Reproducing Go binaries byte-by-byte

Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way (short of reverse engineering) of proving that… »

Setting a custom FileVault (macOS FDE) passphrase

FileVault 2 is the full-disk encryption system of macOS. Normally, it's turned on from System Preferences, and locks the disk with the passwords of all the users allowed to unlock the machine. Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very hard to… »

Finding Ticketbleed

Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be affected… »

Go Time #32 - Hellogopher, whosthere?

I joined Erik St. Martin, Carlisia Pinto and Brian Ketelsen for episode #32 of the Go Time podcast to chat about Hellogopher, whosthere (, $GOPATH, TLS 1.3, Cloudflare's secret reverse proxy, and more. Go Time #32 — Hellogopher, whosthere? with Filippo Valsorda hellogopher — "just clone and make" The… »

TLS 1.3 at 33c3

Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. Here's the Fahrplan entry. We spoke about the flow of TLS 1.2 vs. TLS 1.3, how it manages to save a round trip, resumption and 0-RTT, forward secrecy and replays,… »

How to protect yourself from the WebEx extension

On Monday, Tavis Ormandy of Project Zero revealed that the Cisco WebEx Chrome extension (20M users) has a critical vulnerability. OMFG🔥 The WebEx Chrome extension has a trivial code execution vulnerability: any website could just install malware on your machine silently— Filippo Valsorda (@FiloSottile) 23… »

So you want to expose Go on the Internet

I was asked to contribute a post to the excellent Gopher Academy advent series. I took the occasion to write down what I learned deploying a Go service on the Cloudflare edge. The result is a catalogue of what you need to know before you drop NGINX from in front… »

I'm giving up on PGP

After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already… »

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog (archive)… »

An overview of TLS 1.3

I presented TLS 1.3 to the CloudFlare London office. Why it's faster, how it works, why it's safer, what's clever about it. The talk is recorded and comes with colored diagrams. There's a transcript on the CloudFlare blog. Update: you might want to watch my 33c3 talk on the… »

So I lost my OpenBSD FDE password

The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool,… »

The complete guide to Go net/http timeouts

I got an occasion to do a deep dive into net/http recently, and wrote a post about all the different timeouts you can set on the client and server side. How they work, how they interact and how to use them. The complete guide to Go net/http timeouts… »

Securing a travel iPhone

These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and… »

Analyzing Go Vendoring with BigQuery

GitHub published a snapshot of all the public open-source repositories to BigQuery and Francesc used it to draw some cool statistics about Go projects. I used the same dataset to analyze how the Go ecosystem does vendoring. Disclosure: there's some ego stroking here, as I'm the author of gvt. (Try… »

git fixup: --amend for older commits

Everyone knows and loves to use git commit --amend to change the latest commit. But what if you want to correct a older commit? The flow in that case involves an interactive rebase with a edit step. But that's kludgy. Here's an alias that using a couple of nifty git… »

Stale GOROOT and gorebuild

GOROOT is the path where the Go stdlib and tools reside. To make setting up Go easier, the (default) GOROOT is hardcoded in the go binary. Normally it's /usr/local/go, but if you build Go yourself it'll be whatever path you built it in. If you install Go with… »

Untrusting an intermediate CA on OS X

Intermediate CAs are certificates signed by a root CA that can sign arbitrary certificates for any websites. They are just as powerful as root CAs, but there's no full list of the ones your system trusts, because root CAs can make new ones at will, and your system will trust… »

Self-host analytics for better privacy and accuracy

Something that always annoyed me of the current state of technology is how easy and pervasive we let tracking become. Tens of connections to 3rd parties carrying Referer and Cookies just to load an article. (We give up our users to social media websites just to show a like button… »

vendorcheck: the simplest Go static analysis tool is a small tool that will make sure all your Go dependencies are properly vendored. It's so simple that it serves well as a static analysis tool skeleton, so I wrote a code-along that explains how to load and play with Go packages: Building the simplest… »

"LuckyMinus20": Yet Another Padding Oracle in OpenSSL CBC Cipher Suites

Early this week, a new OpenSSL error code padding oracle dropped. Padding oracles are one of the most fun crypto vulnerabilities, so I gave this one the full treatment: a ten lines PoC and CLI test, obviously based on a patched Go crypto/tls an… »