Wow. Didn't know that ruby core had closed the ticket for the insecure Ruby SSL/TLS defaults without making changes. https://bugs.ruby-lang.org/issues/9424#note-4 …
@kevdog @jmhodges @kellabyte this is a great case study for why crypto shouldn’t be part of a language’s stdlib
-
-
@bascule@kevdog@kellabyte The lesson from 2013 is that secure should be the default. Ruby-core needed (needs) an influx of sec engineers. -
@jmhodges@kevdog@kellabyte I wish@_emboss_ could get his krypt work sponsored :| -
@bascule@jmhodges@kellabyte@_emboss_ Fair point, that.
End of conversation
New conversation -
-
-
@bascule@jmhodges@kellabyte I don't think it matters whether it's in the stdlib, what matters is who's writing it and how often it update. -
@kevdog@jmhodges@kellabyte stdlibs are by their very nature slow to evolve and limited in agility of updates -
@bascule@jmhodges@kellabyte Overall, I would agree. What do you think of the#golang implementation? (assuming you've looked). -
@kevdog@jmhodges@kellabyte I like the crypto in Go
End of conversation
New conversation -
-
-
@bascule@jmhodges@kellabyte If external library updates faster, that's the way to go, if core team can update faster...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.