106 bookmarks saved.

Place where goldstein dumps his links so she doesn’t have 500 tabs ever again.

Tags are structured like this:

  • is- tags are about medium. Books, papers, blog posts, interactive explanations etc.

  • about- tags are about about. What’s this post topic or what’s this project is/for.

  • to- tags are about reason. Why did I even save this?

  • for- tags are about connections. Where can I use it?

How to manipulate curve standards: a white paper for the black hat

A paper about choosing “nothing-up-my-sleeve” numbers while having stuff up your sleeve.


The little ssh that (sometimes) couldn't

A fascinating tale about network problems.


Learning Async Rust With Entirely Too Many Web Servers

A nice explanation of async that’s not about “threads slow”, but rather about how async as an abstraction emerges from sensible design decisions.



Allows you to find Unicode characters by drawing them.


A universal lowering strategy for control effects in Rust

The Rust language has incrementally grown a set of patterns to support control-flow effects including error handling, iteration, and asynchronous I/O. In The registers of Rust, boats lays out four aspects of this pattern shared by Rust’s three effects. Today these effects are typically used in isolation, or at most combined in bespoke ways, but the Rust project has been working on ways to integrate them more deeply with each other, such as async gen blocks.

The theory of algebraic effects and handlers has explored this design space and offers answers to many of the questions that the Rust project has encountered during this work. This post will relate the patterns employed by Rust to the terminology and semantics of effects, to help build a shared vocabulary and understanding of the implications of combining multiple effects.


voidlizard/hbs2: P2P CAS / P2P Framework / Distributed GIT

A distributed network that allows you to add host-independent repo identifier as a git origin. Looks like it worth a try, especially with being down and Codeberg half-broken because of a DDoS attack.


ast-grep | structural search/rewrite tool for many languages

Treesitter-based AST search-and-replace. Supports lints via saved patterns, LSP diagnostics + quick fixes and a regular CLI. Sounds pretty cool for custom lints.


Compromising a Linux desktop using... 6502 processor opcodes on the NES?!

gstreamer-plugins-bad includes a NES 6502 emulator, which was vulnerable to RCE.


features are faults

Review of many different software vulnerabilities caused by obscure undertested (mis-)features.

A modern web browser is the software equivalent of Gabriel’s Horn. Finite volume, but infinite attack surface.


Speculation in JavaScriptCore

This post is all about speculative compilation, or just speculation for short, in the context of the JavaScriptCore virtual machine.


So you want custom allocator support in your C library

Some thoughts on custom allocator interfaces with nice examples.


Performance of WebAssembly (WASM) runtimes in 2023

Comparison between different runtimes and with native code.


The Generic Dilemma

The generic dilemma is this: do you want slow programmers, slow compilers and bloated binaries, or slow execution times?

No generics / monomorphization / dynamic dispatch


mfio: Completion I/O for Everyone

Another take on io_uring in Rust. Doesn’t bring its own runtime, instead choosing to integrate with tokio.


Pinning all system calls in OpenBSD

How OpenBSD prohibited all syscalls from unknown locations.


FireDBG: Time Travel Visual Debugger for Rust

Looks really cool. I wonder what’s inside.


prr: Review GitHub PRs from local editor

Software Transactional Memory: Clojure vs. Haskell

A nice overview of STM primitives.


Execution in the Kingdom of Nouns

About why free functions are important. I find verb/noun framework from this article quite useful.


Designing a SIMD Algorithm from Scratch

A nice post about SIMD algorithms using Rust’s portable SIMD as an example.


nix-std: no-nixpkgs standard library for the nix expression language

Semantic fuzzing of the Rust compiler and interpreter

A very nice paper about fuzzing Rust compiler by generating custom MIR. Found some bugs in both rustc and LLVM, but notably not in Cranelift.


jaq: A jq clone focussed on correctness, speed, and simplicity

Friends don't let friends make certain types of data visualization

This is an opinionated essay about good and bad practices in data visualization. Examples and explanations are below.


