Filippo Valsorda @filippo.abyssdomain.expert

Bluesky registrations are now open! I have been posting primarily there for months now. It has an early Twitter vibe, a hacking friendly protocol, and cool custom feed algorithms. Join me there! → @/filippo.abyssdomain.expert 🦋 bsky.app/profile/filipp… bsky.social/about/blog/02-…

@davidjustodavid @tef_ebooks Yeah, large companies by and large can't sign up a vendor without an agreement through a Microsoft-operated platform that only takes credit cards and sends no invoices.

@FiloSottile @tef_ebooks Trying to understand the GitHub sponsors part of this response. Are you saying GitHub sponsors is not an appropriate way for companies to sponsor OSS maintainers? Genuinely curious of what you meant :-)

"the software is provided as-is, without warranty of any kind"

@tef_ebooks Are you sure corporations don't want to pay for support? My experience is that they are desperate to find a professional counterpart that will sell them support, take their money, and take the job seriously. Most maintainers post GitHub Sponsors links though.

either way, i'm still not exactly sure how "not being a hobby" meaningfully mitigates attacks built on abuse of trust i'm sure we could turn every side project into a side hustle, give or take crowd funding, but it's not like corporations want to pay for support, so

@GergelyOrosz @patio11 Sure, that's for the judge's consideration, but “this is illegal but not as bad as Madoff's” feels like a reasonable thing for the defense to argue. Like Patrick said, “zealous defense of one’s client”.

@FiloSottile @patio11 Whatever the decision: either it will encourage similar activities (if it's a light sentence - sending the message this is fine) or discourages such activities (if a harsh sentence). Down to the justice system how it deals with it.

SBF sentencing memo is a good example of what “zealous defense of one’s client” means. s.wsj.net/public/resourc…

@GergelyOrosz @patio11 This is a sentencing memorandum. The argument is not that it's legal (the verdict already said it's not!) but about how bad it is. Without expressing an opinion on the specifics, I do think it's reasonable to say that creating a whole single-purpose fraud enterprise is worse.

@patio11 Did the defense tean really write this? Since when is using customer funds to fund another entity - while telling customers you are not doing this! - and eg use it for your personal gain (eg buy property for you/family), lawful? If this reasoning files, expect more of this.

@julianor Fair enough, it's hard to gauge tone on Twitter and I was probably a little too jumpy because I was in the middle of yet-another-mailing-list-fight 🤗

@FiloSottile 🤷‍♂️ Honestly, I have great respect for your work 💯. My initial comment, beginning with 'spoiler' (📽️🎞️) was more about stirring the pot, a blend of fiction reference and provocation to spark dialogue, not a hard stance on the matter. I assumed using the word 'senile' was enough

🎻 Spoiler: new post-quantum (🤌) code is packed with bugs that turn your private conversations into an open book for memory corruption exploit artists. 🪄But fear not, you're protected against adversaries wielding imaginary computers.

@julianor I'm not sure how to answer that... am I supposed to try to get more Twitter likes? Anyway, are you saying the next exploit chain will involve vulnerabilities in the PQC code, or simply that there will be one? Because the latter, I mean, sure?

@FiloSottile I'm intrigued by the number of FAVs my tweet got from infosec veterans. It raises the question: are we simply senile, or 'The old wolf knows more because he is old than because he is a wolf' ?

@julianor The PQC algorithm implementation is. The changes announced today do far more than integrate PQC, iMessage was far behind on protocol crypto, but then the benefit is not just defending "against adversaries wielding imaginary computers".

@FiloSottile all the new code is shorter than the blog post?

@defendtheworld @julianor news.ycombinator.com/item?id=379902…

@FiloSottile @julianor I don’t agree with all of djbs views. However taken holistically — what made djb this way — it’s because NIST has a long history of poor choices. Can you link the rebuttal to djbs weakness claims

@defendtheworld @julianor That analysis was contradicted on pqc-forum, but never retracted, and I know precisely zero cryptographers who take those allegations seriously.

@julianor Djb had quite the post about this. blog.cr.yp.to/20231003-count…

We believe everyone deserves a chance to be a part of the #GopherCon magic!🪄 If you're passionate about Go and would like to join us in July, but don't have the financial means to do so, consider our scholarship program. ⏰The submission deadline is Monday, February 5th, at 11:00 p.m. Central Standard Time, so don't delay and apply today! forms.gle/oKtkMXUJoJLiTc… #RoadToGopherCon #golang

@goinggodotnet That's because you have "go 1.21" in your go.mod, so the toolchain will do its best to behave like Go 1.21 did. #L3" target="_blank" rel="nofollow noopener">github.com/ardanlabs/serv… The new backwards/forwards compatibility features take a moment to get familiar with, but are pretty nice.

Spent time looking at the http mux changes and incorporating them into the service project for 1.22rc2. One thing I had to discover is needing to set this env var for the code path to follow the 122 changes. GODEBUG=httpmuxgo121=0 github.com/ardanlabs/serv…

We're commissioning ~€600,000 in work on critical structural improvements, security, maintenance, and documentation from @ApacheLog4j maintainers. Announcement: sovereigntechfund.de/news/log4j-inv… Milestones: #what-are-we-funding" target="_blank" rel="nofollow noopener">sovereigntechfund.de/tech/log4j#wha…

🎉 New episode of Go Time! 🗣 What's new in Go's crypto libs: Part 2 ✨ with Nicola Murino, @FiloSottile 💫 and @rolandshoemaker ⚡️ hosted by @nataliepis 🏷 #golang #infosec 💚 gotime.fm/298

Inlining after devirtualization is merged! #golang github.com/golang/go/issu… CC: @FiloSottile 😂

Special thanks to Filippo Valsorda for yesterday afternoon's talk on 'The job of a #GoLang maintainer.' We delved into what it means to become an independent professional open-source maintainer. @FiloSottile #GoLab2023 #MaintainerLife

As an open-core company, it’s vital that we support other open-source projects and maintainers. We're proud to sponsor @FiloSottile & we appreciate all he’s done to advance the state of security in Go, TLS and SSH. 📰~ Subscribe to Cryptography Dispatches words.filippo.io

💚 New episode of Go Time! 💬 What's new in Go's cryptography libraries 🌟 with @FiloSottile & @rolandshoemaker 🎙 hosted by @nataliepis 🗄️ #golang #infosec #notcrypto 🎧 gotime.fm/295

At @avalabsofficial, we believe the sustainable maintenance and development of open source cryptographic protocols is critical to the broad adoption of blockchain technology. We are proud to support this necessary and impactful work through our ongoing sponsorship of @FiloSottile and his team. words.filippo.io/dispatches/par…