Max Hils
@hi.ls
mitmproxy developer, making cloud more secure at Google. TLS, web, networks, and open source.
Mostly active on http://fedi.hi.ls these days, mirroring announcements here.
Mostly active on http://fedi.hi.ls these days, mirroring announcements here.
Thanks for the heads-up! Things should be fixed since yesterday, my registrar screwed up apparently. 🙈 (Details: github.com/autofix-ci/a...)
autofix.ci is down · Issue #32 · autofix-ci/action
we're getting Error: getaddrinfo ENOTFOUND api.autofix.ci in the github action and http://autofix.ci also seems down
github.com
October 2, 2025 at 3:50 PM
Thanks for the heads-up! Things should be fixed since yesterday, my registrar screwed up apparently. 🙈 (Details: github.com/autofix-ci/a...)
You can also put stuff onto the tracks to cause any train to do an emergency break. Granted, attack complexity and stealthiness may be a bit better here, but I can see how they are a bit scared of "we crashed into another train because their stop signal wasn't properly signed" scenarios. :)
August 14, 2025 at 11:22 AM
You can also put stuff onto the tracks to cause any train to do an emergency break. Granted, attack complexity and stealthiness may be a bit better here, but I can see how they are a bit scared of "we crashed into another train because their stop signal wasn't properly signed" scenarios. :)
Reposted by Max Hils
At the beginning of the study, developers forecasted that they would get sped up by 24%. After actually doing the work, they estimated that they had been sped up by 20%. But it turned out that they were actually slowed down by 19%.
July 10, 2025 at 7:47 PM
At the beginning of the study, developers forecasted that they would get sped up by 24%. After actually doing the work, they estimated that they had been sped up by 20%. But it turned out that they were actually slowed down by 19%.
I really like doc.rust-lang.org/beta/std/syn... for this use case. Derefs to the inner value, so no calling necessary. :)
LazyLock in std::sync - Rust
A value which is initialized on the first access.
doc.rust-lang.org
July 10, 2025 at 2:02 AM
I really like doc.rust-lang.org/beta/std/syn... for this use case. Derefs to the inner value, so no calling necessary. :)
Great topic, your "luxury of being able to turn them down" framing is really nice.
I personally find bulma.io to be an interesting example. With 40 sponsors at $100/month it's getting non-negligible. Great for project sustainability, who am I to judge?
I personally find bulma.io to be an interesting example. With 40 sponsors at $100/month it's getting non-negligible. Great for project sustainability, who am I to judge?
June 5, 2025 at 6:40 PM
Great topic, your "luxury of being able to turn them down" framing is really nice.
I personally find bulma.io to be an interesting example. With 40 sponsors at $100/month it's getting non-negligible. Great for project sustainability, who am I to judge?
I personally find bulma.io to be an interesting example. With 40 sponsors at $100/month it's getting non-negligible. Great for project sustainability, who am I to judge?
Reposted by Max Hils
Check out pyo3 if you haven't, it's rad
May 13, 2025 at 9:33 PM
Check out pyo3 if you haven't, it's rad
Reposted by Max Hils
Also, this seems like a small feature but much appreciated:
April 30, 2025 at 4:24 AM
Also, this seems like a small feature but much appreciated:
Reposted by Max Hils
Here are the project ideas and info for Chromium:
Chromium GSoC 2025 Project Ideas and Info
Chromium GSoC 2025 Project Ideas and Info
docs.google.com
March 6, 2025 at 5:33 PM
Here are the project ideas and info for Chromium:
🎉🎉🎉
Really cool effort. I didn't mind TLS fingerprinting back when it was it was used sparingly and carefully to fight actual abuse, but with everyone and their CDN now randomly blocking clients it just needs to die.
Really cool effort. I didn't mind TLS fingerprinting back when it was it was used sparingly and carefully to fight actual abuse, but with everyone and their CDN now randomly blocking clients it just needs to die.
March 6, 2025 at 4:30 PM
🎉🎉🎉
Really cool effort. I didn't mind TLS fingerprinting back when it was it was used sparingly and carefully to fight actual abuse, but with everyone and their CDN now randomly blocking clients it just needs to die.
Really cool effort. I didn't mind TLS fingerprinting back when it was it was used sparingly and carefully to fight actual abuse, but with everyone and their CDN now randomly blocking clients it just needs to die.
Reposted by Max Hils
This is part of an ongoing personal campaign to kill TLS fingerprinting.
With this change + github.com/openssl/open..., OpenSSL TLS traffic won't have any non-configurable distinguishing features, and so I _think_ it should be possible to configure it to exactly match modern browser traffic.
With this change + github.com/openssl/open..., OpenSSL TLS traffic won't have any non-configurable distinguishing features, and so I _think_ it should be possible to configure it to exactly match modern browser traffic.
Use empty renegotiate extension instead of SCSV for TLS > 1.0 by pimterry · Pull Request #24161 · openssl/openssl
This PR fixes #18790.
This is my very first OpenSSL PR, and day to day I don't write much C (and zero Perl) so I'd appreciate some careful review!
I've just emailed a signed CLA to the ...
github.com
March 6, 2025 at 3:32 PM
This is part of an ongoing personal campaign to kill TLS fingerprinting.
With this change + github.com/openssl/open..., OpenSSL TLS traffic won't have any non-configurable distinguishing features, and so I _think_ it should be possible to configure it to exactly match modern browser traffic.
With this change + github.com/openssl/open..., OpenSSL TLS traffic won't have any non-configurable distinguishing features, and so I _think_ it should be possible to configure it to exactly match modern browser traffic.