uh huh. I'm not spending the time to build those checkboxes and mapping tables for 3+ different TLS libraries. It's the admin's job to know their security requirements and how their chosen software meets those requirements. If they don't know them, they can keep the defaults.
In OpenLDAP we don't dictate which crypto library you use. We certainly aren't going to tell you which cipher suites to use, that's up to you.
I wish I never had to think about cipher suites and could just rely on OpenSSL's defaults, but when an OpenSSL update happens and I can no longer connect to WiFi networks I need to connect to (but have no control over), I need to go around copy/pasting strings I find on StackOverlow into config files T_T
I wish security people didn't go around breaking people's systems all the time
Nobody is typing those strings in. They cut and paste, and the most often done modification is "remove this particular bit".
A string in a config is far superior to some sort of GUI for this, as some people will simply check or uncheck all the boxes. 99% of the time I've modified the cyphersuite I've been in a ssh session - please, no GUI.
The best alternative is a frequent patch cadence by the software provider, and maybe some ugly error messages ("you are using known-bad cipher XYZ - pausing 300 seconds" on startup) or even an abort if someone is trying to use known-bad ciphers. If people don't patch promptly, that's on them, the world needs people to serve as examples of what not to do...
The real issue here is obsolete blog posts and overly-trusting "admins" who treat the cyphersuite as voodoo - and checkboxes won't fix them.
📣 Do-It-Blind (DIB) online Besprechung am Montag, 30. Juni, um 19:00 Uhr. Du bist eingeladen! Wöchentlich am Montag besprechen wir neue Formen der digitalen und inklusiven Zusammenarbeit. Mach mit! 🛠️ #make #blind #inklusionbbb.metalab.at/rooms/joh-szv-o…
Learn using BigBlueButton, the trusted open-source web conferencing solution that enables seamless virtual collaboration and online learning experiences.
Digital Sovereignty in Practice: Web Browsers as a Reality Check
Reading in Servo’s latest weekly report that it’s now passing 1.7 million Web Platform Subtests, I started wondering: How much investment would it build it into a competitive, independent browser, in the context of all this talk on digital sovereignty?
The current browser landscape reveals how concentrated digital control has become. Roughly 75% of global web traffic flows through browsers based on Google’s Chromium engine; not just Chrome, but Microsoft Edge, Samsung, and dozens of others. Apple’s Safari dominates iOS but remains locked to their ecosystem. Firefox, once a genuine alternative, has declined to under 5% market share globally. This means American companies control how billions of users worldwide access the web. Every search, transaction, and digital service flows through infrastructure ultimately controlled by Silicon Valley. For societies valuing their independence and sovereignty, this represents a fundamental vulnerability that recent geopolitical events have made impossible to ignore.
Digital infrastructure is as important as energy or transportation networks. Unlike physical infrastructure, however, digital systems can be controlled remotely, updated unilaterally, and modified to serve the interests of their controllers rather than their users. Browsers exemplify this challenge because they’re both critical and seemingly replaceable. In theory, anyone can build a browser. The web standards are open, and rendering engines like Servo prove it’s technically feasible.
In practice, building browsers requires sustained investment, institutional coordination, and overcoming network effects that entrench existing players. If democratic societies can successfully coordinate to build and maintain competitive browser alternatives, it demonstrates their capacity for more complex digital sovereignty goals. If they cannot, it reveals the institutional gaps that need addressing.
Firefox offers important lessons about the challenges facing independent browsers. Mozilla has indeed faced difficulties: declining market share, organizational challenges, and ongoing technical issues. The organization has also alienated its most dedicated supporters by pivoting toward advertising, AI initiatives and cutting their impactful public advocacy programs.
However, Firefox remains the only major browser engine not controlled by Apple or Google, serving hundreds of millions of users worldwide. Its struggles reflect structural challenges that any alternative browser would face: the enormous engineering effort required to maintain web compatibility, the network effects favouring dominant platforms, and the difficulty of sustaining long-term technical projects through diverse funding sources.
Yet, building a competitive alternative browser infrastructure would require substantial but manageable investment. Here is a ballpark estimation I made based on existing browsers: Annual operating costs would include:
Engineering Team of ±50 developers, designers, managers etc.: €15 million.
