luci
bettertls
| luci | bettertls | |
|---|---|---|
| 23 | 3 | |
| 5,974 | 157 | |
| 1.7% | 1.3% | |
| 9.9 | 4.8 | |
| 5 days ago | 2 months ago | |
| JavaScript | Go | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
luci
-
Listen to HD radio with a $30 RTL SDR dongle
https://github.com/openwrt/luci/tree/master/applications/luc...
From https://news.ycombinator.com/item?id=38138230 :
> LuCI is the OpenWRT web UI which is written in Lua; which is now implemented mostly as a JSON-RPC API instead of with server-side HTML templates for usability and performance on embedded devices. [...] Notes on how to write a LuCI app in Lua:
- Show HN: MicroLua – Lua for the RP2040 Microcontroller
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
https://github.com/openwrt/luci/blob/master/applications/luc...
https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :
> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.
- Ethernet port status on LuCI Overview?
- Public status page?
- Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)
-
Setting the record straight for the beryl
Yours will be easy. Just flash from the factory upgrade page. The error you are referring to was fixed in the current 22.03.0 version.
- [BUG] "LuCi, Status > Realtime Graphs > Rate" not working
- Is the UI open-source, and if so, where can I find it?
-
how to see which device just DHCPed?
There is a fresh commit in, about three weeks old. See here: https://github.com/openwrt/luci/pull/5696 - so in a next release (minor, I guess) the feature will be included.
bettertls
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
Have you done any research about how well different web clients support name constraints? I know that Chrome only recently started respecting Name Constraint on root CAs [1]. The BetterTLS project tracks a bunch of related concerns, but oddly missed this one [2]. I'm wary of this approach since I don't know if the various software I use will enforce it.
1. https://alexsci.com/blog/name-non-constraint/
2. https://github.com/Netflix/bettertls/issues/19
-
Running one’s own root Certificate Authority in 2023
Wouldn't it be nice if LetsEncrypt could issue you a (1) name constrained, (2) 90-day limited intermediate CA with just the (3) DNS-01 challenge? I argue that such an intermediate CA would have no more authority than a wildcard cert which you can get today, so they should be able to issue it. [1] Everything supports name constraints now, which used to be an issue but isn't anymore.
Then stick it in step-ca and issue all your certificates with internal ACME.
This would solve a lot of problems, such as leaking private hostnames in the certificate transparency log, or hitting issuance rate limits on LE servers.
[1]: https://news.ycombinator.com/item?id=29811552
[2]: https://bettertls.com/
-
Easy HTTPS for your private networks
I've been pretty frustrated with how private CAs are supported. Your private root CA can be maliciously used to MITM every domain on the Internet, even though you intend to use it for only a couple domain names. Most people forget to set Name Constraints when they create these and many helper tools lack support [1][2]. Worse, browser support for Name Constraints has been slow [3] and support isn't well tracked [4]. Public CAs give you certificate transparency and you can subscribe to events to detect mis-issuance. Some hosted private CAs like AWS's offer logs [5], but DIY setups don't.
Even still, there are a lot of folks happily using private CAs, they aren't the target audience for this initial release.
[1] https://github.com/FiloSottile/mkcert/issues/302
[2] https://github.com/cert-manager/cert-manager/issues/3655
[3] https://alexsci.com/blog/name-non-constraint/
[4] https://github.com/Netflix/bettertls/issues/19
[5] https://docs.aws.amazon.com/privateca/latest/userguide/secur...
What are some alternatives?
openwrt-luci-bootstrap-dark - A userstyle to make OpenWrt LuCI's (default) Bootstrap theme dark
minica - minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
ath10k-ct - Stand-alone ath10k driver based on Candela Technologies Linux kernel.
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
RHVoice - a free and open source speech synthesizer for Russian and other languages
easy-rsa - easy-rsa - Simple shell based CA utility
TLP - TLP - Optimize Linux Laptop Battery Life
lexicon - Manipulate DNS records on various DNS providers in a standardized way.
nrsc5-dui - An enhanced, user-friendly version of nrsc5-gui that is not heavily dependent upon Python processing for audio generation.
daemon - a personal web server, one line of config to add a reverse proxy
plexus - Remove the fear of Android app compatibility on de-Googled devices.
caniuse - Raw browser/feature support data from caniuse.com