Yearly Archives: 2016

Automatically Evaluating Compressibility

Fiddler’s Transformer tab has long been a simple way to examine the use of HTTP compression of web assets, especially as new compression engines (like Zopfli) and compression formats (like Brotli) arose. However, the one-Session-at-a-time design of the Transformer tab means it is cumbersome to use to evaluate the compressibility of an entire page orContinue reading “Automatically Evaluating Compressibility”

SHA-1 Certificates Blocked By Authenticode

Twitter started to light up a bit tonight with folks who are having problems with signatures; both third-party ISVs: … and even Microsoft’s own SysInternals utilities show1 an error: Developers are surprised to see their workflow suddenly broken and wonder why. The problem is outlined here – the tl;dr is that you must use a SHA256-signedContinue reading “SHA-1 Certificates Blocked By Authenticode”

Authenticode in 2016

Last month, I noticed that my eToken USB code-signing key only supports SHA1 and not SHA256. I began hunting for a replacement that can sign using the stronger hash. Fortunately, I didn’t have to look far—the Yubico YubiKey 4 is $40 and supports SHA256, RSA 4096, and ECC p384. Beyond supporting stronger algorithms, it seems toContinue reading “Authenticode in 2016”

Getting Started with Profile Guided Optimization

For the convenience of the Windows developer community, I periodically compile the Zopfli and Brotli compressors from source, building for Win32 and code-signing the binaries (Interested? Get Zopfli.exe and Brotli.exe). After announcing the latest build on Twitter, I got an interesting question in reply: While I try to use the latest compiler (VS2015 U1), I’veContinue reading “Getting Started with Profile Guided Optimization”