@bilbothebird.bsky.social
There is no pink oliphaunt.
www.kickstarter.com/projects/mee...
23.10.2025 20:29 β π 0 π 0 π¬ 0 π 0
The Great Software Quality Collapse: How We Normalized Catastrophe
open.substack.com/pub/techtren...
Maybe it's actually a good way?
Sure it's a bad way to sell AI, and misleading of how much better it can already be.
But I think it serves as a reminder of the subtle stupidity behind even the most advanced models. :-)
From FOSS to Flop, and How to Go Commercial Without Alienating Your Users blog.inedo.com/inedo/from-f...
... I guess I have Some Thoughts about that blog post, but overall a nice read.
#foss #dev
With Authenticode, what is the point of having hardware based HSM/FIPS protection for the private key when the Ability-To-Sign is only protected by Cloud credentials or API keys?
I really don't get it yet.
#authenticode #codesigning #softwaresecurity
security.stackexchange.com/questions/28...
My keynote, "Fun for Now", from @devoxxgreece.bsky.social a couple of weeks back
www.youtube.com/watch?v=dt9Y...
The specific text "Signatures using elliptical curve cryptography (ECC), such as ECDSA, aren't supported in Windows and newer Windows security features." seems pretty clear to me, "It's not supported".
28.04.2025 14:42 β π 1 π 1 π¬ 0 π 0...
* Digicert claims (docs.digicert.com/en/certcentr...) that we could use ECC P-256-bit key size.
* Yubico timings (support.yubico.com/hc/en-us/art...) indicate that ECDSA-P256-SHA256 could be more than facto 10 faster than RSA-4096. (Factor 6 for RSA-3072)
The reason I wanted to try ECC:
* Signing all binaries of our CI release builds is dead-slow with RSA 4096 (850 msec per File on our YubiHSM2), and ...
In my case we would have liked to try an ECC only private key for our OV certificate, so the Root certificates would still be RSA.
Seeing ECC unsupported on the Root however is not exactly encouraging.
Interesting. Even though the docs you have linked to are specifically for the "Trusted Root", which, as far as I can grasp, I don't have any influence over anyway with Authenticode, since that's provided by (e.g.) Digicert.
28.04.2025 14:10 β π 0 π 0 π¬ 2 π 0@vcsjones.dev - You wrote a great article about ["Authenticode and ECC"](vcsjones.dev/authenticode...) ... 9 years ago. We're currently looking into using ECDSA only signing for Authenticode. Know whether the conclusion from back then (lacking consistent tool support) has changed in 2025?
28.04.2025 08:55 β π 1 π 1 π¬ 1 π 0