Linus Torvalds about spinlocks and locking in general

Efficient Userspace Optimistic Spinning Locks

How to spin before sleeping so that it actually helps and not harms?


Mutexes Are Faster Than Spinlocks

Microbenchmark for futexes + spinlocks and some useful links at the bottom.


Spinlocks Considered Harmful

Because spin locks are so simple and fast, it seems to be a good idea to use them for short-lived critical sections. For example, if you only need to increment a couple of integers, should you really bother with complicated syscalls? In the worst case, the other thread will spin just for a couple of iterations…
Unfortunately, this logic is flawed! A thread can be preempted at any time, including during a short critical section. If it is preempted, that means that all other threads will need to spin until the original thread gets its share of CPU again. And, because a spinning thread looks like a good, busy thread to the OS, the other threads will spin until they exhaust their quants, preventing the unlucky thread from getting back on the processor!


Lambda calculus - Combinatory Logic

Variables are the trickiest part of lambda calculus. And naming is the trickiest part of variables: the most complex code in our lambda evaluator is the part that renames variables to perform capture-avoiding substitutions.
Names are artificial tedious tags whose sole purpose is to aid human comprehension. Can we get rid of them? There ought to be a way to study computation without naming names.


Surprisingly Slow

This is the closing-file-handles-on-Windows post.

I'm titling this post Surprisingly Slow because the slowness was either surprising to me or the sub-optimal practices leading to slowness are prevalent enough that I think many programmers would be surprised by their existence.


netaddr.IP: a new IP address type for Go

The Go standard library’s net.IP type is problematic for a number of reasons. We wrote a new one.

This post explores some problems with Go’s “simplicity by design”: introducing a better IP type that’s also interoperable with the language proves to be a non-trivial challenge.


Distributed Proofreaders

Distributed Proofreaders provides a web-based method to ease the conversion of Public Domain books into e-books. By dividing the workload into individual pages, many volunteers can work on a book at the same time.



The [board] game is about creating a small shellcode in memory by copying existing instructions and then exploiting a buffer overflow to jump into it, so that you can overwrite your opponent’s return address to force them to go to the game_over() function.There are other mechanics as well and more layers of strategy (like setting the exception handler or monkeypatching).


Sapiens: A Brief History of Humankind

The book, focusing on Homo sapiens, surveys the history of humankind, starting from the Stone Age and going up to the twenty-first century. The account is situated within a framework that intersects the natural sciences with the social sciences.



Faster and simpler git rebase.


Calculus Made Easy

Measuring Mutexes, Spinlocks and how Bad the Linux Scheduler Really is

This blog post is one of those things that just blew up. From a tiny observation at work about odd behaviors of spinlocks I spent months trying to find good benchmarks, (still not entirely successful) writing my own spinlocks, mutexes and condition variables and even contributing a patch to the Linux kernel. The main thing I’ll try to answer is to give some more informed guidance on the endless discussion of mutex vs spinlock. Besides that I found that most mutex implementations are really good, that most spinlock implementations are pretty bad, and that the Linux scheduler is OK but far from ideal. The most popular replacement, the MuQSS scheduler has other problems instead. (the Windows scheduler is pretty good though)



The site contains all the lectures, project materials and tools necessary for building a general-purpose computer system and a modern software hierarchy from the ground up.


how I think when I think about programming

a whirlwind tour through the guts of the system


Dungeons and Discourse Third Edition: The dialectic continues

Dungeons and Dragons, but about philosophy.


Let's Build a Cargo Compatible Build Tool

Tutorial about building a self-hosting cargo-compatible build tool. I have many problems with cargo and was interested in nixifying our job builds for eternity, so maybe there’s something useful there.


Bootstrapping with FORTH

What if all software suddenly disappeared? What's the minimum you'd need to bootstrap a practical system? I decided to start with a one sector (512-byte) seed and find out how far I can get.


The myrmics memory allocator

A paper about message-passing memory allocator: could be useful for actor systems.


