<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Eli Grubb · All Writings</title><description>Personal site and writings.</description><link>https://eligrubb.com/</link><language>en-us</language><item><title>Saying the obvious thing</title><link>https://eligrubb.com/writings/bookmarks/2026/saying-the-obvious-thing/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/saying-the-obvious-thing/</guid><description>Link: https://www.seangoedecke.com/saying-the-obvious-thing/</description><pubDate>Sun, 28 Jun 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.seangoedecke.com/saying-the-obvious-thing/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.seangoedecke.com/saying-the-obvious-thing/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;I think the bigger reason it’s hard is for the same reason that it’s hard to
draw what you actually see. When I look at a person and try to draw them, I’m
not drawing the lines and shades my eye sees… I’m drawing what I know the
person looks like, which is a kind of stick-figure approximation. It takes time
and effort to drop the layer of interpretation and draw what’s actually there.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>writing</category><category>technical writing</category><category>communication</category><category>reading</category><author>Eli Grubb</author></item><item><title>So you want to deploy FN-DSA</title><link>https://eligrubb.com/writings/bookmarks/2026/so-you-want-to-deploy-fn-dsa/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/so-you-want-to-deploy-fn-dsa/</guid><description>Link: https://keymaterial.net/2026/05/13/so-you-want-to-deploy-fn-dsa/</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://keymaterial.net/2026/05/13/so-you-want-to-deploy-fn-dsa/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://keymaterial.net/2026/05/13/so-you-want-to-deploy-fn-dsa/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;For the most part, I agree with my fellow cryptography engineers that the best
approach to using FN-DSA is to not. However, prohibition is a failed approach,
whether we are talking about drugs or about cryptography, so, in the interest
of harm reduction, here are the essential caveats for anyone who wants to use
FN-DSA, so that they can do so as safely as possible.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>post-quantum</category><category>reading</category><author>Eli Grubb</author></item><item><title>Proxies all the way down</title><link>https://eligrubb.com/writings/bookmarks/2026/proxies-all-the-way-down/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/proxies-all-the-way-down/</guid><description>Link: https://dadrian.io/blog/posts/exe-github/</description><pubDate>Mon, 27 Apr 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://dadrian.io/blog/posts/exe-github/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://dadrian.io/blog/posts/exe-github/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;I played around with &lt;a href=&quot;https://exe.dev&quot;&gt;exe.dev&lt;/a&gt; this weekend and I’m loving
it so far - hopefully I’ll find the brain space to write about my adventures.
In the meantime, this post from David Adrian demonstrates why &lt;code&gt;exe.dev&lt;/code&gt; is worth
paying attention to among the ocean of ai-hyped infra bets: it’s all in
the details.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>vms</category><category>programming</category><category>cryptography</category><category>IAM</category><category>reading</category><author>Eli Grubb</author></item><item><title>Open source security at Astral</title><link>https://eligrubb.com/writings/bookmarks/2026/open-source-security-at-astral/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/open-source-security-at-astral/</guid><description>Link: https://astral.sh/blog/open-source-security-at-astral</description><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://astral.sh/blog/open-source-security-at-astral&quot; rel=&quot;noopener noreferrer&quot;&gt;https://astral.sh/blog/open-source-security-at-astral&lt;/a&gt;&lt;/p&gt;&lt;p&gt;For no particular reason, I got around to finally reviewing this article from
the uv maintainers. Excellent advice.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>security</category><category>reading</category><category>programming</category><category>ci/cd</category><author>Eli Grubb</author></item><item><title>Quantum Computers Are Not a Threat to 128-bit Symmetric Keys</title><link>https://eligrubb.com/writings/bookmarks/2026/quantum-computers-128-bit-symmetric-keys/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/quantum-computers-128-bit-symmetric-keys/</guid><description>Link: https://words.filippo.io/128-bits/</description><pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://words.filippo.io/128-bits/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://words.filippo.io/128-bits/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;A good reminder.