Remote: Yes

Willing to relocate: within India

Technologies: Rust, C++, C, Python, Go, Postgres, MySQL, SQL, Linux, Nix

Résumé/CV: https://gotlou.srht.site/resume.pdf

Email: gotlouemail@gmail.com

Blog: https://gotlou.srht.site

LinkedIn: https://www.linkedin.com/in/saksham--mittal

I'm a student, and am looking for a good internship experience in the first half of 2024. I am currently a Google Summer of Code contributor at the Tor Project, and have contributed to Arti, the Rust rewrite of Tor in C, working beside the Arti devs.

I'm particularly interested in open source, computer networking and associated software. A while back I hacked around and built a peer to peer file transfer program to learn Rust, including the file transfer protocol too (you can check it out on https://github.com/gotlougit/p2p-file-transfer or on https://git.sr.ht/~gotlou/p2p-file-transfer). I did this mostly being inspired by Tailscale and also out of frustration of how getting uncompressed photos from friends was a mess.

I love learning new things and am a fast learner. Currently I am writing (and using!) a more secure, drop-in SSH agent replacement (at https://git.sr.ht/~gotlou/sshield or https://github.com/gotlougit/sshield) which encrypts SSH keys and unlocks them with a master password, with planned features including using Linux sandboxing mechanisms such as Landlock or seccomp-bpf to make the agent process less prone to RCEs.

For more info, check out my Github at https://github.com/gotlougit

It allows importing settings and keys from OpenSSH as well as creating, updating, showing and deleting keys. Whenever a program requests using the key for signing, a prompt is displayed to the user for confirmation.

This way:

1. Your keys don't get leaked (unless the server process' memory is dumped, but that requires root on *nix systems)

2. Your keys don't get misused and inadvertedly sign something malicious.

It is still a work in progress, but I've been able to switch with fairly minor inconveniences that are just the result of not having it globally installed. The repo will soon have a Nix overlay or package output with all the right settings enabled for daily production usage.

Other planned features include using one of the Linux sandboxing APIs, like Landlock or seccomp to further lock down server process to reduce the chance of an RCE being triggered and a way to store the database on different cloud storage mediums so you can use their ACLs to further lock down access to the database and back up keys simultaneously.

Comments URL: https://news.ycombinator.com/item?id=36928177

Points: 3

# Comments: 0

https://xeiaso.net/blog/paranoid-nixos-aws-2021-08-11 is one of my personal favorites, as well as https://tailscale.dev/blog/headscale-funnel

I post tech-related stuff, mostly just about projects I've built and more recently open source contributions under GSoC. The templating system to publish posts is very basic and custom, I wrote it in Python a couple years ago and never looked back.

I also appreciate some other tech, like using MicroG or Tailscale.

By any chance, would you be open to a remote internship? I already have prior knowledge of Rust and am currently a GSoC contributor this year, also in a Rust project.

Remote: Yes

Willing to relocate: within India

Technologies: Rust, C++, C, Python, Go, Postgres, SQL, Linux

Résumé/CV: https://gotlou.srht.site/resume.pdf

Email: gotlouemail@gmail.com

Blog: https://gotlou.srht.site

LinkedIn: https://www.linkedin.com/in/saksham--mittal

I'm a student, and am looking for a good internship experience in the first half of 2024. I am currently a Google Summer of Code contributor at the Tor Project, and have contributed to Arti, the Rust rewrite of Tor in C, working beside the Arti devs.

I'm particularly interested in open source, computer networking and associated software. A while back I hacked around and built a peer to peer file transfer program to learn Rust, including the file transfer protocol too (you can check it out on https://github.com/gotlougit/p2p-file-transfer or on https://git.sr.ht/~gotlou/p2p-file-transfer). I did this mostly being inspired by Tailscale and also out of frustration of how getting uncompressed photos from friends was a mess.

I love learning new things and am a fast learner. Recently I migrated to NixOS, and quickly ended up configuring a tmpfs rootfs so I could manage the state of my system better.

For more info, check out my Github at https://github.com/gotlougit

You can check out my blog post[1] if you're interested how I went about it (there are a couple resources at the bottom I used to build it, including the one that HideousKojima recommended).

As for language, in hindsight, C was fine. CHIP-8 is so basic that you don't really need to worry about performance or to implement a JIT compiler unless you want to learn how to do those things specifically. Just pick any one out of the three (assembly is a bit of a weird choice though, why not write a CHIP-8 emulator and then a brand new program to run on that emulator in CHIP-8 assembly if you want to learn assembly?)

As for Gameboy, it would have more instructions, a different graphics system, sound etc. and overall be more complicated than CHIP-8. Try it out if you either feel a bit more adventurous or have implemented CHIP-8.

[0](https://sr.ht/~gotlou/chip8-emulator) [1](https://gotlou.srht.site/chip8-emulator.html)

Example, rather than https://mahdi.blog/raw/raw-permalinks-for-accessibility/, it would be https://mahdi.blog/raw-permalinks-for-accessibility.raw

It's a minor nitpick really, but I quite like this idea! I think I'll try to implement this for my website too.

As for the other people here wondering why User Agents weren't used for this:

- Using static website hosting goes out the window, which is quite a shame because it makes everything so much easier

- User agents are pretty terrible for determining capabilities and intent (what if someone was using curl to get an actual webpage?)

- It will never cover all types of HTTP clients (a whitelist is pretty terrible as we have seen from various online services restricting Firefox users or Linux users from certain features for no other reason than their user agents weren't in the list the developers used to check for the presence of certain features).