This is a gruelling summary of all the things wrong with OpenSSL

HAProxy Technologies

The State of SSL Stacks

The SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.

I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.

Is there a way to configure the Linux kernel or a tool that puts a laptop into a "no-fan" mode? Like, if it gets too hot, reduce the CPU frequency. It's definitely possible to run my laptop without the CPU fan, by reducing the cpufreq scaling_max_freq enough for all cores. But what I'd want is "you're allowed to go to whatever freq you still can do safely without running the fan, but auto-reduce if it gets too hot, never use the fan".

#toxic stuff: Recently, my shaver broke, and for situations like this, I had an older electric shaver in a box. Which... also didn't work any more, so that didn't help. But curiously, I noted that the older shaver still had a Nickel Cadmium battery. Which is... one of the many toxic things we used to have around us, and we no longer have. and I think this is an underappreciated fact and a success of reasonable regulation. 🧵

So... I recently called out the University of Vienna as a bad example for not providing a usable security contact. In case you were wondering what that was all about, and how it continued... I eventually was pointed to a security contact address. I also reported the issue, and they confirmed it. They also claimed to have fixed it. Yet...

Mastodon

hanno (@hanno@mastodon.social)

How not to do it: Here's the university of Vienna. They tell you to use their support desk contact form WHICH REQUIRES A LOGIN... https://zid.univi...

🧵

Dear Internet hivemind, I have a tech problem. I use nextcloud as my calendar. I get a lot of ics files these days, via email, or from web pages where I signup for events. I want to get the ics files into my nextcloud calendar without it being annoying. I think it should be simple to solve, but somehow, it isn't. I don't find any good answers how I might do that. Maybe I'm googling for the wrong terms. 🧵