Skip to Content

Pensieve

a collection of memories

Browse tags · Browse topics · Browse series

RSS · Atom

2026

  1. PQC Research Series — Part 4
    May 2, 2026 · 18 min

    Reduction tightness is where PQC security meets operations: loose reductions consume margin, force parameter inflation, and turn “provably secure” into a bandwidth/RAM/latency problem.

  2. PQC Research Series — Part 3
    April 30, 2026 · 19 min

    QROM is not “ROM but stronger.” It changes the oracle interface (superposition queries), breaks classical proof tactics (rewinding/programming), and turns Fiat–Shamir security into a tighter, system-bound claim.

  3. PQC Research Series — Part 2
    April 26, 2026 · 13 min

    LWE/SIS are not “magic hardness.” They are interface contracts with worst-case/average-case reductions, structural trade-offs (Ring/Module), and concrete security heuristics (BKZ/sieving) that real systems routinely violate.

  4. PQC Research Series — Part 1
    April 24, 2026 · 17 min

    A formal adversary taxonomy for PQC deployments: classical vs quantum vs QROM, with explicit resource accounting (queries, memory, time) and system-boundary assumptions.

  5. The KelpDAO Exploit Was Not a Bug
    April 19, 2026 · 22 min

    Incident memo (April 2026): the 116,500 rsETH release via LayerZero EndpointV2 was a semantic guard failure. Signatures are not truth unless they bind to a unique, finalized source-chain debit.

  6. Hybrid Schemes and Protocol Agility
    April 16, 2026 · 10 min

    Deep dive (April 2026): hybrid key establishment is a narrow hedge (HNDL), not “post-quantum TLS”. The hard part is suite identity, transcript binding, and AND-semantics for dual signatures.

  7. The Leaf Is the Hot Path: Signature Placement in Post-Quantum TLS (ML-DSA vs SLH-DSA)
    April 8, 2026 · 9 min

    Paper note (April 2026): experiments show SLH-DSA in the server leaf collapses TLS 1.3 handshakes by ~10^3×. PQ migration is a certificate-hierarchy and cost-concentration problem, not an algorithm swap.

  8. Stateful Signatures Are a Distributed Systems Problem: XMSS/LMS Without Index Reuse
    April 1, 2026 · 10 min

    Deep dive (April 2026): stateful hash-based signatures look like “just PQC”, but one index reuse is a catastrophic key-management failure. Model the invariant, then build the allocator like a consensus component.

  9. Termination Is a Security Boundary: HotStuff Under UC, Delay Attacks, and the Uncomfortable Gap to Rust
    March 28, 2026 · 13 min

    Paper note (March 2026): a UC-style termination proof for HotStuff, the real invariant it relies on, and what changes when you ship it as a low-level Rust system under adversarial latency.

  10. Secure Distributed Storage: Erasure Coding Under Adversaries
    March 1, 2026 · 3 min

    Spec-driven research note (March 2026): Secure Distributed Storage: Erasure Coding Under Adversaries.

  11. Verifiable Computation as Infrastructure: Proof Systems at Scale
    February 1, 2026 · 3 min

    Engineering notebook entry (February 2026): Verifiable Computation as Infrastructure: Proof Systems at Scale.

  12. Composable Security: Where Proofs Break in Real Systems
    January 1, 2026 · 3 min

    Threat-model-first analysis (January 2026): Composable Security: Where Proofs Break in Real Systems.

2025

  1. Research Frontiers: Composability, Proofs, and Future Primitives
    December 1, 2025 · 3 min

    Threat-model-first analysis (December 2025): Research Frontiers: Composability, Proofs, and Future Primitives.

  2. Long-Lived Secrets: Forward Secrecy, KEMs, and Key Erasure
    November 1, 2025 · 3 min

    Design memo (November 2025): Long-Lived Secrets: Forward Secrecy, KEMs, and Key Erasure.

  3. Post-Quantum DoS Surfaces: Handshakes, Amplification, and Mitigations
    October 1, 2025 · 3 min

    Adversarial-first deep dive (October 2025): Post-Quantum DoS Surfaces: Handshakes, Amplification, and Mitigations.

