Volution Notes

[remark] Individual URL compression experiment initial thoughts (on 2025-08-19) I've made some experiments with compressing individual URLs, and I describe my initial observations (while comparing to standard compression algorithms).
[remark] EU-based cloud alternatives affordability for small projects and companies (on 2025-08-12) My personal experience in finding affordable EU-based cloud providers for a small personal project. And my pessimistic assessment of the competitiveness in this segment with their USA-based competitors.
[remark] Bot countermeasures impact on the quality of life on the web (on 2025-05-10) About how another instance of "the scientific progress justifies the means", or perhaps "how a corporation milks profits from other people's work", triggers an arms race that piece by piece dismantles the open web, and turns it into walled gardens.
[snippet] Misusing Linux policy based routing for firewalling (on 2024-08-11) Experimenting with Linux policy based routing, i.e. man ip-rule(8), as a stateless firewall substitute.
[remark] Linux UEFI booting simplified (on 2024-08-04) Demystifying the UEFI boot process with a focus on Linux, simplicity, reliability, and security.
[remark] Infineon TPM firmware update on the HP t620 thin client (on 2024-07-25) Updating the Infineon TPM firmware on an HP t620 thin client, which is vulnerable to the ROCA attack (that allows an attacker to recover the RSA private key).
[remark] Musing about a secure computer for sensitive data (on 2024-07-23) How about splitting the usage and storage of sensitive documents and data? Plus a few ideas on how to implement a small custom "secure" computer for the storage part.
[remark] Context binding password-based authentication (on 2024-03-30) Experimenting with password-based authentication implemented directly in Postgres, all sprinkled with a few twists.
[remark] Pre-hashing large password files used with PBKDFs (on 2024-03-13) A subtle, but surprising, realization about password-based key-derivation functions when using long byte sequences as passwords.
[remark] Lightweight container building blocks (on 2023-09-12) Documenting various open-source tools and projects that I've found while experimenting with the Linux container technology.
[remark] Please don't write application launchers in `sh`! (on 2023-09-11) sh is not a programming language! Write application launchers in proper languages!
[remark] We need deterministic installs, not just immutable OSs (on 2023-09-11) Immutable OSs are just a minor step towards reliable OS installations. However, for a complete solution we also need reproducible and thus deterministic installations, which implies cleaning-up and modernizing our package managers.
[remark] Linux becoming a Windows / OSX clone (on 2023-09-07) A rant about the complexity of modern Linux distributions, which places them on par with the opaqueness of Windows and OSX.
Learning before dabbling in applied cryptography (on 2023-05-15) A live document providing learning resources and pointers for those that want to experiment with applied cryptography.
[remark] Misusing random oracles for practical purposes (on 2023-05-13) Experimenting with various real-world instantiations of cryptographic random oracles, with applicability from multi-factor encryption, to database record encryption.
[remark] Experimenting with multi-factor encryption (on 2023-05-12) Prototyping an encryption tool that allows combining multiple encryption factors, from PIN's, passwords, to X25519 pairs, and beyond.
[remark] My biases when choosing open-source tools (on 2023-04-07) I reflect on my preferences when it comes to choosing open-source tools I need to rely upon.
[remark] SSH authorization keys experiments (on 2023-04-02) Experimenting with OpenSSH authorization keys resolution; from skeleton-key providing emergency access, to simple centralized key management.
[remark] Privatizing our digital identities (on 2023-03-09) Trying to make the case for permanent irrevocable digital identities, which unfortunately today, by de-facto, are email addresses.
Another take on the binary to text encoding (on 2023-02-05) A few words about one of my latest open-source projects, z-tokens, that among other thinks, also tries to tackle this problem but providing more added value compared to existing solutions.
Binary to text encoding -- state of the art and missed opportunities (on 2023-02-04) Although many software engineers know about the topic, especially through their exposure to Base64, there are however many issues and missed opportunities not tackled by the broad community.
[remark] Debating deterministic passwords (on 2023-01-25) A few words of caution about storage-free deterministic password managers.
[RE] Containerized deployments, the Death Star of complexity (on 2023-01-24) An interesting take on containerized deployments, contrasted with other similar trajectories in the software engineering history.
[remark] Passwords in deployment or development scripts? (on 2023-01-12) Questions (without definitive answers) about how to securely manage secrets in scripts and development environments?
[remark] Memorable password schemes and patterns? (on 2023-01-11) Questions (without definitive answers) about memorable password schemes and patterns.
[remark] Password strength for offline storage? (on 2023-01-10) Questions (without definitive answers) about password strength (i.e. entropy bits) for offline storage.
[remark] Securing my static site server with seccomp (on 2022-09-11) Given a simple enough HTTP server, and by employing seccomp, one could easily achieve a quite secure(er) server, with a small enough attack surface that the potential attacker might want to look elsewhere in the stack for vulnerabilities.
