caution
/
website
5
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

WIP Caution landing + blog #3

Open
xenushka wants to merge 6 commits from full-site into main
pull from: full-site
merge into: caution:main
Conversation 1 Commits 6 Files Changed 48 +3687 -3203
48 changed files with 3687 additions and 3203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bundle/config Normal file
View File

@ -0,0 +1,2 @@
---
BUNDLE_PATH: "vendor/bundle"

3
Gemfile
View File

@ -1,3 +1,6 @@
source "https://rubygems.org"
gem "jekyll-theme-console", path: "./_vendor/jekyll-theme-console"
gem 'jekyll-feed'
gem "jekyll"
gem "webrick"

10
Gemfile.lock
View File

@ -38,6 +38,8 @@ GEM
safe_yaml (~> 1.0)
terminal-table (>= 1.8, < 4.0)
webrick (~> 1.7)
jekyll-feed (0.17.0)
jekyll (>= 3.7, < 5.0)
jekyll-sass-converter (3.0.0)
sass-embedded (~> 1.54)
jekyll-seo-tag (2.8.0)
@ -56,24 +58,30 @@ GEM
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (5.0.3)
rake (13.3.0)
rb-fsevent (0.11.2)
rb-inotify (0.10.1)
ffi (~> 1.0)
rexml (3.2.5)
rouge (4.1.2)
safe_yaml (1.0.5)
sass-embedded (1.64.1-x86_64-linux-musl)
sass-embedded (1.64.1)
google-protobuf (~> 3.23)
rake (>= 13.0.0)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
unicode-display_width (2.4.2)
webrick (1.8.1)
PLATFORMS
x86_64-linux
x86_64-linux-musl
DEPENDENCIES
jekyll
jekyll-feed
jekyll-theme-console!
webrick
BUNDLED WITH
2.4.10

3
README.md
View File

@ -1,10 +1,11 @@
# [distrust.co](https://distrust.co)
# [caution.co](https://caution.co)
Web page source.
## Instructions
0. If the repo was not cloned with submodules:
```shell
$ git submodule update --init --recursive
```

2
_config.yml
View File

@ -11,8 +11,6 @@ header_pages:
style: dark
listen_for_clients_preferred_style: false
footer: '© 2025 Caution'
theme: jekyll-theme-console
permalink: blog/:title.html

9
_includes/blog-about-distrust.html
View File

@ -1,10 +1,5 @@
<h2>About Distrust</h2>
<h2>About Caution</h2>
<p>The Distrust team has helped build and secure some of the highest-risk systems in the world. This includes vaulting infrastructure at BitGo, Unit410, and Turnkey, as well as security work with electrical grid operators, industrial control systems, and other mission-critical systems.</p>
<p>The Caution team has helped build and secure some of the highest-risk systems in the world via their consulting company Distrust. This includes vaulting infrastructure at BitGo, Unit410, and Turnkey, as well as security work with electrical grid operators, industrial control systems, and other mission-critical systems.</p>
<p>We've conducted deep security due diligence across most major custodians. Through our experience with organizations that operate under constant threat—where **every class of attack is viable**—we've developed a methodology and set of open source tools designed to defend against even the most sophisticated adversaries.</p>
<p>Today, we're taking the hard-earned lessons from that work and sharing them with the broader community. Our goal is to help others strengthen their security posture by making what we've learned—and the open source tools we've built—available to everyone.</p>
<p><b>Looking for help analyzing and mitigating security risks in your own organization? <a href="/contact.html">Talk to us.</a></b></p>

405
_includes/faqs.html Normal file
View File

@ -0,0 +1,405 @@
<!-- FAQ section uses <details> for native accessibility and keyboard support -->
<section class="faq" aria-labelledby="faq-title">
<div class="faq-wrap">
<h2 id="faq-title" class="faq-title">Frequently asked questions</h2>
<p class="subtext faq-description">
Were here to help with any questions about plans, pricing, or whats
included.
</p>
<!-- Category group -->
<section class="faq-group" aria-labelledby="faq-plans">
<h3 id="faq-plans" class="faq-group-title">Plans &amp; prices</h3>
<div class="faq-list">
<details class="faq-item" open>
<summary class="faq-q">
<span class="faq-q-text">Which plan is best for me?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
The right plan depends on your operating model: how you balance
control, effort, and recovery assurances.
</p>
<!-- <p>Start with your context: what youre protecting, how often you expect to recover, and how much operational work you want to own.</p> -->
<!-- <p>Match your situation to the level of control and support you need.</p> -->
<ul class="plans-list">
<li>
<a href="#open-source"
><strong>Self-hosted open source</strong></a
>
is for organizations with dedicated technical resources and
operational maturity to manage everything themselves — from
infrastructure and encrypted storage to quorum coordination
and recovery ceremonies. It gives maximum control at zero
cost, but requires significant ongoing effort.
</li>
<li>
<a href="#paidplans"><strong>On-demand</strong></a> is for
individuals, family offices, or small teams who need a safety
net for critical data without frequent recoveries. For
example, safeguarding high-value keys, estate records, or
sensitive archives. You store your own data and pay only if
recovery is triggered.
</li>
<li>
<a href="#paidplans"><strong>Enterprise</strong></a>
is for companies that want to reduce operational load and
increase confidence in their recovery process without adding
headcount. It includes managed storage, scheduled recoveries,
guided onboarding, premium support, and predictable timelines
— making recovery part of your operations without creating
extra work for your team.
</li>
<li>
<a href="#paidplans"><strong>Dedicated</strong></a> is for
organizations with nuanced requirements — such as strict
compliance, jurisdictional controls, or complete isolation. It
provides a fully private deployment with tailored
infrastructure and a recovery policy designed specifically for
your organization.
</li>
</ul>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">Can I self-host?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
Yes. Caution is fully open source, and you can run it yourself
at no cost. This option is best for organizations with dedicated
technical resources who are willing to handle everything
themselves — from setting up infrastructure and managing
encrypted storage to coordinating quorum members and running
recovery ceremonies. It offers maximum control, but requires
significant ongoing effort.
</p>
<p>
<a href="#paidplans">Enterprise</a> and
<a href="#paidplans">Dedicated</a>
plans remove that operational burden by providing managed
storage, guaranteed recovery timelines, and support.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>Whats included in the On-demand plan?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
<a href="#paidplans">On-demand</a> lets you store your own
encrypted backups and only pay if you need a recovery. Its the
leanest option, with minimal overhead. For teams that want
proactive support or guaranteed timelines,
<a href="#paidplans">Enterprise</a> is a better fit.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>Does the On-demand plan include support?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
Free support through our open-source Community is available with
every plan, including
<a href="#paidplans">On-demand</a>.
</p>
<p>
<a href="#paidplans">On-demand</a> itself is designed as a
self-service tier, but limited paid support can be added if
needed. For teams that want ongoing guidance, guaranteed
response times, and recovery assistance,
<a href="#paidplans">Enterprise</a> or
<a href="#paidplans">Dedicated</a> plans are a better fit.
</p>
<p>
<a href="contact.html">Talk to our Sales team</a>
to explore the right level of support for your needs.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>How does the Enterprise plan differ from On-demand?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
<a href="#paidplans">Enterprise</a> includes 10 TB of managed
encrypted storage, geo-replication, two scheduled recoveries per
year, and premium support. Its designed to reduce your
operational risk without needing to self-manage.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>Why does On-demand recovery cost more?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
Each <a href="#paidplans">On-demand</a> recovery mobilizes a
full recovery ceremony from scratch, with quorum approvals and
offline security checks.
<a href="#paidplans">Enterprise</a> customers benefit from lower
recovery costs because their environments are provisioned in
advance.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">How does pricing work for Dedicated?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
<a href="#paidplans">Dedicated</a> deployments start at $300K
and are tailored for organizations that need fully isolated
environments. This includes private infrastructure, custom
recovery policies, compliance-driven infrastructure, and
expanded storage capacity.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">Can I switch plans later?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Yes. You can move between plans as your needs evolve.</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">Are there any hidden fees?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
No. All storage, recovery, and support costs are published.
Optional add-ons (like additional storage and priority
recoveries) are
<a href="#compare">billed separately</a>. For predictable
budgeting, most organizations choose
<a href="#paidplans">Enterprise</a> or
<a href="#paidplans">Dedicated</a>.
</p>
</div>
</div>
</details>
</div>
</section>
<!-- Category: Security & infrastructure -->
<section class="faq-group" aria-labelledby="faq-security">
<h3 id="faq-security" class="faq-group-title">
Security &amp; infrastructure
</h3>
<div class="faq-list">
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>How does Caution ensure recoveries are secure?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
Our recoveries are quorum-based, end-to-end encrypted, and are
run fully offline to prevent outside interference. No single
person, system, or service can trigger a recovery on their own —
multi-party approval is always required. Every step is
cryptographically logged and verifiable, so you can audit the
process independently.
</p>
<p>
Learn more about our threat model, design principles, and
security architecture in
<a href="#">our documentation</a>
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>What does “open source transparency” mean?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>
We believe that true security requires transparency and
verifiability — you should never have to trust what you cant
see. Open source means our softwares code is public and freely
available to inspect, audit, and even run yourself.
</p>
<p>
Caution is and will always remain fully open source. We dont
sell source code. What we offer commercially is hosting,
automation, and support for organizations that want the
assurance of managed operations without giving up control.
</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">Who has access to my data?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Only you. Caution never sees plaintext data.</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>What happens if something happens to Caution?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Only you. Caution never sees plaintext data.</p>
</div>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>What type of data can I back up and secure with Caution?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Only you. Caution never sees plaintext data.</p>
</div>
</div>
</details>
</div>
</section>
<!-- Category: Data storage -->
<section class="faq-group" aria-labelledby="faq-storage">
<h3 id="faq-storage" class="faq-group-title">Data storage</h3>
<div class="faq-list">
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>How much data is included in each plan?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<p>Lorem ipsum</p>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>What happens if I exceed my 10TB storage limit?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Lorem ipsum</p>
</div>
</div>
</details>
</div>
</section>
<!-- Category: Recovery -->
<section class="faq-group" aria-labelledby="faq-recovery">
<h3 id="faq-recovery" class="faq-group-title">Recovery</h3>
<div class="faq-list">
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text">How do scheduled recoveries work?</span>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<p>Lorem ipsum</p>
</div>
</details>
<details class="faq-item">
<summary class="faq-q">
<span class="faq-q-text"
>How is a &lt;48h priority recovery different from standard?</span
>
<span class="faq-toggle" aria-hidden="true"></span>
</summary>
<div class="faq-a">
<div class="faq-a-inner">
<p>Lorem ipsum</p>
</div>
</div>
</details>
</div>
</section>
</div>
</section>