  4. Operationalizing PQC: Monitoring, Rollback, and Incident Response
    September 1, 2025 · 3 min

    Spec-driven research note (September 2025): Operationalizing PQC: Monitoring, Rollback, and Incident Response.

  5. Quantum Tunneler: A Quantum-Safe IPSec Stack in Rust
    August 3, 2025 · 4 min

    An in-depth technical deep-dive into Quantum Tunneler—an end-to-end, Rust-based implementation of a post-quantum IPSec stack leveraging Kyber and Falcon.

  6. Quantum-Safe VPN Design: Lessons from Implementing a PQ IPSec Stack
    August 1, 2025 · 3 min

    Threat-model-first analysis (August 2025): Quantum-Safe VPN Design: Lessons from Implementing a PQ IPSec Stack.

  7. QuantumSafe Finance – Deep Technical Overview (Phase 2)
    August 1, 2025 · 4 min

    Comprehensive article on the motivations, architecture, and current Phase 2 development of the QuantumSafe Finance Open-Core PQC platform.

  8. no_std Crypto in Rust: Determinism, Side Channels, and Constraints
    July 1, 2025 · 3 min

    Engineering notebook entry (July 2025): no_std Crypto in Rust: Determinism, Side Channels, and Constraints.

  9. Building NeuroTradeX — Architecting an AI-Driven Trading System
    June 18, 2025 · 2 min

    A deep-dive into the modular design, architecture, and implementation of the NeuroTradeX open-source platform for financial and crypto trading.

  10. BFT with PQ Primitives: When Crypto Costs Dominate
    June 1, 2025 · 3 min

    Spec-driven research note (June 2025): BFT with PQ Primitives: When Crypto Costs Dominate.

  11. Quantum-Resilient Identity: Device + Human, Online + Offline
    May 1, 2025 · 3 min

    Adversarial-first deep dive (May 2025): Quantum-Resilient Identity: Device + Human, Online + Offline.

  12. CPZKp - Building Practical Zero-Knowledge Proofs in Rust from Scratch
    April 28, 2025 · 3 min

    A deep technical dive into the motivations, design, and implementation of CPZKp, a Chaum-Pedersen based ZK authentication library in Rust.

  13. Post-Quantum Cryptography for Industrial IoT with Rust
    April 28, 2025 · 2 min

    A deep technical dive into the pqc-iiot Rust crate for secure, no_std, post-quantum cryptography in embedded and IIoT environments.

  14. PQC for Blockchain Signatures: Wallet UX, Size, and Verification Cost
    April 1, 2025 · 3 min

    Adversarial-first deep dive (April 2025): PQC for Blockchain Signatures: Wallet UX, Size, and Verification Cost.

  15. Quantum-Safe Secure Boot: Firmware Roots and PQ Signatures
    March 1, 2025 · 3 min

    Engineering notebook entry (March 2025): Quantum-Safe Secure Boot: Firmware Roots and PQ Signatures.

  16. Hybrid Key Management: Rotations Across Algorithm Families
    February 1, 2025 · 3 min

    Spec-driven research note (February 2025): Hybrid Key Management: Rotations Across Algorithm Families.

  17. Quantum Threat Modeling for Infrastructure: What Changes, What Doesn’t
    January 1, 2025 · 3 min

    Adversarial-first deep dive (January 2025): Quantum Threat Modeling for Infrastructure: What Changes, What Doesn’t.

2024

  1. Designing for Catastrophic Failure: Compartmentalization and Recovery
    December 1, 2024 · 4 min

    Spec-driven research note (December 2024): Designing for Catastrophic Failure: Compartmentalization and Recovery.

  2. ZKP Systems Engineering: Provers, Verifiers, and Operational Cost
    November 1, 2024 · 4 min

    Threat-model-first analysis (November 2024): ZKP Systems Engineering: Provers, Verifiers, and Operational Cost.

