Posts by Filippo Valsorda

So you want to expose Go on the Internet

Published on by Filippo Valsorda.

This piece was originally written for the Gopher Academy advent series. We are grateful to them for allowing us to republish it here. Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That's not

Dyn issues affecting joint customers

Published on by Filippo Valsorda.

Today there is an ongoing, large scale Denial-of-Service attack directed against Dyn DNS. While Cloudflare services are operating normally, if you are using both Cloudflare and Dyn services, your website may be affected. Specifically, if you are using CNAME records which point to a zone hosted on Dyn, our DNS

TLS nonce-nse

Published on by Filippo Valsorda.

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you