XMPP Service Operators - 2022-12-29

If you've "upgraded" to openssl 3 and now your server is orders of magnitude slower, that's why https://news.ycombinator.com/item?id=33831967

spin-locks? isn't that a kind of performance snake oil? ✏

pes

mjk, apparently yes :P

Why did the openssl team make so many parts of it dynamic in the first place?

constants are now functions... for a good reason? Hopefully

tl;dr abandon openssl for rustls

it seems like there's this constant push in open source projects to abandon everything and rewrite it all from scratch every few years

like, how many times has KDE rewritten itself from scratch now?

get ready for a whole bunch of new never before seen security bugs in your re-written ssl library

> it seems like there's this constant push in ~open source~ software projects to abandon everything and rewrite it all from scratch every few years fixed! it's human nature, methinks, to redo from the ground up the things one doe not want to understand

actually, scratch 'software' there too

or things one has written long ago as a different person

https://en.wikipedia.org/wiki/Not_invented_here

But do consider that in some of the cases, someone else rewriting a given component from scratch made by others can be really worthwhile due to difference in competence or team structure. For example, I could implement sha-1 and blake2b in a fraction of code for my toy project for scratch compared to what's available and my work in progress social networking service is < 10kB. Would probably grow up to 20kB by the time I release v1.0, though.

It annoys me a lot that opening the Slack webapp transfers _hundreds_ of megabytes of data just to get to your first channel.

one thing that I'd like more people to consider is switching to a different tls library. At the time one of the strongest arguments against LibreSSL was it's slight API divergence against OpenSSL. Now, with OpenSSL doing this major version changes, whole they are still ironing out bugs in 3.x.x they are working on a 4.x.x release I can see in the tickets. If The API is going to change either way now, some porting is to be needed no matter what.

:%s!whole!while!g :%s!this!these!g

Definitely.

Doesn't message correction work for you, nuegia.net ? ✏

no

I don't believe so, it just shows two lines of text when somebody does correct, which replicates IRC behavior so it's not too jarring for me.

wow, just found this https://www.researchgate.net/publication/353210621/figure/fig2/AS:1044983419252737@1626154870490/Relative-sizes-of-OpenSSL-LibreSSL-and-BoringSSL-over-seven-years-from-July-2014.png

That's a huge amount of code to maintain

https://www.researchgate.net/publication/353210621/figure/tbl1/AS:1044983419256832@1626154870529/Percentage-breakdown-of-cryptographic-versus-non-cryptographic-CVEs-in-cryptographic.png

It's interesting the GnuTLS has the lowest average vuln lifetime, while at the same time having the lowest std deviation of vuln lifetimes

Also regarding my own testing of using HardenedMalloc with Prosody, I did notice resident memory usage sometimes but rarely (happened ounce) spiked above 2GB and caused problems

Since Lua provides it's own garbage collection I don't think there's as much benefit to be gained for replacing Malloc, but on the more native server componets sure.

I like how that graph's zero is at ~90000

(and wonder what that blip in 2018 was, lol)