  3. Formal Verification of Crypto Protocols: Models, Gaps, and Pain
    October 1, 2024 · 4 min

    Spec-driven research note (October 2024): Formal Verification of Crypto Protocols: Models, Gaps, and Pain.

  4. Secure Enclaves in Distributed Systems: Remote Attestation and Trust
    September 1, 2024 · 4 min

    Spec-driven research note (September 2024): Secure Enclaves in Distributed Systems: Remote Attestation and Trust.

  5. Metadata and Privacy: The Hard Part Isn’t Encryption
    August 1, 2024 · 4 min

    Threat-model-first analysis (August 2024): Metadata and Privacy: The Hard Part Isn’t Encryption.

  6. Byzantine Fault Injection: Testing Protocols Like an Attacker
    July 1, 2024 · 4 min

    Adversarial-first deep dive (July 2024): Byzantine Fault Injection: Testing Protocols Like an Attacker.

  7. Consensus Under Attack: Adaptive Adversaries and Network Control
    June 1, 2024 · 4 min

    Spec-driven research note (June 2024): Consensus Under Attack: Adaptive Adversaries and Network Control.

  8. Time-Based Attacks: NTP Manipulation, Expiration, and Replay
    May 1, 2024 · 4 min

    Adversarial-first deep dive (May 2024): Time-Based Attacks: NTP Manipulation, Expiration, and Replay.

  9. Sandbox Escapes: Isolation Boundaries as a Design Input
    April 1, 2024 · 4 min

    Spec-driven research note (April 2024): Sandbox Escapes: Isolation Boundaries as a Design Input.

  10. Supply Chain Attacks: Dependency Poisoning and Maintainer Compromise
    March 1, 2024 · 4 min

    Adversarial-first deep dive (March 2024): Supply Chain Attacks: Dependency Poisoning and Maintainer Compromise.

  11. DDoS at Scale: Adaptive Defense and Cost Asymmetry
    February 1, 2024 · 4 min

    Spec-driven research note (February 2024): DDoS at Scale: Adaptive Defense and Cost Asymmetry.

  12. BGP and Routing Attacks: Engineering for the Internet We Have
    January 1, 2024 · 4 min

    Engineering notebook entry (January 2024): BGP and Routing Attacks: Engineering for the Internet We Have.

2023

  1. Compliance & Standards: Translating NIST to Engineering Action
    December 1, 2023 · 3 min

    Adversarial-first deep dive (December 2023): Compliance & Standards: Translating NIST to Engineering Action.

  2. Migration Risk Management: Inventory, Prioritization, and Cutover
    November 1, 2023 · 4 min

    Correctness-focused deep dive (November 2023): Migration Risk Management: Inventory, Prioritization, and Cutover.

  3. Side Channels in PQC Implementations: Where Theory Meets Cache
    October 1, 2023 · 3 min

    Correctness-focused deep dive (October 2023): Side Channels in PQC Implementations: Where Theory Meets Cache.

  4. Benchmarking PQC: What to Measure (and What Not To)
    September 1, 2023 · 4 min

    Threat-model-first analysis (September 2023): Benchmarking PQC: What to Measure (and What Not To).

  5. Crypto Agility Tooling: Feature Flags, Policy, and Rollback
    August 1, 2023 · 4 min

    Design memo (August 2023): Crypto Agility Tooling: Feature Flags, Policy, and Rollback.

  6. PQC for IoT: Memory, CPU, and Timing Side Channels
    July 1, 2023 · 3 min

    Engineering notebook entry (July 2023): PQC for IoT: Memory, CPU, and Timing Side Channels.

  7. PQC in VPN/IPsec: IKEv2 Revisited Under PQ Constraints
    June 1, 2023 · 3 min

    Threat-model-first analysis (June 2023): PQC in VPN/IPsec: IKEv2 Revisited Under PQ Constraints.

  8. PQC in TLS: Negotiation, Downgrade, and Interop
    May 1, 2023 · 4 min

    Threat-model-first analysis (May 2023): PQC in TLS: Negotiation, Downgrade, and Interop.

