Max Hils
LightNews LightNews
hi.ls
Max Hils
@hi.ls
130 followers 160 following 12 posts
mitmproxy developer, making cloud more secure at Google. TLS, web, networks, and open source.

Mostly active on http://fedi.hi.ls these days, mirroring announcements here.
Posts Replies Media Videos
hi.ls
One of my favorite games just got a free content update ten years after initial release. @metanetsoftware.com is just crazy cool. 😍
October 18, 2025 at 10:51 PM
Reposted by Max Hils
jcoglan.com
rust is a language in which you can borrow a cow
August 24, 2025 at 11:05 PM
Reposted by Max Hils
mnot.net
If you work on HTTP implementations, deploy it at scale, or have a unique perspective or interest in the protocol, you might find other people to talk to at the 2026 HTTP Workshop: https://github.com/HTTPWorkshop/workshop2026?tab=readme-ov-file#2026-http-workshop
August 20, 2025 at 12:55 AM
Reposted by Max Hils
metr.org
At the beginning of the study, developers forecasted that they would get sped up by 24%. After actually doing the work, they estimated that they had been sped up by 20%. But it turned out that they were actually slowed down by 19%.
July 10, 2025 at 7:47 PM
Reposted by Max Hils
handle.invalid
I post on "The ethics of README ads"

willmcgugan.github.io/the-ethics-o...
The ethics of README ads
I’ve been considering accepting sponsorship again for my projects.
willmcgugan.github.io
June 5, 2025 at 9:11 AM
Reposted by Max Hils
dylanstorey.com
Check out pyo3 if you haven't, it's rad
May 13, 2025 at 9:33 PM
Reposted by Max Hils
dmnk.bsky.social
You don't have to write software in c++
copaceticbunsz.com Maybe: Bunny Bunsz 🤭 @copaceticbunsz.com · Feb 2
If you’re over 30, quote this with some life advice 🤌🏼
May 10, 2025 at 2:34 PM
Reposted by Max Hils
hi.ls
mitmproxy 12 is out! 🚀 It’s now possible to modify the prettified representation of binary protocols. Editing Protobufs is now as easy as editing YAML, no .proto schema needed. 🙌

mitmproxy.org/posts/releas...
Mitmproxy 12: Interactive Contentviews
mitmproxy.org
April 29, 2025 at 9:23 PM
Reposted by Max Hils
Also, this seems like a small feature but much appreciated:
April 30, 2025 at 4:24 AM
hi.ls
mitmproxy 12 is out! 🚀 It’s now possible to modify the prettified representation of binary protocols. Editing Protobufs is now as easy as editing YAML, no .proto schema needed. 🙌

mitmproxy.org/posts/releas...
Mitmproxy 12: Interactive Contentviews
mitmproxy.org
April 29, 2025 at 9:23 PM
Reposted by Max Hils
mitsuhiko.at
The next version of Rust might be one of the most transformative to the Rust ecosystem due to support for up-casting of trait objects. This makes `Any` significantly more powerful and potent!
March 27, 2025 at 10:37 AM
Reposted by Max Hils
halfpixel.bsky.social
0.1 + 0.2 == 0.3
dryad.technology mcc @dryad.technology · Mar 19
Quote this post with a fact from your field which is a complete total lie, but which people outside your field would completely believe if you posted it confidently on social media
March 20, 2025 at 2:33 PM
hi.ls
Not sure how I should feel about our new ice cream scoop containing AI. 🤔
March 7, 2025 at 7:39 PM
Reposted by Max Hils
anniesullie.com
Here are the project ideas and info for Chromium:
Chromium GSoC 2025 Project Ideas and Info
Chromium GSoC 2025 Project Ideas and Info
docs.google.com
March 6, 2025 at 5:33 PM
Reposted by Max Hils
pimterry.fyi
This is part of an ongoing personal campaign to kill TLS fingerprinting.