49
_includes/footer.html
View File

@ -1,49 +0,0 @@
<footer>
<div class="footer container">
<div class="footer-top">
<div class="footer-logo">
<a href="/">
<img src="/assets/base/caution-logo-triangle-black.svg" alt="Caution logo" />
</a>
</div>
<p class="footer-description footer-description-desktop">
Caution brings thoughtfully designed, open source systems to life — empowering resilient, secure technology for everyone.
</p>
<!--<p class="footer-description footer-description-mobile">
Caution brings open source systems to life — built for resilience and digital security.
</p>-->
</div>
<div>
<p class="footer-description footer-description-mobile">
Caution brings open source systems to life — built for resilience and digital security.
</p>
</div>
<div class="footer-divider">
</div>
<!--<div class="footer-links">
<div class="footer-column">
<a href="/services.html">Services</a>
<a href="/software.html">Software</a>
<a href="/threatmodel.html">Threat model</a>
</div>
<div class="footer-column">
<a href="/company.html">Company</a>
<a href="/blog.html">Blog</a>
<a href="/contact.html">Contact</a>
</div>-->
</div>
</div>
<div class="footer-bottom container">
<div class="footer-footer"> {{site.footer}} </div>
<div class="footer-social">
<a href="/privacy.html">Privacy</a>
<!-- <a href="/feed.xml" target="_blank" rel="noopener noreferrer" aria-label="RSS">
<img src="/assets/base/rss-bw-tr.png" alt="RSS" />
</a>-->
</div>
</div>
</div>
<script src="/assets/js/main.js"></script>
</footer>

70
_includes/footer.html.bkp Normal file
View File

@ -0,0 +1,70 @@
<footer class="site-footer">
<div class="footer-top container">
<div class="footer-logo">
<a href="/index.html" class="footer-logo">
<img
src="/assets/base/caution-logo/caution-logo-png/caution-logo-text-white.png"
alt="Caution logo"
/>
</a>
</div>
<div>
<p class="footer-subheading footer-mobile">
Sleep better knowing your encrypted data is always recoverable.
</p>
</div>
<div class="footer-links">
<div class="footer-column footer-product">
<h4>Product</h4>
<a href="/dr.html" rel="noopener noreferrer">Overview</a>
<a href="/pricing.html" rel="noopener noreferrer">Pricing</a>
<a href="#" rel="noopener noreferrer">Docs</a>
</div>
<div class="footer-column footer-resources">
<h4>Resources</h4>
<a href="/faq.html" rel="noopener noreferrer">FAQs</a>
<a href="#" rel="noopener noreferrer">Brand</a>
<a href="#" rel="noopener noreferrer">Contact</a>
</div>
<div class="footer-column footer-company">
<h4>Company</h4>
<a href="#" rel="noopener noreferrer">About</a>
<a href="/research-and-development.html" rel="noopener noreferrer"
>R&D</a
>
<a href="#" rel="noopener noreferrer">Privacy</a>
</div>
</div>
</div>
<div class="footer-middle container">
<p class="footer-heading footer-desktop">
Secure what matters most with Caution.
</p>
<div class="social-icons">
<a
href="https://git.distrust.co/public/"
target="_blank"
rel="noopener noreferrer"
aria-label="Forgejo"
>
<img src="/assets/base/social/forgejo-logo.svg" alt="Forgejo logo" />
</a>
<a
href="#"
target="_blank"
rel="noopener noreferrer"
aria-label="Mastodon"
>
<img src="/assets/base/social/Mastodon-logo.svg" alt="Mastodon logo" />
</a>
</div>
</div>
<div class="footer-bottom container">
<p class="footer-subheading footer-desktop">
Sleep better knowing your encrypted data is always recoverable.
</p>
<p class="copyright">© 2025 Caution. All rights reserved.</p>
</div>
</footer>

142
_includes/head.html
View File

@ -1,61 +1,109 @@
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="icon" type="image/png" sizes="32x32" href="/assets/favicons/favicon-16x16.png">
<link rel="icon" type="image/png" sizes="96x96" href="/assets/favicons/favicon-caution-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/assets/favicons/favicon-caution-96x96.png">
<link
rel="icon"
type="image/png"
sizes="32x32"
href="/assets/favicons/favicon-16x16.png"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="/assets/favicons/favicon-caution-32x32.png"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="/assets/favicons/favicon-caution-96x96.png"
/>
<!-- Preload Plus Jakarta Sans font weights -->
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-ExtraLight.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-Light.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-Regular.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-Medium.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-SemiBold.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-Bold.otf"
as="font"
type="font/otf"
crossorigin
/>
<link
rel="preload"
href="/assets/fonts/PlusJakartaSans-ExtraBold.otf"
as="font"
type="font/otf"
crossorigin
/>
<!-- Preload Plus Jakarta Sans font weights -->
<title>{{ page.title }}</title>
<link rel="stylesheet" href="styles.css">
<link rel="stylesheet" href="styles.css" />
<meta content="{{ site.title }}" property="og:site_name" />
{% if page.noindex %}
<meta name="robots" content="noindex" />
{% endif %}
{% if page.title %}
{% endif %} {% if page.title %}
<meta content="{{ page.tagline }}" property="og:title" />
<meta content="article" property="og:type" />
{% else %}
<meta content="website" property="og:type" />
{% endif %}
{% if page.summary %}
{% endif %} {% if page.summary %}
<meta content="{{ page.summary }}" property="og:description" />
{% else %}
<meta content="{{ site.description }}" property="og:description" />
{% endif %}
{% if page.url %}
{% endif %} {% if page.url %}
<meta content="{{ site.url }}{{ page.url }}" property="og:url" />
{% endif %}
{% if page.date %}
{% endif %} {% if page.date %}
<meta
content="{{ page.date | date_to_xmlschema }}"
property="article:published_time"
/>
<meta content="{{ site.url }}/about/" property="article:author" />
{% endif %}
{% if page.thumbnail %}
{% endif %} {% if page.thumbnail %}
<meta content="{{ site.url }}{{ page.thumbnail }}" property="og:image" />
{% else %}
<meta content="{{ site.banner }}" property="og:image" />
{% endif %}
{% if page.categories %}
{% for category in page.categories limit:1 %}
{% endif %} {% if page.categories %} {% for category in page.categories
limit:1 %}
<meta content="{{ category }}" property="article:section" />
{% endfor %}
{% endif %}
{% if page.tags %}
{% for tag in page.tags %}
{% endfor %} {% endif %} {% if page.tags %} {% for tag in page.tags %}
<meta content="{{ tag }}" property="article:tag" />
{% endfor %}
{% endif %}
{% endfor %} {% endif %}
<!-- Twitter Cards -->
<meta name="twitter:card" content="summary" />
@ -66,31 +114,21 @@
<meta name="twitter:title" content="{{ page.title }}" />
{% else %}
<meta name="twitter:title" content="{{ site.title }}" />
{% endif %}
{% if page.url %}
{% endif %} {% if page.url %}
<meta name="twitter:url" content="{{ site.url }}{{ page.url }}" />
{% endif %}
{% if page.summary %}
{% endif %} {% if page.summary %}
<meta name="twitter:description" content="{{ page.summary }}" />
{% else %}
<meta name="twitter:description" content="{{ site.description }}" />
{% endif %}
{% if page.header-img %}
<meta
name="twitter:image:src"
content="{{ site.url }}{{ page.thumbnail }}"
/>
{% endif %}
{% if page.robots %}
{% endif %} {% if page.header-img %}
<meta name="twitter:image:src" content="{{ site.url }}{{ page.thumbnail }}" />
{% endif %} {% if page.robots %}
<meta name="robots" content="{{page.robots}}" />
{% endif %}
{% endif %} <link rel="stylesheet" type="text/css" href="{{ "/assets/main.css"
| relative_url }}"> <link rel="stylesheet" type="text/css" href="{{
"/assets/main-dark.css" | relative_url }}">
<link rel="stylesheet" type="text/css" href="{{ "/assets/main.css" | relative_url }}">
<link rel="stylesheet" type="text/css" href="{{ "/assets/main-dark.css" | relative_url }}">
<script src="/assets/js/main.js" defer></script>
<!-- "Really, there is nothing interesting to see here. It is a static website. -->
<!-- Here is the terraform code that deployed it, and here is the site source repo. -->

