cpu
@cpu.xkeyscore.club
Reposted by cpu
Maintaining #Rustls isn’t just code — it’s choices. Dirkjan shared how OSS maintainers balance safety vs. niche flexibility and why API instability or incompatibility can ripple across the ecosystem. Full story at netstack.fm/#episode-7
Netstack.FM — A Podcast About Networking and Rust
Interviews, monologues, and deep dives into Rust and modern networking systems.
netstack.fm
September 30, 2025 at 1:34 PM
Maintaining #Rustls isn’t just code — it’s choices. Dirkjan shared how OSS maintainers balance safety vs. niche flexibility and why API instability or incompatibility can ripple across the ecosystem. Full story at netstack.fm/#episode-7
Reposted by cpu
We have a little blog post about this rustls.dev/blog/2025-09...
September 3, 2025 at 4:51 PM
We have a little blog post about this rustls.dev/blog/2025-09...
Reposted by cpu
LIVE at #rustconf: The Rust Foundation has launched its new "Rust Innovation Lab" with Rustls, a leading TLS library, as the inaugural hosted project!
The RIL provides comprehensive support for funded OSS projects, ensuring sustainable & community-led growth. rustfoundation.org/media/rust-f...
The RIL provides comprehensive support for funded OSS projects, ensuring sustainable & community-led growth. rustfoundation.org/media/rust-f...
September 3, 2025 at 4:14 PM
LIVE at #rustconf: The Rust Foundation has launched its new "Rust Innovation Lab" with Rustls, a leading TLS library, as the inaugural hosted project!
The RIL provides comprehensive support for funded OSS projects, ensuring sustainable & community-led growth. rustfoundation.org/media/rust-f...
The RIL provides comprehensive support for funded OSS projects, ensuring sustainable & community-led growth. rustfoundation.org/media/rust-f...
Reposted by cpu
PowerDNS Recursor 5.3.0 has a nice note in the changelog:
> The embedded webserver used to display the status page and process REST API calls has been rewritten in Rust and now supports multiple listen addresses and TLS.
The new code is powered by Hyper+Rustls+Ring 🦀 🔒
(h/t Stefan Schmidt)
> The embedded webserver used to display the status page and process REST API calls has been rewritten in Rust and now supports multiple listen addresses and TLS.
The new code is powered by Hyper+Rustls+Ring 🦀 🔒
(h/t Stefan Schmidt)
August 28, 2025 at 4:07 PM
PowerDNS Recursor 5.3.0 has a nice note in the changelog:
> The embedded webserver used to display the status page and process REST API calls has been rewritten in Rust and now supports multiple listen addresses and TLS.
The new code is powered by Hyper+Rustls+Ring 🦀 🔒
(h/t Stefan Schmidt)
> The embedded webserver used to display the status page and process REST API calls has been rewritten in Rust and now supports multiple listen addresses and TLS.
The new code is powered by Hyper+Rustls+Ring 🦀 🔒
(h/t Stefan Schmidt)
TIL the B root servers have deployed experimental DoT support for TLS on the recursor -> auth. server leg: b.root-servers.org/research/tls...
Experimental DNS over TLS support
B.root-servers.net DNS operated by the University of Southern California
b.root-servers.org
August 21, 2025 at 8:09 PM
TIL the B root servers have deployed experimental DoT support for TLS on the recursor -> auth. server leg: b.root-servers.org/research/tls...
Reposted by cpu
TIL that the ITU has an annual "X.509 Day", wheeee www.itu.int/md/T25-TSB-C...
July 30, 2025 at 2:15 PM
TIL that the ITU has an annual "X.509 Day", wheeee www.itu.int/md/T25-TSB-C...
Reposted by cpu
We announced the new native Go FIPS 140-3 mode today!
FIPS 140, like it or not, is often a requirement, and I was increasingly sad about large deployments replacing the Go crypto packages with non-memory safe cgo bindings.
Go is now one of the easiest and most secure ways to build under FIPS 140.
FIPS 140, like it or not, is often a requirement, and I was increasingly sad about large deployments replacing the Go crypto packages with non-memory safe cgo bindings.
Go is now one of the easiest and most secure ways to build under FIPS 140.
The FIPS 140-3 Go Cryptographic Module
Go now has a built-in, native FIPS 140-3 compliant mode.
go.dev
July 15, 2025 at 9:40 PM
We announced the new native Go FIPS 140-3 mode today!
FIPS 140, like it or not, is often a requirement, and I was increasingly sad about large deployments replacing the Go crypto packages with non-memory safe cgo bindings.
Go is now one of the easiest and most secure ways to build under FIPS 140.
FIPS 140, like it or not, is often a requirement, and I was increasingly sad about large deployments replacing the Go crypto packages with non-memory safe cgo bindings.