  9. Hybrid Key Exchange: Binding Classical and PQ Secrets Correctly
    April 1, 2023 · 3 min

    Design memo (April 2023): Hybrid Key Exchange: Binding Classical and PQ Secrets Correctly.

  10. Signatures in Practice: Dilithium/Falcon and Deployment Constraints
    March 1, 2023 · 4 min

    Design memo (March 2023): Signatures in Practice: Dilithium/Falcon and Deployment Constraints.

  11. KEMs in Practice: Kyber Handshakes and Failure Surfaces
    February 1, 2023 · 4 min

    Adversarial-first deep dive (February 2023): KEMs in Practice: Kyber Handshakes and Failure Surfaces.

  12. PQC Threat Models: 'Harvest Now, Decrypt Later' in Real Systems
    January 1, 2023 · 4 min

    Design memo (January 2023): PQC Threat Models: 'Harvest Now, Decrypt Later' in Real Systems.

2022

  1. Red Teaming Infrastructure: Turning Attacks into Regression Tests
    December 1, 2022 · 3 min

    Threat-model-first analysis (December 2022): Red Teaming Infrastructure: Turning Attacks into Regression Tests.

  2. Rust/Go Secure Coding Patterns: The Bugs That Still Happen
    November 1, 2022 · 3 min

    Adversarial-first deep dive (November 2022): Rust/Go Secure Coding Patterns: The Bugs That Still Happen.

  3. Secure Configuration: Policy-as-Code and Guardrails
    October 1, 2022 · 3 min

    Spec-driven research note (October 2022): Secure Configuration: Policy-as-Code and Guardrails.

  4. Backup/Restore as a Protocol: RPO/RTO with Adversaries
    September 1, 2022 · 3 min

    Adversarial-first deep dive (September 2022): Backup/Restore as a Protocol: RPO/RTO with Adversaries.

  5. Observability at Scale: Traces, Cardinality, and Cost
    August 1, 2022 · 3 min

    Spec-driven research note (August 2022): Observability at Scale: Traces, Cardinality, and Cost.

  6. Rate Limiting & Load Shedding: Protecting Reliability SLOs
    July 1, 2022 · 3 min

    Engineering notebook entry (July 2022): Rate Limiting & Load Shedding: Protecting Reliability SLOs.

  7. Multi-Region Design: Failover That You Can Actually Test
    June 1, 2022 · 4 min

    Threat-model-first analysis (June 2022): Multi-Region Design: Failover That You Can Actually Test.

  8. Kubernetes Hardening: RBAC, NetworkPolicy, and Pod Security
    May 1, 2022 · 4 min

    Threat-model-first analysis (May 2022): Kubernetes Hardening: RBAC, NetworkPolicy, and Pod Security.

  9. Runtime Security: eBPF, Policy, and Drift Detection
    April 1, 2022 · 3 min

    Adversarial-first deep dive (April 2022): Runtime Security: eBPF, Policy, and Drift Detection.

  10. Secrets Hygiene: Rotation, Scoping, and Runtime Delivery
    March 1, 2022 · 3 min

    Adversarial-first deep dive (March 2022): Secrets Hygiene: Rotation, Scoping, and Runtime Delivery.

  11. Reproducible CI/CD: Determinism as Defense
    February 1, 2022 · 3 min

    Engineering notebook entry (February 2022): Reproducible CI/CD: Determinism as Defense.

  12. Supply Chain Security: SLSA, SBOM, and Build Provenance
    January 1, 2022 · 3 min

    Spec-driven research note (January 2022): Supply Chain Security: SLSA, SBOM, and Build Provenance.

2021

  1. Post-Quantum Readiness at the Edge: Constraints and Migration
    December 1, 2021 · 4 min

    Engineering notebook entry (December 2021): Post-Quantum Readiness at the Edge: Constraints and Migration.

  2. Anomaly Detection: What 'Baseline' Means in Industrial Systems
    November 1, 2021 · 4 min

    Threat-model-first analysis (November 2021): Anomaly Detection: What 'Baseline' Means in Industrial Systems.

