-
moparisthebest
If you've "upgraded" to openssl 3 and now your server is orders of magnitude slower, that's why https://news.ycombinator.com/item?id=33831967
-
mjk
spin-locks? isn't that a kind of snake oil?✎ -
mjk
spin-locks? isn't that a kind of performance snake oil? ✏
-
Ellenor Bjornsd.
pes
-
moparisthebest
mjk, apparently yes :P
-
nuegia.net
Why did the openssl team make so many parts of it dynamic in the first place?
-
nuegia.net
constants are now functions... for a good reason? Hopefully
-
moparisthebest
tl;dr abandon openssl for rustls
-
nuegia.net
it seems like there's this constant push in open source projects to abandon everything and rewrite it all from scratch every few years
-
nuegia.net
like, how many times has KDE rewritten itself from scratch now?
-
nuegia.net
get ready for a whole bunch of new never before seen security bugs in your re-written ssl library
-
mjk
> it seems like there's this constant push in ~open source~ software projects to abandon everything and rewrite it all from scratch every few years fixed! it's human nature, methinks, to redo from the ground up the things one doe not want to understand
-
mjk
actually, scratch 'software' there too
-
mjk
or things one has written long ago as a different person
-
bkil
https://en.wikipedia.org/wiki/Not_invented_here
-
bkil
But do consider that in some of the cases, someone else rewriting a given component from scratch made by others can be really worthwhile due to difference in competence or team structure. For example, I could implement sha-1 and blake2b in a fraction of code for my toy project for scratch compared to what's available and my work in progress social networking service is < 10kB. Would probably grow up to 20kB by the time I release v1.0, though.
-
bkil
It annoys me a lot that opening the Slack webapp transfers _hundreds_ of megabytes of data just to get to your first channel.
-
nuegia.net
one thing that I'd like more people to consider is switching to a different tls library. At the time one of the strongest arguments against LibreSSL was it's slight API divergence against OpenSSL. Now, with OpenSSL doing this major version changes, whole they are still ironing out bugs in 3.x.x they are working on a 4.x.x release I can see in the tickets. If The API is going to change either way now, some porting is to be needed no matter what.
-
nuegia.net
:%s!whole!while!g :%s!this!these!g
-
bkil
Definitely.
-
bkil
Doesn't message correction work for you nuegia.net ?✎ -
bkil
Doesn't message correction work for you, nuegia.net ? ✏
-
nuegia.net
no
-
nuegia.net
I don't believe so, it just shows two lines of text when somebody does correct, which replicates IRC behavior so it's not too jarring for me.
-
nuegia.net
wow, just found this https://www.researchgate.net/publication/353210621/figure/fig2/AS:1044983419252737@1626154870490/Relative-sizes-of-OpenSSL-LibreSSL-and-BoringSSL-over-seven-years-from-July-2014.png
-
nuegia.net
That's a huge amount of code to maintain
-
nuegia.net
https://www.researchgate.net/publication/353210621/figure/tbl1/AS:1044983419256832@1626154870529/Percentage-breakdown-of-cryptographic-versus-non-cryptographic-CVEs-in-cryptographic.png
-
nuegia.net
It's interesting the GnuTLS has the lowest average vuln lifetime, while at the same time having the lowest std deviation of vuln lifetimes
-
nuegia.net
Also regarding my own testing of using HardenedMalloc with Prosody, I did notice resident memory usage sometimes but rarely (happened ounce) spiked above 2GB and caused problems
-
nuegia.net
Since Lua provides it's own garbage collection I don't think there's as much benefit to be gained for replacing Malloc, but on the more native server componets sure.
-
mjk
I like how that graph's zero is at ~90000
-
mjk
(and wonder what that blip in 2018 was, lol)