Announcing Geomys, a small firm of professional maintainers with a portfolio of critical Go projects.| words.filippo.io
Cryptogopher. @recursecenter alum. RC F'13, F2'17. - FiloSottile| GitHub
In late March 2024, the open source community discovered a backdoor in XZ Utils, a suite of tools that use the xz compression algorithm. The xz backdoor was embedded inside liblzma, and took effect when liblzma was used in OpenSSH, a common remote-login tool. You can read about this extensively in many places elsewhere. Since then, many people leveraged the xz backdoor to highlight their favorite systemic issue in open source.| dadrian.io
Go 1.20 was a big release. Go 1.21 has some exciting API work on crypto/tls, and some follow-up work including crypto/rsa performance.| Filippo Valsorda
Protocols that use randomness should make it a deterministic function that takes a fixed-size string of random bytes, so it can be tested.| Filippo Valsorda