Brutkey

Filippo Valsorda
@filippo@abyssdomain.expert

@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17โ€ฉ

https://mkcert.dev / https://age-encryption.org / https://filippo.io/newsletter

๐Ÿ•ณ๐Ÿ•ณ๏ธ โ€œGaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.โ€ โ€”@nickm@abyssdomain.expert


Notes
748
Following
0
Followers
0
Location
Rome ๐Ÿ‡ฎ๐Ÿ‡น๐Ÿ‡ฎ๐Ÿ‡น
Pronouns
he/him
Website
https://filippo.io
Twitter
https://twitter.com/FiloSottile
Filippo Valsorda
@filippo@abyssdomain.expert

In 2022, I left Google in search of a sustainable approach to open source maintenance. A year later, I was a full-time independent professional open source maintainer.

Today Iโ€™m announcing the natural progression of that experiment: Geomys, a small firm of professional maintainers with a portfolio of critical Go projects.

Nicola Murino, the maintainer of x/crypto/ssh, and @dominik@mastodon.honnef.co, the maintainer of Staticcheck and Gotraceui, are Geomysโ€™ first Associate Maintainers โœจโœจ

https://words.filippo.io/dispatches/geomys/?source=Mastodon

Filippo Valsorda
@filippo@abyssdomain.expert

Just refreshed the whoami.filippo.io database.

If you are one of the โ€œlucky 10,000โ€ whoโ€™s never heard of it, try

$ ssh whoami.filippo.io

Filippo Valsorda
@filippo@abyssdomain.expert

I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.

tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!

https://words.filippo.io/csrf?source=Mastodon

Filippo Valsorda
@filippo@abyssdomain.expert

Iโ€™m on my way to GopherCon UK!

If you want to chat about Go and security, catch me and @roland@abyssdomain.expert there, exceptionally in the same physical space!

Filippo Valsorda
@filippo@abyssdomain.expert

The Go 1.25 change I am most excited about is the new synctest package.

How I think about it is as a way to deflake tests by simulating an infinitely fast processor (because time doesnโ€™t move until all work is done), and then shorten them by compressing time (because time jumps once it moves).

https://hachyderm.io/@golang/115018033878867846

Filippo Valsorda
@filippo@abyssdomain.expert

Wish I had the time to get involved in the new code hosts. So many opportunities GitHub consistently missed.

e.g. a tlog of (optionally signed) git pushes, to use as offline-verifiable proof of provenance for any tag or commit. Unlike commit signing, no key management or client config. Instant win.

Filippo Valsorda
@filippo@abyssdomain.expert

FYI, I will be taking the second half of July off work ๐Ÿ๐Ÿ๏ธ and maaaaybe / hopefully also off social media. I do need the break ๐Ÿ˜ฎโ€๐Ÿ’จ๐Ÿ˜ฎโ€๐Ÿ’จ

(If we work together and you need a response / need me to do something before the holidays, let me know ASAP or I might forget!)

Filippo Valsorda
@filippo@abyssdomain.expert

In 2022, I left Google in search of a sustainable approach to open source maintenance. A year later, I was a full-time independent professional open source maintainer.

Today Iโ€™m announcing the natural progression of that experiment: Geomys, a small firm of professional maintainers with a portfolio of critical Go projects.

Nicola Murino, the maintainer of x/crypto/ssh, and @dominik@mastodon.honnef.co, the maintainer of Staticcheck and Gotraceui, are Geomysโ€™ first Associate Maintainers โœจโœจ

https://words.filippo.io/dispatches/geomys/?source=Mastodon