2026-02-25
Tracking NixOS option values and dependencies | oddlama's blog
oddlama.org/blog/tracking-options-in-nixosThere are thousands of options in NixOS, but as users, we usually only interact with a select few of them. Despite that, a huge amount of those options does influence the final result in some way. Have you ever wondered which of them were actually relevant for your specific system?
Finding the Bottom Turtle · blog.dave.tf
blog.dave.tf/post/finding-bottom-turtleSome reflections on trusting trust, and how deep the rabbit hole goes.
2026-01-09
Decorative Cryptography
www.dlp.rip/decorative-cryptographyLast year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers.
It all sounds really great. We should care about interposer adversaries. It’s great to use the TPM features that were invented to help us with these problems.
2025-11-18
Patterns for Defensive Programming in Rust | corrode Rust Consulting
corrode.dev/blog/defensive-programming[...] hard-learned patterns to write more defensive Rust code, learned throughout years of shipping Rust code to production. I’m not talking about design patterns here, but rather small idioms, which are rarely documented, but make a big difference in the overall code quality.
2025-08-27
Inside Windows 3
www.xtof.info/inside-windows3.htmlWindows 3 is often said to be just an UI on top of DOS. This article presents some of the inner side of Windows 3.x and will show that it is more ambitious and advanced than that.
2025-07-03
Rewriting Kafka in Rust Async: Insights and Lessons Learned in Rust | Rex Wang
wangjunfei.com/2025/06/18/Rewriting-Kafka-in-Rust-Async-Insights-and-Lessons-LearnedRex Wangs blog
2025-05-22
Collaborative Text Editing without CRDTs or OT - Matthew Weidner
mattweidner.com/2025/05/21/text-without-crdts.htmlThis blog post describes an alternative, straightforward approach to collaborative text editing, without Conflict-free Replicated Data Types (CRDTs) or Operational Transformation (OT). By making text editing flexible and easy to DIY, I hope that the approach will let you create rich collaborative apps that are challenging to build on top of a black-box CRDT/OT library.
2025-03-10
The power of interning: making a time series database 2000x smaller in Rust | Blog | Guillaume Endignoux
gendignoux.com/blog/2025/03/03/rust-interning-2000x.htmlIn this deep dive post, I’ll explain how I used the interning design pattern in Rust to compress this data set by a factor of two thousand! We’ll investigate how to best structure the interner itself, how to tune our data schema to work well with it, and likewise how serialization can best leverage interning.
2024-11-27
April King — Handling Cookies is a Minefield
grayduck.mn/2024/11/21/handling-cookies-is-a-minefieldDiscrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.
2024-11-22
Protecting Signal Keys on Desktop
cryptographycaffe.sandboxaq.com/posts/protecting-signal-desktop-keysThis blogpost describes our investigation and proof of concept to enhance the security of Signal Messenger key management on desktop.
2024-11-20
Why I love Rust for tokenising and parsing
xnacly.me/posts/2024/rust-pldevMacros, iterators, patterns, error handling and match make Rust almost perfect
2024-11-19
Using Nix to Fuzz Test a PDF Parser (Part One)
mtlynch.io/nix-fuzz-testing-1Fuzz testing is a technique for automatically uncovering bugs in software. The problem is that it’s a pain to set up. Read any fuzz testing tutorial, and the first task is an hour of building tools from source and chasing down dependencies upon dependencies.
I recently found that Nix eliminates a lot of the gruntwork from fuzz testing. I created a Nix configuration that kicks off a fuzz testing workflow with a single command.
2024-11-13
What I Wish Someone Told Me About Postgres
challahscript.com/what_i_wish_someone_told_me_about_postgresI want to try to catalog the bits that I wish someone had just told me before working with a Postgres database. Hopefully, this makes things easier for the next person going on a journey similar to mine.
2024-09-10
Notes on Distributed Systems for Young Bloods – Something Similar
www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloodsBelow is a list of some lessons I’ve learned as a distributed systems engineer that are worth being told to a new engineer. Some are subtle, and some are surprising, but none are controversial. This list is for the new distributed systems engineer to guide their thinking about the field they are taking on. It’s not comprehensive, but it’s a good beginning.
2024-09-07
About
www.braggoscope.com/aboutExplore the In Our Time archive.
2024-09-02
Timeseries Indexing at Scale - Artem Krylysov
artem.krylysov.com/blog/2024/06/28/timeseries-indexing-at-scale2024-08-19
JTAG Hacking with a Raspberry Pi - Introducing the PiFex
voidstarsec.com/blog/jtag-pifexJTAG for Reverse Engineers
2024-07-31
Revealing the Inner Structure of AWS Session Tokens
medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7TL;DR: A world first reverse engineering analysis of AWS Session Tokens. Prior to our research these tokens were a complete black box…
Compiler Options Hardening Guide for C and C++
best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.htmlThe Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
2024-07-28
Windows Security best practices for integrating and managing security tools | Microsoft Security Blog
www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-toolsWe examine the recent CrowdStrike outage and provide a technical overview of the root cause.