  3. Secure Remote Access: Bastions, Just-in-Time, and Audit
    October 1, 2021 · 3 min

    Spec-driven research note (October 2021): Secure Remote Access: Bastions, Just-in-Time, and Audit.

  4. Offline-First Edge: Consistency During Intermittent Connectivity
    September 1, 2021 · 3 min

    Spec-driven research note (September 2021): Offline-First Edge: Consistency During Intermittent Connectivity.

  5. Safety-Critical vs Security-Critical: Integrating Two Worlds
    August 1, 2021 · 4 min

    Correctness-focused deep dive (August 2021): Safety-Critical vs Security-Critical: Integrating Two Worlds.

  6. Gateway Architecture: Protocol Translation Without Becoming a Bottleneck
    July 1, 2021 · 4 min

    Spec-driven research note (July 2021): Gateway Architecture: Protocol Translation Without Becoming a Bottleneck.

  7. Time-Series at Scale: Ingestion, Downsampling, and Query Isolation
    June 1, 2021 · 4 min

    Design memo (June 2021): Time-Series at Scale: Ingestion, Downsampling, and Query Isolation.

  8. Zero Trust for IIoT: Network Segmentation and Policy Enforcement
    May 1, 2021 · 4 min

    Correctness-focused deep dive (May 2021): Zero Trust for IIoT: Network Segmentation and Policy Enforcement.

  9. Firmware Update Pipelines: Rollouts, Canary, and Recovery
    April 1, 2021 · 4 min

    Threat-model-first analysis (April 2021): Firmware Update Pipelines: Rollouts, Canary, and Recovery.

  10. Edge-to-Cloud Messaging: MQTT, OPC UA, and Threat Models
    March 1, 2021 · 4 min

    Engineering notebook entry (March 2021): Edge-to-Cloud Messaging: MQTT, OPC UA, and Threat Models.

  11. Secure Telemetry: Integrity, Nonce Discipline, and Replay Protection
    February 1, 2021 · 3 min

    Correctness-focused deep dive (February 2021): Secure Telemetry: Integrity, Nonce Discipline, and Replay Protection.

  12. Device Identity: Provisioning, Attestation, and Lifecycle
    January 1, 2021 · 4 min

    Design memo (January 2021): Device Identity: Provisioning, Attestation, and Lifecycle.

2020

  1. Spec-Driven Development: Making the Spec the Center of Gravity
    December 1, 2020 · 4 min

    Design memo (December 2020): Spec-Driven Development: Making the Spec the Center of Gravity.

  2. Boosting quantum computer hardware performance with TensorFlow
    November 3, 2020 · 8 min

    Boosting quantum computer hardware performance with TensorFlow

  3. Simulating subatomic physics on a quantum computer
    November 3, 2020 · 3 min

    How quantum computing could be a game-changer in our understanding of quantum processes.

  4. Designing APIs for Correctness: Types, Lifetimes, and Capabilities
    November 1, 2020 · 3 min

    Engineering notebook entry (November 2020): Designing APIs for Correctness: Types, Lifetimes, and Capabilities.

  5. Verified Crypto Interfaces: Constant-Time Boundaries and Misuse Resistance
    October 1, 2020 · 3 min

    Adversarial-first deep dive (October 2020): Verified Crypto Interfaces: Constant-Time Boundaries and Misuse Resistance.

  6. Symbolic Execution: When Brute Force Becomes Logic
    September 1, 2020 · 3 min

    Correctness-focused deep dive (September 2020): Symbolic Execution: When Brute Force Becomes Logic.

  7. Concurrency Testing in Rust: Loom, Schedules, and Determinism
    August 1, 2020 · 3 min

    Adversarial-first deep dive (August 2020): Concurrency Testing in Rust: Loom, Schedules, and Determinism.

  8. Fuzzing Protocol Parsers: When Inputs Are Adversarial
    July 1, 2020 · 3 min

    Threat-model-first analysis (July 2020): Fuzzing Protocol Parsers: When Inputs Are Adversarial.

