
National Security Agency (NSA):
https://media.defense.gov/2020/Sep/22/2002502665/-1/-1/0/CSI_MULTIFACTOR_AUTHENTICATION_SOLUTIONS_UOO17091520.PDF

OpenVMS largely lacks multi-factor...

New velocity-focused Arm server cores:
https://www.anandtech.com/show/16073/arm-announces-neoverse-v1-n2
Things get ever-more interesting for the folks at Intel and AMD.

Operating systems and Big, Big, Big Servers—did I mention Big, like
really, really big?
http://addxorrol.blogspot.com/2020/07/the-missing-os.html

Persistent-memory file system discussion:
https://lkml.org/lkml/2020/9/15/517

Low-level x86 performance optimization, and the sorts of thing that
code generators get to deal with:
https://www.agner.org/optimize/microarchitecture.pdf

Attacks, mitigations, and increasing the difficulty of executing
unauthorized or unintended code, Arm, IoT, and otherwise:
https://azeria-labs.com/downloads/Keynote_ArmResearchSummit2020_Azeria.pdf

Some roadmaps for learning about some newer areas of tech, with more
areas being added.
https://roadmap.sh
No, I'm not planning on uploading an OpenVMS roadmap.

Good write-up on the difficulties of massive code-bases, issues
absolutely familiar to all that have worked in larger code-bases:
https://www.bungie.net/en/Explore/Detail/News/49189

Data decryption tooling:
https://github.com/Ciphey/Ciphey

Apple platform security presentation, for some background on modern
security mechanisms and mitigations:


Updates to an interesting documentation tool:
https://blog.jupyter.org/announcing-the-new-jupyter-book-cbf7aa8bc72e

Chip-level vulnerabilities in the Qualcomm’s Snapdragon DSP, as
hardware level "fun" continues to be identified:
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Sandboxing and Workload Isolation, with some parallels to writing and
securing OpenVMS apps:
https://fly.io/blog/sandboxing-and-workload-isolation/

From the world of ever-smaller features and fabs, a rumor that Apple
has booked the entirety of TSMC 5nm production:
https://www.extremetech.com/computing/315186-apple-books-tsmcs-entire-5nm-production-capability

Apple Platform Security documentation, for an overview of what some
other vendors are doing with hardware and software security:
https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf


Parser security, as parsers are a source of vulnerabilities and thus a
target for exploits:
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html


picoc, a very small C compiler:
https://gitlab.com/zsaleeba/picoc

C isolated-allocation library:
https://github.com/struct/isoalloc

Passwords and words and passphrase security details:
https://nullsec.us/passphrase-length/

Small MDM mobile device manager tool:
https://github.com/micromdm/micromdm

Information on the massive scale of CAPEX for some of the major hosting
providers; on Amazon, Microsoft, and Google hardware and related
expenditures:
https://www.platformonomics.com/2021/02/follow-the-capex-cloud-table-stakes-2020-retrospective/


For those of you pondering hosting OpenVMS or otherwise at Amazon, and
wanting to know more about how that works:
https://www.educative.io/courses/good-parts-of-aws?aid=5082902844932096

Open POSIX test suite:
http://posixtest.sourceforge.net

Linux asynchronous I/O APIs (io_uring, aio) information:
https://blogs.oracle.com/linux/an-introduction-to-the-io_uring-asynchronous-io-framework

https://lwn.net/Articles/810414/
https://github.com/littledan/linux-aio

For asynchronous programming, I'd hope we'll eventually see some
support for libdispatch / grand central dispatch support on OpenVMS,
given the arrival of Clang and blocks support.
https://apple.github.io/swift-corelibs-libdispatch/

Turns out how the recent Foreshadow attack involving processor
prefetching worked... differently:
https://martinschwarzl.at/media/files/spec_deref_extended.pdf

Anybody interested in learning about security and particularly attack
techniques:
https://tryhackme.com

John Mashey and some DEC history... Rather than diverging from VAX and
creating Alpha as happened, why the variously-suggested overhauling of
VAX was a non-starter:
https://ipfs.io/ipfs/QmdA5WkDNALetBn4iFeSepHjdLGJdxPBwZyY47ir1bZGAK/comp/vax.html


Tango Delta Perseverance

How to write shared libraries (Unix). There isn't really a version of
this for OpenVMS and shareable images, though parts of that how-to do
get posted here and there.

https://akkadia.org/drepper/dsohowto.pdf

Server-side SQLite, and an SQLite file system:

https://fly.io/blog/all-in-on-sqlite-litestream/
https://fly.io/blog/introducing-litefs/

How private is my VPN?

https://themarkup.org/the-breakdown/2021/08/12/how-private-is-my-vpn

Why you shouldn't still be using MD5:

https://github.com/corkami/collisions/blob/master/unicoll.md

La Terminal for iPhone and iPad:

https://xibbon.com/terminal/2022/09/21/welcome-to-la-terminal.html

libbsd, a portable library useful for anyone porting BSD apps around
(fodder for OpenVMS?):

https://libbsd.freedesktop.org/wiki/

Portable microemacs clone:

https://github.com/hboetes/mg

Some of the wrinkles inherent in C parsing, including the ever-popular
dangling else:

https://hal.archives-ouvertes.fr/hal-01633123/document

Need to backport a newer C compiler, or backport newer C apps, to C99?
(attn: Simon)

https://github.com/thradams/cake

New USB cable logos:


https://www.usb.org/sites/default/files/usb_type-c_cable_power_rating_logo_usage_guidelines_020222.pdf


Push notification 2FA considered harmful:

https://xeiaso.net/blog/push-2fa-considered-harmful

Securing the Supply Chain of Nothing:

https://swagitda.com/blog/posts/securing-the-supply-chain-of-nothing/

Quantum Computing, per an Oxford Quantum Physicist:

https://futurism.com/the-byte/oxford-physicist-unloads-quantum-computing

Passkeys overview:

https://support.apple.com/en-us/HT213305
https://www.imperialviolet.org/2022/07/04/passkeys.html

(repost) fwupd, fodder for those needing to update your x86-64 system
firmware via UEFI:

https://lists.dragonflybsd.org/pipermail/kernel/2022-August/320331.html