Toy Tutorial - MLIR

MLIR is an interesting LLVM compiler framework thingy that uses LLVM for multiple representations instead of just high-level assembly.

This tutorial runs through the implementation of a basic toy language on top of MLIR. The goal of this tutorial is to introduce the concepts of MLIR; in particular, how dialects can help easily support language specific constructs and transformations while still offering an easy path to lower to LLVM or other codegen infrastructure. This tutorial is based on the model of the LLVM Kaleidoscope Tutorial.


Futexes Are Tricky

Detailed explanation of futexes, including some possible pitfalls.


Why's (Poignant) Guide to Ruby

Ruby tutorial with very unusual and interesting writing style.


Category Theory Illustrated

Category Theory Illustrated is a primer in category theory and other mathematical theories that is made to be really accessible to people with no prior exposure to the subject, without being dumbed down, by utilizing visual explanations.


Bots Are Stupid

Up for a challenge and love programming? Well it seems that Bots Are Stupid might be a good fit for you. An ultra-precise platformer where you don't directly control things — what could possibly go wrong?


The Hitchhiker's Guide to Logical Verification

Book about proofs with Lean.


Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?

Paper about how IT in healthcare in general and IT security in particular is done by people who don’t actually use it, listing different problems and workarounds that end up being used in the field.

Sacrificing convenience for security leads you to having neither security nor convenience.


Modeling graphs in Rust using vector indices

Niko’s post about using vectors (≈ arenas) instead of reference counters to model graphs. Explains how it relates to ownership and borrowing.

See also: Handles are the better pointers.


Handles are the better pointers

A blog post explaining the “single owner of data, everyone has indices instead of pointers” model. Not actually about Rust per se, just happens to be really useful for Rust.

See also: Modeling graphs in Rust using vector indices.


No Sane Compiler Would Optimize Atomics

The paper’s claim:


Compilers do optimize atomics, memory accesses around atomics, and utilize architecture-specific knowledge. This paper illustrates a few such optimizations, and discusses their implications.

Interestingly, none of the optimizations proposed in the paper actually work on GCC or Clang.


Game: Out of Ctrl

Push key blocks into their slots to gain control of the qwert. Regain Ctrl (and possible other keys) to get to the get through to the end. There are fourteen levels total. Can you get through them all?


Game: Wayfarer

You are a Wayfarer. Marked by a complete immunity to magic, Wayfarers travel the world, breaking curses, hunting monsters, and fighting magic when it spins out of control. Their Order, once a powerful presence in the world, is broken, leaving behind only a handful of warriors still bound by their creed.


Game: Manifold Garden by William Chyr

Rediscover gravity and explore a beautiful Escher-esque world of impossible architecture. Geometry repeats infinitely in every direction, and falling down leads you back to where you started. Manipulate gravity to change your perspective and see the world in new ways. Master the rules of the universe and restore a barren world with vegetation and life.


The Magic Ring Buffer

A first (as far as I know) description of ringbuffer based on two mmaps. I hope to make a better one sometime, but for now this’ll the best explanation I have.


Nota Language


A fresh take on typesetting


Nutshell: make expandable, embeddable explanations

Implementing truly safe semaphores in rust

Shufflecake: plausible deniability for multiple hidden filesystems on Linux

tips for systemd services management and hardening in NixOS

When it comes to security, we care about limiting access of each entity of a system to as few other entities as possible. Network input, executables and users must be able to reach only those resources, which are necessary to perform the defined server tasks. Principle of least priviledge.

Generally, it's better to implement as many layers of security as possible. Although, there is no way to make a server 100% bullet proof - it's a huge endless topic, this article covers some feasible essential systemd tunables that give us a layer of protection.


Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches

Abstract: Polymorphic inline caches (PICs) provide a new way to reduce the overhead of polymorphic message sends by extending inline caches to include more than one cached lookup result per call site. For a set of typical object-oriented SELF programs, PICs achieve a median speedup of 11%.


Laurence Tratt: Why Aren't Programming Language Specifications Comprehensive?