20 random bookmarks

2026-04-15

54.

Immutable Systems: NixOS + systemd-repart + systemd-sysupdate

x86.lol/generic/2024/08/28/systemd-sysupdate.html

When you build software for embedded devices (your Wi-Fi router or home automation setup on your Raspberry Pi), there is always the question how to build these images and how to update them.

2026-04-05

53.

Killing the ISP Appliance: An eBPF/XDP Approach to Distributed BNG

markgascoyne.co.uk/posts/ebpf-bng

An open-source, eBPF-accelerated BNG that runs directly on OLT hardware - eliminating expensive centralised appliances

2026-02-25

52.

Tracking NixOS option values and dependencies | oddlama's blog

oddlama.org/blog/tracking-options-in-nixos

There are thousands of options in NixOS, but as users, we usually only interact with a select few of them. Despite that, a huge amount of those options does influence the final result in some way. Have you ever wondered which of them were actually relevant for your specific system?

51.

Finding the Bottom Turtle · blog.dave.tf

blog.dave.tf/post/finding-bottom-turtle

Some reflections on trusting trust, and how deep the rabbit hole goes.

2026-01-09

50.

Decorative Cryptography

www.dlp.rip/decorative-cryptography

Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers.
It all sounds really great. We should care about interposer adversaries. It’s great to use the TPM features that were invented to help us with these problems.

2025-12-17

49.

A security model for systemd

lwn.net/Articles/1042888

Poettering said that he does have a vision for how all of the security-related pieces of systemd are meant to fit together. He wanted to use his talk to explain ""how the individual security-related parts of systemd actually fit together and why they exist in the first place"".

2025-06-27

44.

How fast are Linux pipes anyway?

mazzo.li/posts/fast-pipes.html

Pipes are ubiquitous in Unix --- but how fast can they go on Linux? In this post we'll iteratively improve a simple pipe-writing benchmark from 3.5GiB/s to 65GiB/s, guided by Linux perf.

2025-04-28

41.

Nick Appleton’s blog and stuff - Building a digital filter for use in synthesisers

www.appletonaudio.com/blog/2022/building-a-digital-filter-for-use-in-synthesisers

This is a tutorial on how to build a digital implementation of a 2nd-order, continuously-variable filter (i.e. one where you can change the parameters runtime) that has dynamic behaviour that mimics an analogue filter.

2025-03-19

40.

Comptime Zig ORM

matklad.github.io/2025/03/19/comptime-zig-orm.html

This post can be considered an advanced Zig tutorial. I will be covering some of the more unique
aspects of the language, but won't be explaining the easy part. If you haven't read the Zig
Language Reference, you might start there. Additionally,
we will also learn the foundational trick for implementing relational model.

2025-01-22

36.

Packer: How to Build NixOS 24 Snapshot on Hetzner Cloud - Developer Friendly Blog

developer-friendly.blog/blog/2025/01/20/packer-how-to-build-nixos-24-snapshot-on-hetzner-cloud

Step-by-step guide to building a NixOS 24 snapshot on Hetzner Cloud using Packer, with complete configuration files and OpenTofu deployment examples.

2024-12-05

34.

Optimization adventures: making a parallel Rust workload 10x faster with (or without) Rayon | Blog | Guillaume Endignoux

gendignoux.com/blog/2024/11/18/rust-rayon-optimized.html

In a previous post, I’ve shown how to use the rayon framework in Rust to automatically parallelize a loop computation across multiple CPU cores.
In this post, I’ll first explain which profiling tools I used to chase optimizations, before diving into how I built a faster replacement of Rayon for my use case. In the next post, I’ll describe the other optimizations that made my code much faster. Spoiler alert: copying some data sped up my code!

2024-11-27

33.

April King — Handling Cookies is a Minefield

grayduck.mn/2024/11/21/handling-cookies-is-a-minefield

Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.

2024-11-20

31.

Why I love Rust for tokenising and parsing

xnacly.me/posts/2024/rust-pldev

Macros, iterators, patterns, error handling and match make Rust almost perfect

2024-11-07

28.

Model Predictive Control in the browser with WebAssembly | garethx

garethx.com/posts/cart-pole-mpc

Commentary on software, robotics, and computer vision.

2024-09-25

25.

Web Browser Engineering

browser.engineering

Web browsers are ubiquitous, but how do they work? This book explains, building a basic but complete web browser, from networking to JavaScript, in a couple thousand lines of Python.

2024-09-10

22.

Notes on Distributed Systems for Young Bloods – Something Similar

www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods

Below is a list of some lessons I’ve learned as a distributed systems engineer that are worth being told to a new engineer. Some are subtle, and some are surprising, but none are controversial. This list is for the new distributed systems engineer to guide their thinking about the field they are taking on. It’s not comprehensive, but it’s a good beginning.

2024-09-04

16.

the spatula

www.thespatula.io/rust/rust_io_uring_echo_server

In this article we build off what we’ve already learned about io_uring and extend that to build an async echo server.

2024-09-02

15.

Timeseries Indexing at Scale - Artem Krylysov

artem.krylysov.com/blog/2024/06/28/timeseries-indexing-at-scale

2024-07-31

12.

Revealing the Inner Structure of AWS Session Tokens

medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7

TL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…

2024-07-28

8.

Windows Security best practices for integrating and managing security tools | Microsoft Security Blog

www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools

We examine the recent CrowdStrike outage and provide a technical overview of the root cause.