gpoul's Out Of Memory Blog

Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation.

Update 11/15: CVE-2009-3555

I just migrated to Snow Leopard this weekend and I really like it. I also replaced my backup solution with Time Machine. Everything looks nice and it was pretty painless.

Want to know what’s new in Snow Leopard? There is a great Snow Leopard Review on Ars Technica.

btw: I also used this weekend to move my primary work ThinkPad to the Windows 7 release candidate. Up until now it looks pretty nice. I’ll probably test this for a month or two and decide whether I want to go back to XP or move to the RTM version.

NetNewsWire 3.2 has now been released a few days ago.

I upgraded because I wanted to try the synchronization with Google Reader, but I only got this far:

You cannot use the application “NetNewsWire” with this version of Mac OS X.

So I exported my feed list as OPML and imported it into Google Reader. Until now it looks good. No further needs to upgrade my feed reader; no requirement to upgrade to Snow Leopard and no need to synchronize.

Until now I wasn’t motivated to give Google Reader a try, but the NetNewsWire developers made it happen.

I’ve been surprised by how VMware is being used quite a few times in the last year, but never got around to posting about it. Billy did a great job in describing the issues involved with running Java on a hypervisor and I hope it reminds people that hypervisors are not a silver bullet.

I just read Matt’s posting on RSS in the Clouds and thought… hey… I haven’t heard something like this in a long time. Let me check this out…

Looks like Dave Winer came up with a notification mechanism for RSS aggregators. He called it rssCloud. Very catchy. It somehow looks similar to PubSubHubbub. rssCloud only allows you to get a callback at the IP address you made the initial request from. No way to direct it anywhere else. Useless for RSS clients.

Just to remind everyone we’re still far away from addressing two of my pet peeves with RSS:

• RSS items are still sent multiple times to the same client, even if the client already got a copy of those items
• Clients still lose information when they’re offline and the feed updates faster than the number of RSS items the server supplies in the feed

Looks like we haven’t really made much progress in the last 8 years. I really like my NetNewsWire RSS reader, but I’m afraid if Google Reader provides more complete news aggregation and even gets news items faster I’m probably going to migrate.

Looks like the next version of NetNewsWire is only going to sync to Google Reader. I really like that they’re now supporting Google Reader, but removing all other sync capability from the product and forcing everyone to use Google… not so cool.

Just in case you need one more reason to perform that RCA.

Wer schon mal die Onlinekonfiguratoren der Autohersteller probiert hat, kennt das Problem. Und doch haben manche Dinge die erstmal unsinnig erscheinen einen Sinn. Man erfährt ihn nur (normalerweise) nicht ;-)

Bruce Schneier blogged about another attack on AES.

There are a few things to note:

• Longer keys are not automatically safer
• At this point it’s better to stay with AES-128
• If you’re using AES-256 and you feel unsafe; talk to someone who understands this stuff ;-)

Oh come on.

Update 11:49am: this has now been fixed.