With this change + github.com/openssl/open..., OpenSSL TLS traffic won't have any non-configurable distinguishing features, and so I _think_ it should be possible to configure it to exactly match modern browser traffic.
Use empty renegotiate extension instead of SCSV for TLS > 1.0 by pimterry · Pull Request #24161 · openssl/openssl
This PR fixes #18790. This is my very first OpenSSL PR, and day to day I don't write much C (and zero Perl) so I'd appreciate some careful review! I've just emailed a signed CLA to the ...
github.com
March 6, 2025 at 3:32 PM
Reposted by Max Hils
sdullien.bsky.social
Neu: Unsere @imkinstitut.bsky.social Simulation, was mit Wirtschaftswachstum und Schulden in Deutschland passieren würde, wenn man über die kommenden 10 Jahre 600 Mrd. € zusätzlich in die öffentliche Infrastruktur investieren würde. (1/)

www.imk-boeckler.de/de/faust-de...
Wachstumseffekte eines kreditfinanzierten Investitionsprogramms
Es wird ein kreditfinanziertes öffentliches Investitionsprogramm für die deutsche Wirtschaft von 600 Milliarden Euro in den nächsten 10 Jahren mit dem NiGEM-Modell simuliert. Die Ergebnisse zeigen erhebliche Wachstumseffekte, besonders längerfristig aufgrund der positiven Auswirkungen des höheren öffentlichen Kapitalstocks auf private Investitionsentscheidungen. <BR>Das BIP könnte längerfristig zeitweise um rund 6 % über seinem Niveau ohne Investitionsoffensive liegen. Außerdem regt das Programm die private Investitionstätigkeit deutlich an, sodass die Unternehmensinvestitionen bis zu 10 % über ihr Niveau ohne Programm steigen. Konkret bedeutet das, dass die aufsummierte Wirtschaftsleistung Deutschlands von 2025 bis 2050 um bis zu 4800 Mrd. Euro höher ausfallen würde. 2045 läge das jährliche Pro-Kopf-BIP um 3600 Euro höher, als es ohne das Programm der Fall wäre. <BR>Zwar erhöht sich das staatliche Budgetdefizit während der zehnjährigen Laufzeit des Programms um etwa 1 % des BIP. Alle
www.imk-boeckler.de
February 6, 2025 at 11:42 AM
hi.ls
mitmproxy 11.1.2 is out, everyone should upgrade! We fixed a rather nasty SSRF-style vulnerability affecting mitmweb (CVE-2025-23217). mitmproxy and mitmdump users are unaffected.

github.com/mitmproxy/mi...
Mitmweb API Authentication Bypass Using Proxy Server
### Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In...
github.com
February 6, 2025 at 1:34 AM
Reposted by Max Hils
hynek.me
now that this is (hopefully) over, I'd like to state the obvious that pestering FOSS maintainers with your misguided compliance issues – in the holiday season no less – is not something that gets you on Santa's good list
webknjaz.me 🟡🐍Sviatoslove.pie♥🇺🇦#StandWithUkraine🙏 | українець на чужині @webknjaz.me · Jan 24
Seeing how people are pressuring attrs with the license now showing up where they like, I'm releasing a new version of `pypi-publish` v1.12.4.

github.com/pypa/gh-acti... / github.com/pypa/gh-acti...

#python #Packaging
January 24, 2025 at 8:58 AM
Reposted by Max Hils
shadowserver.bsky.social
Sharing rsync instances vulnerable to CVE-2024-12084 RCE (version check only) in our updated daily Accessible Rsync report: shadowserver.org/what-we-do/n...

17,475 instances found vulnerable (out of 146,844) on 2025-01-16. Top affected: US (5K)

dashboard.shadowserver.org/statistics/c...
January 17, 2025 at 10:03 AM
hi.ls
mitmproxy 11.1 is out! 🥳

We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.

More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
Intercepting Linux Applications
mitmproxy.org
January 12, 2025 at 1:59 PM