Amongst the numerous reasons why you _don't_ want to rush into implementing new algorithms is even the _reference implementation_ (and most other early implementations) for Kyber/ML-KEM included multiple timing side channel vulnerabilities that allowed for key recovery.[1][2]

djb has been consistent in view for decades that cryptography standards need to consider the foolproofness of implementation so that a minor implementation mistake specific to timing of specific instructions on specific CPU architectures, or specific compiler optimisations, etc doesn't break the implementation. See for example the many problems of NIST P-224/P-256/P-384 ECC curves which djb has been instrumental in fixing through widespread deployment of X25519.[3][4][5]

[1] https://cryspen.com/post/ml-kem-implementation/

[2] https://kyberslash.cr.yp.to/faq.html / https://kyberslash.cr.yp.to/libraries.html

[3] https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplic...

[4] https://safecurves.cr.yp.to/ladder.html

[5] https://cr.yp.to/newelliptic/nistecc-20160106.pdf

This exists: https://github.com/facebookincubator/sks.

It's a golang library that abstracts usage of ssh keys backed by hardware on all sorts of devices - mostly designed for laptops, but supports Linux, Windows and MacOs

Such a bunch of negative folks in here. I personally stickerbomb every company laptop I get knowing full well some poor guy in IT is going to have to scrape it all off.

I once had a loaner thinkpad for two days whilst my MacBook was bricked by Jamf - best believe they got that thing back covered.

His face when I handed it back to him, priceless.

Side note: What is that massive yellow CYBER sticker that seems to be on 80% of them? Feel like I’ve missed some kind of political movement.

These criticisms all feel very nitpicky and subjective. So many of them seem to boil down to, "this is an opinionated configuration, but their opinions differ from my opinions."

This part was where I stopped taking the article seriously:

>Moreover, taking into account that the system relies heavily on sudo (instead of the more modern doas), and also considering that the default installation configures the maximum number of password retries to 10 (instead of the more cautious limit of three), it raises an important question: Does Omarchy care about security?

This is such a reflexive and petty critique. How many real world security breaches happened because a login prompt that requires physical access limited to 10 tries instead of the "more cautious" limit of 3? And do you even care about security at all unless you limit to the even more cautious limit of 2?

C interop is excellent and has been for years. The one piece that still needs unstable is defining/exposing varargs functions (support for calling them was stabilized many years ago). You can write almost anything you can write in C in (partly unsafe) Rust, in fact there are projects like c2rust that automate this translation.

These new features are all about making things that the kernel devs need possible in safe Rust. This often requires support for some quite fancy abstractions, some of which cannot be expressed in current stable Rust.

Many people used Arch for its status as "the pro Linux distribution" i.e. not beginner friendly, but secretly still easy enough that you don't need much effort. That's how "I use Arch btw" became a meme.

These people have now moved to NixOS.