banner
karalabe.bsky.social
Péter Szilágyi
@karalabe.bsky.social
2.8K followers 100 following 1K posts
Founder @dark.bio Former Go Ethereum Lead (2015-2025)
Posts Media Videos Starter Packs
Pinned
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 28d
Super proud and scared at the same time, today I've officially went from developer to founder. 🥹

Dark Bio is not my hobby project any more, it's an attempt to open genomics privately and sovereignly to the world. 😊
dark.bio
Dark Bio @dark.bio · 28d
Thrilled to announce, that Dark Bio AG is officially incorporated in Zug, Switzerland! 🇨🇭

Infinite work to be done, but it's a huge step towards private, sovereign and personal genomics. 🧬

Thank you everyone involved in this milestone! 🤍
2 9
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 15h
I’m sorry @pfrazee.com , chat likes @why.bsky.team more…
5 1 20
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 2d
Waking up at 3:30AM to try and get a ticket to the Ghibli museum (Mitaka, Japan) is absolutely worth it!

Took 3 trips to Tokyo across 2 years to finally get in, but it’s such an amazing place 😊
4
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 15d
crates.io: Rust Package Registry
crates.io
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 15d
Ended up wrapping PBKDF2 too in my #rust crypto library. It's excessively simple, but I wanted a single library to depend on in the @dark.bio #flutter mobile app with a single version bump needed to add features / fix existing ones. It's turning into quite a nifty crate. 😊
1 3
Reposted by Péter Szilágyi
dmnd.me
☕️ Jeremy Diamond @dmnd.me · Mar 6
Hi, it’s me, your neighborhood robotics business guy, to inform you that if robots were actually ready to automate a process at scale, they would likely already be deployed
chrisrugaber.bsky.social
Chris Rugaber @chrisrugaber.bsky.social · Mar 6
Fascinating interview with Commerce Secretary Howard Lutnick on @cnbc.com this morning: He said that US manufacturers can use robots to offset the low wages paid in other countries, enabling the return of more production to the US, and Americans can get jobs building and maintaining the robots.
24 110 640
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 19d
Ok, can confirm from the chip datasheet that writes are significantly limited on the one I used vs the one on RPI onboard (I used cheap test ones). So that might mean Imma be faster than RPI onboard 😎
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 19d
So I went back to an RPI with the onboard eMMC and dumped the driver hack onto it. Read speed increased by 7.5% 🤪.

Thus my question is again: whyyyyy :))

Jury's still out on the write speed, there I'm still hit by 30%. Still investigating, but it could also be the chip.
1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 19d
Hahahaha, I moved the eMMC chip off a @raspberrypi.com
onto my own board. Disk speed got hit by 50%.

After investigating, turned out the RPI drivers set external eMMCs to low speed (why?!). So I overrode it in the driver... worked.

Problem is... now my reads outperform the RPI 🤣
1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 21d
Not for the details mind you, more for the adversarial thinking. It’s extremely hard to get a knack for that without actively doing it
1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 21d
Can confirm that
1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 21d
Me 9 months ago: "Imma make a genomic project so I won't need cryptography"... 😁

Me today: "Myeah, ZK membership proofs look like something I need"... 😭
1 4
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 23d
Just to highlight the insane amount of attention to detail that goes into the @dark.bio Arks:

I bought thousands of SIM card ejector pins and I'm not stopping until I find one that looks good and doesn't oxidise or rust under harsh conditions 🤪

The shiny ones just arrived!
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 23d
Looks bothing like it’s supposed to… 😅
3
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 23d
Heh, reached the point with my @dark.bio hardware where assembly requires x-ray inspection ☠️

Yeah, the tracing will get some more love, here I just wanted to see if it works at all before cleaning it up.
1 5
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 24d
My CBOR code was just patched up with a fuzzer and a crash-fix, courtesy of 0xalpharush 😎 Thank you for your contribution to @dark.bio :)

github.com/dark-bio/cry...
5
Reposted by Péter Szilágyi
dark.bio
Dark Bio @dark.bio · 24d
Your genome is the essence of what makes you, you. Nobody can be trusted to safe-guard that. No laboratory, no company, no government... not us.

It's your responsibility to keep your genome private; and our mission, to help you do so!
DNA tests: Who is getting rich with the data from our genes? | DW Documentary
YouTube video by DW Documentary
www.youtube.com
1 1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
How hard can it be to write a CBOR codec? 😅

6 hours and 1200 LOC later, I have my own #Rust CBOR encoder 🤪 Go break it if you can ;P

github.com/dark-bio/cry...
1 6
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
But Peter, why don't you just send a bugfix?

1. It's backwards incompatible, so would not get accepted.
2. The root cause means the lib was not designed with security in mind. I won't find all the issues.
3. CBOR is huge. Restricting a big lib is harder than making a small one.
1 3
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
For me, unfortunately, the state of CBOR libraries in the Rust ecosystem means that I will most probably end up rolling my own, super limited subset of CBOR to make sure I have the necessary guarantees within my own critical components. Poop.
1 2
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
Throughout the history of the 'net, a number of security vulnerabilities were all caused by parsers being overly flexible.

The mantra often is "be strict when encoding, be lax when decoding". I'm sorry, but this is *very* bad advice. If you get bad data, throw that thing out!
1 3
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
This may result in some data being accepted in some layers and rejected on other layers in the pipeline where it is not expected to "become invalid".

It also opens up a can of worms where multiple different blobs start to hash to the same thing with the same valid signature.
2 1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
An entire family of security issues open up when you expect your decoder to enforce types, and it does some silent transforms under the hood to make you happy.

I can get an invalid packet from a malicious host, that my decoder reinterprets as if it was valid. Then things go bad.
1 1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
A Vec<u8> is defined in ciborium as an "array of ints" and encodes as such. It, however, will happily decode not only an "array of ints", but also a "bytes string" too into a Vec<u8>. On the surface this seems reasonable, they're kind of the same; but really, it is not.
1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
The root cause is that the encoder/decoder is *not* bijective. As in, the decoder tries to be "smart" and instead of rejecting mismatching types, it tries to "make it work" if possible. At least for byte blobs.
1 1
karalabe.bsky.social
Péter Szilágyi @karalabe.bsky.social · 26d
I've been using CBOR via the `ciborium` #Rust crate for the cryptographic signatures (data encoding) in my Dark Bio project.

I've restricted it quite a bit, disallowed most types. Today I found that unfortunately it's still problematic, possibly beyond fixing for security uses.
2 7