20 random bookmarks

2026-02-25

51.

Finding the Bottom Turtle · blog.dave.tf

blog.dave.tf/post/finding-bottom-turtle

Some reflections on trusting trust, and how deep the rabbit hole goes.

2026-01-09

50.

Decorative Cryptography

www.dlp.rip/decorative-cryptography

Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers.
It all sounds really great. We should care about interposer adversaries. It’s great to use the TPM features that were invented to help us with these problems.

2025-12-17

49.

A security model for systemd

lwn.net/Articles/1042888

Poettering said that he does have a vision for how all of the security-related pieces of systemd are meant to fit together. He wanted to use his talk to explain ""how the individual security-related parts of systemd actually fit together and why they exist in the first place"".

2025-11-18

48.

Patterns for Defensive Programming in Rust | corrode Rust Consulting

corrode.dev/blog/defensive-programming

[...] hard-learned patterns to write more defensive Rust code, learned throughout years of shipping Rust code to production. I’m not talking about design patterns here, but rather small idioms, which are rarely documented, but make a big difference in the overall code quality.

2025-07-07

46.

Rewriting Kafka in Rust Async: Insights and Lessons Learned in Rust | Rex Wang

wangjunfei.com/2025/06/18/Rewriting-Kafka-in-Rust-Async-Insights-and-Lessons-Learned#Summary

Achieving high-performance asynchronous Rust projects transcends mere usage of the async/await syntax; it fundamentally relies on a deep understanding of the underlying task scheduling, lock optimization, and architecture design principles.

2025-04-28

41.

Nick Appleton’s blog and stuff - Building a digital filter for use in synthesisers

www.appletonaudio.com/blog/2022/building-a-digital-filter-for-use-in-synthesisers

This is a tutorial on how to build a digital implementation of a 2nd-order, continuously-variable filter (i.e. one where you can change the parameters runtime) that has dynamic behaviour that mimics an analogue filter.

2025-01-22

35.

Building a tiny Linux from scratch

blinry.org/tiny-linux

Last week, I built a tiny Linux system from scratch, and booted it on my laptop!

2024-11-22

32.

Protecting Signal Keys on Desktop

cryptographycaffe.sandboxaq.com/posts/protecting-signal-desktop-keys

This blogpost describes our investigation and proof of concept to enhance the security of Signal Messenger key management on desktop.

2024-11-20

31.

Why I love Rust for tokenising and parsing

xnacly.me/posts/2024/rust-pldev

Macros, iterators, patterns, error handling and match make Rust almost perfect

2024-11-19

30.

Using Nix to Fuzz Test a PDF Parser (Part One)

mtlynch.io/nix-fuzz-testing-1

Fuzz testing is a technique for automatically uncovering bugs in software. The problem is that it’s a pain to set up. Read any fuzz testing tutorial, and the first task is an hour of building tools from source and chasing down dependencies upon dependencies.
I recently found that Nix eliminates a lot of the gruntwork from fuzz testing. I created a Nix configuration that kicks off a fuzz testing workflow with a single command.

2024-11-07

28.

Model Predictive Control in the browser with WebAssembly | garethx

garethx.com/posts/cart-pole-mpc

Commentary on software, robotics, and computer vision.

2024-09-25

25.

Web Browser Engineering

browser.engineering

Web browsers are ubiquitous, but how do they work? This book explains, building a basic but complete web browser, from networking to JavaScript, in a couple thousand lines of Python.

2024-09-10

22.

Notes on Distributed Systems for Young Bloods – Something Similar

www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods

Below is a list of some lessons I’ve learned as a distributed systems engineer that are worth being told to a new engineer. Some are subtle, and some are surprising, but none are controversial. This list is for the new distributed systems engineer to guide their thinking about the field they are taking on. It’s not comprehensive, but it’s a good beginning.

2024-09-07

18.

About

www.braggoscope.com/about

Explore the In Our Time archive.

2024-09-04

16.

the spatula

www.thespatula.io/rust/rust_io_uring_echo_server

In this article we build off what we’ve already learned about io_uring and extend that to build an async echo server.

2024-07-31

12.

Revealing the Inner Structure of AWS Session Tokens

medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7

TL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…

11.

Compiler Options Hardening Guide for C and C++

best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

2024-07-15

7.

Calculating Position from Raw GPS Data | Telesens

www.telesens.co/2017/07/17/calculating-position-from-raw-gps-data

2024-07-07

6.

Optimizing Large-Scale OpenStreetMap Data with SQLite

jtarchie.com/posts/2024-07-02-optimizing-large-scale-openstreetmap-data-with-sqlite

2024-06-20

2.

Even JSONB in Postgres needs schemas

nexteam.co.uk/posette_even_jsonb_in_postgres_needs_schemas.pdf

Talk from POSETTE conference