Matt M
@mattm.bsky.social
Reposted by Matt M
people are always talking about a hypothetical technologically advanced alien race ... but I always wonder, if they exist, do they also have to deal with PKI?
February 1, 2024 at 1:40 AM
people are always talking about a hypothetical technologically advanced alien race ... but I always wonder, if they exist, do they also have to deal with PKI?
The disagreement is just whether “memory safety” is a programming language theory definition or a security one. I think you are wrong to say it’s “embarrassing” for people to choose the other definition, and reasonable people can be on both sides of this fence.
December 26, 2025 at 7:34 PM
The disagreement is just whether “memory safety” is a programming language theory definition or a security one. I think you are wrong to say it’s “embarrassing” for people to choose the other definition, and reasonable people can be on both sides of this fence.
Reposted by Matt M
Earlier this year, LWN.net featured an excellent article named "Linux's missing CRL infrastructure", and today
Canonical announced it will be working with me and @jbp.io over the coming weeks to start bridging the PKI infrastructure gap.
discourse.ubuntu.com/t/addressing...
Canonical announced it will be working with me and @jbp.io over the coming weeks to start bridging the PKI infrastructure gap.
discourse.ubuntu.com/t/addressing...
Addressing Linux's Missing PKI Infrastructure
Earlier this year, LWN featured an excellent article titled “Linux’s missing CRL infrastructure”. The article highlighted a number of key issues surrounding traditional Public Key Infrastructure (PKI)...
discourse.ubuntu.com
December 8, 2025 at 5:08 PM
Earlier this year, LWN.net featured an excellent article named "Linux's missing CRL infrastructure", and today
Canonical announced it will be working with me and @jbp.io over the coming weeks to start bridging the PKI infrastructure gap.
discourse.ubuntu.com/t/addressing...
Canonical announced it will be working with me and @jbp.io over the coming weeks to start bridging the PKI infrastructure gap.
discourse.ubuntu.com/t/addressing...
Reposted by Matt M
anyone need their horse rotated?
September 10, 2025 at 7:03 PM
anyone need their horse rotated?
I spent a bit of time poking around the Firefox codebase and filed a bug with the findings: bugzilla.mozilla.org/show_bug.cgi...
Those entries are a combination of both Kamu SM as well as roots which have been locally added to Firefox's trust store
Those entries are a combination of both Kamu SM as well as roots which have been locally added to Firefox's trust store
1972339 - cert.validation_success_by_ca bin collision between CAs and unknown entries in RootCertificateTelemetryUtils.h
NEW (nobody) in Core - Security: PSM. Last updated 2025-06-16.
bugzilla.mozilla.org
June 16, 2025 at 3:01 PM
I spent a bit of time poking around the Firefox codebase and filed a bug with the findings: bugzilla.mozilla.org/show_bug.cgi...
Those entries are a combination of both Kamu SM as well as roots which have been locally added to Firefox's trust store
Those entries are a combination of both Kamu SM as well as roots which have been locally added to Firefox's trust store
I think it’s a data error, possibly on Mozilla’s part - I found a comment suggesting bins 0 and 1 are reserved, but recently they put Kamu SM into bin 1. Maybe I’ll just exclude those suspicious bins.
June 14, 2025 at 7:19 PM
I think it’s a data error, possibly on Mozilla’s part - I found a comment suggesting bins 0 and 1 are reserved, but recently they put Kamu SM into bin 1. Maybe I’ll just exclude those suspicious bins.
Firefox's telemetry has data on how many times a CA is used to successfully validate certificates. This is a pretty good measure for how "big" a CA is. The data is hard to view in Mozilla's site, so I've made a script to combine a few data sources and graph it! github.com/mcpherrinm/c...
June 14, 2025 at 5:47 PM
Firefox's telemetry has data on how many times a CA is used to successfully validate certificates. This is a pretty good measure for how "big" a CA is. The data is hard to view in Mozilla's site, so I've made a script to combine a few data sources and graph it! github.com/mcpherrinm/c...
Reposted by Matt M
Customers: We want a faster horse
Henry Ford: Ah. In fact—
Kubernetes: Let me stop you right there. What you really need is 1000 horses that die randomly
Henry Ford: Ah. In fact—
Kubernetes: Let me stop you right there. What you really need is 1000 horses that die randomly
June 12, 2025 at 2:04 AM
Customers: We want a faster horse
Henry Ford: Ah. In fact—
Kubernetes: Let me stop you right there. What you really need is 1000 horses that die randomly
Henry Ford: Ah. In fact—
Kubernetes: Let me stop you right there. What you really need is 1000 horses that die randomly
Inspired by the classic xeyes program, I made a thing:
ssh teyes.fly.dev
Or go install github.com/mcpherrinm/teyes@latest && teyes
Give your mouse a wiggle over the terminal!
ssh teyes.fly.dev
Or go install github.com/mcpherrinm/teyes@latest && teyes
Give your mouse a wiggle over the terminal!
