genuine question: why are the HTTPS page load numbers so much lower on Linux? is it really just people doing local development, or is there some other weird thing causing this? transparencyreport.google.com/https/overview

excited to see RFC 8738 actually being used! letsencrypt.org/2026/01/15/6...

things can actually maybe be good, it turns out

i have opinions about the ffmpeg security thing but i'm not going to post them, for my own sanity (but i am posting about not posting about it)

go… birds?

trying to come up with a silly toy cryptology problem for something

genuinely confused why people are so interested in this, but hey whatever

I did a talk at the UK GopherCon last month about what my team does, and I only let my laptop fall asleep twice! www.youtube.com/watch?v=oLtq...

Hi folks, it’s survey time! We’d love to learn more about how you use Go and what could be improved. Share your feedback via our annual developer survey at google.qualtrics.com/jfe/form/SV_.... It should take 10 - 20 minutes to complete, and will be open through September 30. Thank you! #golang

I recently passed my 5 year anniversary at Google on the Go team (thanks to them for reminding me), which also means it's been about 10 years since I first joined the Let's Encrypt team. It's been amazing to see the projects grow over those years, and I couldn't be prouder to have worked on them.

we lived

signs you’re having a real normal one

a true rarity

explaining post tour criteriums to non-cycling people makes you sound fully insane

😐

I don't think they post here, but excited to be talking about what the Go Security team does, and why (hopefully) you don't hear much about us, at GopherCon UK in August.

Here's something I am very excited about: Photosynthesis! 🌱☀️ A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs. This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.

what a successful go tree freeze day looks like

i wrote a post about a thing we did with go, it was cool and good go.dev/blog/tob-cry...

i swear to god amazon does this shit just so they can say they'll deliver stuff quickly and then they're just like ohhh no oopsie we scanned it as delivered two days early our bad

the democrats do not give a shit, they're just capitulating on everything

do you have games on your phone

I suspect "I'm gonna open source it on a Chinese server" is going to be a permanent addition to my lexicon

i choose to believe this is performance art github.com/openssl/open...

go birds

very cool to see the team continuing to push boulder to new heights, I don’t think any of us could’ve predicted it’d be responsible for issuing millions of certs a day in 2015 letsencrypt.org/2025/01/30/s...

getting faded off that NIST Reference Material 8210 shop.nist.gov/ccrz__Produc...

perhaps slightly jumping the gun here, but excited to see support for this finally getting rolled out github.com/letsencrypt/...

the number of xiaohongshu screenshots people are posting of comments they think are from people in china marked "美国" is extremely funny

nice

“people familiar with the matter” doing so much heavy lifting, china allowing a technology transfer here seems so incredibly implausible

where did i get this? i have zero memory of its origin

i've been thinking about writing a blog post about the Go Security team approach to (lack of) severity labeling for vulnerabilities, probably with an aside about the (non) utility of CVSS scores. would people actually find this useful/interesting, or would i just be posting into the security void

seems pretty cool tbh

uh huh

good stuff in here, please make sure we didn't completely break anything

i can’t believe they milkshake duck’d the tsunami

something i often here from people that is "missing" from go is enums, buts its often unclear why they think they are necessary. most of the time it boils down to wanting enforced exhaustive type switch cases ("match" in some other languages), but is that really it?

90% of election analysis boils down to "here is this position i personally dislike/like, it was the only reason this person lost/won, i am very smart"

i’m like 90% sure the reddit person is referring to lunch ninja, a program which sets up cross org lunches so you can talk to people you don’t generally work with. poses a lot of questions about their general understanding of normal human interactions 🫡

the three big things i worked on for go 1.24 from least cursed to most cursed: * a dit API & runtime mode (minorly cursed) * server-side ECH support for TLS (moderately cursed) * x509 policy validation (unbelievably cursed)

every six months i swear i won't put off major feature work until the last week of the go dev cycle and i have never learnt my lesson

damn if only we already had some kind of magical way to "nearly perfectly" add numbers of 100+ digits

what the last day before the go freeze looks like

amazing ux, a+ well done