Share this page!

Zed A. Shaw, Writer Profile picture
Twitter logo
11 Feb, 6 tweets, 2 min read
Every time I read something by a cryptographer claiming to know when people are qualified to attempt cryptography software I go and see if they said *anything* about OpenSSL during the 20+ years it was obviously flawed:

soatok.blog/2021/02/09/cra…

Nope. Not a word.
In general nearly everyone who is currently working in cryptography accepted OpenSSL as correctly implemented for decades even though a basic analysis of the C code showed obvious flaws. They not only accepted OpenSSL but repeatedly yelled at people who didn't use it.
If you wanted to study crypto and implemented existing proven algorithms out came the Cryptography Experts yelling at you to "just use OpenSSL". It was *the* only implementation allowed. Then this happened:

heartbleed.com

Whoops! I guess everyone was wrong!
Not only did the cryptography experts suddenly become very quiet about how they were seemingly unqualified to evaluate the most basic flaws in C code, they *continued* to claim heartbleed was the *only* flaw. Nope:

openbsd.org/papers/bsdcan1…
To this day you'll have supposedly qualified cryptographers who still won't admit that OpenSSL was flawed, and everyone pushed it on the planet unjustifiably.

Then that same expert will yell like a rabid dog at anyone "rolling their own crypto" claiming they're saving the world.
So I'm adopting a new rule. Any cryptographer who either yells at someone for writing crypto code or rubber stamps their buddy's crypto code has to post a full blog post explaining why they missed the obvious flaws in OpenSSL and sign it with a formal apology.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Zed A. Shaw, Writer

Zed A. Shaw, Writer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lzsthw

Zed A. Shaw, Writer Profile picture
9 Jan
I've got an alternative history of Amazon's switch to Linux and creation of AWS that I heard from an open source project they coopted and practically destroyed. Keep in mind this story is 2nd hand and the open source developers were BITTER, but Amazon is famous for this:
I joined this other project that was started by a guy who sold cluster servers to big secret government agencies, and he was working with an open source team that had a project similar to Beowulf en.wikipedia.org/wiki/Beowulf_c… but would be closer to Chef or Puppet.
This project was small, maybe 4 developers, and what they wrote did very nice automated provisioning of machines, which you could then use in a cluster. When I started working with them though they were JEEERRRRKS. Wow, they were absolute turds.
Read 11 tweets
Zed A. Shaw, Writer Profile picture
24 Dec 20
Another element of my "why browsers must die" linked list is how some parts of it assume everything is a flexible rectangular viewport with fixed dimensions, and other parts assume it's an infinite plane with no fixed dimensions.

For example, scroll into view:
If a browser is an infinite plane that you view through a viewport (like a video game), then there *must* be a way to cause interactions when some element of the infinite plane comes into view. Yet, finding an event for this very necessary thing is impossible.
Here's a hilarious stackoverflow:

stackoverflow.com/questions/4870…

It was asked *11 years ago*, but was active *11 days ago*. It's been viewed 727k times, and has as many possible answers as there are people posting over various years.
Read 11 tweets
Zed A. Shaw, Writer Profile picture
22 Dec 20
Played a little more Subsistence this morning and I'm convinced it's actually a sci-fi game. You wake up in an enclosed part of Alaska, fenced off, and build a base with an electronic unit attached to a wall that generates power and fabricates items from loot you get in bags.
I could see a back story to the game that's similar to The Prisoner, where you have no idea why you're stuck here, but it's some kind of punishment/experiment, and the bags of loot are dropped to see what you'd do. This would also explain to impossible things:
1. That shooting an animal from about 1 mile away lets the animal instantly know where you are and run that 1 mile in 2 seconds to kill you. They *have* to be genetically engineered super wolves and bears, so sci-fi.
Read 8 tweets
Zed A. Shaw, Writer Profile picture
20 Dec 20
I'm on a killing spree of BS technology giant companies force on us. For weeks I've been "cleaning up CSS" by simply using flexbox and CSS grids for layout. Today, I want to rant about DMARC, DKIM, and BIMI as my next BS standards topic:
I recently had Sendgrid shutdown my email for a week without telling me because one single "malicious email" apparently went through their servers, even though they couldn't prove it or provide any logs. I then tried SocketLabs, and they went down for a whole day for no reason.
That means I'm going to now try to do my own email hosting and comply with all the following standards as best I can:

1. SPF
2. DMARC
3. DKIM
4. BIMI .... whatever that is.

I'm using the tool mxtoolbox.com to help me diagnose the configuration.
Read 25 tweets
Zed A. Shaw, Writer Profile picture
20 Dec 20
All day yesterday I played Subsistence:

store.steampowered.com/app/418030/Sub…

And "all day" means "12 hours non-stop". I'm just going to say all these OpenWorld Crafting Survival games are research. Uhhhh yeah, research 'cause I have no idea how they are so addicting. Some ideas:
So far I've played hundreds of hours in:

Subnautica (both versions)
The Forest
Windbound
Breathedge
No Man's Sky
Subsistence
Stranded Deep
Grounded

They all have particular elements that make them nearly impossible to stop playing which are very similar to gambling.
I'd say the three elements that make the games appealing--not necessarily addicting--are:

1. Open World allows for adventure and exploration plus an amount of fear.
2. Survival adds a game mechanic that doesn't require complex or many enemies.
3. Crafting gives leveling up.
Read 19 tweets
Zed A. Shaw, Writer Profile picture
18 Dec 20
Today I discovered VisBug:

github.com/GoogleChromeLa…

It's *almost* the CSS debugging tool I want, except for one glaringly obvious flaw.
First, here's a demo of me using it to analyze and mess with my Twitter page:
Now, I'm going to try to adjust the padding on some elements. Notice how it seems like I'm having trouble getting anything to move, and then the page reloads and goes somewhere weird? That's because it uses the keyboard for adjustment.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @lzsthw has new unrolls!

Check out other threads from @lzsthw!

Read all threads by @lzsthw