Quality Assurance and Testing Infrastructure: €10 million
Security Auditing and Vulnerability Management: €10 million
Standards and Specification Development: €5 million.
It would probably take around 3-4 years to fully build an alternative browser from scratch, less so if it’s a fork of one of the existing ones. Forking Chromium/Gecko or building upon Servo’s foundation could reduce this timeline to 18-24 months for basic functionality, though achieving full web compatibility and market readiness would still require several additional years of refinement. The initial development sprint needs to be followed by a sustained engineering effort needed afterward, for maintaining compatibility with evolving web standards, fixing security vulnerabilities, and keeping pace with performance improvements.
The core challenge isn’t technical; it’s institutional. How do you sustain long-term technical projects through democratic processes that span multiple countries with different priorities, resources, and political systems? Successful models exist. The European Space Agency coordinates complex multi-national technical projects. CERN manages cutting-edge research infrastructure across dozens of countries. The Internet Engineering Task Force maintains critical internet standards through voluntary coordination among global stakeholders. The “Reclaiming Digital Sovereignity” proposal specifically addresses this challenge by advocating for “new public institutions with state and civil society representation” to govern universal digital platforms, alongside “multilateral agreements on principles and rules for the internet” as safeguards for autonomous, democratically governed solutions.
Browser development could follow similar patterns: international frameworks that respect national sovereignty while enabling coordinated action, governance structures that balance technical expertise with democratic accountability, and funding mechanisms that provide stability across political cycles. The Reclaiming Digital Sovereignity’s report’s emphasis on “democratic international consortia” and “public knowledge networks led by a new public international research agency” provides concrete institutional models that could be adapted for browser development. Germany’s Sovereign Tech Agency represents another model for public investment in digital infrastructure for the public interest.
With all that being said, browsers represent one of the more achievable digital sovereignty goals. They’re built on open standards, rely heavily on open source components, and face fewer network effects than platform-based services. Other areas of the technology stack would be far more challenging, and far less open.
Success here would demonstrate that democratic societies can coordinate effectively on complex technical infrastructure and pass the first hurdle. Failure would reveal institutional gaps that need addressing before attempting more ambitious digital sovereignty goals. Democratic digital sovereignty is challenging but feasible, if societies are willing to think institutionally, invest sustainably, and build incrementally rather than trying to recreate Silicon Valley with different ownership structures.
Ultimately, the real question isn’t whether democratic societies can build alternative technologies, but whether they can build the democratic institutions necessary to govern them effectively across the complex realities of international coordination, competing priorities, and long-term sustainability. I believe browsers offer an ideal place to start testing these institutional innovations. The technical challenges are surmountable. The institutional ones remain to be proven.
Views expressed are personal and do not represent any organization.
It is time for Linux to fully join the ✨AI✨ gravy train. Now you finally can ask our AI agent to answer the ultimate Linux questions: is Linux about choice?
To write this article, I went beyond the limits of my technical knowledge, which is that of an advanced user who has studied standard formats and their characteristics in depth, to understand why standard formats – one of the pillars of digital sover…
Microsoft, Google, and AWS recently published “sovereign clouds”.
❌ BUT digital sovereignty doesn’t come from shiny new product names such as these “sovereign clouds” - which still must hand out data to US without a warrant based on the CLOUD Act and FISA.
✅ Digital sovereignty comes from full European legal and technical control. Everything else is nothing more than sovereign washing.
AWS, Microsoft, Google - they all launched "sovereign clouds" recently. But the truth is, all US companies are subject to US data sharing legislation. Let's explore whether it's safe to use US clouds or whether it's just "sovereign washing".
@Dragon It's still in beta, we plan to make it available on Revolutionary as well. You can book Legend just for one month and then switch to Revolutionary once you're done with the import. Apologies for the hassle.
I'll have to revisit it, I remember trying tuta a while ago and it not being suitable for me, it was before you even had Import though so that may have been why
Created a free account to play with the android app (I did have one ages ago, but it got deleted due to inactivity so shouldn't be breaking the 1 free account rule)
Android app synced contacts, need to check I can export/import calendar.
I think the reason I ended up not going with tuta last time was the lack of import (which you now have) but i need to check.
Yeh I just moved my domain over, had an issue with a + address not working but I think It just took a while for the alias to create.