Static site hosting hurdles (on 2022-09-03) When it comes to static sites, there are a myriad of solutions for authoring and compiling, but talk about hosting these static sites, and we are still in the early 2000s. I discuss the challenges one faces when hosting, and even make a proposal to solve some of these.
[remark] Useful Firefox addons (on 2022-08-13) A few Firefox addons I use on a daily basis.
The many flavors of hashing (on 2022-07-29) About the many types of hash functions, their use-cases, dos and don'ts, with suggestions for currently accepted algorithms.
[remark] On modern laptop requirements (on 2022-04-02)
[remark] The impact of hacktivism / protestware in open-source (on 2022-03-27)
Single binary executable packages (on 2022-01-25) In support of software packages that come in the form of a single binary executable (statically linked or portable), that one can just copy anywhere in ${PATH} and execute, without needing sudo, or downloading half the distribution's packages as dependencies.
Good to know -- issue 2021.02 (on 2021-07-28) Articles and tools I've found interesting in the last few days.
Security through stupidity, Banca Transilvania style (on 2021-03-23) About how the largest romanian bank tries to give its clients a "warm-fuzzy-feeling" of security, that is actually zero in real security terms.
Good to know -- issue 2021.01 (on 2021-02-19) Articles and tools I've found interesting in the last few days.
In Go-land you pay even for what you don't use (on 2021-02-14) About the hidden costs of forced automatic initialization of dependencies. And a plea for library developers (in any language) to think about their global state initialization requirements.
The curious case of shell commands, or how "this bug is required by POSIX" (on 2021-01-03) About the fatal perils and traps of many modern tools that handle "shell commands" as passed through system(3) or sh -c. Or, how by the end of 2020, we still haven't given up on shell's equivalent "SQL building", or how shell's equivalent "SQL injection" still thrives in our engineering world... Plus a glibc bug, then a Linux man pages bug, then a POSIX specification bug...
[snippet] Benchmarking "textual" file compression methods (on 2020-05-05) Trying to identify which compression tool and level yields the "best" outcome for "textual" archival purposes. (Spoiler: "it depends...")
[snippet] Cleaning and compacting Git repositories (on 2020-05-04) How to compact and clean Git repositories of "dangling" commits and objects.
[snippet] Properly sorting FQDNs in Bash (on 2020-05-04) How to properly sort a list of FQDNs in Bash, first by TLD, then by domain, then by sub-domain and so on.
The before time -- microsoft.com (on 2020-03-08) A visual history of microsoft.com (thanks to the Internet Archive and its Wayback Machine).
The before time -- google.com (on 2020-03-07) A visual history of google.com (thanks to the Internet Archive and its Wayback Machine).
Good to know -- issue 2019.02 (on 2019-10-08) Articles and tools I've found interesting in the last few days.
A visual comparison between HTTP/1.1 vs HTTP/2 (on 2019-08-15) A visual comparison between HTTP/1.1 and HTTP/2 in the context of many small resources and with real-world latency.
Exfiltrating Go current goroutine ID (on 2019-08-04) About obtaining Go current goroutine ID, and why sometimes we should trust the developer to do the right thing... Else the developer is forced to embark on a journey that looks more like a mission impossible data exfiltration movie, than a day-to-day job...
Good to know -- issue 2019.01 (on 2019-06-28) Articles and tools I've found interesting in the last few days; and about the start of a new "column".
[RE] Containers Will Not Fix Your Broken Culture (and Other Hard Truths) (on 2019-06-27) About the "DevOps culture" plus related technologies, less about containers, but all about our professional careers as software developers or operators.
Choosing Linux RAID5 chunk size (part 3) -- Ext4 / CDNjs raw data (on 2019-01-24) About choosing the "right" RAID5 chunk size on Linux systems, and related benchmarks. This part provides the raw data from the CDNjs benchmark.
Choosing Linux RAID5 chunk size (part 2) -- the internet's wisdom (on 2019-01-19) About choosing the "right" RAID5 chunk size on Linux systems, and related benchmarks. This part summarizes previous work published by others on the internet.
[RE] The State Of Software Security In 2019 (on 2019-01-16) About an high level overview of the application development security at the end of 2018.
Choosing Linux RAID5 chunk size (part 1) -- block-device level benchmarks (on 2018-12-15) About choosing the "right" RAID5 chunk size on Linux systems, and related benchmarks. This first part presents a few benchmarks at the "block-device" level (i.e. without an actual file-system).
The chronicle of getting text sizing to just work in mobile browsers (on 2018-11-27) About the "sanity" of developing sites that "just work" on mobile devices.
Hello world! (on 2018-11-22) About this site, it's purpose and goals.