Go is now one of the easiest and most secure ways to build under FIPS 140.
Reposted by cpu
Today we released rustls 0.23.29 crates.io/crates/rustl... -- highlights are better error reporting for unsupported signature algorithms in certificates, and quite a few performance improvements (via a set of changes that started almost 2 years ago!)
crates.io: Rust Package Registry
crates.io
July 10, 2025 at 3:26 PM
Today we released rustls 0.23.29 crates.io/crates/rustl... -- highlights are better error reporting for unsupported signature algorithms in certificates, and quite a few performance improvements (via a set of changes that started almost 2 years ago!)
Reposted by cpu
Pretty excited about the release of instant-acme 0.8, with lots of work from @cpu.xkeyscore.club (who joined as a maintainer) on ARI, profiles, integration testing and a much improved API.
github.com/djc/instant-...
github.com/djc/instant-...
Release 0.8.0 · djc/instant-acme
The 0.8 release contains substantial changes to make the API more modular. It integrates full support for ACME Renewal Information (ARI, recently standardized as RFC 9773). Since the 0.7.2 release,...
github.com
July 9, 2025 at 3:32 PM
Pretty excited about the release of instant-acme 0.8, with lots of work from @cpu.xkeyscore.club (who joined as a maintainer) on ARI, profiles, integration testing and a much improved API.
github.com/djc/instant-...
github.com/djc/instant-...
Nerd-sniped by bagder into looking at how rustls-ffi stacks up against OpenSSL on memory allocations/peak heap usage when plugged in as a curl vTLS backend.
Headlines:
* with rustls-ffi 0.15.0: 2,176 allocations. peak heap of 394kB.
* with openssl 3.4.1: 308,132 allocations (!). peak heap of 2.1MB
Headlines:
* with rustls-ffi 0.15.0: 2,176 allocations. peak heap of 394kB.
* with openssl 3.4.1: 308,132 allocations (!). peak heap of 2.1MB
1.Download https://curl.se using #curl built to use OpenSSL
2. count number of allocations made with heaptrack
3. pause for gasping
4. double-check that curl only does 134 allocs itself, independently of the downloaded size
5. check the heaptrack number again
54,000
hm
2. count number of allocations made with heaptrack
3. pause for gasping
4. double-check that curl only does 134 allocs itself, independently of the downloaded size
5. check the heaptrack number again
54,000
hm
curl
curl.se
July 7, 2025 at 3:03 PM
Nerd-sniped by bagder into looking at how rustls-ffi stacks up against OpenSSL on memory allocations/peak heap usage when plugged in as a curl vTLS backend.
Headlines:
* with rustls-ffi 0.15.0: 2,176 allocations. peak heap of 394kB.
* with openssl 3.4.1: 308,132 allocations (!). peak heap of 2.1MB
Headlines:
* with rustls-ffi 0.15.0: 2,176 allocations. peak heap of 394kB.
* with openssl 3.4.1: 308,132 allocations (!). peak heap of 2.1MB
You love to see it.
Track two new CVE's of ogsudo by squell · Pull Request #1173 · trifectatechfoundation/sudo-rs
Two new CVE's were disclosed yesterday in ogsudo which do not apply to sudo-rs since they pertain to functionality we chose not to support.
github.com
July 1, 2025 at 2:43 PM
You love to see it.
Reposted by cpu
I don't think they post here, but excited to be talking about what the Go Security team does, and why (hopefully) you don't hear much about us, at GopherCon UK in August.
June 30, 2025 at 8:33 PM
I don't think they post here, but excited to be talking about what the Go Security team does, and why (hopefully) you don't hear much about us, at GopherCon UK in August.
IP address certificate subjects are coming to Let's Encrypt SOON™: community.letsencrypt.org/t/getting-re...
The groundwork for this was started ~2020 so it's extremely cool to see it coming to fruition !
The groundwork for this was started ~2020 so it's extremely cool to see it coming to fruition !
June 25, 2025 at 4:00 PM
IP address certificate subjects are coming to Let's Encrypt SOON™: community.letsencrypt.org/t/getting-re...
The groundwork for this was started ~2020 so it's extremely cool to see it coming to fruition !
The groundwork for this was started ~2020 so it's extremely cool to see it coming to fruition !
Reposted by cpu
Wrote some notes on self-hosting an Atuin sync server and getting to it via Tailscale hackd.net/posts/atuin-...
June 19, 2025 at 6:03 PM
Wrote some notes on self-hosting an Atuin sync server and getting to it via Tailscale hackd.net/posts/atuin-...
Reposted by cpu
*slaps roof of libcrypto* this bad boy can fit so much global mutable state inside it!
June 19, 2025 at 3:05 AM
*slaps roof of libcrypto* this bad boy can fit so much global mutable state inside it!