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>quantum</category><category>crqc</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>The Future of Everything is Lies, I Guess</title><link>https://eligrubb.com/writings/bookmarks/2026/future-of-everything-is-lies-i-guess/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/future-of-everything-is-lies-i-guess/</guid><description>Link: https://aphyr.com/posts/411-the-future-of-everything-is-lies-i-guess</description><pubDate>Wed, 15 Apr 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://aphyr.com/posts/411-the-future-of-everything-is-lies-i-guess&quot; rel=&quot;noopener noreferrer&quot;&gt;https://aphyr.com/posts/411-the-future-of-everything-is-lies-i-guess&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;Modern ML models are astonishingly capable, and they are also blithering
idiots. This should not be even slightly controversial.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Kyle Kingsbury recently released the last section of this excellent essay. One
of the better attempts to find a common ground between nuance and truth in this
rapidly shifting new world. Too much for one sitting? The pdf and epub options
are great!&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Some humans are full of LLM-generated material now too—a sort of cognitive
microplastics problem.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>reading</category><category>llms</category><category>programming</category><category>career</category><author>Eli Grubb</author></item><item><title>Thoughts on slowing the fuck down</title><link>https://eligrubb.com/writings/bookmarks/2026/thoughts-on-slowing-the-fuck-down/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/thoughts-on-slowing-the-fuck-down/</guid><description>Link: https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/</description><pubDate>Wed, 25 Mar 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;From Mario Zechner, the creator of the pi coding agent. One of the better
actors when it comes to forming nuanced takes on this rapidly changing, grifter
friendly world.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>llms</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>A tale about fixing eBPF spinlock issues in the Linux kernel</title><link>https://eligrubb.com/writings/bookmarks/2026/fixing-ebpf-spinlock-issues-in-the-linux-kernel/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/fixing-ebpf-spinlock-issues-in-the-linux-kernel/</guid><description>Link: https://rovarma.com/articles/a-tale-about-fixing-ebpf-spinlock-issues-in-the-linux-kernel/</description><pubDate>Wed, 18 Mar 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://rovarma.com/articles/a-tale-about-fixing-ebpf-spinlock-issues-in-the-linux-kernel/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://rovarma.com/articles/a-tale-about-fixing-ebpf-spinlock-issues-in-the-linux-kernel/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>systems</category><category>reading</category><author>Eli Grubb</author></item><item><title>Large-Scale Online Deanonymization with LLMs</title><link>https://eligrubb.com/writings/bookmarks/2026/llm-assisted-deanonymization/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/llm-assisted-deanonymization/</guid><description>Link: https://www.schneier.com/blog/archives/2026/03/llm-assisted-deanonymization.html</description><pubDate>Mon, 02 Mar 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.schneier.com/blog/archives/2026/03/llm-assisted-deanonymization.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.schneier.com/blog/archives/2026/03/llm-assisted-deanonymization.html&lt;/a&gt;&lt;/p&gt;&lt;p&gt;via &lt;a href=&quot;https://www.schneier.com/blog/archives/2026/03/llm-assisted-deanonymization.html&quot;&gt;Schneier on Security&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;Did
&lt;a href=&quot;https://www.theverge.com/news/885773/anthropic-department-of-defense-dod-pentagon-refusal-terms-hegseth-dario-amodei&quot;&gt;recent&lt;/a&gt;
&lt;a href=&quot;https://www.theverge.com/ai-artificial-intelligence/887309/openai-anthropic-dod-military-pentagon-contract-sam-altman-hegseth&quot;&gt;events&lt;/a&gt;
leave you wondering “how could LLMs be useful for spying on citizens”? Here’s
just one concrete example.&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;We show that from a handful of comments, LLMs can infer where you live, what you
do, and your interests – then search for you on the web. In our new research, we
show that this is not only possible but increasingly practical.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Check out the &lt;a href=&quot;https://arxiv.org/abs/2602.16800&quot;&gt;full paper&lt;/a&gt; for details.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>privacy</category><category>llms</category><category>reading</category><author>Eli Grubb</author></item><item><title>Buddy Guy: Tiny Desk Concert</title><link>https://eligrubb.com/writings/bookmarks/2026/buddy-guy-tiny-desk/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/buddy-guy-tiny-desk/</guid><description>Link: https://youtu.be/m5XxOLdMSS8</description><pubDate>Sat, 28 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/m5XxOLdMSS8&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/m5XxOLdMSS8&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Buddy Guy brought the house down at Tiny Desk, with a feature from
