Tuesday, 29. April 2025 Week 18
Saturday, 26. April 2025 Week 17

Differential Coverage

In his latest article Russ Cox explains the concept of using Differential Coverage for Debugging.
It's a clever approach using the difference of the coverage output between two test runs, to directly highlight the lines of code that contributed to a bug. 

# collect coverage of a passing test run (skip the failing test)
go test -coverprofile=c1.prof -skip='TestAddSub$'

# collect coverage of a failing test run (run the failing test only)
go test -coverprofile=c2.prof -run='TestAddSub$'

# calculate the coverage difference between the runs (so only the code of the failing test gets highlighted)
(head -1 c1.prof; diff c[12].prof | sed -n 's/^> //p') >c3.prof

# display the code in a web browser (green/covered code did contribute to the failing test)
go tool cover -html=c3.prof
Saturday, 19. April 2025 Week 16

PGP key lookup via WKD

The Web Key Directory (WKD) is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider.
The following command can be used to test/import a key via WKD. 

gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org

(via)

pgp-expiry-monitor now with fingerprint lookup

Added a -f flag to the pgp-expiry-monitor tool.
It takes the fingerprint of a PGP key and looks it up on keys.openpgp.org to get the keyfile to verify. 

% pgp-expiry-monitor -f 401F1D483C69BF624364CC01E9A68DCFA3A54203 -v
Key A3A54203 (401f1d483c69bf624364cc01e9a68dcfa3a54203) expires on 2030-04-13
Key 29A48884 (1e8838bdcf9adf702496866f6baf170e29a48884) expires on 2025-10-15
Key B645E283 (47122b88b77ece545effb494498ea9eab645e283) expires on 2025-11-17
Key 93DDE912 (2f21f0dd9af127d61363423d4099876b93dde912) expires on 2027-04-24
Key 0240ACAF (a1f4c70962f89c2e628e8f05d29a32fd0240acaf) expires on 2026-04-09
Key 0B691623 (0d0bc31f58b8d18cb97c31eeebd187b60b691623) expires on 2027-04-13
Key 3AB76067 (43a83177a4ec64a62bae1ac77d779e883ab76067) expires on 2026-04-09
Key 7AE809A1 (9a6d5dbde2703d7c54806f1b5acb66c47ae809a1) expires on 2027-04-13
Thursday, 17. April 2025 Week 16

Slobsquatting

Hallucinated package names fuel 'slopsquatting'.

All that's required is to create a malicious software package under a hallucinated package name and then upload the bad package to a package registry or index like PyPI or npm for distribution. Thereafter, when an AI code assistant re-hallucinates the co-opted name, the process of installing dependencies and executing the code will run the malware.

(via)

Monday, 14. April 2025 Week 16

pgp-expiry-monitor

To ensure I don't forget to rotate/extend one of the subkeys of my PGP key, I created a little monitoring tool.
I wanted something that reminds me well before my published PGP key shows sign of expiry.
And I wanted it built in a way so it can be used in a simple cronjob to continuously nag me until the expiring key has been replaced. 😈

So pgp-expiry-monitor was born.
It takes two parameters, the URL of a PGP key and the number of days in advance it should start warning.
If all is fine and the PGP key does not contain any expiring keys, it returns without any output. Thus ideal for a cronjob.

Sunday, 13. April 2025 Week 15

Add new ECC GPG subkeys

One of my yearly digital routines is to update my GPG key.
Part of this involves adding new ECC subkeys (ECDH and EdDSA).
These are the commands I used this time (so I don't have to look them up again next year). 

% gpg --edit-key 401F1D483C69BF624364CC01E9A68DCFA3A54203
gpg> addkey
Select number 10 ECC signing
Select number 1 Curve 25519
Select a validity of 2y
gpg> addkey
Select number 12 ECC encryption
Select number 1 Curve 25519
Select a validity of 2y
gpg> save

After this the new subkeys are available and the updated public key can be exported and published.

Tuesday, 8. April 2025 Week 15
Sunday, 6. April 2025 Week 14