I have a couple logins elsewher ethat use + addressing (which zoho just supported) looks like they DO work on tuta if you have either a catchall or create them explicitly.
Thankfully I didn't use + addressing much e.g me+service@mydomain.
@bartknubben Actually, we used to use a small German provider, but had to switch because they could not defend adequately against attacks, see here: tuta.com/blog/ddos-dns-attack
We don't like having to use AWS, but for the domain, we must use something big as for some reason we're a high-profile target for attacks. 🤔
What alternatives would you suggest (we'd love to switch to something better!)?
There are certainly EU anycast DNS providers that could fix this for you. Might also be a good idea to use two of them. See for example: - cloudns.net/ - rcodezero.at/en - netnod.se/dns
People regularly ask me about the benefits of being a coder. One of them is the ability to speed through live tennis scores from the #keyboard using a #screenreader.
On this day, June 29, 1964, NBC made a historic decision that would forever change the landscape of television and science fiction: the network greenlit Gene Roddenberry’s script for the pilot episode of Star Trek, titled The Cage.
Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.
The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this. Also, happy 4th July in advance...I guess.)
I had applied to a job and it screened me verbally with an AI bot. I find it strange talking to an AI bot that gives no indication of whether it is following what I am saying like a real human does with "uh huh" or what not. It asked me if I ever did Docker and I answered I transitioned a system to Docker. But I had done an awkward pause after the word transition so the AI bot congratulated me on my gender transition and it was on to the next question.
I have lived to tell the tale of my first Waymo ride in LA, as I was there for a work event, and so was Waymo. With a discount code in hand, I took it for a solo spin. What a surreal and empowering experience! The app is accessible with a screen reader, and you can turn on audio descriptions under Accessibility preferences, so the car will announce the streets it turns onto along the journey. Here's some audio from a video I took with the Meta glasses.
@munchkinbear Silly Meta glasses and their 3-minute video length limit. I have another video, (audio, for all intents and purposes on this platform), that shows a bit more of Waymo's announcements, like yielding to pedestrians. It also liked to tell me that it was waiting for an intersection to clear. In this case, the more verbiage, the better! Will have to get that audio and put it up here.
AND In-Process is also out: nvaccess.org/post/in-process-3… - covering all about NVDA 2025.1, NV Access in the Forbes Accessibility 100, five quick things to try with NVDA 2025.1, and a small end of financial year request: nvaccess.org/post/in-process-3…
Hey, the equivalent to the F11 shortcut of the remote add-on (switch between remote and local PC) is NVDA+Alt+Tab, not NVDA+Alt+R which is the toggle connection shortcut.
Someone on the Blind Vintage Tech list posted a zip file containing two folders of digitized recordings of two computer magazines from the 1990s: Computer Folks and Bitstream. Both of these magazines were originally distributed on cassette tapes. Computer Folks was recorded by Rich and Donna Ring. Rich, I believe, is deceased but Donna is still with us. The archive starts out with the September 1991 issue. The next issue, which I haven’t heard all of yet, has an interview with Deane Blazie. Bitstream was recorded by Peter Ciali. I don’t have information on whether he is still with us or not. These magazines are fascinating as they really give you an idea of where we were at that time with blindness technology and how it evolved and grew. The link to this zip file is dropbox.com/scl/fi/l76fmy1bu39… That link may not be around for much longer so if you want this archive, I recommend downloading it sooner than later.
If anyone would like to subscribe to the Blind Vintage Tech list, send email to Bvtc+subscribe@groups.io This list, as its name implies, is for the discussion of older blindness tech; Sharp calculators, DOS and early Windows screen readers, Braille ‘n Speak; you get the idea.
I had no idea this list existed. I may end up signing up with my GMail account, which I delegate to using google services and signing up to email lists. As it happens, I'm a massive fan of all things vintage tech.
@technocounselor @DeanEquity I never interacted with Peter but he seemed like a kind man. Later editions of his Bitstream magazine had a great theme song recorded by our friend @Snowman. Peter also recorded a tutorial covering Windows 95 but I never purchased that one and never heard it. It's wonderful that people are taking the time to digitize these copies. They're not only interesting to listen to but they document the history of blindness technology, which is very important. I'd love to have similar archives of Battery High and Sound Computing which were recorded by @DeanEquity.