rising-superstar Miles Caton.&lt;/p&gt;
&lt;p&gt;Once again, thank you Sinners.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>music</category><category>watching</category><author>Eli Grubb</author></item><item><title>Please, please, please stop using passkeys for encrypting user data</title><link>https://eligrubb.com/writings/bookmarks/2026/please-stop-using-passkeys/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/please-stop-using-passkeys/</guid><description>Link: https://blog.timcappalli.me/p/passkeys-prf-warning/</description><pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://blog.timcappalli.me/p/passkeys-prf-warning/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://blog.timcappalli.me/p/passkeys-prf-warning/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;When you overload a credential used for authentication by also using it for
encryption, the ‘blast radius’ for losing that credential becomes immeasurably
larger.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>passkeys</category><category>reading</category><author>Eli Grubb</author></item><item><title>Cryptography Engineering Has An Intrinsic Duty of Care</title><link>https://eligrubb.com/writings/bookmarks/2026/cryptography-engineering-intrinsic-duty-of-care/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/cryptography-engineering-intrinsic-duty-of-care/</guid><description>Link: https://soatok.blog/2026/02/25/cryptography-engineering-has-an-intrinsic-duty-of-care/</description><pubDate>Wed, 25 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://soatok.blog/2026/02/25/cryptography-engineering-has-an-intrinsic-duty-of-care/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://soatok.blog/2026/02/25/cryptography-engineering-has-an-intrinsic-duty-of-care/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>software engineering</category><category>reading</category><author>Eli Grubb</author></item><item><title>Zero Knowledge (About) Encryption</title><link>https://eligrubb.com/writings/bookmarks/2026/zkae/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/zkae/</guid><description>Link: https://zkae.io/</description><pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://zkae.io/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://zkae.io/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Password managers are an important area with surprisingly little formal analysis
and this work emphasized the importance of fixing that.&lt;/p&gt;
&lt;p&gt;To be presented at Real World Crypto 2026 and published at USENIX Security 2026.&lt;/p&gt;
&lt;p&gt;Full paper can be found here: &lt;a href=&quot;https://eprint.iacr.org/2026/058&quot;&gt;https://eprint.iacr.org/2026/058&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Bitwarden’s blog post on the subject is here: &lt;a href=&quot;https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/&quot;&gt;https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/&lt;/a&gt;&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;1&lt;/span&gt;&lt;/sup&gt;.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-further&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 1&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Specific remediation details can be found in the report linked at the end. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
</content:encoded><category>Bookmarks</category><category>cryptography</category><category>password managers</category><category>reading</category><author>Eli Grubb</author></item><item><title>Bad Bunny: Tiny Desk Concert</title><link>https://eligrubb.com/writings/bookmarks/2026/bad-bunny-tiny-desk/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/bad-bunny-tiny-desk/</guid><description>Link: https://youtu.be/ouuPSxE1hK4</description><pubDate>Sun, 08 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/ouuPSxE1hK4&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/ouuPSxE1hK4&lt;/a&gt;&lt;/p&gt;&lt;p&gt;A super bowl chaser. The only thing more powerful than hate is love.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>music</category><category>watching</category><author>Eli Grubb</author></item><item><title>Fancy cryptography in the wild🎩</title><link>https://eligrubb.com/writings/bookmarks/2026/fancy-cryptography/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/fancy-cryptography/</guid><description>Link: https://github.com/fancy-cryptography/fancy-cryptography</description><pubDate>Sun, 08 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://github.com/fancy-cryptography/fancy-cryptography&quot; rel=&quot;noopener noreferrer&quot;&gt;https://github.com/fancy-cryptography/fancy-cryptography&lt;/a&gt;&lt;/p&gt;&lt;p&gt;via &lt;a href=&quot;https://www.linkedin.com/feed/update/urn:li:activity:7426247916610224128/&quot;&gt;Bas Westerbaan&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;A curated and crowdsourced list of ~*fancy*~ cryptography protocols,