62
_includes/header.html
View File

@ -1,9 +1,60 @@
{%- assign page_paths = site.header_pages | default: default_paths -%}
<header>
<header class="header-navbar">
<div class="nav-container container">
<a href="/index.html" class="nav-logo">
<img
src="/assets/base/caution-logo/caution-icon-black.svg"
alt="Caution logo"
/>
</a>
<nav class="nav-menu">
<!--<div class="nav-dropdown">
<button class="nav-dropdown-toggle">
Caution
<img
src="/assets/base/dropdown.svg"
alt="Dropdown caret"
class="nav-caret-icon"
/>
</button>
<ul class="nav-dropdown-menu">
<li>
<a href="/company.html" rel="noopener noreferrer">About</a>
</li>
<li>
<a href="/research-and-development.html" rel="noopener noreferrer"
>R&D</a
>
</li>
<li><a href="#" rel="noopener noreferrer">Contact</a></li>
</ul>
</div>-->
<!--
<a class="nav-link" href="/dr.html" rel="noopener noreferrer"
>Disaster Recovery</a
>
<a class="nav-link" href="/pricing.html" rel="noopener noreferrer"
>Pricing</a
>
<a class="nav-link" href="#">Docs</a>-->
</nav>
<div class="nav-cta">
<a href="/blog.html" class="btn btn-primary" rel="noopener noreferrer"
>Blog →</a
>
</div>
</div>
</header>
<!-- <header>
<div class="menu">
<div class="left-menu">
<a id="home-link" href="/index.html">
<img class="menu-logo" src="/assets/base/caution-logo-triangle-black.svg"
<img class="menu-logo" src="/assets/base/caution-logo/caution-icon-black.svg"
alt="Caution triangle logo with black text" />
</a>
</div>
@ -18,7 +69,7 @@
{%- endif -%}
{%- endfor -%}
<li class="show">
<a href="/contact.html" class="mega-inverted button">Work with us</a>
<a href="#" class="btn btn-primary">Get started →</a>
</li>
</ul>
@ -37,6 +88,9 @@
</div>
</div>
</div>
<script>
document.addEventListener('DOMContentLoaded', function () {
let pathSegment = window.location.pathname.split('/')[1];
@ -71,3 +125,5 @@
</script>
</header>
-->

293
_layouts/company.html
View File

@ -5,94 +5,223 @@
{%- include header.html -%}
<div class="container">
<main>
<section style="margin-top: 170px">
<div class="video-background-container">
<video autoplay muted loop playsinline class="video-background">
<source src="assets/videos/globe.mp4" type='video/mp4; codecs="avc1.42E01E, mp4a.40.2"' />
<source src="assets/videos/globe.webm" type='video/webm; codecs="vp8, vorbis"' />
</video>
<div class="gradient-overlay"></div>
</div>
<br>
<br>
<div class="about-special video-content" style="max-width: 700px">
<br>
<h2>the world is built on blind trust. we are here to change that.</h2>
<br>
</div>
</section>
<section class="flex-container who-we-are-section">
<div class="team flex-container-inner">
<div class="team flex-container" style="margin-bottom: 0px">
<div class="flex-container-inner card">
<h5>Lance Vick</h5>
<p>Co-Founder</p>
<p>Security Engineer</p>
<a rel=”noopener noreferrer target="_blank" href="https://keyoxide.org/6B61ECD76088748C70590D55E90A401336C8AAA9">Keyoxide</a>
<span>|</span>
<a rel=”noopener noreferrer target="_blank" href="https://lance.dev/">Website</a>
</div>
<div class="flex-container-inner card">
<h5>Anton Livaja</h5>
<p>Co-Founder</p>
<p>Security Engineer</p>
<a rel=”noopener noreferrer target="_blank" href="https://keyoxide.org/F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D">Keyoxide</a>
<span>|</span>
<a rel=”noopener noreferrer target="_blank" href="https://antonlivaja.com">Website</a>
</div>
</div>
<div class="team flex-container">
<div class="flex-container-inner card">
<h5>Ryan Heywood</h5>
<p>Security Engineer</p>
<a rel=”noopener noreferrer target="_blank" href="https://keyoxide.org/88823A75ECAA786B0FF38B148E401478A3FBEF72">Keyoxide</a>
<span>|</span>
<a rel=”noopener noreferrer target="_blank" href="https://ryansquared.pub">Website</a>
</div>
<div class="flex-container-inner card">
<h5>Danny Grove</h5>
<p>Security Engineer</p>
<a rel=”noopener noreferrer target="_blank" href="https://keyoxide.org/C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD">Keyoxide</a>
<span>|</span>
<a rel=”noopener noreferrer target="_blank" href="https://dannygrove.com/">Website</a>
</div>
</div>
</div>
<div class="flex-container-inner who-we-are">
<h2 class="gradient-text">who we are</h2>
<p class="hero-p" style="max-width: 550px">Distrust is made up of engineers behind some of the most security-critical projects in the world—including BitGo, Turnkey, and Unit410.</p>
<p class="hero-p" style="max-width: 550px">Weve helped hundreds of companies by conducting security reviews, building out their security infrastructure, and aiding them in launching products which can withstand the modern threat landscape. We dont just secure systems. We build them.</p>
</div>
</section>
{% include values.html %}
<div class="video-background-container-our-approach">
<video autoplay muted loop playsinline class="video-background-our-approach">
<source src="assets/videos/swirly-lines.mp4" type='video/mp4; codecs="avc1.42E01E, mp4a.40.2"' />
<source src="assets/videos/swirly-lines.webm" type='video/webm; codecs="vp8, vorbis"' />
</video>
<div class="gradient-overlay-our-approach"></div>
</div>
<section class="flex-container video-content-our-approach">
<div class="flex-container-inner"></div>
<div class="flex-container-inner">
<h2 class="gradient-text why-distrust">our approach</h2>
<p>Too often, security is an afterthought—based on dogma, checklists, and outdated best practices. Distrust was founded to redefine security by developing new methods to eliminate single points of failure, and building systems in a manner where they don't need to be blindly trusted.</p>
<p>We dont just advise on security. We build it. We open source it. And we teach organizations how to think critically about risk—because security isnt about checking boxes.</p>
<div class="button-container">
<a href="/contact.html" class="mega button">Work with us</a>
<section class="hero">
<div class="hero-content">
<h1 class="hero-title">Transparent, flexible pricing.</h1>
<p class="subtext">
Choose the control level and recovery guarantees that match your
risk profile.
</p>
<div class="hero-landing-cta">
<a href="#" class="btn">Get started →</a>
<a href="/contact.html" class="btn btn-secondary"
>Contact sales →</a
>
</div>
</div>
</section>
{% include why-choose-distrust.html %}
<section class="pricing-options section">
<div class="pricing-grid">
<!-- Card 1: Open source -->
<a class="pricing-card" href="#" aria-label="open-source pricing">
<h3 class="card-title">Open source</h3>
<p class="card-body">
Self-host with full control. Deploy, run, and audit every line
of code. Free forever with optional paid support.
</p>
<!-- corner arrow -->
<span class="card-corner" aria-hidden="true">
<!-- tiny NE arrow -->
<svg
viewBox="0 0 20 20"
class="corner-icon"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M6 6h8v8"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
<path
d="M6 14L14 6"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
</svg>
</span>
</a>
{% include primary-cta.html %}
<!-- Card 2: Managed by Caution -->
<a
class="pricing-card"
href="#"
aria-label="managed-by-caution pricing"
>
<h3 class="card-title">Managed by Caution</h3>
<p class="card-body">
Choose a hosted recovery service. Pick from paid plans with
verifiable guarantees.
</p>
<span class="card-corner" aria-hidden="true">
<svg
viewBox="0 0 20 20"
class="corner-icon"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M6 6h8v8"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
<path
d="M6 14L14 6"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
</svg>
</span>
</a>
</div>
</section>
<section class="open-source">
<div class="open-source-container">
<img class="open-source-img" src="/assets/base/bubble.svg" alt="" />
<div class="open-source-content">
<span class="tag-pill">Open source</span>
<h2 class="open-source-title">Selfhost<br />for free</h2>
<p class="subtext oss">
Open source at the core. Audit, customize, and selfhost Caution
Disaster Recovery — transparent, free, and fully under your
control.
</p>
<div class="hero-landing-cta">
<a href="#" class="btn">Read the docs →</a>
</div>
</div>
</div>
</section>
<!-- PAID PLANS -->
<section class="plans">
<header class="plans__head">
<span class="tag-pill">Paid plans</span>
<h2 class="plans__title">Managed by Caution</h2>
<p class="subtext pricing-plans">
Prefer not to selfhost? Choose one of our managed recovery plans.
</p>
</header>
<div class="plans__grid">
<!-- Ondemand -->
<article class="plan-card">
<h3 class="plan-card__name">Ondemand</h3>
<p class="plan-card__desc">
Store your own data and pay only when you need to recover. No
recurring fees.
</p>
<div class="price">
<span class="price__currency">$</span>
<span class="price__amount">0</span>
<span class="price__unit">/year</span>
</div>
<p class="plan-card__note">Pay per recovery, no recurring fees</p>
<a href="/get-started" class="btn">Get started →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>Selfstore your encrypted backups</li>
<li>$100K per each onschedule recovery</li>
<li>Email support</li>
</ul>
</div>
</article>
<!-- Enterprise -->
<article class="plan-card plan-card--primary">
<h3 class="plan-card__name">Enterprise</h3>
<p class="plan-card__desc">
Enterprise-grade data storage and recovery with premium support.
</p>
<div class="price">
<span class="price__currency">$</span>
<span class="price__amount">15K</span>
<span class="price__unit">/year</span>
</div>
<p class="plan-card__note">Billed annually</p>
<a href="/get-started" class="btn btn-primary">Get started →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>10TB of data storage, then $X/TB/year</li>
<li>2 scheduled recoveries per year</li>
<li>$10K per each extra onschedule recovery</li>
<li>Guided onboarding + premium support</li>
</ul>
</div>
</article>
<!-- Dedicated -->
<article class="plan-card">
<h3 class="plan-card__name">Dedicated</h3>
<p class="plan-card__desc">
Private infrastructure with full isolation and custom
governance.
</p>
<div class="price">
<span class="price__amount">Custom</span>
</div>
<p class="plan-card__note">Bespoke implementation, from $300K</p>
<a href="/contact" class="btn">Contact sales →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>Fully isolated environment</li>
<li>Private recovery infrastructure</li>
<li>Custom governance controls</li>
<li>Dedicated support team</li>
</ul>
</div>
</article>
</div>
</section>
<!-- Pricing: Included with every plan -->
<section class="included">
<h3 class="included__title">Included with every plan:</h3>
<ul class="included__grid list-check">
<li>Open source transparency</li>
<li>Verifiable, quorumbased recovery</li>
<li>Fullsource bootstrapped binaries</li>
<li>Airgapped recovery ceremonies</li>
<li>Policybased recovery engine</li>
<li>Cryptographic audit logs</li>
<li>Guided policy creation</li>
<li>Built-in threat modeling logic</li>
<li>Ongoing community support</li>
</ul>
</section>
</main>
</div>
{%- include footer.html -%}