June 10, 2025 at 2:44 AM
Inspired by the classic xeyes program, I made a thing:
ssh teyes.fly.dev
Or go install github.com/mcpherrinm/teyes@latest && teyes
Give your mouse a wiggle over the terminal!
ssh teyes.fly.dev
Or go install github.com/mcpherrinm/teyes@latest && teyes
Give your mouse a wiggle over the terminal!
I'll be speaking at the Ontario #Cryptography Day!
ontario-crypto-day.github.io
Where: University of Waterloo Davis Centre (DC) 1301 and 1302
When: Friday, June 6, 2025, from 10am to approx. 4:30pm
I hope anyone in the area interested in cryptography is able to attend!
ontario-crypto-day.github.io
Where: University of Waterloo Davis Centre (DC) 1301 and 1302
When: Friday, June 6, 2025, from 10am to approx. 4:30pm
I hope anyone in the area interested in cryptography is able to attend!
Ontario Cryptography Day
June 6, 2025 • University of Waterloo
ontario-crypto-day.github.io
May 14, 2025 at 9:27 PM
I'll be speaking at the Ontario #Cryptography Day!
ontario-crypto-day.github.io
Where: University of Waterloo Davis Centre (DC) 1301 and 1302
When: Friday, June 6, 2025, from 10am to approx. 4:30pm
I hope anyone in the area interested in cryptography is able to attend!
ontario-crypto-day.github.io
Where: University of Waterloo Davis Centre (DC) 1301 and 1302
When: Friday, June 6, 2025, from 10am to approx. 4:30pm
I hope anyone in the area interested in cryptography is able to attend!
Reposted by Matt M
OK, this is wild.
In September 2023, geophysicists across the world started monitoring a very odd signal coming from the ground under them.
It was picked up in the Arctic. And Antarctica. It was detected everywhere, every 90 seconds, as regular as a metronome, for *nine days*.
What the HELL?
1/
In September 2023, geophysicists across the world started monitoring a very odd signal coming from the ground under them.
It was picked up in the Arctic. And Antarctica. It was detected everywhere, every 90 seconds, as regular as a metronome, for *nine days*.
What the HELL?
1/
May 12, 2025 at 3:20 PM
OK, this is wild.
In September 2023, geophysicists across the world started monitoring a very odd signal coming from the ground under them.
It was picked up in the Arctic. And Antarctica. It was detected everywhere, every 90 seconds, as regular as a metronome, for *nine days*.
What the HELL?
1/
In September 2023, geophysicists across the world started monitoring a very odd signal coming from the ground under them.
It was picked up in the Arctic. And Antarctica. It was detected everywhere, every 90 seconds, as regular as a metronome, for *nine days*.
What the HELL?
1/
Reposted by Matt M
A lot of Americans don't know this, but the winner of the Canadian election will be required live in a small cottage located in the backyard of the palace where the viceroy to the King of England lives.
The cottage just recently got a new wifi router, which was very exciting for all Canadians.
The cottage just recently got a new wifi router, which was very exciting for all Canadians.
April 28, 2025 at 12:24 PM
A lot of Americans don't know this, but the winner of the Canadian election will be required live in a small cottage located in the backyard of the palace where the viceroy to the King of England lives.
The cottage just recently got a new wifi router, which was very exciting for all Canadians.
The cottage just recently got a new wifi router, which was very exciting for all Canadians.
Reposted by Matt M
Array indices start at 0 in C, but start at 32 in F.
April 18, 2025 at 6:32 AM
Array indices start at 0 in C, but start at 32 in F.
Of all the things I didn’t expect to ever happen, iOS Safari actually got a certificate viewer in 18.4! webkit.org/blog/16574/w...
April 1, 2025 at 5:31 AM
Of all the things I didn’t expect to ever happen, iOS Safari actually got a certificate viewer in 18.4! webkit.org/blog/16574/w...
We've issued our first short-lived (6 day) certificate! letsencrypt.org/2025/02/20/f...
We Issued Our First Six Day Cert
Earlier this year we announced our intention to introduce short-lived certificates with lifetimes of six days as an option for our subscribers. Yesterday we issued our first short-lived certificate. Y...
letsencrypt.org
February 20, 2025 at 3:56 PM
We've issued our first short-lived (6 day) certificate! letsencrypt.org/2025/02/20/f...
The key line here is:
> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
February 14, 2025 at 10:12 PM
The key line here is:
> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
> ... certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
Chrome has published version 1.6 of their root store policy.