Aah, PWWebspeak. I quite enjoyed using that when I did so in the 90's. My school had it on a computer in the library. Didn't work with everything but it worked with enough things to be useful, and I really did enjoy Softvoice.
Hi! Is there any chance we can encourage you to trend #NVIDIA when that's the company you mean, please? I know what their NASDAQ handle is, but #NVDA is much more widely known as the name of the screen reader we make and the #NVDA hashtag is very widely used for the screen reader. It will save both our communities polluting each other's feeds. If you'd like to find out more about the screen reader, our website is nvaccess.org/ - Thank you!
Tech giants aren't renowned for their honesty and openness. When it comes to making claims and pointing to benchmarks, it's not just Nvidia that plays fast and...
"As #space junk increases, more operators are choosing to launch without any #insurance at all. To compensate, companies are cutting back on the cost of satellites and launching more of them at faster rates, thus creating a feedback loop as the cheaper satellites break up more easily and add to the problem. Behind the predicament are two vectors moving in opposite directions: The cost of launching satellites is falling, while the cost of insuring them continues to soar.”
Eggs were somehow considered too expensive so Americans voted to totally destroy our disaster emergency response services, our National Parks, Medicaid, energy development, and cancer research services.
It’s completely and utterly insane.
“When is cancer political?" Medical researchers, patients decry Trump admin's layoffs, budget cuts - CBS News: cbsnews.com/news/when-is-cance…
Scientists conducting medical research are facing an existential crisis: Layoffs and budget cuts pushed by President Trump that, they say, jeopardize finding a cure for cancer.
#Nautilus #AMC #AMCplus #Disney. The troubled series Nautilus has finally made it's way onto TV here. It will be broadcast tonight June 29 at 9pm Eastern on AMC and stream on AMC+. It's 10 episodes and has been cancelled. Disney+ produced it and passed after filming.
Inspired by Jules Verne’s beloved Twenty Thousand Leagues Under the Sea, Nautilus follows Nemo’s mission to enact revenge on the East India Mercantile Compan...
#Nautilus #AMC #AMCplus #Disney The reviews for Nautilus aren't that bad. It's a reimagining of 20,000 Leagues Under the Sea and apparently a much darker Indiana Jones. I might give it a try and just know that it's not coming back.
Nautilus premieres Sunday, June 29 on AMC and AMC+.#AMCPlus #Nautilus » Subscribe for More: https://bit.ly/3tz1yp9AMC+ ON SOCIAL:Instagram: https://www.insta...
I think somebody made a typo... from this post: "Windows 11 25H2 will begin rolling out to everyone in October or around that period, based on information we have, and it will reset the support lifecycle clock. Enterprises will get 36 months of support, and Pro/Home (consumer editions) will be supported for 24 hours." Now I'm just picturing this, my computer only getting support for 24 hours and then it's done. windowslatest.com/2025/06/29/m…
Microsoft has confirmed that the next release of Windows is called Windows 11 25H2, and it’s going to be a minor update deployed via an enablement package.
Ever wish Hebrew words would just stick? That’s exactly what happened to my student David—he surprised everyone at Shabbat dinner by effortlessly asking for the bread, salad, and rice…in Hebrew! 🥖🥗🍚
In this first video of my new Hebrew Food Series, I’ll show you how to make Hebrew vocabulary feel natural—starting with what’s in your kitchen.
#learnhebrew #food #israel #hebrewbyinbalExpand your culinary vocabulary with this first video in my Hebrew food series! Learn essential Hebrew words for com...
You no longer have to wonder whether some of the masked men with guns in unmarked cars taking people off the streets might not be real law enforcement officers. We now know that 𝗺𝗮𝗻𝘆 𝗮𝗿𝗲 𝗻𝗼𝘁. theguardian.com/us-news/2025/j…
That includes a guy in NC who sexually assaulting a woman by threatening to deport her.
An important but inconvenient fact to remember about NYPD "work stoppages" and "quiet quitting."
When NYPD intentionally makes fewer arrests and does less police work in protest, violent crime goes *down* 🙂🙃
Read that again. Violent crime goes *down* when cops quit.
And we've known why since 1970
Once you understand a few things about US policing, this outcome becomes incredibly obvious and unavoidable.
First, understand that "Law and Order, SVU," is not how policing works, and not what police do.
