Stas Skipper

0 Followers · 0 Following

• My pronounces are: your/fucking/boss

• Joined on 2025-09-03
• • 

Repositories Projects Packages Public Activity Starred Repositories

Skipper created pull request MarketTakers/arbiter#90 2026-04-16 16:44:02 +00:00

refactor-integrity-check

Skipper pushed to refactor-integrity-check at MarketTakers/arbiter 2026-04-16 16:39:59 +00:00

f49e995c2f WIP: kameo::messages wiring for transport generalization

Skipper created branch refactor-integrity-check in MarketTakers/arbiter 2026-04-16 16:39:58 +00:00

Skipper created pull request MarketTakers/arbiter#89 2026-04-14 17:10:55 +00:00

housekeeping(server): dependencies upgrade

Skipper created branch push-zmvtzuwrnyyv in MarketTakers/arbiter 2026-04-14 17:10:45 +00:00

Skipper pushed to push-zmvtzuwrnyyv at MarketTakers/arbiter 2026-04-14 17:10:45 +00:00

e88df432fb housekeeping(server): dependencies upgrade

Skipper commented on issue MarketTakers/arbiter#79 2026-04-14 16:27:44 +00:00

Not using quantum-resistant schemes

Useful top-level research: https://gemini.google.com/share/0d54d7176359

quite focused on blockchain itself. Sadly, not much can be done from our side, aside from migrating our own auth

Skipper pushed to push-wxnlsulvnrpz at MarketTakers/arbiter 2026-04-14 13:31:27 +00:00

8c4c63f51e WIP: kameo::messages wiring for transport generalization

87ee0fe87b feat(user-agent): add VaultGate for sealed vault authentication

205227a3df fix(server::integrity): vault now differentias between expected/unexpected states for commands more granularly

a4070e7df7 fix(useragent): unsafe, but working implementation of ml-dsa

6b8da567dd fix(server::user_agent): useragents now self-sign themselves on bootstrap

Compare 6 commits »

Skipper created branch push-wxnlsulvnrpz in MarketTakers/arbiter 2026-04-14 13:31:27 +00:00

Skipper suggested changes for MarketTakers/arbiter#83 2026-04-11 08:07:44 +00:00

security(server): bind grant revocation state (revoked_at) to integrity hash

Skipper commented on pull request MarketTakers/arbiter#83 2026-04-11 08:07:44 +00:00

security(server): bind grant revocation state (revoked_at) to integrity hash

mixing concerns: should create a new business-object for signing containing this field

Skipper commented on pull request MarketTakers/arbiter#83 2026-04-11 08:07:10 +00:00

security(server): bind grant revocation state (revoked_at) to integrity hash

We discuseed this: don't mix concerns

Skipper closed pull request MarketTakers/arbiter#88 2026-04-11 08:06:21 +00:00

security(useragent): validate server cert fingerprint and host instead of accepting all certificates

Skipper commented on pull request MarketTakers/arbiter#88 2026-04-11 08:06:21 +00:00

security(useragent): validate server cert fingerprint and host instead of accepting all certificates

I appreciate the effort, but sadly this is wrong solution. So first of all, we pin based on root CA, not leaf CA. This means that we check if signer that signed presented certificate by server…

Skipper commented on issue MarketTakers/arbiter#86 2026-04-09 16:55:35 +00:00

suspicious as keywords

I agree. The problem with those is that fucking sqlite dynamically sizes integers. So fucking diesel implement ToSql for sqlite only for i32.

Skipper pushed to main at MarketTakers/arbiter 2026-04-08 00:18:41 +00:00

62dff3f810 Merge pull request 'refactor(hashing): introduce Hashable derive macro and migrate server types' (#82) from hashing-proc-macro into main

6e22f368c9 refactor(hashing): introduce Hashable derive macro and migrate server types

Compare 2 commits »

Skipper merged pull request MarketTakers/arbiter#82 2026-04-08 00:18:41 +00:00

refactor(hashing): introduce Hashable derive macro and migrate server types

Skipper deleted branch hashing-proc-macro from MarketTakers/arbiter 2026-04-08 00:18:41 +00:00

Skipper approved MarketTakers/arbiter#82 2026-04-08 00:18:36 +00:00

refactor(hashing): introduce Hashable derive macro and migrate server types

LGTM

Skipper pushed to main at MarketTakers/arbiter 2026-04-07 19:26:57 +00:00

f3cf6a9438 Merge pull request 'Post-quantum crypto and better useragent security' (#80) from push-xrxykvkuxpsv into main

a9f9fc2a9d housekeeping(server): fixed clippy warns

d22ab49e3d refactor(server): moved shared module crypto into arbiter-crypto

a845181ef6 docs: ml-dsa scheme everywhere

0d424f3afc refactor(server): migrated auth to ml-dsa

Compare 5 commits »