At the North America edition of the 2018
Linux Security Summit (LSS NA), which was held in late August in Vancouver,
Canada, Kees Cook gave a presentation on some of the dangers that come with
programs written in C. In particular, of course, the Linux kernel is
mostly written in C, which means that the security of our systems rests on
a somewhat dangerous foundation. But there are things that can be done to
help firm things up by "Making C Less Dangerous" as the title
of his talk suggested.

In response to the Snowden revelation that the CIA compromised Apple developers' build process, thus enabling the government to insert backdoors at compile time without developers realizing, Debian, the world's largest free software project, has embarked on a campaign to to prevent just such attacks. Debian's solution? Reproducible builds.

Reproducible builds, as the name suggests, make it possible for others to reproduce the build process. "The idea is to get reasonable confidence that a given binary was indeed produced by the source," Lunar said. "We want anyone to be able to produce identical binaries from a given source."

If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.

There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. Password hashing is one of those things that's so simple, but yet so many people get wrong. With this page, I hope to explain not only the correct way to do it, but why it should be done that way.