System Architecture

System Architecture

Dear ImGui
Dear ImGui
Dear ImGui homepage
·dearimgui.com·
Dear ImGui
Home · ocornut/imgui Wiki
Home · ocornut/imgui Wiki
Dear ImGui: Bloat-free Graphical User interface for C++ with minimal dependencies - ocornut/imgui
·github.com·
Home · ocornut/imgui Wiki
Token bucket - Wikipedia
Token bucket - Wikipedia
scheduling algorithm for network transmissions
·en.wikipedia.org·
Token bucket - Wikipedia
CoDel - Wikipedia
CoDel - Wikipedia
queue management algorithm for computer network packets
·en.wikipedia.org·
CoDel - Wikipedia
Technical Beauty: jq — Vivian Voss
Technical Beauty: jq — Vivian Voss
In 2012, JSON was the lingua franca of the web and the Unix toolbox had nothing for it. One PhD student at Cambridge wrote a functional language in 510 KB of C. Forty years of flat text tools, plus one for trees.
·vivianvoss.net·
Technical Beauty: jq — Vivian Voss
The Distributed Tax — Vivian Voss
The Distributed Tax — Vivian Voss
A function call costs 0.001 ms. A network call between two microservices costs 1 to 5 ms. That is factor 5,000 before any business logic executes. One rather wonders what one gets for that markup.
·vivianvoss.net·
The Distributed Tax — Vivian Voss
Capsicum vs seccomp: Process Sandboxing — Vivian Voss
Capsicum vs seccomp: Process Sandboxing — Vivian Voss
A compromised process inherits the full authority of the user who launched it. Two operating systems fixed this with opposite philosophies. One removed the doors. The other posted a bouncer.
·vivianvoss.net·
Capsicum vs seccomp: Process Sandboxing — Vivian Voss
WebPKI and You
WebPKI and You
There’s been a push over the last twelve years to move web traffic off unencrypted HTTP to encrypted HTTPS, to protect the general public from dragnet surveillance, gaping assholes on public wifiairpwn, backhauls over unencrypted satellites, that kinda thing. HTTPS relies on a public key infrastructure to make sure only authorized servers have keys for specific websites. [oid]: an OID or “Object IDentifier” is intended [brs]: https://cabforum.org/working-groups/server/baseline-requirements/documents/CA-Browser-Forum-TLS-BR-2.1.8.pdf [crtsh]: https://crt.sh/?q=blog.brycekerley.net [lol-diginotar]: https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates [iv-ocsp]: https://www.imperialviolet.org/2011/03/18/revocation.html [mac-ocsp]: Jeff Johnson’s [crlite]: these use cascading bloom filters which [short-lived]: the CA/BF baseline requirements [trustico-chrome]: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html [trustico-gone]: https://arstechnica.com/information-technology/2018/03/trustico-website-goes-dark-after-someone-drops-critical-flaw-on-twitter/ [trustico-compromise]: https://groups.google.com/g/mozilla.dev.security.policy/c/wxX4Yv0E3Mk/m/o1cdfx2nAQAJ [enclaves]: Amazon Web Services (AWS) and [history]: i mean, i remember from when it happened [parasite]: You may have realized that I don’t think [van-halen]: https://snackstack.net/2023/07/03/in-search-of-van-halens-brown-mms/ [osi]: I’m not going to hit you with a [responsibility]: in every part of your life! [bloom]: [later]: At time of publishing, it’s March 8, 2026 [hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security [hsts]: This is generally a hardcoded value, [cattle]: “cattle” is when there’s [ari]: https://letsencrypt.org/2025/09/16/ari-rfc [caddy-ari]: I checked Caddy, the front-end server [left]: there may be value in trying to renew [audits]: https://cabforum.org/about/information/auditors-and-assessors/audit-criteria/
·blog.brycekerley.net·
WebPKI and You
Linux Internals: How /proc/self/mem writes to unwritable memory - offlinemark
Linux Internals: How /proc/self/mem writes to unwritable memory - offlinemark
Introduction An obscure quirk of the /proc/*/mem pseudofile is its “punch through” semantics. Writes performed through this file will succeed even if the destination virtual memory is marked unwritable. In fact, this behavior is intentional and actively used by projects such as the Julia JIT comp
·offlinemark.com·
Linux Internals: How /proc/self/mem writes to unwritable memory - offlinemark
Governance: Documentation as a Knowledge Network
Governance: Documentation as a Knowledge Network
Explore the delirious rantings of Frederick Vanbrabant. A blog focused on the intersection of Enterprise Architecture, product, and business strategy.
·frederickvanbrabant.com·
Governance: Documentation as a Knowledge Network
Message Passing Is Shared Mutable State — Causality
Message Passing Is Shared Mutable State — Causality
The failure of message passing to eliminate concurrency bugs wasn't surprising, it was predicted. Edward Lee argued in 2006 that the shared-memory vs. message-passing debate was a false dichotomy. Go was a billion-dollar natural experiment. The results confirmed the prediction.
·causality.blog·
Message Passing Is Shared Mutable State — Causality
Anonymous credentials: an illustrated primer
Anonymous credentials: an illustrated primer
This post has been on my back burner for well over a year. This has bothered me, because every month that goes by I become more convinced that anonymous authentication the most important topic we c…
·blog.cryptographyengineering.com·
Anonymous credentials: an illustrated primer
Decision Trees
Decision Trees
An introduction to the Decision Trees, Entropy, and Information Gain.
·mlu-explain.github.io·
Decision Trees
DFOS
DFOS
Dark Forest Operating System
·dfos.com·
DFOS
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation
When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice. DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.
·letsencrypt.org·
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation
IP66 — Free IP Geolocation Database
IP66 — Free IP Geolocation Database
A free, open IP Geolocation database in MMDB format. Includes ASN, country, and continent data. Updated daily. Licensed under CC BY 4.0.
·ip66.dev·
IP66 — Free IP Geolocation Database
Serial Line Internet Protocol - Wikipedia
Serial Line Internet Protocol - Wikipedia
encapsulation of the Internet Protocol designed to work over serial ports and modem connections
·en.wikipedia.org·
Serial Line Internet Protocol - Wikipedia