231
_layouts/disaster-recovery.html Normal file
View File

@ -0,0 +1,231 @@
<!DOCTYPE html>
<html lang="{{ page.lang | default: site.lang | default: en }}">
{%- include head.html -%}
<body>
{%- include header.html -%}
<div class="container">
<main>
<section class="hero">
<div class="hero-content">
<h1 class="hero-title">Transparent, flexible pricing.</h1>
<p class="subtext">
Choose the control level and recovery guarantees that match your
risk profile.
</p>
<div class="hero-landing-cta">
<a href="#" class="btn">Get started →</a>
<a href="/contact.html" class="btn btn-secondary"
>Contact sales →</a
>
</div>
</div>
</section>
<section class="pricing-options section">
<div class="pricing-grid">
<!-- Card 1: Open source -->
<a class="pricing-card" href="#" aria-label="open-source pricing">
<h3 class="card-title">Open source</h3>
<p class="card-body">
Self-host with full control. Deploy, run, and audit every line
of code. Free forever with optional paid support.
</p>
<!-- corner arrow -->
<span class="card-corner" aria-hidden="true">
<!-- tiny NE arrow -->
<svg
viewBox="0 0 20 20"
class="corner-icon"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M6 6h8v8"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
<path
d="M6 14L14 6"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
</svg>
</span>
</a>
<!-- Card 2: Managed by Caution -->
<a
class="pricing-card"
href="#"
aria-label="managed-by-caution pricing"
>
<h3 class="card-title">Managed by Caution</h3>
<p class="card-body">
Choose a hosted recovery service. Pick from paid plans with
verifiable guarantees.
</p>
<span class="card-corner" aria-hidden="true">
<svg
viewBox="0 0 20 20"
class="corner-icon"
xmlns="http://www.w3.org/2000/svg"
>
<path
d="M6 6h8v8"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
<path
d="M6 14L14 6"
fill="none"
stroke="currentColor"
stroke-width="1.75"
stroke-linecap="round"
/>
</svg>
</span>
</a>
</div>
</section>
<section class="open-source">
<div class="open-source-container">
<img class="open-source-img" src="/assets/base/bubble.svg" alt="" />
<div class="open-source-content">
<span class="tag-pill">Open source</span>
<h2 class="open-source-title">Selfhost<br />for free</h2>
<p class="subtext oss">
Open source at the core. Audit, customize, and selfhost Caution
Disaster Recovery — transparent, free, and fully under your
control.
</p>
<div class="hero-landing-cta">
<a href="#" class="btn">Read the docs →</a>
</div>
</div>
</div>
</section>
<!-- PAID PLANS -->
<section class="plans">
<header class="plans__head">
<span class="tag-pill">Paid plans</span>
<h2 class="plans__title">Managed by Caution</h2>
<p class="subtext pricing-plans">
Prefer not to selfhost? Choose one of our managed recovery plans.
</p>
</header>
<div class="plans__grid">
<!-- Ondemand -->
<article class="plan-card">
<h3 class="plan-card__name">Ondemand</h3>
<p class="plan-card__desc">
Store your own data and pay only when you need to recover. No
recurring fees.
</p>
<div class="plan-card__price">
<div class="price" aria-label="$0 per year">
<span class="price-amount">0</span>
<span class="price-currency" aria-hidden="true">$</span>
<span class="price-per" aria-hidden="true">/year</span>
</div>
</div>
<a href="/get-started" class="btn">Get started →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>Selfstore your encrypted backups</li>
<li>$100K per each onschedule recovery</li>
<li>Email support</li>
</ul>
</div>
</article>
<!-- Enterprise -->
<article class="plan-card plan-card--primary">
<h3 class="plan-card__name">Enterprise</h3>
<p class="plan-card__desc">
Enterprise-grade data storage and recovery with premium support.
</p>
<div class="plan-card__price">
<div class="price" aria-label="$15K per year">
<span class="price-amount">15K</span>
<span class="price-currency" aria-hidden="true">$</span>
<span class="price-per" aria-hidden="true">/year</span>
</div>
</div>
<a href="/get-started" class="btn btn-primary">Get started →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>10TB of data storage, then $X/TB/year</li>
<li>2 scheduled recoveries per year</li>
<li>$10K per each extra onschedule recovery</li>
<li>Guided onboarding + premium support</li>
</ul>
</div>
</article>
<!-- Dedicated -->
<article class="plan-card">
<h3 class="plan-card__name">Dedicated</h3>
<p class="plan-card__desc">
Private infrastructure with full isolation and custom
governance.
</p>
<div class="plan-card__price">
<div class="price price--word" aria-hidden="true">Custom</div>
<span class="sr-only">Custom pricing — contact sales</span>
</div>
<a href="/contact" class="btn">Contact sales →</a>
<div class="plan-card__includes">
<h4>Includes:</h4>
<ul class="list-check-included">
<li>Fully isolated environment</li>
<li>Private recovery infrastructure</li>
<li>Custom governance controls</li>
<li>Dedicated support team</li>
</ul>
</div>
</article>
</div>
</section>
<!-- Pricing: Included with every plan -->
<section class="included">
<h3 class="included__title">Included with every plan:</h3>
<ul class="included__grid list-check">
<li>Open source transparency</li>
<li>Verifiable, quorumbased recovery</li>
<li>Fullsource bootstrapped binaries</li>
<li>Airgapped recovery ceremonies</li>
<li>Policybased recovery engine</li>
<li>Cryptographic audit logs</li>
<li>Guided policy creation</li>
<li>Built-in threat modeling logic</li>
<li>Ongoing community support</li>
</ul>
</section>
</main>
</div>
{%- include footer.html -%}
</body>
</html>

