Rustls Multi-Threaded Performance Is Battering OpenSSL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • TheMightyBuzzard
    Senior Member
    • Sep 2021
    • 381

    Originally posted by bacteriamanicure View Post

    And if I were to call israelis animals and say they should have no food or water, that the only way to achieve peace is to obliterate them, call their existence an affront to morality, would you say I'm not calling for the extermination of israelis?
    Yes, that's exactly what I'd say. If your argument requires mental gymnastics or otherwise winks and nudges, it is crap. Hyperbole and exaggeration have no place in discussions like this. Too many people are idiots and would believe them.

    Comment

    • bacteriamanicure
      Phoronix Member
      • Feb 2024
      • 66

      Originally posted by TheMightyBuzzard View Post

      Yes, that's exactly what I'd say. If your argument requires mental gymnastics or otherwise winks and nudges, it is crap. Hyperbole and exaggeration have no place in discussions like this. Too many people are idiots and would believe them.
      Okay so as long as I don't explicitly state I want to genocide israelis, I'm fine?
      Points for originality.

      Comment

      • TheMightyBuzzard
        Senior Member
        • Sep 2021
        • 381

        Originally posted by DumbFsck View Post

        As I said, our disagreement must be on what you and I define as "woke" or what you and I define as "western values". Thank you for answering.

        Since your definition of "woke" is that narrow, that charged, and honestly THAT private (how many people do you think would agree your definition of woke is the best description of it? Also, how many "woke" people would accept that description?) - that is where our disagreement comes from.
        I doubt any wokies would agree with it. It's not said in such a manner as I mean for them to agree with it but in the manner I see it. As for folks who hate all things woke? Almost all of them would say that's a pretty good if slightly incomplete definition. At least I think they would.

        Originally posted by DumbFsck View Post
        Next,
        ...
        I haven't seen this scientific proof, do you mind sharing? I take pride in forming and updating and changing opinions based on scientific evidence, so it would be nice.
        Yeah, give me a few after I get this posted and I'll edit it in. It's been a while since I looked at anything on it and I don't still have the browser tabs open.

        [Edit]: Here you go: https://networkcontagion.us/wp-conte...y_11.13.24.pdf
        Last edited by TheMightyBuzzard; 03 December 2024, 04:06 PM.

        Comment

        • vextium
          Phoronix Member
          • Sep 2022
          • 94

          Originally posted by Errinwright View Post

          Let the healing begin
          cringelord-maxxing

          Comment

          • TheMightyBuzzard
            Senior Member
            • Sep 2021
            • 381

            Originally posted by johnny View Post

            it sounds like you're the one doing the fragmenting to me.
            Of course it does. If you couldn't convince yourself I was a terrible, evil person, you'd have to self-examine and maybe even admit that you've been functionally insane for quite some time.

            Comment

            • fotomar
              Phoronix Member
              • Jun 2024
              • 84

              Originally posted by vextium View Post

              cringelord-maxxing
              [cackles]

              Comment

              • ultimA
                Senior Member
                • Jul 2011
                • 287

                Originally posted by oleid View Post

                What would it take to convince you that rusttls is secure?

                There was, for example a formal audit a few years back: https://github.com/rustls/rustls/blo...-01-report.pdf
                The thing is, nobody is claiming rustls is insecure, what people claim is that nobody knows if it is secure or not. If you take audits as a proof of security then you still have long ways to learn. An audit increases confidence, but it doesn't lend proof. And in this regard, OpenSSL has had more audits than rustls did, and more recent ones.

                For example, OpenSSL has had multiple audits, yet there are still weaknesses being found. And no, don't take that as an argument for rustls. Rustls also had multiple CVEs ever since the audit you linked.

                So no, an audit, especially one that is 4 years old (considering the code is in constant fluctuation), is not going to serve as proof. Actually, talking about having proof of lack of vulnerabilities is sensationalist and nonsensical. The only thing you can build is trust and confidence, not "proof". What you need is trust that there are audits done periodically, not just once in the product's lifetime that is already outdated. Trust that even though there are still vulnerabilities being found, only that many are being found despite a horde of security professionals, governments, enthusiasts, and paid auditors constantly seeking them. Trust that there is continuous funding for the development and maintenance even long-term. Trust that most multi-billionaire companies are using it in production whose reputation hangs on the line of their products being secure or not.
                Last edited by ultimA; 03 December 2024, 04:36 PM.

                Comment

                • TheMightyBuzzard
                  Senior Member
                  • Sep 2021
                  • 381

                  Originally posted by bacteriamanicure View Post
                  The wikipedia article "Gaza Genocide" has many great quotes from israeli government officials (and citations, since wikipedia is ontologically non-canon)

                  "there are no innocent civilians there"
                  "All the civilian population in Gaza is ordered to leave immediately. We will win. They will not receive a drop of water or a single battery until they leave the world."
                  "it might be justified and moral" to "starve 2 million people"
                  "Gaza will become a place where no human being can exist" and "Creating a severe humanitarian crisis in Gaza is a necessary means to achieving the goal."

                  I don't think you'd forgive hamas for saying this about israelis
                  You seem to be stuck thinking I'm an Israel fan. This is not the case. I can just tell the difference between a nation that would be content to be left alone (after they kill and displace a bunch of people to get the borders they think they should have) and several whose stated goal (even in "peacetime") is the actual genocide of Israel. You can't seem to be able. You keep trying to find quotes half as bad as the ones you'll hear out of almost any Palestinian and anyone in the Iranian government. There isn't an equality to be found because that equality does not exist.

                  There are no Good Guys in this fight but (and it's a pretty stretched definition admittedly) Israel is the least bad of anyone involved.

                  Comment

                  • TheMightyBuzzard
                    Senior Member
                    • Sep 2021
                    • 381

                    Originally posted by bacteriamanicure View Post

                    Okay so as long as I don't explicitly state I want to genocide israelis, I'm fine?
                    Points for originality.
                    If you don't explicitly state it and leave room for a less insane interpretation, yes, I'm going to assume you're not a genocidal maniac. Iran and Palestine left no room for that, they were very explicit.

                    Comment

                    • bacteriamanicure
                      Phoronix Member
                      • Feb 2024
                      • 66

                      Originally posted by ultimA View Post

                      The thing is, nobody is claiming rustls is insecure, what people claim is that nobody knows if it is secure or not. If you take audits as a proof of security then you still have long ways to learn. An audit increases confidence, but it doesn't lend proof. And in this regard, OpenSSL has had way more audits than rustls did, and more recent ones.

                      For example, OpenSSL has had multiple audits, yet there are still weaknesses being found. And no, don't take that as an argument for rustls. Rustls also had multiple CVEs ever since the audit you linked.

                      So no, an audit, especially one that is 4 years old (considering the code is in constant fluctuation), is not going to serve as proof. Actually, talking about having proof of lack of vulnerabilities is sensationalist and nonsensical. The only thing you can build is trust and confidence, not "proof".
                      If I may get back on topic for a second: I agree.
                      There's many subtle and non-obvious ways to mess up that memory safety doesn't fix and and the rest of Rust can only make sure it's easy to not mess up
                      As much as I am pridefully woke and Rust pilled, the assertion that "the language is memory safe therefore it's all solved" is insane
                      Earlier this year there was a CVE about how Rust, Python, java, and a few other languages misparsed command line arguments for command prompt on windows, and then a second one because the initial fix wasn't quite complete
                      While it was hilarious that, IIRC, java just pretended it wasn't an issue, it is an important reminder that humans are both infinitely clever and infinitely stupid

                      Comment

                      Working...
                      X