feeds - Andrew Ayer - Blog

home | feeds |donate

Andrew Ayer - Blog

fastcgi: 30 years old and still the better protocol for reverse proxies

why ip address certificates are dangerous and usually unnecessary

certificate authorities are once again issuing certificates that don't work

google just suspended my company's google cloud account for the third time

i'm independently verifying go's reproducible builds

sqlite's durability settings are a mess

the story behind last week's let's encrypt downtime

the difference between root certificate authorities, intermediates, and resellers

the ssl certificate issuer field is a lie

whoarethey: determine who can log in to an ssh server

no, google did not hike the price of a .dev domain from $12 to $850

checking if a certificate is revoked: how hard can it be?

parsing a tls client hello with go's cryptobyte package

how i'm using sni proxying and ipv6 to share port 443 between webapps

comcast shot themselves in the foot with mta-sts

it's now possible to sign arbitrary data with your ssh keys

how certificate transparency logs fail and why it's ok

security vulnerabilities in smallstep pki software

the lengths people go to just to avoid dnssec

writing an sni proxy in 115 lines of go

security review of cfssl signer code

fixing the breakage from the addtrust external ca root expiration

short take: why trust-on-first-use doesn't work (even for ssh)

when will your dns record be published?

this is why you always review your dependencies, agpl edition

preventing server side request forgery in golang

programmatically accessing your customers' google cloud accounts (while avoiding the confused deputy problem)

mta-sts is hard. here's how dns providers can make it awesome with automation...

making certificates easier and helping the ecosystem: four years of sslmate

these three companies are doing the internet a solid by running certificate transparency logs