In case anyone here has connections with the Python team: can you please tell them to update their docs on XML security? The way it is is quite misleading, and it's been annoying me for a while. I raised this a while ago in their issue tracker, but it got no reaction whatsoever.
GitHub
python/cpython
The Python programming language. Contribute to python/cpython development by creating an account on GitHub.
 🧵
This is a gruelling summary of all the things wrong with OpenSSL
HAProxy Technologies
The State of SSL Stacks
The SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.
 I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.
Is there a way to configure the Linux kernel or a tool that puts a laptop into a "no-fan" mode? Like, if it gets too hot, reduce the CPU frequency. It's definitely possible to run my laptop without the CPU fan, by reducing the cpufreq scaling_max_freq enough for all cores. But what I'd want is "you're allowed to go to whatever freq you still can do safely without running the fan, but auto-reduce if it gets too hot, never use the fan".
#toxic stuff: Recently, my shaver broke, and for situations like this, I had an older electric shaver in a box. Which... also didn't work any more, so that didn't help. But curiously, I noted that the older shaver still had a Nickel Cadmium battery. Which is... one of the many toxic things we used to have around us, and we no longer have. and I think this is an underappreciated fact and a success of reasonable regulation. 🧵
So... I recently called out the University of Vienna as a bad example for not providing a usable security contact. In case you were wondering what that was all about, and how it continued... I eventually was pointed to a security contact address. I also reported the issue, and they confirmed it. They also claimed to have fixed it. Yet...
Mastodon
hanno (@hanno@mastodon.social)
How not to do it: Here's the university of Vienna. They tell you to use their support desk contact form WHICH REQUIRES A LOGIN... https://zid.univi...
 🧵
Dear Internet hivemind, I have a tech problem. I use nextcloud as my calendar. I get a lot of ics files these days, via email, or from web pages where I signup for events. I want to get the ics files into my nextcloud calendar without it being annoying. I think it should be simple to solve, but somehow, it isn't. I don't find any good answers how I might do that. Maybe I'm googling for the wrong terms. 🧵
In discussions about clean Hydrogen, there is a popular idea floating around, particularly in countries like Germany or Japan that import large parts of their current fossil fuel energy. Instead of importing fossil fuels, the story goes, we will import large quantities of Hydrogen in the future from places where wind and sun are plentiful, and therefore, renewable energy is cheap. The problem with this idea is that Hydrogen is really difficult to transport. ⚡💧🚢🏭 🧵
Hab mir gerade eine Rede der Linken Spitzenkandidatin Heidi Reichinnek auf youtube angeschaut, die ja scheinbar gerade dafür sorgt, dass ihre Partei noch eine Restrelevanz hat. Als erstes spricht sie über den Rechtsruck und Rassismus. Jetzt würde man ja denken: Linke Partei, die sich als zentrales Thema gegen Rechtsruck und Rassismus wendet, ist eigentlich selbstverständlich. War es halt für die letzten Jahre meist nicht.
Webdesign tip: SVG files are smaller in practice than it may appear. If you use an image on a webpage that you have as a vector graphic, it's usually a good idea to use SVG instead of raster formats like JPG/PNG. Given high resolution displays and zooming habits, your width="[pixelsize]" is practically not what's displayed, and it'll look better if it can be zoomed without losses. But if you're an optimization perfectionist, you may look at file size, which can be misleading. 🧵