Hire me

Looking for a new role. Expertise in cryptography, security, networking, reversing. Dev, ops, security. Amongst other things I've authored a QUIC implementation, a Let's Encrypt client and an RFC. I gave a talk about reverse engineering an Ethernet controller's firmware at 37C3. LinkedIn / contact details.

37C3 talk recording: Adventures in Reverse Engineering Broadcom NIC Firmware

For those that missed it, a recording of my talk at 37C3 can be found here.

Libreboot 10-year anniversary

Leah Rowe has written an interesting article about the history of the Libreboot project on the project's 10th anniversary. Recommended reading if you're interested in the open source firmware ecosystem.

Towards Greater Accountability: A Proposal for CA Issuance Decision LogsExploring the Potential of Domain Control Notaries for MPDV in WebPKI

Interesting articles by Ryan Hurst about possible improvements to WebPKI security via more certificate transparency (CT)-like technologies. There's also my own writings on CT.

Stop deploying web application firewalls

Excellent writeup by Mac Chaffee about how web application firewalls are universally a terrible idea. I've been meaning to write an article on this subject for some time, but this is a good overview of many issues with them.

Make the web great againIRC is the only viable chat protocolHow "Normiefication" causes everything to go to the dogs

Interesting writings by Koshka, who has a fantastic Web 1.0/Geocities-esque website of great depth and variation.

I don't trust Signal

Re: my article Web-based cryptography is always snake oil, this is another good article focused on Signal specifically and why it should not be considered trustworthy or secure.

Thoughts on Apache, .htaccess and the hackish state

This article on how Apache httpd is actually nice resonated with me a lot; I continue to use Apache myself for reasons I've articulated in the comment above.

That people produce HTML with string templates is telling us somethingHN comment with my thoughts (HN comment)

Chris Siebenmann has written an interesting response to my article “Producing HTML using string templates has always been the wrong solution”. While I don't necessarily agree with his views, I think it's an interesting response and worth reading. I've also written up my thoughts on the article as an HN comment. (Read more...)

Chicken Scheme's internal data representation

Fascinating writeup on the internal representation of values in Chicken Scheme. The design of value representations in a Scheme implementation needs to balance performance and memory usage while supporting a finite number of value types, so seeing the strategies chosen by a real-world implementation is always interesting. The further reading section provides links to information on the internal representation used by several other languages.

Pushup, a framework for mildly dynamic websitesComment by author (HN comment)Author's website

This is an interesting web framework in Go emphasising PHP-esque page-oriented development. The author cites my article The Demise of the Mildly Dynamic Website as inspiration.


This is an interesting writeup about webrings, a now forgotten phenomenon of the early web.

mynoise.net (noise generator)

Current listening — while reading Dune. Massive index of ambient noise generators.

Dialog (language)Linus Akesson

This is an interesting alternative compiler for producing Z-Machine images (.z5/.z8), taking inspiration from Prolog.

The author's website also appears an interesting homepage.

Inform 7 is now open source (HN comment)

I have quite a bit of respect for the fact that this is a successful, real-world program developed using Literate Programming. It's a style of programming which has interested me before, but like many other people, I've found it hard to do in practice, and tools to be lacking.

As an aside, the interactive fiction community is from a technological perspective a fascinating microcosm, including from a CS perspective. You have not just one toolchain, but an entire ecosystem of competing virtual machine specifications (Z-Machine, Glulx, TADS, Hugo), compilers, and source languages, all intending to deliver architecture-independence and the ability to preserve IF for the ages, yet apart from all general-purpose technologies typically used for the task. (Read more...)