576 - Using LLMs at Oxide / RFD / Oxide
Software Acceleration and Desynchronization
A look at the ever-present drive to make software delivery faster and how it might break down various activity loops in organizations.
Naftiko
Embrace your API legacy, integrate your AI future. Naftiko turns API sprawl into a governed capability fabric that teams can depend on.
Run Real Python in Browsers With Pyodide and WebAssembly
Pyodide compiles CPython to WebAssembly, letting developers run full Python directly in the browser without servers or installations.
What is Zero Trust? - Guide to Zero Trust Security | CrowdStrike
Zero Trust is a security framework requiring all users to be authenticated, authorized, and continuously validated before being granted access.
Memory Architecture for a Synthetic Being
The BEAM and the Crab: Building Tunnels
A deep dive into building an ngrok-like tunneling system using Elixir/Phoenix on the server and Rust for the CLI. We explore the challenges of multiplexing HTTP requests over a single WebSocket connection, the elegance of Phoenix Channels, and how the BEAM's real-time capabilities make this architecture surprisingly simple.
The Mythical Man-Month at 50
Fred Brooks's classic book The Mythical Man-Month was published 50 years ago. It was hugely influential on the then-nascent discipline of software development. How does it stand up today?
How Nx "pulled the rug" on us, a potential solution and lessons learned - Salvatore Zappalà's Weblog
Salvatore Zappalà's Weblog
The dangers of SSL certificates
Yesterday, the Bazel team at Google did not have a very Merry Boxing Day. An SSL certificate expired for and as shown in this screenshot from the github issue. This expired certificate apparently b…
Airtight SEAL - The Hacker Factor Blog
MongoBleed explained simply
CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:
Censorship Explained: Shadowsocks
In the early 2010s, a simple tool thrown together by a lone programmer ignited an explosion of anti-censorship activity. Over the next decade, that simple tool–Shadowsocks–spawned a vast ecosystem of tools and techniques, developed by thousands and relied on by millions. We’ll need a firm grasp on how Shadowsocks works under the hood to better […]
Beyond Abstractions - A Theory of Interfaces
This article aims to express the mental model that I have built over the last few years for thinking about human-computer interfaces, software, and how we might produce a step-function increase in building and using software. A new way to program, if you will.
Note that this is more of a mental-model/philosophy than a falsifiable scientific theory, and not fundamentally novel.
For many years I have been searching for an idea to work on within software that is deep, impactful, personally fulfilling, and one that enables a massive business to be built on top of it.
Closure of Operations in Domain Modeling
A design technique leading to a more predictable, composable, and maintainable code.
The Linux kernel is just a program
Most books and courses introduce Linux through shell commands, leaving the kernel as a mysterious black box doing magic behind the scenes. In this post, we will run some experiments to demystify it: the Linux kernel is just a binary that you can build and run.
JSON-complete data formats and programming languages
Much of the data on the Internet is shared using a simple format called JSON. JSON is made of two composite types (arrays and key-value maps) and a small number of primitive types (64-bit floating-point numbers, strings, null, Booleans). That JSON became ubiquitous despite its simplicity is telling. { "name": "Nova Starlight", "age": 28, "powers": … Continue reading JSON-complete data formats and programming languages
Linux cgroup from first principles
After having spent the better part of 2 weeks learning Linux’s cgroup (control group) concept, I thought I better write this down for the next brave soul. 🦸
Meta Is Using The Linux Scheduler Designed For Valve's Steam Deck On Its Servers
An interesting anecdote from this month's Linux Plumbers Conference in Tokyo is that Meta (Facebook) is using the Linux scheduler originally designed for the needs of Valve's Steam Deck..
RFC 9911: Common YANG Data Types
This document defines a collection of common data types to be used
with the YANG data modeling language. It
includes several new type definitions and obsoletes RFC 6991.
Fixing the URL params performance penalty
Tales of two pages…
What's the difference between these two pages?:
https://www.example.com/
https://www.example.com/?utm_source=email
I mean they've got different URLs, but many of us would probably guess that that utm_source URL query parameters (or "URL params" or "search params" as it's
Jepsen: NATS 2.12.1
We Need to Talk: Accessibility Programming... • Ritchie
Accessibility programming doesn't feel accessible, and this needs to change.
Package Forge
Improving Package Management & Security for Linux systems. (Dev: @pkgforge-dev | Communtity: @pkgforge-community | Security Research: @pkgforge-security) - Package Forge
How Exchanges Turn Order Books into Distributed Logs
Every modern exchange is a distributed database in disguise. This article reveals how trading engines transform chaotic streams of buy and sell orders into a perfectly ordered, replayable log, ensuring fairness, determinism, and market data reliability.
SecureThought - dn on AI and tech
Building Trustworthy AI Agents - Schneier on Security
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or that we know, and being unable to distinguish between who we are and who we have been. They struggle with incomplete, inaccurate, and partial context: with no standard way to move toward accuracy, no mechanism to correct sources of error, and no accountability when wrong information leads to bad decisions...
Building the Weir Language
A domain-specific language for describing patterns in natural language.
Firecracker Virtualization Overview
Firecracker is an open source virtualization technology created by Amazon Web Services (AWS) which underpins their AWS Lambda Functions as a Service (FaaS) serverless product.
How ProcessTree Saved My Async Tests
This post is about the trap I hit while mocking API calls in Elixir tests, why it happened, and how ProcessTree solved it beautifully.