Reposted by cpu
Had a gig wrap up a little earlier than expected, I should have availability starting July or so.
As always: if you need help with Embedded, Rust, or similar things, shoot me a message!
If you're a user of postcard, p-rpc, or are interested in the more experimental new ergot: shoot me a message!
As always: if you need help with Embedded, Rust, or similar things, shoot me a message!
If you're a user of postcard, p-rpc, or are interested in the more experimental new ergot: shoot me a message!
June 17, 2025 at 7:29 PM
Had a gig wrap up a little earlier than expected, I should have availability starting July or so.
As always: if you need help with Embedded, Rust, or similar things, shoot me a message!
If you're a user of postcard, p-rpc, or are interested in the more experimental new ergot: shoot me a message!
As always: if you need help with Embedded, Rust, or similar things, shoot me a message!
If you're a user of postcard, p-rpc, or are interested in the more experimental new ergot: shoot me a message!
Reposted by cpu
I implore folks to apply a better theory of the mind than "they dumb or evil" to experienced Chrome engineers entrusted with the security of 3.5B people.
You can still disagree! But if you can't articulate their technical motivations, please pause for a second and consider you might be missing it.
You can still disagree! But if you can't articulate their technical motivations, please pause for a second and consider you might be missing it.
June 17, 2025 at 1:57 PM
I implore folks to apply a better theory of the mind than "they dumb or evil" to experienced Chrome engineers entrusted with the security of 3.5B people.
You can still disagree! But if you can't articulate their technical motivations, please pause for a second and consider you might be missing it.
You can still disagree! But if you can't articulate their technical motivations, please pause for a second and consider you might be missing it.
Today I thought I would try the Spotify Linux desktop client instead of the web UI.
It's only _slightly_ disconcerting to find after an hour of listening that it's been spewing stack smashing errors 😬
It's only _slightly_ disconcerting to find after an hour of listening that it's been spewing stack smashing errors 😬
June 12, 2025 at 5:13 PM
Today I thought I would try the Spotify Linux desktop client instead of the web UI.
It's only _slightly_ disconcerting to find after an hour of listening that it's been spewing stack smashing errors 😬
It's only _slightly_ disconcerting to find after an hour of listening that it's been spewing stack smashing errors 😬
Reposted by cpu
🎉 Go 1.25 Release Candidate 1 is released!
🏃♀️ Run it in dev! Run it in prod! File bugs! go.dev/issue/new
📢 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.25rc1
🏃♀️ Run it in dev! Run it in prod! File bugs! go.dev/issue/new
📢 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.25rc1
June 11, 2025 at 7:13 PM
🎉 Go 1.25 Release Candidate 1 is released!
🏃♀️ Run it in dev! Run it in prod! File bugs! go.dev/issue/new
📢 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.25rc1
🏃♀️ Run it in dev! Run it in prod! File bugs! go.dev/issue/new
📢 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.25rc1
Reposted by cpu
Here's my talk on Graviola -- youtu.be/n6gA93iSj68
June 10, 2025 at 2:20 PM
Here's my talk on Graviola -- youtu.be/n6gA93iSj68
Reposted by cpu
In case you missed it, here’s the second in-depth interview with open source maintainer Stefan Eissing @icing.bsky.social from the first cohort of the Sovereign Tech Fellowship. Stefan has been building connections since the days of dial-up modems. (1/2)
June 4, 2025 at 11:40 AM
In case you missed it, here’s the second in-depth interview with open source maintainer Stefan Eissing @icing.bsky.social from the first cohort of the Sovereign Tech Fellowship. Stefan has been building connections since the days of dial-up modems. (1/2)
Reposted by cpu
Whenever I get self conscious about naming libraries silly things, I remind myself that Arm (the acorn risc machine) released the ARM (architecture reference manual) for their A/R/M (application/realtime/microcontroller) processors, making the document the Arm A/R/M ARM.
June 1, 2025 at 7:42 AM
Whenever I get self conscious about naming libraries silly things, I remind myself that Arm (the acorn risc machine) released the ARM (architecture reference manual) for their A/R/M (application/realtime/microcontroller) processors, making the document the Arm A/R/M ARM.
Woodfrogs are great.
i) they can survive -6°C temps and having 60% of the water in their bodies freeze
ii) they have kvlt face paint
I rest my case
i) they can survive -6°C temps and having 60% of the water in their bodies freeze
ii) they have kvlt face paint
I rest my case
May 30, 2025 at 9:01 PM
Woodfrogs are great.
i) they can survive -6°C temps and having 60% of the water in their bodies freeze
ii) they have kvlt face paint
I rest my case
i) they can survive -6°C temps and having 60% of the water in their bodies freeze
ii) they have kvlt face paint
I rest my case