0
_layouts/faq.html Normal file
View File

73
_layouts/landing.html
View File

@ -1,71 +1,22 @@
<!DOCTYPE html>
<html lang="{{ page.lang | default: site.lang | default: en }}">
{%- include head.html -%}
<!-- <div class="video-background-container">
<video autoplay muted loop playsinline class="video-background">
<source src="assets/videos/caution-waitlist.mp4" type='video/mp4; codecs="avc1.42E01E, mp4a.40.2"' />
<source src="assets/videos/caution-waitlist.webm" type='video/webm; codecs="vp8, vorbis"' />
</video>
</div> -->
<body>
{%- include header.html -%}
<section class="logo-section center">
<div class="logo fade-in">
<a href="/">
<img src="/assets/base/caution-logo/caution-logo-text-black.svg" alt="Caution logo" style="height: clamp(1.5rem, 10vw, 2rem); opacity: 0.8">
</a>
</div>
<div class="heading center fade-in">
<h1>Join the waitlist</h1>
<p class="subtext center delay-1">
The first open source platform for encrypted data recovery and escrow. Built by the security engineers behind <a rel=”noopener noreferrer target="_blank" href="https://distrust.co/" class="distrust-link-subtext">Distrust</a>, formerly at BitGo, Unit410, and Turnkey.
<main>
<section class="hero landing">
<div class="hero-content landing container">
<h1 class="hero-title landing">Verifiable Compute</h1>
<p class="subtext">
Caution is the next-gen compute platform verifiable, portable, and fast to deploy. Built by the security engineers behind <a href="https://distrust.co" target="_blank" rel="noopener noreferrer">Distrust</a>.
</p>
<div class="hero-cta">
<a href="/blog.html" class="btn">Blog →</a>
</div>
</div>
</section>
<div class="info-block fade-in delay-2">
<span class="spaced-text">GET</span>
<span class="spaced-text">EARLY</span>
<span class="spaced-text">ACCESS</span><br>
<span class="spaced-text">BE THE</span>
<span class="spaced-text">FIRST</span><br>
<span class="spaced-text">TO</span>
<span class="spaced-text">TRY IT</span>
</div>
<div class="waitlist-form">
<form id="contact-form" method="post" class="email-form" action="/submit-email">
<div class="input-wrapper">
<input type="email" name="email" placeholder="Enter your email" id="email" class="email-input" required>
<input type="hidden" id="name" name="name" class="form-input" value="caution.co">
<input type="hidden" id="company-name" value="caution.co" name="company-name" class="form-input">
<input id="service" type="hidden" name="service" class="form-select" value="caution.co">
<input type="hidden" id="other-source" name="other-source" class="form-input" placeholder="Please specify">
<input type="hidden" id="other-source" name="help" class="form-input" placeholder="Please specify">
<button type="submit" class="submit-btn" aria-label="Submit email">
<span class="arrow"></span>
</button>
</div>
</form>
</div>
<div class="footer fade-in delay-3">
<p>No spam we'll only email you about Caution.</p>
</div>
<div class="footer-mobile">
<p>Get early access. Be the first to try it. No spam we'll only email you about Caution.</p>
</div>
</main>
{%- include footer.html -%}
</body>
</html>

1168
_layouts/pricing.html Normal file
View File

File diff suppressed because it is too large Load Diff

13
_layouts/research-and-development.html Normal file
View File

@ -0,0 +1,13 @@
<section class="hero">
<div class="hero-content">
<h1 class="hero-title">Transparent, flexible pricing</h1>
<p class="hero-subtext">
Choose the control level and recovery guarantees that match your risk
pofile.
</p>
<div class="hero-landing-cta">
<a href="#" class="btn btn-primary">Get started →</a>
<a href="/contact.html" class="btn btn-secondary">Contact sales →</a>
</div>
</div>
</section>

164
_posts/2025-04-02-bybit-safe-report.md
View File

@ -1,164 +0,0 @@
---
layout: post
title: The Safe{Wallet}/Bybit incident report and mitigation strategies
date: 2025-04-02
---
The Safe{Wallet}/Bybit incident is an example of a nation-state actor executing a series of sophisticated, multi-layered attacks on high-value targets. In cases where the potential gain is significant, all attacks are on the table. It may be justified for attackers to invest in multiple 0-day vulnerabilities and chain them into elaborate exploit sequences. These campaigns often span multiple layers of tech stack, involve precision-targeted social engineering, insider compromise, or even physical infiltration.
As such, defending against this level of adversary requires a threat model that accounts for their full range of capabilities—and guides the design of equally rigorous mitigations. It demands defenders adopt a much more rigorous set of assumptions about attacker's capabilities and invest time in implementing controls that typical organizations may not need. When protecting high value assets, the game changes.
### Threat model assumptions
At Distrust, we operate under the assumption that nation-state actors are persistent, highly resourced, and capable of compromising nearly any layer of the system. Accordingly, our threat model assumes:
* All screens are visible to the adversary
* All keyboard input is being logged by the adversary
* Any firmware or bootloader not verified on every boot is considered compromised
* Any host OS with network access is compromised
* Any guest OS used for non-production purposes is compromised
* At least one member of the Production Team is compromised
* At least one maintainer of third party code used in the system is compromised
* At least one member of third party system used in production is compromised
* Physical attacks are viable and likely
* Side-channel attacks are viable and likely
These assumptions drive everything at Distrust, including the strategies and tooling outlined in this report. The strategies we've developed are built specifically to address this elevated threat model. Many of our open source tools are ready to use today, some are reference designs, while other tooling requires further development.
### Summary
This report identifies critical single points of failure—cases where trust is placed in a single individual or computer—creating opportunities for compromise. In contrast, blockchains offer stronger security properties through cryptography and decentralized trust models.
Traditional infrastructure has historically lacked mechanisms to distribute trust, but this limitation can be addressed. By applying targeted design strategies, it's possible to distribute trust (**dis**trust, get it?) across systems and reduce the risk of a single compromised actor undermining the integrity of the entire system.
---
## Root cause analysis and mitigation strategies
In our opinion, the primary causes of this incident stem from two key issues identified in the <a href="http://web.archive.org/web/20250328121908/https://www.sygnia.co/blog/sygnia-investigation-bybit-hack/" rel="noopener noreferrer" target="_blank">Sygnia report</a>.
* > ... a developers Mac OS workstation was compromised, likely through social engineering.
* > ... the modification of JavaScript resources directly on the S3 bucket serving the domain app.safe[.]global.
These findings highlight both endpoint compromise and weak controls around cloud infrastructure. The following sections focus on how such risks could be mitigated through architectural decisions and more rigorous threat modeling.
## Introduction
The compromise occurred due to several key factors, already documented in other reports. This report focuses on how the incident **could have been prevented** through a stronger, first-principles approach to infrastructure design.
While many security teams reach for quick wins—like access token rotation, stricter IAM policies, or improved monitoring—these are often reactive measures. They may help, but they're equivalent of "plugging holes on a sinking ship" rather than rebuilding the hull from stronger material.
For example, improving access control to the S3 bucket used to serve JavaScript resources, or adding better monitoring, are good steps. However, they don't address the root cause.
> At the core of this breach lies a recurring theme: single points of failure.
To explore this from first principles, consider the deployment pipeline. In most companies, one individual—an admin or developer—often has the ability to modify critical infrastructure or code. That person becomes a single point of failure.
Even if the pipeline is hardened, the risk will shift, rather than disappear. There is almost always one super-admin who has the "keys to the kingdom". Most cloud platforms encourage this pattern, and the industry has come to accept it.
But this isn't about doubting your team and their intentions—it's about designing systems where **trust is distributed**. In the blockchain space, this is already accepted practice. So the question becomes:
> *Does it make sense for a single individual to hold the integrity of an entire system in their hands?*
Those who've worked with decentralized systems would say: absolutely not.
#### Mitigation principles
To adequately defend against the risks outlined in the Distrust threat model, it is critical to distinguish between **cold** and **hot** wallets. The following principles are drawn from practical experience building secure systems at BitGo, Unit410, and Turnkey, as well as from diligence work conduced across leading custodial and vaulting solutions.
* A **cold cryptographic key management system** is one where all components can be built, operated, and verified offline. If any part of the system requires trusting a networked component, it becomes a **hot** system by definition. For example, if a wallet relies on internet-connected components, it should be considered a hot wallet—regardless of how it's marketed. While some systems make trade-offs for user experience, these often come at the cost of security guarantees.
* Cold cryptographic key management systems that leverage truly random entropy sources are **not susceptible to remote attacks**, and are only exposed to localized threats such as physical access or side-channel attacks.
* A common misconception is that simply keeping a key offline makes a system cold and secure. But an attacker doesn't always need to steal the key—they just need to achieve the outcome where the key performs an operation on the desired data on their behalf.
* **All software in the stack must be open source**, built deterministically (to support reproduction), and compiled using a fully bootstrapped toolchain. Otherwise, the system remains exposed to single points of failure, especially via supply chain compromise.
#### Mitigations and reference designs
We propose two high-level design strategies that can eliminate the types of vulnerabilities exploited in the Safe{Wallet}/Bybit attack. Both approaches offer similar levels of security assurance—but differ significantly in implementation complexity and effort.
In our view, **when billions of dollars are at stake**, it is worth investing in proven low-level mitigations, even if they are operationally harder to deploy. The accounting is simple: **invest in securing your system up front**, rather than gambling on assumptions you won't be targeted.
State funded actors are highly motivated—and when digital assets are involved, it's game theory at work. The cost of compromising a weak system is often far less than the potential gain.
We've seen this playbook used in previous incidents, a major example being Axie Infinity, and we will see it again. Attackers are increasingly exploiting supply chains and single points of failure—while defenders often under-invest in securing this surface area.
#### Strategy 1 - Run everything locally
This strategy can be implemented without major adjustments to the existing system. The goal is to move the component currently introducing risk—effectively making the wallet "hot"—into an offline component, upgrading the system to a fully cold solution.
The idea centers on extracting the **signing** component from the application (which currently operates in the UI) and converting it into an offline application.
However, simply making a component offline does not eliminate all single points of failure. To close off supply chain threats stemming from compiler, dependency or environment compromise requires that the application is reproduced on multiple diverse systems (using different chipsets and operating systems), using a fully bootstrapped compiler—a fully hermetic, deterministic and reproducible process.
We've developed open source tooling for this under <a href="https://codeberg.org/stagex/stagex" target="_blank" rel="noopener noreferrer">StageX</a>. To learn more about the importance of reproducible builds, check out <a href="https://antonlivaja.com/videos/2024-incyber-stagex-talk.mp4" target="_blank" rel="noopener noreferrer">this video</a>, where one of our co-founders explains how the SolarWinds incident unfolded—and how it could have been prevented.
##### Reference design
This reference design was developed for the Safe{Wallet} team, but it can be applied to any system seeking to distribute trust.
1. **System administrators use dedicated offline laptops**
* All radio hardware (Bluetooth, Wi-Fi) is physically removed
* Machines are air-gapped and have never been connected to the internet
2. **Engineers provision and manage their own personal signing keys (PGP)**
* Smart cards like NitroKey or YubiKey are used
* Signing operations are performed exclusively on the engineer's offline system
* Distrust has developed open source tooling to drastically simplify PGP key provisioning: <a href="https://trove.distrust.co/generated-documents/all-levels/pgp-key-provisioning.html" target="_blank" rel="noopener noreferrer">Trove</a>
3. **Offline signing applications are deterministically compiled, verified, and signed by multiple engineers**
* Includes a full set of tools needed for secure offline key operations
* Distrust also created <a href="https://git.distrust.co/public/airgap" target="_blank" rel="noopener noreferrer">AirgapOS</a>, a custom Linux distribution designed specifically for offline secret management. It has been independently audited and is used in production by several major digitial asset organizations.
4. **All sensitive operations are fully verified offline before any cryptographic action is taken**
This design drastically reduces exposure to remote attacks and central points of trust, aligning closely with Distrust's first-principles security model.
#### Strategy 2 - Use remotely verified service
This strategy maintains a user experience nearly identical to the current system, while introducing verifiability at critical points in the architecture. It requires significantly more engineering effort and operational discipline, and the tooling needed to support this model is still under active development.
##### Reference design
This design relies on **secure enclaves** to host servers that are immutable, deterministic, and capable of cryptographically attesting to the software they are running. While this brings us closer to a cold setup, some residual attack surface—such as browser exploits, host OS compromise, or 0-day attacks—will always remain.
The core implementation steps are:
1. **Rewrite the application to run entirely within a secure enclave**
* TLS termination occurs **inside** the enclave
* The web interface is served **from within** the enclave
* Nothing outside the enclave is trusted
2. **Create a deterministic OS image with remote attestation (e.g., TPM2, Nitro Enclave or similar)**
* The entire stack is built using full source bootstrapped compiler in a bit-for-bit reproducible manner
3. **One engineer deploys a new enclave** with the updated application code
4. **A second engineer independently verifies** that the deployed code matches the version in the source repository
5. **Clients are issued a service worker** on first load that pins attestation keys for all future remote verification
* Users can optionally verify and download the application locally for offline operations
* Users are also encouraged to self-build and match the published signed hash
## Implementation considerations
Implementing these strategies can be technically demanding. They represent two ends of the trust minimization spectrum: one favoring offline, air-gapped assurance; the other introducing verifiability within connected systems. Both approaches significantly reduce risk but vary in complexity, tooling and requirements, and rollout timelines.
This high-level overview is meant to illustrate the kinds of problems we focus on at Distrust. Depending on the chosen strategy and organizational context, implementation can take anywhere from a few weeks to several years, especially as tooling continues to mature.

