Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
git.sr.ht/~whereswaldon/sprout-go
This is an implementation of the Sprout Protocol in Go. It provides methods to send and receive protocol messages in Sprout. Sprout is one part of the Arbor Chat project.
NOTE: this package requires using a fork of golang.org/x/crypto, and you must therefore include the following in your
go.mod
:replace golang.org/x/crypto => github.com/ProtonMail/crypto <version-from-sprout-go's-go.mod>
Arbor is a chat system that makes communication clearer. It explicitly captures context that other platforms ignore, allowing you to understand the relationship between each message and every other message. It also respects its users and focuses on group collaboration.
You can get information about the Arbor project here.
For news about the project, join our mailing list!
This repo currently contains an example implementation of an Arbor Relay, which is analagous to a "server" in a traditional chat system. You can find it in cmd/relay
.
If you want to run a local relay to test something, it's very easy!
First, install mkcert
so that you can create trusted local TLS certificates.
Then do the following:
mkcert --install # configure your local CA
mkcert localhost 127.0.0.1 ::1 arbor.local # generate a trusted cert for local addresses
mkdir grove # create somewhere to store arbor forest data
# Copy any nodes you want the relay to have into this grove directory.
# To copy from your local sprig installation:
cp ~/.config/sprig/grove/* grove/
# Adapt this as necessary if your history is stored elsewhere.
relay -certpath ./localhost+3.pem -keypath ./localhost+3-key.pem -grovepath ./grove/
You can now connect to this relay with any client on the address localhost:7777
, arbor.local:7777
, and the other names that you configured in the certificate.
If you want to examine the behavior of a sprout relay, it is sometimes convenient to directly connect to the relay.
To do this, install socat
(it's probably in your package manager). If you want to test against the official arbor relay you can do:
socat openssl:arbor.chat:7117 stdio
You can then type valid sprout protocol messages and see the relay's responses.
Here's an example session that you could replicate:
version 1 0.0
Response:
status 1 0
We advertise our protocol version as 0.0 and the relay agrees to use that version.
list 2 1 3
Response:
response 2 1
SHA512_B32__mw9nEYu_XAgnw0mRRNO60J2bqIOOBmalIXgOqxoKV-o <base64url-node-data>
We request a list of the three most recent communities. We only get one back because the relay currently only knows about one.
leaves_of 3 SHA512_B32__mw9nEYu_XAgnw0mRRNO60J2bqIOOBmalIXgOqxoKV-o 3
Response:
response 3 3
SHA512_B32__S7wybDxauEZEYJCRenemN2WB5woupuHlRU-Gj5eVU8M <base64url-node-data>
SHA512_B32__GITqdhoPqbECv6Sb03zW8H7Ry0M8dScmQwMcrdeoEwI <base64url-node-data>
SHA512_B32___wCB6e6y9cWhjdHGyI4ki-qGa-GVWTmgP8ZtYpIK7O0 <base64url-node-data>
We request three leaves of the one community that exists.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.