サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
ChatGPT
words.filippo.io
Geomys is an organization of professional open source maintainers, focused on a portfolio of critical Go projects. For example, we are two thirds of the Go standard library cryptography maintainers, we provide the FIPS 140-3 validation of the upstream Go Cryptographic Module, and we fund the maintenance of x/crypto/ssh and staticcheck amongst others. Our retainer clients engage us both to get acce
Hear me out. If you are an organization with some spare storage and bandwidth, or an engineer looking to justify an overprovisioned homelab, you should consider running a Certificate Transparency log. It’s cheaper, easier, and more important than you might think. Certificate Transparency (CT) is one of the technologies that underpin the security of the whole web. It keeps Certificate Authorities h
Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats (Go cryptography, transparency tooling, age, mkcert, yubikey-agent…), iterated on the model since September, and I’m happy to report that I am now a full-time independent open-source maintainer. That means I spend most of my time on maintena
I updated the whoami.filippo.io dataset over the holidays, so it should be pretty accurate at least for a little while. If you already know what I’m talking about, below are some tidbits about how I fetched the new dataset and how it’s stored. If you don’t, stop reading, and run this. I’ll wait. $ ssh whoami.filippo.io Here’s a picture of my grandmother’s cat, to avoid spoilers. What?! There are t
The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. (By the way, that’s going great, and I’m going to write more about it here soon!) I’m pretty happy with the work that’s landing in it. There are both exciting new APIs, and invisible deep backend impro
Some room-temperature takes on yesterday’s not-quite-RCE vulnerabilities in OpenSSL 3.0, and on what there is to learn about safe cryptography engineering. A recap Yesterday OpenSSL published version 3.0.7, which was pre-announced to contain a fix for a CRITICAL vulnerability, the first one since 2016 and since Heartbleed before that. The vulnerability was downgraded to HIGH. You can read why on t
12 Sep 2022 Planning Go 1.20 Cryptography Work As you might know, I left Google in spring to try and make the concept of a professional Open Source maintainer a thing. I'm staying on as a maintainer of the Go cryptography standard library, and I am going to seek funding from companies that rely on it, want to ensure its security and reliability, and would like to get a direct line to the maintaine
I work on the Go team at Google, but this is my personal opinion as someone who built a career on Open Source both at and outside big companies. Open Source software runs the Internet, and by extension the economy. This is an undisputed fact about reality in 2021. And yet, the role of Open Source maintainer has failed to mature from a hobby into a proper profession. The catastrophic consequences a
06 Sep 2017 Playing with kernel TLS in Linux 4.13 and Go Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version 1.2. Most modern TL
[русский] Go has good support for calling into assembly, and a lot of the fast cryptographic code in the stdlib is carefully optimized assembly, bringing speedups of over 20 times. However, writing assembly code is hard, reviewing it is possibly harder, and cryptography is unforgiving. Wouldn’t it be nice if we could write these hot functions in a higher level language? This post is the story of a
Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that’s of limited utility if there is no way (short of reverse engineering) of proving that the binary is in fact the result of compiling the intended sourc
09 Feb 2017 Finding Ticketbleed Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be affected by this vulnerability, you can find details and mitigation instr
After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it’s just not worth it, and I’m giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already wrote about that. It’s about the long term PGP key model—be it secured by Web of Trust, fingerprints or Trust on First Use—and how it faile
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool, and found nothing. I say weak because somewhere in the back of my brain, I already wanted to take a peek at the OpenBSD
17 Apr 2016 Shrink your Go binaries with this one weird trick Ok, I lied, there's no weird trick. However, you can easily reduce a Go binary size by more than 6 times with some flags and common tools. Note: I don't actually believe a 30MB static binary is a problem in this day and age, and I would not trade (build time | complexity | performance | debug-ability) for it, but people care about it ap
26 Aug 2015 Building Python modules with Go 1.5 tl;dr: with Go 1.5 you can build .so objects and import them as Python modules, running Go code (instead of C) directly from Python. Here's the code. The Go 1.5 release brings a number of nifty changes. The one we will be playing with today is the ability of the standard toolchain to build libraries (.so, .a) exporting a C ABI. (This is just one of a
04 Aug 2015 ssh whoami.filippo.io Here's a fun PoC I built thanks to Ben's dataset. I don't want to ruin the surprise, so just try this command. (It's harmless.) ssh whoami.filippo.io For the security crowd: don't worry, I don't have any OpenSSH 0day and even if I did I wouldn't burn them on my blog. Also, ssh is designed to log into untrusted servers. Update 2016-01-16: yeah, the roaming bug, I k
18 Mar 2014 My remote shell session setup It's 2014 and I feel entitled to a good experience connecting to a remote server, instead the default still feels like telnet. After searching for quite a long time, I finally built my dream setup. These were the requirements: I want a single window/tab/panel of the terminal I'm using to be dedicated to the remote shell (without any new window, etc.) I wan
このページを最初にブックマークしてみませんか?
『Filippo Valsorda』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
