Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version… »

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and… »

rustgo: calling Rust from Go with near-zero overhead

[русский] Go has good support for calling into assembly, and a lot of the fast cryptographic code in the stdlib is carefully optimized assembly, bringing speedups of over 20 times. However, writing assembly code is hard, reviewing it is possibly harder, and cryptography is unforgiving. Wouldn't it be nice if… »

Cleaning up my GOPATH with Homebrew

tl;dr: use the script at the bottom to go get into the Homebrew "Cellar" and keep your GOPATH clean. I personally like GOPATH and import paths, but while trying to reduce my laptop to a thin reproducible client, I felt the pain of keeping track of the… »

Reproducing Go binaries byte-by-byte

Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way (short of reverse engineering) of proving that… »