サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
アメリカ大統領選
words.filippo.io
or, “Holy shit, it works!” Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats (Go cryptography, transparency tooling, age, mkcert, yubikey-agent…), iterated on the model since September, and I’m happy to report that I am now a full-time independent open-source maintainer. That means I spend
08 Jan 2023 ssh whoami.filippo.io I updated the whoami.filippo.io dataset over the holidays, so it should be pretty accurate at least for a little while. If you already know what I’m talking about, below are some tidbits about how I fetched the new dataset and how it’s stored. If you don’t, stop reading, and run this. I’ll wait. $ ssh whoami.filippo.io Here’s a picture of my grandmother's cat, to
04 Jan 2023 Go 1.20 Cryptography The first second release candidate of Go 1.20 is out![1] This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. (By the way, that’s going great, and I’m going to write more about it here soon!) I’m pretty happy with the work that’s landing in it. There are both exciting new API
02 Nov 2022 Why Did the OpenSSL Punycode Vulnerability Happen Some room-temperature takes on yesterday's not-quite-RCE vulnerabilities in OpenSSL 3.0, and on what there is to learn about safe cryptography engineering. A recap Yesterday OpenSSL published version 3.0.7, which was pre-announced to contain a fix for a CRITICAL vulnerability, the first one since 2016 and since Heartbleed before that. T
12 Sep 2022 Planning Go 1.20 Cryptography Work As you might know, I left Google in spring to try and make the concept of a professional Open Source maintainer a thing. I'm staying on as a maintainer of the Go cryptography standard library, and I am going to seek funding from companies that rely on it, want to ensure its security and reliability, and would like to get a direct line to the maintaine
07 Jan 2019 mkcert: valid HTTPS certificates for localhost (or for any other name) The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happening over HTTP because no one can get an unive
06 Sep 2017 Playing with kernel TLS in Linux 4.13 and Go Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version 1.2. Most modern TL
15 Aug 2017 rustgo: calling Rust from Go with near-zero overhead [русский] Go has good support for calling into assembly, and a lot of the fast cryptographic code in the stdlib is carefully optimized assembly, bringing speedups of over 20 times. However, writing assembly code is hard, reviewing it is possibly harder, and cryptography is unforgiving. Wouldn't it be nice if we could write these hot
23 Apr 2017 Reproducing Go binaries byte-by-byte Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way (short of reverse engineering) of proving that the binary is i
09 Feb 2017 Finding Ticketbleed Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be affected by this vulnerability, you can find details and mitigation instr
06 Dec 2016 I'm giving up on PGP After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It's about the long term PGP key model—be it secured by Web of Trust, fingerprints or Tr
31 Aug 2016 So I lost my OpenBSD FDE password The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool, and found nothing. I say weak because somewhere in the back of my brain, I
17 Apr 2016 Shrink your Go binaries with this one weird trick Ok, I lied, there's no weird trick. However, you can easily reduce a Go binary size by more than 6 times with some flags and common tools. Note: I don't actually believe a 30MB static binary is a problem in this day and age, and I would not trade (build time | complexity | performance | debug-ability) for it, but people care about it ap
26 Aug 2015 Building Python modules with Go 1.5 tl;dr: with Go 1.5 you can build .so objects and import them as Python modules, running Go code (instead of C) directly from Python. Here's the code. The Go 1.5 release brings a number of nifty changes. The one we will be playing with today is the ability of the standard toolchain to build libraries (.so, .a) exporting a C ABI. (This is just one of a
04 Aug 2015 ssh whoami.filippo.io Here's a fun PoC I built thanks to Ben's dataset. I don't want to ruin the surprise, so just try this command. (It's harmless.) ssh whoami.filippo.io For the security crowd: don't worry, I don't have any OpenSSH 0day and even if I did I wouldn't burn them on my blog. Also, ssh is designed to log into untrusted servers. Update 2016-01-16: yeah, the roaming bug, I k
18 Mar 2014 My remote shell session setup It's 2014 and I feel entitled to a good experience connecting to a remote server, instead the default still feels like telnet. After searching for quite a long time, I finally built my dream setup. These were the requirements: I want a single window/tab/panel of the terminal I'm using to be dedicated to the remote shell (without any new window, etc.) I wan
このページを最初にブックマークしてみませんか?
『Filippo Valsorda』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
