
Not Quite So Broken - aburan28
https://nqsb.io/
======
bsder
I like the idea, but why do software types seem to be so allergic to state
machines?

State machines have well-defined semantics, can be visualized nicely,
implemented in a straightforward manner, and tested against specification.

The only thing that I would point out to people is that "time" is an _input_
to your state machine. That's single change makes most state machines
deterministic in software.

~~~
pjc50
I don't know. TCP has a nice well-defined state machine, but otherwise people
don't seem to be in the habit of thinking that way. And the tools don't point
people in that direction. Maybe it's associated with the UML fiasco?

I suspect a lot of things like SSL have really complicated state machines that
are hard to visualise. Perhaps that should count more heavily against their
design.

~~~
nly
> TCP has a nice well-defined state machine

I can't remember where, but I recently read that the TCP state machine in e.g.
the Linux kernel is significantly more complex than any you'll find in any TCP
RFC

------
bcaa7f3a8bbc
I don't see any GCM ciphers nor ECDHE/DHE key exchanges deployed on this site,
so forward secrecy and authenticated encryption are not implemented and
supported by the Not Quite So Broken toolchain? It would be a project of great
value if those are implemented, plain RSA and CBC is pretty much dead in TLS
nowadays...

~~~
throwawayocamlx
\- "(ECB/CBC/CCM/CTR/GCM)" -> GCM is implemented in the nocrypto library.

\- TLSv1.2 and thus GCM and DHE are supported (and default).

\- TLSv1.3 is in the works as we speak (which implies ECDHE), check back in a
few months.

------
kuroguro
Related talk: [https://media.ccc.de/v/31c3_-_6443_-_en_-
_saal_2_-_201412271...](https://media.ccc.de/v/31c3_-_6443_-_en_-
_saal_2_-_201412271245_-_trustworthy_secure_modular_operating_system_engineering_-
_hannes_-_david_kaloper#t=1540)

------
_asummers
Shame this fully text site doesn’t support reader mode on mobile. Is there
some bookmarklet or something that people like to allow it on sites that
otherwise do not support it?

~~~
aaaaaaaaaaab
Reader mode works on my iPad.

~~~
_asummers
Interesting! Seems like Firefox is the one at fault here. Opening in Safari
showed a reader mode option.

