20 random bookmarks

2026-02-25

51.

Finding the Bottom Turtle · blog.dave.tf

blog.dave.tf/post/finding-bottom-turtle

Some reflections on trusting trust, and how deep the rabbit hole goes.

2026-01-09

50.

Decorative Cryptography

www.dlp.rip/decorative-cryptography

Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers.
It all sounds really great. We should care about interposer adversaries. It’s great to use the TPM features that were invented to help us with these problems.

2025-07-07

46.

Rewriting Kafka in Rust Async: Insights and Lessons Learned in Rust | Rex Wang

wangjunfei.com/2025/06/18/Rewriting-Kafka-in-Rust-Async-Insights-and-Lessons-Learned#Summary

Achieving high-performance asynchronous Rust projects transcends mere usage of the async/await syntax; it fundamentally relies on a deep understanding of the underlying task scheduling, lock optimization, and architecture design principles.

2025-03-10

39.

The power of interning: making a time series database 2000x smaller in Rust | Blog | Guillaume Endignoux

gendignoux.com/blog/2025/03/03/rust-interning-2000x.html

In this deep dive post, I’ll explain how I used the interning design pattern in Rust to compress this data set by a factor of two thousand! We’ll investigate how to best structure the interner itself, how to tune our data schema to work well with it, and likewise how serialization can best leverage interning.

2025-01-22

36.

Packer: How to Build NixOS 24 Snapshot on Hetzner Cloud - Developer Friendly Blog

developer-friendly.blog/blog/2025/01/20/packer-how-to-build-nixos-24-snapshot-on-hetzner-cloud

Step-by-step guide to building a NixOS 24 snapshot on Hetzner Cloud using Packer, with complete configuration files and OpenTofu deployment examples.

2024-12-05

34.

Optimization adventures: making a parallel Rust workload 10x faster with (or without) Rayon | Blog | Guillaume Endignoux

gendignoux.com/blog/2024/11/18/rust-rayon-optimized.html

In a previous post, I’ve shown how to use the rayon framework in Rust to automatically parallelize a loop computation across multiple CPU cores.
In this post, I’ll first explain which profiling tools I used to chase optimizations, before diving into how I built a faster replacement of Rayon for my use case. In the next post, I’ll describe the other optimizations that made my code much faster. Spoiler alert: copying some data sped up my code!

2024-11-22

32.

Protecting Signal Keys on Desktop

cryptographycaffe.sandboxaq.com/posts/protecting-signal-desktop-keys

This blogpost describes our investigation and proof of concept to enhance the security of Signal Messenger key management on desktop.

2024-11-13

29.

What I Wish Someone Told Me About Postgres

challahscript.com/what_i_wish_someone_told_me_about_postgres

I want to try to catalog the bits that I wish someone had just told me before working with a Postgres database. Hopefully, this makes things easier for the next person going on a journey similar to mine.

2024-11-07

28.

Model Predictive Control in the browser with WebAssembly | garethx

garethx.com/posts/cart-pole-mpc

Commentary on software, robotics, and computer vision.

2024-10-18

27.

Optimizing Mandelbrot Generation with SIMD

bumbershootsoft.wordpress.com/2024/01/27/optimizing-mandelbrot-generation-with-simd

2024-09-25

25.

Web Browser Engineering

browser.engineering

Web browsers are ubiquitous, but how do they work? This book explains, building a basic but complete web browser, from networking to JavaScript, in a couple thousand lines of Python.

2024-09-10

22.

Notes on Distributed Systems for Young Bloods – Something Similar

www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods

Below is a list of some lessons I’ve learned as a distributed systems engineer that are worth being told to a new engineer. Some are subtle, and some are surprising, but none are controversial. This list is for the new distributed systems engineer to guide their thinking about the field they are taking on. It’s not comprehensive, but it’s a good beginning.

2024-09-07

18.

About

www.braggoscope.com/about

Explore the In Our Time archive.

17.

Elixir Dev Environment With Nix Flakes

www.mathiaspolligkeit.com/elixir-dev-environment-with-nix-flakes

In a previous article, I described how to set use Nix and Niv to configure an Elixir dev environment. This setup can be simplified by using Nix flakes instead of Niv.

2024-09-04

16.

the spatula

www.thespatula.io/rust/rust_io_uring_echo_server

In this article we build off what we’ve already learned about io_uring and extend that to build an async echo server.

2024-08-19

13.

JTAG Hacking with a Raspberry Pi - Introducing the PiFex

voidstarsec.com/blog/jtag-pifex

JTAG for Reverse Engineers

2024-07-31

11.

Compiler Options Hardening Guide for C and C++

best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

10.

Build your own SQS or Kafka with Postgres

blog.sequinstream.com/build-your-own-sqs-or-kafka-with-postgres

We're Sequin, an open source message stream built on Postgres. We think Sequin's cool, but you don't need to adopt the project to get started with streaming in Postgres. In fact, you can turn Postgres into a basic queue/stream pretty easily. Below, we share what we've learned so you

2024-07-28

8.

Windows Security best practices for integrating and managing security tools | Microsoft Security Blog

www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools

We examine the recent CrowdStrike outage and provide a technical overview of the root cause.

2024-06-20

2.

Even JSONB in Postgres needs schemas

nexteam.co.uk/posette_even_jsonb_in_postgres_needs_schemas.pdf

Talk from POSETTE conference