Notably, this includes a deadline of June 15, 2026 to get TLS Client Auth out from any intermediates under roots in Chrome's program.
TLS client cert users from public CAs may need to make changes.
www.chromium.org/Home/chromiu...
Notably, this includes a deadline of June 15, 2026 to get TLS Client Auth out from any intermediates under roots in Chrome's program.
TLS client cert users from public CAs may need to make changes.
www.chromium.org/Home/chromiu...
Chrome Root Program Policy, Version 1.6
www.chromium.org
February 14, 2025 at 10:02 PM
Chrome has published version 1.6 of their root store policy.
Notably, this includes a deadline of June 15, 2026 to get TLS Client Auth out from any intermediates under roots in Chrome's program.
TLS client cert users from public CAs may need to make changes.
www.chromium.org/Home/chromiu...
Notably, this includes a deadline of June 15, 2026 to get TLS Client Auth out from any intermediates under roots in Chrome's program.
TLS client cert users from public CAs may need to make changes.
www.chromium.org/Home/chromiu...
Congratulations to the Firefox team for shipping CT enforcement!
> Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms.
groups.google.com/a/mozilla.or...
> Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms.
groups.google.com/a/mozilla.or...
Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135
groups.google.com
February 4, 2025 at 9:02 PM
Congratulations to the Firefox team for shipping CT enforcement!
> Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms.
groups.google.com/a/mozilla.or...
> Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms.
groups.google.com/a/mozilla.or...
Reposted by Matt M
Canadian MP Charlie Angus: Our beloved Canada is under threat.
The threat comes from the president of the US—a convicted felon and known predator. But the threat is also being driven by the hate algorithms of oligarchs like Elon Musk….
The threat comes from the president of the US—a convicted felon and known predator. But the threat is also being driven by the hate algorithms of oligarchs like Elon Musk….
January 31, 2025 at 7:35 PM
Canadian MP Charlie Angus: Our beloved Canada is under threat.
The threat comes from the president of the US—a convicted felon and known predator. But the threat is also being driven by the hate algorithms of oligarchs like Elon Musk….
The threat comes from the president of the US—a convicted felon and known predator. But the threat is also being driven by the hate algorithms of oligarchs like Elon Musk….
Reposted by Matt M
heads up for fans of the "ship is stuck" genre, the Manitoulin is currently stuck in icy Lake Erie just outside Buffalo
www.reddit.com/r/GreatLakes...
www.reddit.com/r/GreatLakes...
Manitoulin Stuck in Ice Offshore in Buffalo, NY.
www.reddit.com
January 25, 2025 at 2:45 AM
heads up for fans of the "ship is stuck" genre, the Manitoulin is currently stuck in icy Lake Erie just outside Buffalo
www.reddit.com/r/GreatLakes...
www.reddit.com/r/GreatLakes...
Reposted by Matt M
Boatify wrapped 2024! Stats, maps, timelapses and silly stuff from my AIS receiver and webcam overlooking the Firth of Forth. (recommend viewing on a grown up computer, works on phones but not optimised for them) vessels.marinesightings.com/review/2024/
AIS year in review 2024
Stats and interesting ships I saw come sailing in
vessels.marinesightings.com
January 24, 2025 at 4:53 PM
Boatify wrapped 2024! Stats, maps, timelapses and silly stuff from my AIS receiver and webcam overlooking the Firth of Forth. (recommend viewing on a grown up computer, works on phones but not optimised for them) vessels.marinesightings.com/review/2024/
I'm speaking at #SREcon in Santa Clara this March! Come learn how Let's Encrypt issues millions of certificates with just a handful of staff and servers! www.usenix.org/conference/s...
Improving the SRE Experience for 10 Years as a Free, Open, and Automated Certificate Authority | USENIXusenix_logo_notag_white
www.usenix.org
January 22, 2025 at 6:12 PM
I'm speaking at #SREcon in Santa Clara this March! Come learn how Let's Encrypt issues millions of certificates with just a handful of staff and servers! www.usenix.org/conference/s...
Reposted by Matt M
I hear that the Ontario Government is directing Metrolinx to start investigating 'the massing link' and if it actually amounts to anything is quite impactful project for Toronto region passenger and freight
January 10, 2025 at 4:16 AM
I hear that the Ontario Government is directing Metrolinx to start investigating 'the massing link' and if it actually amounts to anything is quite impactful project for Toronto region passenger and freight
If you have access to a 3d printer, thangs.com/designer/Hac...
XShot Dart Chain Expansion - 3D model by Hacksmith on Thangs
This 3d printable model lets you expand the length and capacity of your XShot Nerf dart chain giving you the ability to load in as many darts as you want. - 3D
thangs.com
December 25, 2024 at 6:04 PM
If you have access to a 3d printer, thangs.com/designer/Hac...