  9. Differential Testing: Using Other Implementations as Oracles
    June 1, 2020 · 4 min

    Spec-driven research note (June 2020): Differential Testing: Using Other Implementations as Oracles.

  10. Property-Based Testing: Finding Bugs You Didn’t Imagine
    May 1, 2020 · 3 min

    Threat-model-first analysis (May 2020): Property-Based Testing: Finding Bugs You Didn’t Imagine.

  11. Refinement: Proving Your Implementation Matches the Spec
    April 1, 2020 · 3 min

    Engineering notebook entry (April 2020): Refinement: Proving Your Implementation Matches the Spec.

  12. Model Checking at Scale: State Explosion and How to Cheat
    March 1, 2020 · 4 min

    Adversarial-first deep dive (March 2020): Model Checking at Scale: State Explosion and How to Cheat.

  13. TLA+ for Engineers: Modeling the Minimal Thing That Can Break You
    February 1, 2020 · 3 min

    Design memo (February 2020): TLA+ for Engineers: Modeling the Minimal Thing That Can Break You.

  14. Why the 2020s Belong to Quantum Computing
    January 13, 2020 · 14 min

    Why the 2020s Belong to Quantum Computing

  15. Safety/Liveness Catalog: A Practical Checklist for Protocol Specs
    January 1, 2020 · 3 min

    Adversarial-first deep dive (January 2020): Safety/Liveness Catalog: A Practical Checklist for Protocol Specs.

2019

  1. Validator Ops: Key Security, Slashing, and Fault Containment
    December 1, 2019 · 3 min

    Design memo (December 2019): Validator Ops: Key Security, Slashing, and Fault Containment.

  2. Rust Node Architecture: Storage, Networking, and Deterministic Execution
    November 1, 2019 · 4 min

    Adversarial-first deep dive (November 2019): Rust Node Architecture: Storage, Networking, and Deterministic Execution.

  3. Formalizing a Blockchain Protocol: Properties Worth Proving
    October 1, 2019 · 4 min

    Engineering notebook entry (October 2019): Formalizing a Blockchain Protocol: Properties Worth Proving.

  4. ZK in Protocols: Proof Systems as Network Primitives
    September 1, 2019 · 4 min

    Spec-driven research note (September 2019): ZK in Protocols: Proof Systems as Network Primitives.

  5. Bridges: Where Trust Comes Back to Collect
    August 1, 2019 · 4 min

    Spec-driven research note (August 2019): Bridges: Where Trust Comes Back to Collect.

  6. Fee Markets and MEV: Incentives as an Adversary
    July 1, 2019 · 4 min

    Adversarial-first deep dive (July 2019): Fee Markets and MEV: Incentives as an Adversary.

  7. State Commitments: Merkle, Verkle, and Proof Sizes
    June 1, 2019 · 4 min

    Correctness-focused deep dive (June 2019): State Commitments: Merkle, Verkle, and Proof Sizes.

  8. Light Clients: Trust Minimization Without Full Replication
    May 1, 2019 · 4 min

    Threat-model-first analysis (May 2019): Light Clients: Trust Minimization Without Full Replication.

  9. Finality and Reorgs: What Users Think vs What Protocols Provide
    April 1, 2019 · 4 min

    Engineering notebook entry (April 2019): Finality and Reorgs: What Users Think vs What Protocols Provide.

  10. Gossip Networks: Propagation, Eclipse Attacks, and Topology
    March 1, 2019 · 4 min

    Adversarial-first deep dive (March 2019): Gossip Networks: Propagation, Eclipse Attacks, and Topology.

  11. Mempool Design Under Adversarial Load: Admission, Fees, and Spam
    February 1, 2019 · 4 min

    Adversarial-first deep dive (February 2019): Mempool Design Under Adversarial Load: Admission, Fees, and Spam.

  12. The Ledger as a State Machine: Execution, Determinism, and Reproducibility
    January 1, 2019 · 4 min

    Adversarial-first deep dive (January 2019): The Ledger as a State Machine: Execution, Determinism, and Reproducibility.

