Profile avatar
mattm.bsky.social
28 posts 266 followers 210 following
Prolific Poster
Conversation Starter
Posts 36 Comments 14

We've issued our first short-lived (6 day) certificate! letsencrypt.org/2025/02/20/f...

submitted 5 days ago • 0 comments

Chrome has published version 1.6 of their root store policy. Notably, this includes a deadline of June 15, 2026 to get TLS Client Auth out from any intermediates under roots in Chrome's program. TLS client cert users from public CAs may need to make changes. www.chromium.org/Home/chromiu...

submitted 10 days ago • 1 comment

Congratulations to the Firefox team for shipping CT enforcement! > Starting in Firefox 135, Certificate Transparency is now enforced on all desktop platforms. groups.google.com/a/mozilla.or...

submitted 21 days ago • 1 comment

Canadian MP Charlie Angus: Our beloved Canada is under threat. The threat comes from the president of the US—a convicted felon and known predator. But the threat is also being driven by the hate algorithms of oligarchs like Elon Musk….

submitted 25 days ago • 1009 comments

heads up for fans of the "ship is stuck" genre, the Manitoulin is currently stuck in icy Lake Erie just outside Buffalo www.reddit.com/r/GreatLakes...

submitted 31 days ago • 1 comment

Boatify wrapped 2024! Stats, maps, timelapses and silly stuff from my AIS receiver and webcam overlooking the Firth of Forth. (recommend viewing on a grown up computer, works on phones but not optimised for them) vessels.marinesightings.com/review/2024/

submitted 32 days ago • 2 comments

I'm speaking at #SREcon in Santa Clara this March! Come learn how Let's Encrypt issues millions of certificates with just a handful of staff and servers! www.usenix.org/conference/s...

submitted 34 days ago • 0 comments

I hear that the Ontario Government is directing Metrolinx to start investigating 'the massing link' and if it actually amounts to anything is quite impactful project for Toronto region passenger and freight

submitted 46 days ago • 1 comment

2024 update for my chart on the landscape of quantum computing: sam-jaques.appspot.com/quantum_land... Not much visible on the chart, but Google's result (the one with the recent press attention) is a pretty big deal

submitted 75 days ago • 2 comments

La Côte-Nord a connu des conditions météorologiques extrêmes ces dernières semaines. Environ 75 mm de verglas se sont accumulés sur nos lignes de transport à certains endroits et nous avons dû y dépêcher des équipes rapidement afin de déglacer les lignes.

submitted 76 days ago • 11 comments

The train livery for the return of the Ontario Northland Railway "Northlander" train. Source: news.ontario.ca/en/r...

submitted 80 days ago • 0 comments

I made a calendar where every month is also a crossword, and you can get one today! Introducing the 2025 Crossword Calendar: crosswordcal.com/products/202...

submitted 98 days ago • 2 comments

how do you all remember every UUID? I find it really hard. so I wrote them all down on every uuid dot com the list has fast search across all 2^122 values (so you can find your favorites) - hoping to add some social features like "trending UUIDs" soon!

submitted 81 days ago • 52 comments

Intel launched the Pentium processor in 1993. Unfortunately, dividing sometimes gave a slightly wrong answer, the famous FDIV bug. Replacing the faulty chips cost Intel $475 million. I reverse-engineered the circuitry and can explain the bug. 1/9

submitted 81 days ago • 17 comments

Do you use Let's Encrypt certificates? Do you use the "client auth" extended key usage with them? (I.E: Do you use Let's Encrypt as a client certificate). Chrome's root program is looking to phase out its use in roots they trust. I'd love to hear from anyone who would be affected.

submitted 84 days ago • 2 comments

Great to see more organizations sharing their use of Rustls :) www.memorysafety.org/blog/rustls-...