68
_posts/2025-09-29-verifiable-compute.md Normal file
View File

@ -0,0 +1,68 @@
---
danny commented 2025-09-29 20:56:28 +00:00
Review
Copy Link

Double check what character you're using for your apostrophe.

Double check what character you're using for your apostrophe.
layout: post
title: Introducing Generalized Verifiable Compute
date: 2025-09-29
---
What if the software running your systems isn't what you think? And if you had to prove what software is on a system, how would you do it?
danny commented 2025-09-29 20:39:54 +00:00
Review
Copy Link
-And if
+If
```diff -And if +If ```
Most of todays technologies are black boxes. From firmware and operating systems to compilers and cloud platforms, opacity is the default. Users can send requests to an API or server, but they cannot verify what software, or whose software, they are really interacting with. The issue impacts organizations internally as well, where system managers can't verify whether the code they think they deployed is actually what's running on the server. This is not just a usability issue, it is a systemic design failure and the result is software stacks riddled with blind spots, where compromise can occur at any stage and remain invisible.
After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve.
danny commented 2025-09-29 20:41:29 +00:00
Review
Copy Link
- After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve.
+ Years of working with high risk clients and analyzing different technologies have led us to the conclusion that the pieces needed for verifiable systems already exist. They are underutilized because they are misunderstood and difficult to use, a problem we need to solve.
```diff - After many years of working with high risk clients and analayzing different technologies, our team has concluded the pieces needed for verifiable systems already exist, but they are underutilized because they are misunderstood and difficult to use, a problem we needed to solve. + Years of working with high risk clients and analyzing different technologies have led us to the conclusion that the pieces needed for verifiable systems already exist. They are underutilized because they are misunderstood and difficult to use, a problem we need to solve. ```
Reproducible builds, secure enclaves, and cryptographic remote attestation each solve parts of the problem. Taken together, they form the building blocks for **verifiable compute**, which allows software to be verified. Our work is focused on creating the next generation of cloud hosting platform centered around verifiability and elimination of single points of failure present in current market solutions.
Like “zero trust” before it, the term verifiable compute is already being hijacked by marketing teams. Companies throw it around to describe partial solutions, usually just proving a binary hash hasnt changed. We take a stricter view: verifiable compute means the entire supply chain can be checked. Anything less is **not** verifiable compute.
## The Real-World Risk of Unverifiability
The risks of unverifiable systems are not theoretical; theyve already caused some of the most damaging security incidents of the past decade.
SolarWinds (2020) showed how a compromised software supply chain can cascade globally. Attackers injected malicious code into SolarWinds Orion updates, which were then shipped to thousands of companies and U.S. government agencies. Because customers had no way to verify what software they were actually running, the backdoor spread silently through trusted update channels.
danny commented 2025-09-29 20:48:04 +00:00
Review
Copy Link

