2026-01-09
Decorative Cryptography
www.dlp.rip/decorative-cryptographyLast year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers.
It all sounds really great. We should care about interposer adversaries. It’s great to use the TPM features that were invented to help us with these problems.
2025-11-18
Patterns for Defensive Programming in Rust | corrode Rust Consulting
corrode.dev/blog/defensive-programming[...] hard-learned patterns to write more defensive Rust code, learned throughout years of shipping Rust code to production. I’m not talking about design patterns here, but rather small idioms, which are rarely documented, but make a big difference in the overall code quality.
2025-06-27
How fast are Linux pipes anyway?
mazzo.li/posts/fast-pipes.htmlPipes are ubiquitous in Unix --- but how fast can they go on Linux? In this post we'll iteratively improve a simple pipe-writing benchmark from 3.5GiB/s to 65GiB/s, guided by Linux
perf.
2025-05-22
Collaborative Text Editing without CRDTs or OT - Matthew Weidner
mattweidner.com/2025/05/21/text-without-crdts.htmlThis blog post describes an alternative, straightforward approach to collaborative text editing, without Conflict-free Replicated Data Types (CRDTs) or Operational Transformation (OT). By making text editing flexible and easy to DIY, I hope that the approach will let you create rich collaborative apps that are challenging to build on top of a black-box CRDT/OT library.
2025-01-22
Building a tiny Linux from scratch
blinry.org/tiny-linuxLast week, I built a tiny Linux system from scratch, and booted it on my laptop!
2024-11-27
April King — Handling Cookies is a Minefield
grayduck.mn/2024/11/21/handling-cookies-is-a-minefieldDiscrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.
2024-11-20
Why I love Rust for tokenising and parsing
xnacly.me/posts/2024/rust-pldevMacros, iterators, patterns, error handling and match make Rust almost perfect
2024-11-13
What I Wish Someone Told Me About Postgres
challahscript.com/what_i_wish_someone_told_me_about_postgresI want to try to catalog the bits that I wish someone had just told me before working with a Postgres database. Hopefully, this makes things easier for the next person going on a journey similar to mine.
2024-10-18
Optimizing Mandelbrot Generation with SIMD
bumbershootsoft.wordpress.com/2024/01/27/optimizing-mandelbrot-generation-with-simd2024-09-25
Web Browser Engineering
browser.engineeringWeb browsers are ubiquitous, but how do they work? This book explains, building a basic but complete web browser, from networking to JavaScript, in a couple thousand lines of Python.
2024-09-07
About
www.braggoscope.com/aboutExplore the In Our Time archive.
2024-09-02
Timeseries Indexing at Scale - Artem Krylysov
artem.krylysov.com/blog/2024/06/28/timeseries-indexing-at-scale2024-08-29
Overloaded fields, type safety, and you
educatedguesswork.org/posts/text-type-safetyThe underlying problem we are facing here with all these examples is the same: having the same set of bits which can mean two different things and needing some way to distinguish those two meanings. Failure to do so leads to ambiguity at best and serious defects at worst. That's why you see so much emphasis in modern systems on type safety and on strict domain separation between different meanings.
2024-08-19
JTAG Hacking with a Raspberry Pi - Introducing the PiFex
voidstarsec.com/blog/jtag-pifexJTAG for Reverse Engineers
2024-07-31
Compiler Options Hardening Guide for C and C++
best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.htmlThe Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Build your own SQS or Kafka with Postgres
blog.sequinstream.com/build-your-own-sqs-or-kafka-with-postgresWe're Sequin, an open source message stream built on Postgres. We think Sequin's cool, but you don't need to adopt the project to get started with streaming in Postgres. In fact, you can turn Postgres into a basic queue/stream pretty easily. Below, we share what we've learned so you
2024-07-28
Windows Security best practices for integrating and managing security tools | Microsoft Security Blog
www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-toolsWe examine the recent CrowdStrike outage and provide a technical overview of the root cause.