Reproducing Go binaries byte-by-byte

Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way (short of reverse engineering) of proving that… »

Setting a custom FileVault (macOS FDE) passphrase

FileVault 2 is the full-disk encryption system of macOS. Normally, it's turned on from System Preferences, and locks the disk with the passwords of all the users allowed to unlock the machine. Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very hard to… »

Finding Ticketbleed

Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be affected… »

Go Time #32 - Hellogopher, whosthere?

I joined Erik St. Martin, Carlisia Pinto and Brian Ketelsen for episode #32 of the Go Time podcast to chat about Hellogopher, whosthere (, $GOPATH, TLS 1.3, Cloudflare's secret reverse proxy, and more. Go Time #32 — Hellogopher, whosthere? with Filippo Valsorda hellogopher — "just clone and make&… »

TLS 1.3 at 33c3

Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. Here's the Fahrplan entry. We spoke about the flow of TLS 1.2 vs. TLS 1.3, how it manages to save a round trip, resumption and 0-RTT, forward secrecy and replays,… »