2018

  1. Incident Response for Crypto Systems: Key Compromise Playbooks
    December 1, 2018 · 4 min

    Correctness-focused deep dive (December 2018): Incident Response for Crypto Systems: Key Compromise Playbooks.

  2. KMS/HSM Threat Models: When 'Managed' Doesn't Mean 'Safe'
    November 1, 2018 · 4 min

    Correctness-focused deep dive (November 2018): KMS/HSM Threat Models: When 'Managed' Doesn't Mean 'Safe'.

  3. Multi-Tenant Isolation: Crypto Boundaries vs Kernel Boundaries
    October 1, 2018 · 4 min

    Spec-driven research note (October 2018): Multi-Tenant Isolation: Crypto Boundaries vs Kernel Boundaries.

  4. Cryptographic Agility: Designing for the Algorithm You Haven't Met Yet
    September 1, 2018 · 4 min

    Threat-model-first analysis (September 2018): Cryptographic Agility: Designing for the Algorithm You Haven't Met Yet.

  5. Logging for Forensics: Tamper Evident Event Pipelines
    August 1, 2018 · 4 min

    Adversarial-first deep dive (August 2018): Logging for Forensics: Tamper Evident Event Pipelines.

  6. TLS Beyond Defaults: Ciphersuites, ALPN, and Operational Reality
    July 1, 2018 · 4 min

    Spec-driven research note (July 2018): TLS Beyond Defaults: Ciphersuites, ALPN, and Operational Reality.

  7. Secure Firmware Updates: Signed Manifests and Rollback Protection
    June 1, 2018 · 4 min

    Spec-driven research note (June 2018): Secure Firmware Updates: Signed Manifests and Rollback Protection.

  8. Side Channels: Constant-Time, Cache Attacks, and Real Threat Models
    May 1, 2018 · 4 min

    Adversarial-first deep dive (May 2018): Side Channels: Constant-Time, Cache Attacks, and Real Threat Models.

  9. Hardware Roots of Trust: TPM, Secure Boot, and Attestation
    April 1, 2018 · 4 min

    Correctness-focused deep dive (April 2018): Hardware Roots of Trust: TPM, Secure Boot, and Attestation.

  10. Secrets vs Capabilities: Token Design in Microservices
    March 1, 2018 · 4 min

    Design memo (March 2018): Secrets vs Capabilities: Token Design in Microservices.

  11. Key Management at Scale: Rotation, Audit, and Blast Radius
    February 1, 2018 · 4 min

    Spec-driven research note (February 2018): Key Management at Scale: Rotation, Audit, and Blast Radius.

  12. PKI as an Operating System: Certificates, Policies, and Expiration
    January 1, 2018 · 4 min

    Correctness-focused deep dive (January 2018): PKI as an Operating System: Certificates, Policies, and Expiration.

2017

  1. A Minimal TLA+ Workflow for Distributed Protocols
    December 1, 2017 · 4 min

    Spec-driven research note (December 2017): A Minimal TLA+ Workflow for Distributed Protocols.

  2. Designing for Network Partitions: Degraded Modes That Still Make Sense
    November 1, 2017 · 4 min

    Engineering notebook entry (November 2017): Designing for Network Partitions: Degraded Modes That Still Make Sense.

  3. Rate Limiting and Fairness: Protecting Critical Paths
    October 1, 2017 · 4 min

    Design memo (October 2017): Rate Limiting and Fairness: Protecting Critical Paths.

  4. Queues & Streams: Exactly-Once Semantics Without Lying to Yourself
    September 1, 2017 · 4 min

    Design memo (September 2017): Queues & Streams: Exactly-Once Semantics Without Lying to Yourself.

  5. Geo-Replication: Latency Budgets and Cross-Region Failure Modes
    August 1, 2017 · 4 min

    Threat-model-first analysis (August 2017): Geo-Replication: Latency Budgets and Cross-Region Failure Modes.

