Author: Paul Bastide

  • FIPS support in Go 1.24

    Kudos to the Red Hat team. link

    The benefits of native FIPS support in Go 1.24

    The introduction of the FIPS Cryptographic Module in Go 1.24 marks a watershed moment for the language’s security capabilities. This new module provides FIPS 140-3-compliant implementations of cryptographic algorithms, seamlessly integrated into the standard library. What makes this particularly noteworthy is its transparent implementation. Existing Go applications can leverage FIPS-compliant cryptography without requiring code changes.

    Build-time configuration through the GOFIPS140 environment variable, allowing developers to select specific versions of the Go Cryptographic Module.

    GOFIPS140=true go build

    Runtime control via the fips140 GODEBUG setting, enabling dynamic FIPS mode activation.

    GODEBUG=

    Keep these in your toolbox along with GOARCH=ppc64le

  • Updates to Open Source Container images for Power on IBM Container Registry

    The IBM Linux on Power team pushed new images to their public open source container images in the IBM Container Registry (ICR). This should assure end users that IBM has authentically built these containers in a secure environment.

    The new container images are:

    Image NameTag NameProject LicensesImage Pull CommandLast Published
    fluentd-kubernetes-daemonsetv1.14.3-debian-forward-1.0Apache-2.0podman pull icr.io/ppc64le-oss/fluentd-kubernetes-daemonset:v1.14.3-debian-forward-1.0March 17, 2025
    cloudnative-pg/pgbouncer1.23.0Apache-2.0podman pull icr.io/ppc64le-oss/cloudnative-pg/pgbouncer:1.23.0March 17, 2025
  • Formatting JSON with VIM

    I am working on an analytics project where we generate very complicated medical analysis and put it in a hierarchical data model.

    json

    { "test" : { "test1" : "val1" } }

    Open the JSON in vim and use python -m json.tool

    :%!python -m json.tool

    Results

    json

    {
        "test": {
            "test1": "val1"
        }
    }

    Note: jq (jq is another option, but… not always available on every system, python tends to work everywhere).

    References

  • Extract the Certs (All of Them)

    Quick way to extract the main cert, and the intermediate CA and ROOT ca from a host.

    shell

    echo "" | openssl s_client -showcerts -prexit -connect HOSTNAME:443 2> /dev/null | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p'

    One sees a PEM as output (just capture into a file one can use)