caution
/
website
5
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

WIP Caution landing + blog #3

Open
xenushka wants to merge 6 commits from full-site into main
pull from: full-site
merge into: caution:main
Conversation 1 Commits 6 Files Changed 48 +3687 -3203
xenushka commented 2025-09-29 20:34:43 +00:00
Owner
Copy Link
No description provided.
xenushka added 6 commits 2025-09-29 20:34:44 +00:00
danny reviewed 2025-09-29 20:39:54 +00:00
_posts/2025-09-29-verifiable-compute.md
@ -0,0 +4,4 @@
date: 2025-09-29
---
What if the software running your systems isn't what you think? And if you had to prove what software is on a system, how would you do it?
danny commented 2025-09-29 20:39:54 +00:00
First-time contributor
Copy Link
-And if
+If
```diff -And if +If ```
danny reviewed 2025-09-29 20:41:29 +00:00
_posts/2025-09-29-verifiable-compute.md
@ -0,0 +8,4 @@
Most of todays technologies are black boxes. From firmware and operating systems to compilers and cloud platforms, opacity is the default. Users can send requests to an API or server, but they cannot verify what software, or whose software, they are really interacting with. The issue impacts organizations internally as well, where system managers can't verify whether the code they think they deployed is actually what's running on the server. This is not just a usability issue, it is a systemic design failure and the result is software stacks riddled with blind spots, where compromise can occur at any stage and remain invisible.
After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve.
danny commented 2025-09-29 20:41:29 +00:00
First-time contributor
Copy Link
- After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve.
+ Years of working with high risk clients and analyzing different technologies have led us to the conclusion that the pieces needed for verifiable systems already exist. They are underutilized because they are misunderstood and difficult to use, a problem we need to solve.
```diff - After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve. + Years of working with high risk clients and analyzing different technologies have led us to the conclusion that the pieces needed for verifiable systems already exist. They are underutilized because they are misunderstood and difficult to use, a problem we need to solve. ```
danny reviewed 2025-09-29 20:46:31 +00:00
danny reviewed 2025-09-29 20:48:04 +00:00
_posts/2025-09-29-verifiable-compute.md
@ -0,0 +18,4 @@
The risks of unverifiable systems are not theoretical; theyve already caused some of the most damaging security incidents of the past decade.
SolarWinds (2020) showed how a compromised software supply chain can cascade globally. Attackers injected malicious code into SolarWinds Orion updates, which were then shipped to thousands of companies and U.S. government agencies. Because customers had no way to verify what software they were actually running, the backdoor spread silently through trusted update channels.
danny commented 2025-09-29 20:48:04 +00:00
First-time contributor
Copy Link

Add link to SolarWinds CVE or news article from a good source

Add link to SolarWinds CVE or news article from a good source
patrick commented 2025-10-02 01:14:15 +00:00
Owner
Copy Link
- https://www.securityweek.com/solarwinds-makes-third-attempt-at-patching-exploited-vulnerability/ - https://www.theregister.com/2025/09/23/solarwinds_patches_rce/ - https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html
danny reviewed 2025-09-29 20:49:16 +00:00
_posts/2025-09-29-verifiable-compute.md
@ -0,0 +28,4 @@
- Reproducible builds
Reproducible builds force software to be bit-for-bit identical when built from the same soruce code, and eliminate certain categories of supply chain attacks and would have prevented incidents like SolarWinds. It allows for integrity verification, without which software is opaque and difficult to verify.
danny commented 2025-09-29 20:49:16 +00:00
First-time contributor
Copy Link
- soruce
+ source
```diff - soruce + source ```
danny reviewed 2025-09-29 20:56:28 +00:00
_posts/2025-09-29-verifiable-compute.md
@ -0,0 +1,68 @@
---
danny commented 2025-09-29 20:56:28 +00:00
First-time contributor
Copy Link

Double check what character you're using for your apostrophe.

Double check what character you're using for your apostrophe.
This pull request has changes conflicting with the target branch.
  • _config.yml
  • _includes/blog-about-distrust.html
  • _includes/head.html
  • _includes/header.html
  • _layouts/company.html
  • _layouts/landing.html
  • _sass/base.scss
  • index.md
You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.
git checkout -b full-site main
git pull origin full-site

Step 2:

Merge the changes and update on Forgejo.
git checkout main
git merge --no-ff full-site
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: caution/website#3
No description provided.
Delete Branch "full-site"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?