Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆ

@[email protected]
376 Followers
14 Following
24 Posts
Executive Director at ISRG / Let's Encrypt / Prossimo.
Show threadJosh Aas ๐Ÿ‡บ๐Ÿ‡ฆMay 14, 2025
@streganil EEA and Switzerland added. Happy hacking!
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆMay 14, 2025
We created a safer AV1 decoder, rav1d, by forking the dav1d decoder and rewriting the C code in Rust. It works well except our Rust is 5% slower than the C. We're not sure why so we're offering a $20k bounty to figure it out and make the Rust code faster. https://www.memorysafety.org/blog/rav1d-perf-bounty/
$20,000 rav1d AV1 Decoder Performance Bounty

In March of 2023 we announced that we were starting work on a safer high performance AV1 decoder called rav1d, written in Rust. We partnered with Immunant to do the engineering work. By September of 2024 rav1d was basically complete and we learned a lot during the process. Today rav1d works wellโ€”it passes all the same tests as the dav1d decoder it is based on, which is written in C. Itโ€™s possible to build and run Chromium with it.

Prossimo
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆMay 13, 2025
William LallemandMay 13, 2025
It looks like this is the month for TLS benchmark articles, 7 days after the publication of "The State of SSL Stacks" article on haproxy.com, @djc released a very interesting article about the performances of rustls. https://www.memorysafety.org/blog/rustls-server-perf/ .
Rustls Server-Side Performance

In past years, the Rustls project has been happy to receive substantial investments from the ISRG. One of our goals has been to improve performance without compromising on safety. We last posted about our performance improvements in October of 2024, and we're back to talk about another round of improvements. What is Rustls? Rustls is a memory safe TLS implementation with a focus on performance. It is production ready and used in a wide range of applications.

Prossimo
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆMar 10, 2025
X41 D-Sec GmbHMar 10, 2025

X41 performed an audit of Hickory DNS which is an open source Rust based DNS client, server, and resolver. We were sponsored by the great folks at @ostifofficial and supported by @ProssimoISRG

Our full report can be downloaded here: https://x41-dsec.de/security/research/job/news/2025/03/10/hickory-review-2025/

X41 Reviewed Hickory DNS

X41 finished auditing Hickory DNS and releases the resulting report.

X41 D-Sec
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆNov 26, 2024
Ivan Ristiฤ‡'s TLS certificate monitoring service Hardenize is now Red Sift Certificates. Today they announced a free offering for monitoring up to 250 certificates, looks nice. https://blog.redsift.com/certificates/never-miss-an-expiring-certificate-again-with-red-sift-certificates-lite/
Never miss an expiring certificate with Red Sift Certificates Lite

With Certificates Lite, you can monitor up to 250 certificates and receive email alerts 7 days before expiration. Itโ€™s simple, effective, and free.

Red Sift Blog
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆNov 13, 2024
Joseph Lorenzo Hall, PhDNov 13, 2024
Whoโ€™s going to @CenDemTech's #TechProm tomorrow? Be sure to connect with @sarahgran from @letsencrypt @ISRG . They work to keep hundreds of millions of websites safe, focus on private measurement and memory safety.
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆSep 21, 2024
There is a ton of work being done on Hickory DNS these days. Making great progress towards high performance and memory safe DNS. https://github.com/hickory-dns/hickory-dns
GitHub - hickory-dns/hickory-dns: A Rust based DNS client, server, and resolver

A Rust based DNS client, server, and resolver. Contribute to hickory-dns/hickory-dns development by creating an account on GitHub.

GitHub
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆSep 10, 2024
Heading to RustConf Montreal in the morning. Excited to see folks from @tweedegolf and others.
Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆSep 10, 2024

Q: What's the package that everyone uses for [X] called?

Go: X

Rust: ksjfeivcndsd

Josh Aas ๐Ÿ‡บ๐Ÿ‡ฆMay 9, 2024
Matthew McPherrinMay 8, 2024
If you want to use an application that uses OpenSSL like nginx with RusTLS, you can use this new compatibility layer to seamlessly switch to a modern, memory-safe TLS implementation: https://www.memorysafety.org/blog/rustls-nginx-compatibility-layer/
Rustls Gains OpenSSL and Nginx Compatibility

The Rustls TLS library can now be used with Nginx via an OpenSSL compatibility layer. This means that Nginx users can switch from OpenSSL to Rustls with minimal effort - users can simply swap in a new TLS library without needing to modify or recompile Nginx. We have targeted Nginx versions greater than 1.18 on Ubuntu 22.04 or newer for initial support. Here's how easy it is to get going on x86_64 Ubuntu Linux 22.