What most police do, most of the time, is arrest and fine innocent Black people.
This makes it unsafe for Black people to call the cops in any circumstances. A Black person that has recently had a violent and racist encounter with the cops, will not call the cops to save you if they see you being assaulted.
So the more "policing" happens, the greater this depressive effect.
The irony:
As you ramp up "policing," it becomes impossible to catch and arrest any real, violent criminals... because you betrayed and violated all of the civilians in the communities that you were supposed to partner with.🤦🏿♂️
You created the pre-condition for ineffective and futile police work.
As an NYC resident, you pay $12B a year for a police force that is not good at what you want them to be good at: solving and preventing murder, theft, and sexual assault.
For example, the most stolen items in NYC are smartphones and bikes. NYPD doesn't even recognize the most recommended bike lock🤡
Attached: 1 image
@NSalwen@mstdn.social @Jackiemauro@fosstodon.org
NYPD budget is $12 billion a year. Billion. The most stolen 2 items in NYC, are 1) cell phone and 2) bike.
NYPD is useless at preventing the theft, or recovering stolen bikes.
Let me bring it home for y'all using a topical example: ICE.
ICE has always been bad, but recently it's ramped up. It doesn't matter if an *individual* ICE agent is a good person or a bad person. The *system* of ICE now requires them to hit a deportation quota, so they are all targeting civilians.
There are dangerous undocumented immigrants. Very dangerous. Consider the 100 most dangerous undocumented immigrants in a population of 12 million undocumented people. People like "Big Dragon."
But you cannot find them.
Suppose the ICE Dangerous Fugitive Apprehension Team is looking for Big Dragon
Suppose the hypothetical Big Dragon threatened to shoot an undocumented taco cart vendor on Wilshire Blvd in LA, in front of over 100 people, 80 of whom were undocumented.
Then the ICE team shows up, looking for people to "come down to DHS and make a statement."
No one is talking. No one is going🙅🏽♀️
This is beyond "Stop snitching," and a cultural revulsion to cooperating with police.
This is beyond "Snitches get stitches," and fear of reprisal from the hypothetical Big Dragon or his associates.
This is a rational understanding that giving a statement holds a real risk of detention to CECOT.
Would the other taco vendors have been more likely to call Immigra on the hypothetical Big Dragon:
* In the 1990s, before the creation of ICE?
* In the 2000s, after ICE was created, but before this round of mass deportations?
* Now, in the full fascism and mass deportation era?
If ICE does an NYPD style "work stoppage" and doesn't deport a single person for a period of 6 months...
Do you think that would increase or decrease the likelihood that an undocumented person would be willing to help ICE find and arrest the hypothetical Big Dragon?
Consider a kind, undocumented taco stand vendor in LA. In 20 years he has never even thought of carrying a gun before. He had always assumed that if he ran into trouble, he would just call 911.
Now he realises that he can't call 911. ICE.
And he just saw hypothetical Big Dragon threaten a man...
After advancing their Medicaid-slashing, billionaire-enriching megabill late last night, Senate Republicans are aiming for a final vote within the next 24 hours.
Republicans in Congress are trying to ram through the Trump Tax Scam, a bill that makes extreme cuts to Medicaid, SNAP, and other essential programs to pay for tax breaks for the ultra-wealthy.
@drew What's interesting is that senators feel so emboldened that they would vote on this bill even if it may cost them their careers. But then again, a large portion of the American populace did not believe that Trump will do what he is doing now. Perhaps that also helps the senate to be so confidentthat people will forget, not understand or simply whatever... Ah yes, there is a child credit built-in. So populist! Every populist govt seems to be doing that!!!
Yeah, podcasts are great when you’re doing chores, grocery shopping, etc. But also on a rainy Sunday afternoon sitting on the patio doing nothing else.
Here is a uMap showing the murals from the 17 Walls project – plus many other mural locations in the city (that are mapped in OpenStreetMap). A great way to explore Denmark’s second-largest city through public art.
Map of the 17 murals in Aarhus from the **17 Walls** project. Each mural is an interpretation of one of the 17 UN Sustainable Development Goals.
[[https://www.17walls.