submitted 84 days ago • 0 comments

pardon me as I explain why Danforth is a right bastard, because this is one of my areas of intense nerdery

submitted 94 days ago • 13 comments

🧵SALT🧵 It's been snowing in the UK and the road gritters are out in force, begging the question: Have you ever wondered where that grit actually COMES from? The answer is more magical, beautiful and fascinating than you probably realised. 1/14

submitted 98 days ago • 195 comments

overheard: #homelab is where the #heartlab is

submitted 98 days ago • 1 comment

How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented. naehrdine.blogspot.com/2024/11/reve...

submitted 100 days ago • 12 comments

Oh, I never posted my gotofail story on here. Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation. I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

submitted 99 days ago • 7 comments

Today in relatable science: Gulls making a mysterious daily trip that turned out to be to a potato chip factory

submitted 102 days ago • 251 comments

More on iPhones rebooting themselves to resist cracking. www.404media.co/apple-quietl...

submitted 108 days ago • 2 comments

I swear there was the top of a mountain just there, but it disappeared. It must have pulled a sneak peak.

submitted 123 days ago • 2 comments

look at this absolute unit

submitted 131 days ago • 341 comments

The cross-sign of ISRG Root X1 by DST Root CA X3 has now expired. 
It's been 10 years in the making, but Let's Encrypt is now a fully standalone certificate authority, trusted by the vast majority of browsers and other devices 🔐

submitted 147 days ago • 0 comments

OpenSSH 9.9 has just been released. New features include support for hybrid ML-KEM X25519 post-quantum key exchange (using a formally-verified implementation), improved controls to drop and penalise unwanted connections, faster NTRUPrime key exchange code and more. www.openssh.com/releasenotes...

submitted 158 days ago • 2 comments

If you want to use an application that uses OpenSSL like nginx with RusTLS, you can use this new compatibility layer to seamlessly switch to a modern, memory-safe TLS implementation: www.memorysafety.org/blog/rustls-...

submitted 293 days ago • 0 comments

The solar eclipse that will cast a visible shadow across the U.S. on Monday is already leaving an obvious mark on hotel prices. About 300 Super 8s are within the path of solar eclipse in totality, and 100 of those were sold out for Sunday or Monday. nyti.ms/43KrUWe

submitted 327 days ago • 4 comments

Reading the timeline of the pressure campaign to convince the xz maintainer to hand over control is… awful. Merciless guilt-tripping. One lesson I’m taking from this is to be even more ruthless with blocks. Whining about maintenance? Blocked. Zero chances. research.swtch.com/xz-timeline

submitted 329 days ago • 6 comments

Extremely excited to introduce Sunlight, a Certificate Transparency log backed by object storage, based on sumdb-style tiles, and with no merge delay. It’s designed to be cheap, easy, and safe to operate, and to bring CT into the growing tlog ecosystem. sunlight.dev

submitted 348 days ago • 3 comments

NEW EPISODE! iMessage is getting a big post-quantum upgrade! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: securitycryptographywhatever.com/2024/03/03/p... youtu.be/ogPy5XOEj3s

submitted 358 days ago • 0 comments

I’m excited to share River, a plan to build a new http reverse proxy built in Rust using Cloudflare’s pingora libraries: www.memorysafety.org/blog/introdu...

submitted 363 days ago • 2 comments

The Open Source Cryptography Workshop will be held the Thursday after #RWC, on 28 March, at the University of Toronto Chestnut Conference Center. Pre-registration is required, registration is now open, and some of the sessions are announced. See  oscwork.shop/2024/  #OSCW #OSCW2024

submitted 384 days ago • 0 comments

Later this week, Let's Encrypt will stop including the cross-sign from Identrust's Root CA in our API by default. Details in our blog post at letsencrypt.org/2023/07/10/c... If you have any questions, happy to answer them over on our Community forum: community.letsencrypt.org/t/questions-...

submitted 385 days ago • 1 comment

picking a DNS record type to use for my new protocol

submitted 524 days ago • 3 comments