|15 days ago||4 days ago|
|GNU General Public License v3.0 or later||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ZLib VS jdeflate - a user suggested alternative
2 projects | 25 Nov 2023
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
18 projects | news.ycombinator.com | 12 Sep 2023
So the real issue here is that the lack of tree validation before the tree construction, I believe. I'm surprised that this check was not yet implemented (I actually checked libwebp to make sure that I was missing one). Given this blind spot, an automated test based on the domain knowledge is likely useless to catch this bug.
Notes: Advanced Node.js Concepts by Stephen Grider
5 projects | dev.to | 19 Aug 2023
Exploring the Internals of Linux v0.01
8 projects | news.ycombinator.com | 12 Aug 2023
Quite OK Image is now my favorite asset format
9 projects | news.ycombinator.com | 18 Dec 2022
A minimal viable Deflate decompressor is not exactly complex, although slower than mainline zlib.
2 projects | /r/Piracy | 5 Nov 2022
ZLibrary not zlib for anyone worried about archiving algorithms. https://zlib.net/ and all the Linux repositories are safe (AFAIK).
Save File Corruption fix? PLEASE HELP
2 projects | /r/SatisfactoryGame | 30 Oct 2022
>The following is my educated guess at what to do next and I am a week-end warrior programmer at best. If someone with more experience comments, I would listen to them over me< If you have no programming experience, this may be a lost cause. It looks like the save file has a header area followed by a list of "zlib" compressed chunks. zlib.net may have a program that can open the save file and let you see the raw information inside it. Something after the header is garbled and it is preventing Save-Editors from decompressing that chunk OR from parsing what is inside of it. If you are lucky, the garbled bit will jump out at you and you can repair it.
Zlib Critical Vulnerability
4 projects | news.ycombinator.com | 14 Oct 2022
These appears to be the relevant changes:
The second commit definitely fixed a null pointer dereference, I am not sure if the CVE is referencing something else that was fixed by the first commit.
Gzip and Brotli Compression Level Estimator
2 projects | news.ycombinator.com | 10 Sep 2022
It is actually possible to estimate the compression level without actually compressing everything again, because different levels use different strategies which can be identified in some cases. zlib in particular has three strategies  and preflate  leverages this to store the deflate stream reconstruction data without much bits.
What does it take to be a good programmer?
2 projects | news.ycombinator.com | 29 Aug 2022
It's still a heap of old school C spaghetti https://github.com/madler/zlib/commit/eff308af425b67093bab25...
Encrypted Client Hello – the last puzzle piece to privacy
4 projects | news.ycombinator.com | 29 Sep 2023
If I'm understanding the draft correctly, I think the webserver you're hosting your sites on would need it implemented as it requires private keys and ECH configuration. In the example of nginx since it uses openssl, openssl would need to implement it. I found an issue on their Github but it's still open: https://github.com/openssl/openssl/issues/7482
eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe
3 projects | dev.to | 19 Sep 2023
I am looking for a troubled/bad open source codebase
13 projects | /r/ExperiencedDevs | 12 Jul 2023
What is the process of applying an AES Layer to file, like a text file?
2 projects | /r/HowToHack | 1 Jul 2023
Source code: https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
OpenSSL 1.1.1 End of Life Approaching
4 projects | news.ycombinator.com | 16 Jun 2023
Ah, I see, OpenSSL is licensed under apache, so they can distribute patches under non-OSS licenses. I thought it was GPL for some reason.
How to clone the stable version of OpenSSL 3.1?
2 projects | /r/git | 25 May 2023
thanks, and what is the reason git clone -b openssl-3.1 https://github.com/openssl/openssl cloned the 3.1.0-dev and not just 3.1.0? Because that's just how they named the branch - 3.1, and not 3.1.0?2 projects | /r/git | 25 May 2023
Can't install powershell on my mac 10.13
2 projects | /r/PowerShell | 30 Mar 2023
==> Downloading https://github.com/openssl/openssl/commit/96f1dbea67247b79b1e7b3
2 projects | /r/linuxmemes | 16 Mar 2023
I understand that it looks that way, especially since I just noticed you're a C++ developer who's been trying to learn it recently. But really, when on one hand you have a critical CVE caused by one wrong byte of C source code and on the other hand you have net zero memory-related CVEs in ~1.5 million lines of Rust code compared to 1 CVE per 1k SLOC in their C++ codebase, there's no denial that Rust simply does have the safety advantage for that kind of low level development. Heck, as I always say, memory safety is not a new concept at all, garbage-collected languages have had it for several decades now. But garbage-collected languages weren't fit for projects like the Linux kernel or drivers (at least I assume that is the case), which is why such a thing is exciting and good news in the first place.
Instagram Is Disabling Its NFT Features
4 projects | news.ycombinator.com | 14 Mar 2023
Here's OpenSSL calling cryptography crypto since 1998: https://github.com/openssl/openssl/commits/master?after=9313...
And libgcrypt in 2000: https://github.com/gpg/libgcrypt/commit/bf2fc9201cfa96cd70ef...
Totally normal and not cringy at all.
What are some alternatives?
GnuTLS - GnuTLS
Crypto++ - free C++ class library of cryptographic schemes
mbedTLS - An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
libsodium - A modern, portable, easy to use crypto library.
LibreSSL - LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to [email protected] are welcome.
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
zstd - Zstandard - Fast real-time compression algorithm
Botan - Cryptography Toolkit
easy-rsa - easy-rsa - Simple shell based CA utility
LibTomCrypt - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
Bcrypt - Modern(-ish) password hashing for your software and your servers
LZ4 - Extremely Fast Compression algorithm