Archive for March 8, 2023

Wednesday, March 8, 2023

Swift “Certificates” and “ASN.1” Packages

Cory Benfield:

I’m excited to announce two new open source Swift packages: swift-certificates and swift-asn1. Together, these libraries provide developers a faster and safer implementation of X.509 certificates, a critical technology that powers the security of TLS.

[…]

Swift ASN.1 provides two major pieces of functionality: an implementation of the common ASN.1 currency types, and an implementation of DER serialization and deserialization. This is sufficient for implementation of the majority of the cryptographic use cases for DER, including for swift-certificates.

Swift ASN.1 provides these security-critical parsing and serializing services using entirely memory-safe code with low overhead.

I’ll probably eventually use this for receipt and license validation.

Previously:

Medium’s me.dm Mastodon Server

Alex Benzer:

A few weeks ago, we announced that Medium is embracing short-form writing by launching our very own Mastodon server at me.dm. Starting today, we’re opening up me.dm access for our member community. If you’re a Medium member, you can create an account on me.dm.

Via John Gruber:

To my knowledge no company with such resources has started a public Mastodon instance to date. I am very uncomfortable with the fact that nearly all Mastodon servers are free-to-use volunteer efforts, funded by voluntary donations. That’s not sustainable. I suspect a lot of Mastodon servers that seem to be thriving today won’t be around in 5 years, taking all of their posts with them. I don’t feel great about the fact that Medium is venture-backed, either, but they do charge $5/month or $50/year for a membership.

I’ve been using mastodon.social, which is funded by Patreon donations. It seems to be one of the better servers but was down for a while yesterday. I haven’t actually seen Twitter go down recently, but sometimes it’s really slow.

Previously:

Overhead of Using APFS Encryption

Howard Oakley:

T2 Intel and Apple silicon Macs invariably encrypt the Data volume on their internal SSD; adding the protection of FileVault’s password comes at no cost.

Some external SSDs can use APFS encryption without any reduction in performance at all.

Other external SSDs may show reduced write speed to APFS encrypted volumes, particularly when they are connected via a hub rather than directly.

Currently the only way to tell SSDs apart is to measure their write speeds.

This third point is not what I would have expected.

macOS Network Metrics Using sysctl()

Milen Dzhumerov:

As part of my work on the Buck2 build system, I needed a way to observe the network throughput of the system. After some research, the conclusion was to use sysctl() with NET_RT_IFLIST2: this provided access to 64bit metrics which do not suffer from overflowing that affects the 32bit fields of the older APIs.

[…]

If you looked at the traffic metrics, they would only ever increase in multiples of 1KiB. The reason for the behaviour is that the kernel applies batching to prevent malicious code from fingerprinting the system. This restriction applies only to 3rd party programs (i.e., not codesigned by Apple).

[…]

Upon further investigation, it became clear that the API truncates and wraps around the traffic metrics at the 4GiB mark. Again, this only affects 3rd party programs.

Update (2023-03-29): Mojo66:

BTW, my currently-in-development Mac app “DerPinger” uses [sysctl()] to fetch 64-bit interface metrics, and does not have problems with 4GB wrapping on 13.2.1.

I’m looking for beta testers.