Martin Baschpel
@bilbothebird.bsky.social
There is no pink oliphaunt.
October 23, 2025 at 8:29 PM
The Great Software Quality Collapse: How We Normalized Catastrophe
open.substack.com/pub/techtren...
open.substack.com/pub/techtren...
The Great Software Quality Collapse: How We Normalized Catastrophe
The Apple Calculator leaked 32GB of RAM.
open.substack.com
October 13, 2025 at 8:20 AM
The Great Software Quality Collapse: How We Normalized Catastrophe
open.substack.com/pub/techtren...
open.substack.com/pub/techtren...
From FOSS to Flop, and How to Go Commercial Without Alienating Your Users blog.inedo.com/inedo/from-f...
... I guess I have Some Thoughts about that blog post, but overall a nice read.
#foss #dev
... I guess I have Some Thoughts about that blog post, but overall a nice read.
#foss #dev
From FOSS to Flop, and How to Go Commercial Without Alienating Your Users
Moq, FluentAssertions, MassTransit, AutoMapper, MediatR – if those NuGet package names sound familiar, it might be from all the recent controversy. The authors of these free, open-source .NET librarie...
blog.inedo.com
May 28, 2025 at 6:27 AM
From FOSS to Flop, and How to Go Commercial Without Alienating Your Users blog.inedo.com/inedo/from-f...
... I guess I have Some Thoughts about that blog post, but overall a nice read.
#foss #dev
... I guess I have Some Thoughts about that blog post, but overall a nice read.
#foss #dev
With Authenticode, what is the point of having hardware based HSM/FIPS protection for the private key when the Ability-To-Sign is only protected by Cloud credentials or API keys?
I really don't get it yet.
#authenticode #codesigning #softwaresecurity
security.stackexchange.com/questions/28...
I really don't get it yet.
#authenticode #codesigning #softwaresecurity
security.stackexchange.com/questions/28...
When Code Signing, what is the point of enhanced security specifically for the private key itself?
TL;DR
What is the point of having hardware based HSM/FIPS based protection for the private key when the ability to sign is "only" protected by credentials / API keys?
Background
In the pa...
security.stackexchange.com
May 2, 2025 at 1:40 PM
With Authenticode, what is the point of having hardware based HSM/FIPS protection for the private key when the Ability-To-Sign is only protected by Cloud credentials or API keys?
I really don't get it yet.
#authenticode #codesigning #softwaresecurity
security.stackexchange.com/questions/28...
I really don't get it yet.
#authenticode #codesigning #softwaresecurity
security.stackexchange.com/questions/28...
Reposted by Martin Baschpel
My keynote, "Fun for Now", from @devoxxgreece.bsky.social a couple of weeks back
www.youtube.com/watch?v=dt9Y...
www.youtube.com/watch?v=dt9Y...
Devoxx Greece 2025 - Fun for Now ( opening keynote by Kevlin Henney )
YouTube video by Devoxx
www.youtube.com
April 28, 2025 at 3:26 PM
My keynote, "Fun for Now", from @devoxxgreece.bsky.social a couple of weeks back
www.youtube.com/watch?v=dt9Y...
www.youtube.com/watch?v=dt9Y...
Reposted by Martin Baschpel
The specific text "Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features." seems pretty clear to me, "It's not supported".
April 28, 2025 at 2:42 PM
The specific text "Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features." seems pretty clear to me, "It's not supported".
@vcsjones.dev - You wrote a great article about ["Authenticode and ECC"](vcsjones.dev/authenticode...) ... 9 years ago. We're currently looking into using ECDSA only signing for Authenticode. Know whether the conclusion from back then (lacking consistent tool support) has changed in 2025?
Authenticode and ECC
While HTTPS / TLS have been making great strides in adopting new cryptographicprimitives, such as CHACHA, x25519, and ECC, another place has remainedrelative...
vcsjones.dev
April 28, 2025 at 8:55 AM
@vcsjones.dev - You wrote a great article about ["Authenticode and ECC"](vcsjones.dev/authenticode...) ... 9 years ago. We're currently looking into using ECDSA only signing for Authenticode. Know whether the conclusion from back then (lacking consistent tool support) has changed in 2025?