XMPP Service Operators - 2022-12-29


  1. moparisthebest

    If you've "upgraded" to openssl 3 and now your server is orders of magnitude slower, that's why https://news.ycombinator.com/item?id=33831967

  2. mjk

    spin-locks? isn't that a kind of snake oil?

  3. mjk

    spin-locks? isn't that a kind of performance snake oil?

  4. Ellenor Bjornsd.

    pes

  5. moparisthebest

    mjk, apparently yes :P

  6. nuegia.net

    Why did the openssl team make so many parts of it dynamic in the first place?

  7. nuegia.net

    constants are now functions... for a good reason? Hopefully

  8. moparisthebest

    tl;dr abandon openssl for rustls

  9. nuegia.net

    it seems like there's this constant push in open source projects to abandon everything and rewrite it all from scratch every few years

  10. nuegia.net

    like, how many times has KDE rewritten itself from scratch now?

  11. nuegia.net

    get ready for a whole bunch of new never before seen security bugs in your re-written ssl library

  12. mjk

    > it seems like there's this constant push in ~open source~ software projects to abandon everything and rewrite it all from scratch every few years fixed! it's human nature, methinks, to redo from the ground up the things one doe not want to understand

  13. mjk

    actually, scratch 'software' there too

  14. mjk

    or things one has written long ago as a different person

  15. bkil

    https://en.wikipedia.org/wiki/Not_invented_here

  16. bkil

    But do consider that in some of the cases, someone else rewriting a given component from scratch made by others can be really worthwhile due to difference in competence or team structure. For example, I could implement sha-1 and blake2b in a fraction of code for my toy project for scratch compared to what's available and my work in progress social networking service is < 10kB. Would probably grow up to 20kB by the time I release v1.0, though.

  17. bkil

    It annoys me a lot that opening the Slack webapp transfers _hundreds_ of megabytes of data just to get to your first channel.

  18. nuegia.net

    one thing that I'd like more people to consider is switching to a different tls library. At the time one of the strongest arguments against LibreSSL was it's slight API divergence against OpenSSL. Now, with OpenSSL doing this major version changes, whole they are still ironing out bugs in 3.x.x they are working on a 4.x.x release I can see in the tickets. If The API is going to change either way now, some porting is to be needed no matter what.

  19. nuegia.net

    :%s!whole!while!g :%s!this!these!g

  20. bkil

    Definitely.

  21. bkil

    Doesn't message correction work for you nuegia.net ?

  22. bkil

    Doesn't message correction work for you, nuegia.net ?

  23. nuegia.net

    no

  24. nuegia.net

    I don't believe so, it just shows two lines of text when somebody does correct, which replicates IRC behavior so it's not too jarring for me.

  25. nuegia.net

    wow, just found this https://www.researchgate.net/publication/353210621/figure/fig2/AS:1044983419252737@1626154870490/Relative-sizes-of-OpenSSL-LibreSSL-and-BoringSSL-over-seven-years-from-July-2014.png

  26. nuegia.net

    That's a huge amount of code to maintain

  27. nuegia.net

    https://www.researchgate.net/publication/353210621/figure/tbl1/AS:1044983419256832@1626154870529/Percentage-breakdown-of-cryptographic-versus-non-cryptographic-CVEs-in-cryptographic.png

  28. nuegia.net

    It's interesting the GnuTLS has the lowest average vuln lifetime, while at the same time having the lowest std deviation of vuln lifetimes

  29. nuegia.net

    Also regarding my own testing of using HardenedMalloc with Prosody, I did notice resident memory usage sometimes but rarely (happened ounce) spiked above 2GB and caused problems

  30. nuegia.net

    Since Lua provides it's own garbage collection I don't think there's as much benefit to be gained for replacing Malloc, but on the more native server componets sure.

  31. mjk

    I like how that graph's zero is at ~90000

  32. mjk

    (and wonder what that blip in 2018 was, lol)