Both DoorDash and UberEats are now including AI generated menu item descriptions. Probably something to be aware of if you have food allergies. 😐 #AI #UberEats #DoorDash #fuckAI
🥵'Fait vraiment chaud, hein ! 🥵 Vite ! L'appli carto #CoMaps à la rescousse ! Elle indique points d'eau💧, bibliothèques📖❄️ et parcs🌳 ! Appli sans pub, sans traçage, fluide et jolie ! Bonus : fonctionne hors-ligne🫨 : téléchargez les cartes chez vous sur votre ordiphone et hop, vous avez accès aux cartes sans internet à l'extérieur !
N'hésitez pas à donner au projet♥️, l'appli est en accès gratuit et repose à 100% sur les dons : comaps.app/donate/
For options see: european-alternatives.eu/categ…
![[UberEats]
2:37 1
P14 Phở Gà
$15.95
Chicken noodle soup with scallions, onions, and cilantro
for a warm, aromatic delight.
Description Generated by Al ©
16 93% (203)
Most popular
#1, Ordered by 30+ others
Chicken Soup/súp gà, Large/lớn
#2,0
Chick
Choice of Size
Choose 1
Small/nhỏ
Required
Add 1 to cart • $15.95](https://fedi.ml/photo/preview/640/681765 "[UberEats]
2:37 1
P14 Phở Gà
$15.95
Chicken noodle soup with scallions, onions, and cilantro
for a warm, aromatic delight.
Description Generated by Al ©
16 93% (203)
Most popular
#1, Ordered by 30+ others
Chicken Soup/súp gà, Large/lớn
#2,0
Chick
Choice of Size
Choose 1
Small/nhỏ
Required
Add 1 to cart • $15.95")
![[DoorDash]
Chips
Chips are thin slices or pieces of various materials,
often used in electronics for processing and storage.
Sauce Addition
Optional • Select up to 5
Tomato Sauce
+$1.00](https://fedi.ml/photo/preview/640/681767 "[DoorDash]
Chips
Chips are thin slices or pieces of various materials,
often used in electronics for processing and storage.
Sauce Addition
Optional • Select up to 5
Tomato Sauce
+$1.00")
Lord egeltje 🦔 🇪🇺
in reply to daniel:// stenberg:// • • •Howard Chu @ Symas
in reply to daniel:// stenberg:// • • •uh huh. I'm not spending the time to build those checkboxes and mapping tables for 3+ different TLS libraries. It's the admin's job to know their security requirements and how their chosen software meets those requirements. If they don't know them, they can keep the defaults.
In OpenLDAP we don't dictate which crypto library you use. We certainly aren't going to tell you which cipher suites to use, that's up to you.
daniel:// stenberg://
in reply to Howard Chu @ Symas • • •Kevin Lyda
in reply to daniel:// stenberg:// • • •@hyc I'm just amused to imagine an nginx configuration UI.
"And here in tab 7 of tab 38 of tab 10, scroll down and click these boxes. Now make the same settings in (long list). See, much easier than strings!"
Next up, a terraform UI!
mort
in reply to daniel:// stenberg:// • • •I wish I never had to think about cipher suites and could just rely on OpenSSL's defaults, but when an OpenSSL update happens and I can no longer connect to WiFi networks I need to connect to (but have no control over), I need to go around copy/pasting strings I find on StackOverlow into config files T_T
I wish security people didn't go around breaking people's systems all the time
Tom Bortels
in reply to daniel:// stenberg:// • • •Counterpoint:
Nobody is typing those strings in. They cut and paste, and the most often done modification is "remove this particular bit".
A string in a config is far superior to some sort of GUI for this, as some people will simply check or uncheck all the boxes. 99% of the time I've modified the cyphersuite I've been in a ssh session - please, no GUI.
The best alternative is a frequent patch cadence by the software provider, and maybe some ugly error messages ("you are using known-bad cipher XYZ - pausing 300 seconds" on startup) or even an abort if someone is trying to use known-bad ciphers. If people don't patch promptly, that's on them, the world needs people to serve as examples of what not to do...
The real issue here is obsolete blog posts and overly-trusting "admins" who treat the cyphersuite as voodoo - and checkboxes won't fix them.
Clemens
in reply to daniel:// stenberg:// • • •This is just crypto-policies (but others have already commented that).
It also claims Curve25519 is FIPS-approved, though, which it isn't. Ed25519 (the signature scheme) is, key exchange over curve25519 is not.