Filippo Valsorda@filippo@abyssdomain.expert
Just refreshed the whoami.filippo.io database.
If you are one of the โlucky 10,000โ whoโs never heard of it, try
$ ssh whoami.filippo.io
Filippo Valsorda@filippo@abyssdomain.expert
Filippo Valsorda@filippo@abyssdomain.expert
Filippo Valsorda@filippo@abyssdomain.expert
I edited my Cross-Site Request Forgery countermeasures research into a stand-alone article, including recommendations reusable by other projects.
tl;dr: no need for tokens or keys, modern browsers tell you if a request is cross-origin!
https://words.filippo.io/csrf?source=Mastodon
Filippo Valsorda@filippo@abyssdomain.expert
Iโm on my way to GopherCon UK!
If you want to chat about Go and security, catch me and @roland@abyssdomain.expert there, exceptionally in the same physical space!
Filippo Valsorda@filippo@abyssdomain.expert
The Go 1.25 change I am most excited about is the new synctest package.
How I think about it is as a way to deflake tests by simulating an infinitely fast processor (because time doesnโt move until all work is done), and then shorten them by compressing time (because time jumps once it moves).
https://hachyderm.io/@golang/115018033878867846
Filippo Valsorda@filippo@abyssdomain.expert
Wish I had the time to get involved in the new code hosts. So many opportunities GitHub consistently missed.
e.g. a tlog of (optionally signed) git pushes, to use as offline-verifiable proof of provenance for any tag or commit. Unlike commit signing, no key management or client config. Instant win.
Filippo Valsorda@filippo@abyssdomain.expert
FYI, I will be taking the second half of July off work ๐
๏ธ and maaaaybe / hopefully also off social media. I do need the break ๐ฎโ๐จ
(If we work together and you need a response / need me to do something before the holidays, let me know ASAP or I might forget!)
Filippo Valsorda@filippo@abyssdomain.expert
In 2022, I left Google in search of a sustainable approach to open source maintenance. A year later, I was a full-time independent professional open source maintainer.
Today Iโm announcing the natural progression of that experiment: Geomys, a small firm of professional maintainers with a portfolio of critical Go projects.
Nicola Murino, the maintainer of x/crypto/ssh, and @dominik@mastodon.honnef.co, the maintainer of Staticcheck and Gotraceui, are Geomysโ first Associate Maintainers โจ
https://words.filippo.io/dispatches/geomys/?source=Mastodon