  6. Gossip & Epidemic Dissemination: Fast, Probabilistic, and Weird
    July 1, 2017 · 3 min

    Threat-model-first analysis (July 2017): Gossip & Epidemic Dissemination: Fast, Probabilistic, and Weird.

  7. Transactions: 2PC, 3PC, and Coordinators You Can't Trust
    June 1, 2017 · 3 min

    Design memo (June 2017): Transactions: 2PC, 3PC, and Coordinators You Can't Trust.

  8. Consistency Models: Linearizability, Serializability, and What You Actually Need
    May 1, 2017 · 4 min

    Design memo (May 2017): Consistency Models: Linearizability, Serializability, and What You Actually Need.

  9. Membership & Reconfiguration: Changing the Set Without Breaking Safety
    April 1, 2017 · 3 min

    Adversarial-first deep dive (April 2017): Membership & Reconfiguration: Changing the Set Without Breaking Safety.

  10. BFT from First Principles: Safety, Liveness, and Quorums
    March 1, 2017 · 4 min

    Adversarial-first deep dive (March 2017): BFT from First Principles: Safety, Liveness, and Quorums.

  11. Consensus Under Partial Synchrony: From Paxos to Raft
    February 1, 2017 · 4 min

    Correctness-focused deep dive (February 2017): Consensus Under Partial Synchrony: From Paxos to Raft.

  12. State Machine Replication: Log Design, Snapshots, and Compaction
    January 1, 2017 · 3 min

    Adversarial-first deep dive (January 2017): State Machine Replication: Log Design, Snapshots, and Compaction.

2016

  1. Security vs Reliability: When the Same Bug Has Two Names
    December 1, 2016 · 4 min

    Correctness-focused deep dive (December 2016): Security vs Reliability: When the Same Bug Has Two Names.

  2. Reproducible Builds: Trusting Artifacts in a Hostile World
    November 1, 2016 · 4 min

    Threat-model-first analysis (November 2016): Reproducible Builds: Trusting Artifacts in a Hostile World.

  3. Observability as Specification: SLOs, Error Budgets, and Contracts
    October 1, 2016 · 4 min

    Design memo (October 2016): Observability as Specification: SLOs, Error Budgets, and Contracts.

  4. Fault Injection: Turning Unknown Unknowns into Test Cases
    September 1, 2016 · 4 min

    Spec-driven research note (September 2016): Fault Injection: Turning Unknown Unknowns into Test Cases.

  5. Memory Models and Concurrency: Reasoning About Races
    August 1, 2016 · 4 min

    Threat-model-first analysis (August 2016): Memory Models and Concurrency: Reasoning About Races.

  6. Crash Consistency: Durable State Without Mysticism
    July 1, 2016 · 4 min

    Engineering notebook entry (July 2016): Crash Consistency: Durable State Without Mysticism.

  7. Cryptographic Hygiene: Domain Separation, KDFs, and Context Binding
    June 1, 2016 · 4 min

    Threat-model-first analysis (June 2016): Cryptographic Hygiene: Domain Separation, KDFs, and Context Binding.

  8. Threat Modeling for Engineers: Assumptions as Interfaces
    May 1, 2016 · 4 min

    Correctness-focused deep dive (May 2016): Threat Modeling for Engineers: Assumptions as Interfaces.

  9. Time Is a Lie: Clocks, Causality, and Ordering
    April 1, 2016 · 4 min

    Adversarial-first deep dive (April 2016): Time Is a Lie: Clocks, Causality, and Ordering.

  10. Backpressure as a Correctness Property: Stability Under Load
    March 1, 2016 · 4 min

    Design memo (March 2016): Backpressure as a Correctness Property: Stability Under Load.

  11. Idempotency Everywhere: Designing Safe Retries in Distributed APIs
    February 1, 2016 · 4 min

    Correctness-focused deep dive (February 2016): Idempotency Everywhere: Designing Safe Retries in Distributed APIs.

  12. Protocol State Machines: Invariants, Events, and Recovery
    January 1, 2016 · 4 min

    Design memo (January 2016): Protocol State Machines: Invariants, Events, and Recovery.