Filippo Valsorda
RC F'13, F2'17
Cryptogopher / Go cryptography maintainer
Professional open source maintainer
https://filippo.io / github.com/FiloSottile
https://mkcert.dev / https://age-encryption.org
https://sunlight.dev / filippo.io/newsletter
- Reposted by Filippo Valsordain-band signaling is always a mistake and unix tooling is full of in-band signaling mas.to/@zekjur/11602239762…
- Just had the next Geomys CT log hw delivered, this one to be racked in an EU DC. This means my home office now has an Ampere Altra 64-core NAS with 96 TB HDD, a Dell PowerEdge R6515, a Milk-V Jupiter RISC-V 64-bit, redundant fiber, a Turris Omnia, a USB Armory, and an Enigma replica. And a MacBook.
- I just bought a whole new server for the Geomys transparency services (CT log, tlog witness with SLA, more soon) using “PayPal Check out” and for some reason it was extremely funny to me.
- I replaced eight different 5V, 12V, and 20V power supplies (for network gear, ext. hard drive, Milk-V board, air monitor) with two large USB-C ones (and various USB-C PD trigger cables). It might be the most satisfying thing I've done all year.
- Everybody asking for ML-DSA in Go:
- Direct ML-DSA signature/verification or also X.509 support? Deterministic or randomized signing? External Mu signing? External Mu verification? Hardware interfaces to sign with/without external Mu? Seed encoding only ok? Need the LAMPS hybrids?
- If you want to make ML-DSA adoption in Go faster, then email me specific answers on what you need, so I can collect enough information to make a decision. If you don't know what you need, then it might be too soon for the standard library!
- Installed the Fedora Remix from www.fedoravforce.org on my new Milk-V Jupiter (yes, I have a thing for weird computers), saw a message about skipped PGP checks, and... baseurl=http://openkoji.iscas.ac[.]cn/pub/... gpgcheck=0 No HTTPS either 💀😬 any network attacker can install whatever they want.
- Much ink has been spilled on spam security reports, but in 2026 I expect security teams will be overloaded by VALID security reports, as AI tools clear the backlog of findable issues. You can already see an uptick in Go cryptography security fixes. aisle.com/blog/aisle-d...
- Reposted by Filippo ValsordaATProto devs did you know you can use selfhosted.social for users to create brand new accounts on the atmosphere in your applications? Both deckbelcher.com and blento.app uses our PDS. A user's journey into the atmosphere does not always have to be started from Bluesky. It can start from your app.
- Because not using AI tools for what they excel at produces less secure code. For example, they are great at debugging (words.filippo.io/claude-debug...), they can find real issues in code review, they know more math than me, and they can write static analyzers I would have never had the time for.
- Here are three lines from my AGENTS.md that make agents a lot better with Go. Go has great CLI tools, but many people don't know about them, and so agents are not trained to reach for them. Maybe the Go project should maintain a Go development skill?
- Reposted by Filippo ValsordaBeen hoping someone makes something to host emulator game saves and maybe even sync them locally to emulators 🤞
- The concept of savegames on AT Proto just blew my mind.
- 2048.blue one of my favorite things hosted on wisp. purely static yet you can login and save scores because atproto. made by @baileytownsend.dev
- A wonderful twist on being an open source maintainer is when the person engaging poorly and violating the CoC is a security reporter with some valid observations. You now have conflicting responsibilities to users' security and to your and your community's safety.
- I added automatic Bluesky post embeds to words.filippo.io using constellation by @microcosm.blue to lookup the earliest backlink of the article from a post in my account. Almost too easy! (I just wish I could make the iframe's font smaller, and omit the picture, which is already in the article.)
- We are sunsetting the Tuscolo2025h2 CT log shard, and unfortunately its archive is larger than the (reasonable!) @archive.org item limit of 1100 GB. Instead, we made a .torrent file, and are seeding it with a custom memory-safe client. github.com/geomys/ct-ar... Suggestions (or seeding) welcome!
