Is SQLite durable by default? What settings guarantee durability? The documentation and even comments from its creator give conflicting answers.| www.agwa.name
Last Thursday (June 15th, 2023), Let's Encrypt went down for about| Andrew Ayer - Blog
It happens every so often: some organization that sells publicly-trusted SSL| Andrew Ayer - Blog
Filippo Valsorda has a neat SSH server| Andrew Ayer - Blog
It was perfect outrage fodder,| Andrew Ayer - Blog
In my original post about SNI proxying,| Andrew Ayer - Blog
My preferred method for deploying webapps is to have the| Andrew Ayer - Blog
I recently heard from someone, let's call them Alex, who was unable to| Andrew Ayer - Blog
I recently did a partial security review of Smallstep, a| Andrew Ayer - Blog
Connecting to a website, say example.com, over TLS is a relatively| Andrew Ayer - Blog
The very first message sent in a TLS connection is the Client Hello| Andrew Ayer - Blog
Certificate signing is the most security-sensitive task performed by a certificate authority.| Andrew Ayer - Blog
A lot of stuff on the Internet is currently broken| Andrew Ayer - Blog
When publishing a DNS record through an API, it's often useful to know| Andrew Ayer - Blog
Before adding a dependency to one of my software projects, I do some basic| Andrew Ayer - Blog
If your application makes requests to URLs provided by untrusted sources| Andrew Ayer - Blog
SaaS applications often need to access their customers' cloud| Andrew Ayer - Blog
Last week,| Andrew Ayer - Blog
I'm not actually sure when SSLMate| Andrew Ayer - Blog
When we use the Internet, we rely on the security of the certificate| Andrew Ayer - Blog
Earlier today, someone reported to the| Andrew Ayer - Blog
Last week, Nick Sullivan launched mitm.watch,| Andrew Ayer - Blog
Sebastian Krahmer of the SUSE Security Team has discovered a local root exploit in systemd v228. A local user on a system running systemd v228 can escalate to root privileges. That's bad.| Andrew Ayer - Blog
Systemd maintainer David Strauss has published a response to my blog post| www.agwa.name
As people head off to DEF CON this week, many are probably relying on| www.agwa.name
Why certificates issued by "Cloudflare" and "Baltimore" are really issued by DigiCert| www.agwa.name
I knew it would be hard. The only question was what flavor of dysfunction I'd be encountering.| www.agwa.name
ssh-keygen can sign and verify signatures, and it's way better than PGP| www.agwa.name
Last week, a Certificate Transparency log called Yeti 2022 suffered a| www.agwa.name
Considering all the progress that has been made over the last decade making SSL certificates| www.agwa.name
Certificate| www.agwa.name
The following command, when run as any user, will crash systemd:| www.agwa.name