18 comments

[ 3.7 ms ] story [ 53.5 ms ] thread
In many Slavic languages (and also in Hungarian) hiba/chiba/chyba means mistake :)
In Polish it means roughly “surely“, alternatively „I guess“.
In modern Polish. The meaning derives from the old Polish word meaning mistake too :)
It doesn’t derive anything. The word had a different meaning before XX century. Modern usage is to weaken the statement, the closest I can immediately think of is „possibly”. On chyba śpi = he possibly sleeps.
In Romanian, probably through slavic origins, it means specifically 'the flaw'.
In Hebrew it means affection (written חיבה)
In Arabic it’s gift, هبة
In Russian it means…

… it doesn’t mean anything.

If people who speak Slavic languages can drive a car called Škoda, they can use a tool called HIBA.
This is definitely interesting. I'd be interested in a functional comparison with ssh using kerberos. Is the difference that each host can be totally independent? Does this project require a separate certificate management system? Perhaps you could use IPA or similar for your everyday machines, and HIBA for rarely accessed computers that you don't want in your domain.
(comment deleted)
This reminds me of a 2016 blog post titled "Scalable and Secure Access with SSH" [1] on the Facebook engineering blog which does this with standard SSH tooling. I think the benefit of HIBA is more granularity in terms of authorization per system via Grants attached to certs as compared to authorized principal files on the hosts. Grants are centrally managed and can be given on a case-by-case basis, and revoked individually, for example.

[1]: https://engineering.fb.com/2016/09/12/security/scalable-and-...

Seems like an open way to get what AWS SSM authnz provides.
I would have named it Secure HIBA, i.e. SHIBA
But that's not the SHIBA he knew.