filippo.abyssdomain.expert - Profile | ThreadSky | a Reddit-style client for Bluesky

filippo.abyssdomain.expert

RC F'13, F2'17 Cryptogopher / Go cryptography maintainer Professional open source maintainer https://filippo.io / https://github.com/FiloSottile https://mkcert.dev / https://age-encryption.org https://sunlight.dev / https://filippo.io/newsletter

1,523 posts 21,345 followers 484 following

Posts 9 Comments 41

I'm glad somebody out there is brave enough to push back against the "personal ChatGPT usage is terrible for the environment" message andymasley.substack.com/p/a-cheat-sh...

submitted 1 day ago • 16 comments

Strong @ahoy.eu FOMO. I'll compensate by setting up tangled.sh and deer.social.

submitted 6 days ago • 2 comments

Rebased an old community contribution from 2021 that adds Armv8.2 SHA-3 instruction support. (Debugged by another community member!) -50% on crypto/sha3 and -13% on crypto/mlkem on Apple M2! But apparently it's slower than pure Go on AWS Graviton 3!? https://go.dev/cl/667675

submitted 6 days ago • 2 comments

I am writing an application that really cares about durability of created files (a Certificate Transparency log), and... oof. I fsync the file. I fsync the directory. Ok. But... how do I test it? Even targeting a specific filesystem, I have to make VMs and try to race killing them?

submitted 8 days ago • 12 comments

Ok, this is neat. Any account can publish verification records, and the Bluesky Trusted Verifiers are just the ones preloaded in the official client. Similarly to how moderation works with labelers.

submitted 8 days ago • 4 comments

Oof. Reportedly, if you got a certificate from SSL.com by putting "example[@]gmail.com" at _validation-contactemail.example.com, they would add gmail.com (!!!) to your verified domains. A good reminder to use the CAA record, and to sign up for CT monitoring (e.g. Cert Spotter). https://bugzilla.mo

submitted 11 days ago • 3 comments

Why is the latest version of uBlock Origin Lite asking permission to access all websites now? I love uBO Lite precisely because it doesn't make me trust an extension developer with all my browser security... (Let's not re-debate MV3 unnecessarily please. Will block.)

submitted 12 days ago • 3 comments

I'm looking into github.com/gorilla/csrf to figure out if we could bring CSRF protection to the standard library. I am 90% sure the secret key is useless: it signs a random token with no metadata, and the attacker can just get and reuse a valid signed token. Am I missing something?

submitted 13 days ago • 7 comments

"I wish CISA would stop assigning out-of-context CVSS scores to our CVEs." * monkey paw curls * https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html

submitted 14 days ago • 1 comment