Add link to SolarWinds CVE or news article from a good source

Add link to SolarWinds CVE or news article from a good source
patrick commented 2025-10-02 01:14:15 +00:00
Review
Copy Link
- https://www.securityweek.com/solarwinds-makes-third-attempt-at-patching-exploited-vulnerability/ - https://www.theregister.com/2025/09/23/solarwinds_patches_rce/ - https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html
This is one of the many breaches which demonstrate that without verifiability across the entire stack, organizations have no reliable way to prove the integrity of the systems they depend on.
## The Building Blocks of True Verifiability
Our team established that three key technologies are essential for making software verifiable end-to-end:
- Reproducible builds
Reproducible builds force software to be bit-for-bit identical when built from the same soruce code, and eliminate certain categories of supply chain attacks and would have prevented incidents like SolarWinds. It allows for integrity verification, without which software is opaque and difficult to verify.
danny commented 2025-09-29 20:49:16 +00:00
Review
Copy Link
- soruce
+ source
```diff - soruce + source ```
- Secure enclaves
Hardware-isolated execution (e.g., IOMMU-backed enclaves) prevents external processes — even privileged ones — from tampering with sensitive workloads. Enclaves give us strong isolation, but isolation alone doesnt prove what is running.
- Remote attestation
Remote hardware attestation (TPM2, Intel TDX, AMD SEV, AWS Nitro, and others) measures the state of a machine and provides cryptographic proof of what software is running. Attestation anchors trust at the hardware layer, but on its own it doesnt guarantee the softwares provenance or build integrity.
Taken together, these three technologies form the foundation of true verifiable compute: the ability to verify the integrity of software from the toolchain its built with to the hardware it runs on.
## Why Existing Platforms Fall Short
Current offerings from the major cloud providers (AWS, Azure, GCP, etc.) are demanding in terms of both expertise and time to set up. They also lock users into a single vendors ecosystem and force reliance and trust in one type of hardware or firmware. For example, AWS requires implicit trust in its proprietary Nitro Card, a black-box technology that customers cannot independently verify.
Other companies, such as Tinfoil, Turnkey, and Privy, offer wrappers around enclave and attestation technologies, but their solutions are limited to narrow use cases like digital asset wallets or running LLMs. Even then, what they provide is only surface-level verification: proving that a binarys hash hasnt changed. That does not give transparency into the entirety of what is running on the server.
In short, there are currently no solutions offering full transparency and elimination of single points of failure in the market.
## “Cautiously” Building the Next Generation of Verifiable Compute
Our team has chosen a no-compromise approach to solving this problem by building a cloud hosting platform, **Caution**, that:
- Is full-source bootstrapped and reproducible.
- Is portable across environments across major cloud platforms or bare metal.
- Uses multiple hardware attestations.
- Uses quorum authentication as a core primitive.
- Is fully open source.
Caution is the next generation cloud hosting platform launching in 2026. We believe this marks the beginning of a new era of infrastructure: verifiable, open, and resilient by default.
If youre interested in collaborating, contributing, or investing, wed love to talk. Email us at info@caution.co.

3943
_sass/base.scss
View File

File diff suppressed because it is too large Load Diff

1
assets/.prettierignore Normal file
View File

@ -0,0 +1 @@
*.js

3
assets/base/available.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="27" height="28" viewBox="0 0 27 28" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M13.5 2.75C11.275 2.75 9.09989 3.4098 7.24984 4.64597C5.39979 5.88213 3.95785 7.63914 3.10636 9.69481C2.25487 11.7505 2.03209 14.0125 2.46617 16.1948C2.90025 18.3771 3.97171 20.3816 5.54505 21.955C7.11839 23.5283 9.12295 24.5998 11.3052 25.0338C13.4875 25.4679 15.7495 25.2451 17.8052 24.3936C19.8609 23.5422 21.6179 22.1002 22.854 20.2502C24.0902 18.4001 24.75 16.225 24.75 14C24.75 12.5226 24.459 11.0597 23.8937 9.69481C23.3283 8.3299 22.4996 7.08971 21.455 6.04505C20.4103 5.00039 19.1701 4.17172 17.8052 3.60636C16.4403 3.04099 14.9774 2.75 13.5 2.75ZM18.3375 11.3112L13.1963 18.0612C13.0915 18.1974 12.9569 18.3077 12.8028 18.3838C12.6487 18.4598 12.4793 18.4996 12.3075 18.5C12.1366 18.5009 11.9678 18.4629 11.8138 18.3888C11.6598 18.3148 11.5247 18.2066 11.4188 18.0725L8.67375 14.5738C8.5829 14.457 8.51592 14.3236 8.47664 14.181C8.43736 14.0384 8.42655 13.8894 8.44483 13.7427C8.46312 13.5959 8.51013 13.4542 8.58319 13.3255C8.65624 13.1969 8.75392 13.084 8.87063 12.9931C9.10634 12.8096 9.40529 12.7273 9.70172 12.7642C9.84849 12.7825 9.99023 12.8295 10.1188 12.9026C10.2474 12.9756 10.3604 13.0733 10.4513 13.19L12.285 15.53L16.5375 9.905C16.6276 9.78681 16.7401 9.68753 16.8686 9.61282C16.9971 9.53812 17.1391 9.48945 17.2864 9.4696C17.4337 9.44975 17.5834 9.45911 17.7271 9.49714C17.8708 9.53517 18.0056 9.60113 18.1238 9.69125C18.2419 9.78137 18.3412 9.89389 18.4159 10.0224C18.4906 10.1509 18.5393 10.2928 18.5592 10.4401C18.579 10.5874 18.5696 10.7372 18.5316 10.8808C18.4936 11.0245 18.4276 11.1593 18.3375 11.2775V11.3112Z" fill="black"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

9
assets/base/bubble.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 9.2 MiB

3
assets/base/check.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="9" height="9" viewBox="0 0 9 9" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M7.5 2.25L3.375 6.375L1.5 4.5" stroke="#181D27" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 205 B

1
assets/base/dropdown.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path fill="currentColor" fill-rule="evenodd" d="M4.293 7.793a1 1 0 0 1 1.414 0L12 14.086l6.293-6.293a1 1 0 1 1 1.414 1.414L13.414 15.5a2 2 0 0 1-2.828 0L4.293 9.207a1 1 0 0 1 0-1.414" clip-rule="evenodd"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 295 B

3
assets/base/info.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="17" height="17" viewBox="0 0 17 17" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M8.5 11.5L8.5 8.5M8.5 5.5H8.4925M1 8.5C1 4.35786 4.35786 1 8.5 1C12.6421 1 16 4.35786 16 8.5C16 12.6421 12.6421 16 8.5 16C4.35786 16 1 12.6421 1 8.5Z" stroke="#8CBDE0" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 346 B

3
assets/base/not-available.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="27" height="28" viewBox="0 0 27 28" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M7.98075 21.11C9.71232 22.4561 11.8758 23.1236 14.0648 22.987C16.2538 22.8505 18.3176 21.9193 19.8684 20.3684C21.4193 18.8176 22.3505 16.7538 22.487 14.5648C22.6236 12.3758 21.9561 10.2123 20.61 8.48075L7.98075 21.11ZM6.39 19.5193L19.0193 6.89C17.2877 5.5439 15.1242 4.87643 12.9352 5.01298C10.7462 5.14953 8.68241 6.0807 7.13156 7.63156C5.5807 9.18241 4.64953 11.2462 4.51298 13.4352C4.37643 15.6242 5.0439 17.7877 6.39 19.5193ZM13.5 25.25C7.28663 25.25 2.25 20.2134 2.25 14C2.25 7.78663 7.28663 2.75 13.5 2.75C19.7134 2.75 24.75 7.78663 24.75 14C24.75 20.2134 19.7134 25.25 13.5 25.25Z" fill="#0F0F0F"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 718 B

BIN
assets/base/social/Mastodon-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 856 B

3
