cross-posted from: https://lemmy.ml/post/171118
> On the account that "we are better equipped", Go will now ignore the order of the CipherSuite option, starting with Go 1.18, due this month.
> The [sorting logic](https://github.com/golang/go/commit/9d0819b27ca248f9949e7cf6bf7cb9fe7cf574e8#diff-fa1ebabc009bcc9a9f27168612adf5b4d56f9f40d613a62f86830861acb85803R215-R270
> ) is detailed in the code.
> Several choices seem strange to me:
> * "SHA-256 variants of the CBC ciphersuites don't implement any Lucky13 countermeasures." leading to CBC-SHA1 being favored over CBC-SHA256.
> * "AES comes before ChaCha20", on the account that AES-NI is faster. They use heuristics to determine whether both ends support AES-NI and whether to prefer ChaCha20 over AES.
> * "AES-128 comes before AES-256", on the account that AES-256 is slower.
> The static nature of the sorting algorithm also leads to security conundrums such as the fact that updating the Go library and recompiling programs will be required if a vulnerability is found in an algorithm implementation (e.g. Lucky13 for the CBC-SHA256 Go implementation); you won't be able to just reduce its priority by updating a config file.
> What's your take on this? Can you explain some of the choices that feel strange to me?
I read in the news that Peter Bourgon was officially excommunicated from Go "community spaces". I'm curious if this community space, [!firstname.lastname@example.org](https://lemmy.ml/c/golang), plans to comply with the ban. I think it would be useful to identify and support spaces that will not carry it out.
cross-posted from: https://lemmy.ml/post/77351
> Join the [FedeProxy](https://fedeproxy.eu) vidcall and help bring [Gitea](https://gitea.io) to the Fediverse
> Whether you are technical or not, there's many ways you can help. By doing so you'll contribute to offering real and open alternatives to the dominant position that Github has on the open source movement. Decentralized FOSS development on the Fediverse, no less!
> - Proofreading of grant proposal
> - Dev bounty: Generate gitea private keys
> - Find individuals & orgs to support grant application and/or federation in Gitea
> - Facts / articles that demonstrate the popularity of Gitea
> - Where to advertise the effort towards federation?
> - First grant application must be sent before October 1st, 2021 for the @NGIZero Discovery call
> Provide your availability for the vidcall here: https://framadate.org/jO19mi38nMKWNYbt
> Read these other Lemmy posts and learn how you can earn money now:
> - [Opportunity: Bring Gitea to the Fediverse (funding available)](https://lemmy.ml/post/73411)
> - [Opportunity: Diversity audit for the open-source FedeProxy project](https://lemmy.ml/post/75861)
> Additional information:
> - [The proposed Gitea federation design](https://github.com/go-gitea/gitea/issues/14186)
> - [FedeProxy forum discussion](https://forum.fedeproxy.eu/t/advancing-federation-in-gitea/240)
> - [Details about available Funding, Bounties and planning for additional grants](https://github.com/go-gitea/gitea/issues/16518)
> - [FedeProxy forum discussion](https://forum.fedeproxy.eu/t/grant-application-for-federation-in-gitea/284)
cross-posted from: https://lemmy.ml/post/73411
> An opportunity for Golang devs to work on a great FOSS project with funding: Bringing Gitea to the Fediverse with ActivityPub support and the ForgeFed protocol..