assets/base/social/Mastodon-logo.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="17" height="20" viewBox="0 0 17 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M16.9314 4.42782C16.6696 2.2789 14.9732 0.585406 12.9623 0.257251C12.623 0.201802 11.3376 0 8.35989 0H8.33765C5.35916 0 4.72014 0.201802 4.38088 0.257251C2.42595 0.576314 0.640663 2.098 0.207516 4.27238C-0.000822073 5.34319 -0.0230559 6.53037 0.0156474 7.61935C0.0708199 9.18104 0.0815251 10.74 0.209987 12.2953C0.298796 13.3285 0.453721 14.3534 0.673602 15.3623C1.08534 17.2258 2.75205 18.7766 4.38499 19.4093C6.1333 20.0691 8.01345 20.1786 9.81497 19.7256C10.0131 19.6747 10.2091 19.6156 10.4029 19.5483C10.8402 19.3947 11.3532 19.2229 11.7304 18.9211C11.7355 18.9169 11.7398 18.9114 11.7428 18.9051C11.7458 18.8988 11.7474 18.8919 11.7476 18.8848V17.3776C11.7475 17.371 11.7461 17.3644 11.7434 17.3585C11.7408 17.3525 11.7369 17.3473 11.7322 17.3432C11.7274 17.3391 11.7219 17.3363 11.7161 17.3348C11.7102 17.3334 11.7041 17.3334 11.6982 17.3349C10.544 17.6393 9.36128 17.7918 8.17461 17.7894C6.1324 17.7894 5.58314 16.7195 5.42585 16.2741C5.29943 15.8891 5.21914 15.4876 5.18704 15.0796C5.18672 15.0728 5.18787 15.0659 5.19037 15.0597C5.19288 15.0534 5.19672 15.0479 5.20152 15.0435C5.20634 15.0392 5.21202 15.0362 5.21808 15.0347C5.22415 15.0332 5.23044 15.0334 5.23646 15.0351C6.37144 15.3374 7.5349 15.4899 8.70246 15.4896C8.98326 15.4896 9.26323 15.4896 9.54405 15.4814C10.7183 15.4451 11.956 15.3787 13.1113 15.1296C13.1401 15.1233 13.169 15.1178 13.1937 15.1096C15.016 14.7233 16.7502 13.5107 16.9265 10.44C16.9331 10.3191 16.9495 9.17377 16.9495 9.04832C16.9504 8.62201 17.0739 6.02404 16.9314 4.42782ZM14.1267 12.0899H12.2105V6.90851C12.2105 5.8177 11.7987 5.26138 10.9612 5.26138C10.0406 5.26138 9.57945 5.91949 9.57945 7.2194V10.0555H7.67476V7.2194C7.67476 5.91949 7.2128 5.26138 6.29216 5.26138C5.45962 5.26138 5.04376 5.8177 5.04293 6.90851V12.0899H3.12837V6.75124C3.12837 5.66042 3.38063 4.79383 3.88514 4.15146C4.40557 3.51062 5.08824 3.18156 5.93559 3.18156C6.91633 3.18156 7.65747 3.59787 8.15154 4.42962L8.62835 5.3132L9.10596 4.42962C9.60004 3.59787 10.3412 3.18156 11.3203 3.18156C12.1668 3.18156 12.8494 3.51062 13.3715 4.15146C13.8761 4.79324 14.1283 5.65983 14.1283 6.75124L14.1267 12.0899Z" fill="#6F6F6F"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.2 KiB

BIN
assets/base/social/forgejo-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 878 B

7
assets/base/social/forgejo-logo.svg Normal file
View File

@ -0,0 +1,7 @@
<svg width="16" height="24" viewBox="0 0 16 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M3.59155 18.9401V8.93871C3.59155 7.58537 4.1291 6.28746 5.08593 5.3305C6.04276 4.37355 7.34051 3.83594 8.69367 3.83594H10.7345" stroke="#6F6F6F" stroke-width="2.5"/>
<path d="M3.59155 18.9418V15.8801C3.59155 14.5268 4.1291 13.2289 5.08593 12.2719C6.04276 11.315 7.34051 10.7773 8.69367 10.7773H10.7345" stroke="#6F6F6F" stroke-width="2.5"/>
<path d="M12.1632 5.674C13.1776 5.674 13.9999 4.85154 13.9999 3.837C13.9999 2.82245 13.1776 2 12.1632 2C11.1488 2 10.3264 2.82245 10.3264 3.837C10.3264 4.85154 11.1488 5.674 12.1632 5.674Z" stroke="#6F6F6F" stroke-width="2.5"/>
<path d="M12.1632 12.6154C13.1776 12.6154 13.9999 11.7929 13.9999 10.7784C13.9999 9.76386 13.1776 8.94141 12.1632 8.94141C11.1488 8.94141 10.3264 9.76386 10.3264 10.7784C10.3264 11.7929 11.1488 12.6154 12.1632 12.6154Z" stroke="#6F6F6F" stroke-width="2.5"/>
<path d="M3.59165 22.0002C4.60606 22.0002 5.42841 21.1777 5.42841 20.1632C5.42841 19.1486 4.60606 18.3262 3.59165 18.3262C2.57723 18.3262 1.75488 19.1486 1.75488 20.1632C1.75488 21.1777 2.57723 22.0002 3.59165 22.0002Z" stroke="#6F6F6F" stroke-width="2.5"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
assets/base/waitlist.jpeg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 159 KiB

BIN
assets/fonts/Inter-VariableFont_opsz,wght.ttf
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-Bold.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-ExtraBold.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-ExtraLight.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-Light.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-Medium.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-Regular.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/PlusJakartaSans-SemiBold.otf Normal file
View File

Binary file not shown.

BIN
assets/fonts/Rubik-VariableFont_wght.ttf
View File

Binary file not shown.

BIN
assets/images/whale_shark.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.0 MiB

0
assets/base/waitlist-static.jpeg → assets/imgs/hero-glass-flow.jpeg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.0 MiB

After

Width:  |  Height:  |  Size: 5.0 MiB

84
assets/js/main.js
View File

@ -1,4 +1,40 @@
document.addEventListener('DOMContentLoaded', function () {
// === Navbar dropdown toggle ===
document.addEventListener("DOMContentLoaded", function () {
const dropdown = document.querySelector(".nav-dropdown");
if (!dropdown) return;
const toggle = dropdown.querySelector(".nav-dropdown-toggle");
const menu = dropdown.querySelector(".nav-dropdown-menu");
toggle.addEventListener("click", function (e) {
e.stopPropagation();
dropdown.classList.toggle("open");
menu.style.display = dropdown.classList.contains("open") ? "block" : "none";
});
document.addEventListener("click", function () {
dropdown.classList.remove("open");
menu.style.display = "none";
});
});
// === Navbar dropdown toggle ENDS === //
// === NAVBAR SCROLL STARTS === //
window.addEventListener("scroll", function () {
const header = document.querySelector(".header-navbar");
if (this.window.scrollY > 20) {
header.classList.add("scrolled");
} else {
header.classList.remove("scrolled");
}
});
// === NAVBAR SCROLL ENDS === //
document.addEventListener("DOMContentLoaded", function () {
const collapsibleButton = document.querySelector(".hamburger-menu");
const menuContent = document.querySelector(".menu-content");
collapsibleButton.addEventListener("click", function () {
@ -19,20 +55,19 @@ document.addEventListener('DOMContentLoaded', function () {
// initializeCarousel();
// })
// .catch(error => console.error('Error loading JSON:', error));
}
);
});
function createCarouselItems(items) {
const carousel = document.querySelector('#carousel');
items.forEach(item => {
const itemDiv = document.createElement('div');
itemDiv.className = 'carousel-item'
const carousel = document.querySelector("#carousel");
items.forEach((item) => {
const itemDiv = document.createElement("div");
itemDiv.className = "carousel-item";
const link = document.createElement('a');
link.className = 'carousel-link';
const link = document.createElement("a");
link.className = "carousel-link";
link.href = item.link;
link.target = '_blank';
link.rel = 'noopener noreferrer';
link.target = "_blank";
link.rel = "noopener noreferrer";
const linkText = document.createTextNode(item.description);
link.appendChild(linkText);
@ -42,7 +77,7 @@ function createCarouselItems(items) {
}
function initializeCarousel() {
const carousel = document.querySelector('#carousel');
const carousel = document.querySelector("#carousel");
const items = Array.from(carousel.children);
const totalItems = items.length;
const middleIndex = Math.floor(totalItems / 2);
@ -58,8 +93,8 @@ function initializeCarousel() {
let positionIndex = (currentIndex + index + totalItems) % totalItems;
let offset = positionIndex - middleIndex;
item.style.transform = `translateY(${offset * 100}%)`;
item.classList.toggle('active', positionIndex === middleIndex);
item.style.visibility = 'visible';
item.classList.toggle("active", positionIndex === middleIndex);
item.style.visibility = "visible";
});
}
@ -68,7 +103,7 @@ function initializeCarousel() {
}
function initializeCompaniesCarousel() {
const slider = document.getElementById('logoSlider');
const slider = document.getElementById("logoSlider");
slider.innerHTML += slider.innerHTML;
@ -88,29 +123,20 @@ function initializeCompaniesCarousel() {
requestAnimationFrame(animate);
}
document.addEventListener('DOMContentLoaded', function () {
const footer = document.querySelector('footer');
document.addEventListener("DOMContentLoaded", function () {
const footer = document.querySelector("footer");
const path = window.location.pathname;
if (!footer) return;
const borderStyles = {
'/software.html': '2px solid var(--light-teal)',
'/blog.html': '2px solid var(--pink)',
};
if (borderStyles[path]) {
footer.style.borderTop = borderStyles[path];
}
// Set hover color
const hoverColors = {
'/software.html': 'var(--light-teal)',
'/blog.html': 'var(--pink)',
"/software.html": "var(--light-teal)",
"/blog.html": "var(--pink)",
};
if (hoverColors[path]) {
const style = document.createElement('style');
const style = document.createElement("style");
style.innerHTML = `
.footer-links a:hover {
color: ${hoverColors[path]};

7
dr.md Normal file
View File

@ -0,0 +1,7 @@
---
title: Caution
tagline: Open source disaster recovery for encrypted data
layout: disaster-recovery
permalink: /dr.html
thumbnail: /assets/base/caution-logo/caution-logo-png/caution-icon-white-box.png
---

7
faq.md Normal file
View File

@ -0,0 +1,7 @@
---
title: FAQs
tagline: Caution | Frequently asked questions
layout: faq
permalink: /faq.html
thumbnail: /assets/base/caution-thumbnail.png
---

4
index.md
View File

@ -1,6 +1,6 @@
---
title: Join Caution Waitlist
tagline: Caution | Waitlist
title: Caution
tagline: Open source disaster recovery for encrypted data
layout: landing
permalink: /index.html
thumbnail: /assets/base/caution-logo/caution-logo-png/caution-icon-white-box.png

7
pricing.md Normal file
View File

@ -0,0 +1,7 @@
---
title: Pricing
tagline: Caution | Pricing
layout: pricing
permalink: /pricing.html
thumbnail: /assets/base/caution-thumbnail.png
---