currently deployed at scale.&lt;/p&gt;
&lt;p&gt;Some rabbit holes I’m falling down:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html&quot;&gt;Chrome’s compromised password checks using PSI&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://proton.me/blog/encrypted-email-authentication&quot;&gt;Proton’s user authentication&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://eprint.iacr.org/2023/843&quot;&gt;Whatsapp’s encrypted backups&lt;/a&gt; plus the &lt;a href=&quot;https://www.whatsapp.com/security/WhatsApp_Security_Encrypted_Backups_Whitepaper.pdf&quot;&gt;meta whitepaper&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>resources</category><category>reading</category><author>Eli Grubb</author></item><item><title>WhatsApp Encryption, a Lawsuit, and a Lot of Noise</title><link>https://eligrubb.com/writings/bookmarks/2026/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/</guid><description>Link: https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/</description><pubDate>Tue, 03 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;It’s been more than forty years since Ken Thompson delivered his famous talk,
“&lt;a href=&quot;https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf&quot;&gt;Reflections on Trusting Trust&lt;/a&gt;“,
which pointed out how there is no avoiding some level of trust. Hence the
question here is not: should we trust someone. That decision is already
taken. It’s: should we trust that WhatsApp is not running the biggest fraud in
technology history.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>reading</category><category>watching</category><author>Eli Grubb</author></item><item><title>Look for what&apos;s true</title><link>https://eligrubb.com/writings/bookmarks/2026/look-for-whats-true/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/look-for-whats-true/</guid><description>Link: https://dubroy.com/blog/look-for-whats-true/</description><pubDate>Sun, 01 Feb 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://dubroy.com/blog/look-for-whats-true/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://dubroy.com/blog/look-for-whats-true/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Advice as old as time but I often forget. Placed well in the context of today’s
workplace.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>career</category><category>reading</category><author>Eli Grubb</author></item><item><title>So, You’ve Hit an Age Gate. What Now?</title><link>https://eligrubb.com/writings/bookmarks/2026/so-youve-hit-an-age-gate-what-now/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/so-youve-hit-an-age-gate-what-now/</guid><description>Link: https://www.eff.org/deeplinks/2026/01/so-youve-hit-age-gate-what-now</description><pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.eff.org/deeplinks/2026/01/so-youve-hit-age-gate-what-now&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.eff.org/deeplinks/2026/01/so-youve-hit-age-gate-what-now&lt;/a&gt;&lt;/p&gt;&lt;p&gt;The EFF also has an &lt;a href=&quot;https://www.eff.org/issues/age-verification&quot;&gt;age verification resource
hub&lt;/a&gt;. As usual, it’s full of good
resources and advice.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>privacy</category><category>reading</category><category>eff</category><author>Eli Grubb</author></item><item><title>LLMs and your career</title><link>https://eligrubb.com/writings/bookmarks/2026/llms-and-your-career/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/llms-and-your-career/</guid><description>Link: https://notes.eatonphil.com/2026-01-19-llms-and-your-career.html</description><pubDate>Tue, 20 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://notes.eatonphil.com/2026-01-19-llms-and-your-career.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://notes.eatonphil.com/2026-01-19-llms-and-your-career.html&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;The jobs that were dependent on fundamentals of software aren’t going to stop
being dependent on fundamentals of software … if you like doing software
development, I don’t think interesting software development jobs are going to
go away.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>llms</category><category>ai</category><category>career</category><category>hopecore</category><category>reading</category><author>Eli Grubb</author></item><item><title>The State of OpenSSL for &lt;code&gt;pyca/cryptography&lt;/code&gt;</title><link>https://eligrubb.com/writings/bookmarks/2026/state-of-openssl-pyca-cryptography/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/state-of-openssl-pyca-cryptography/</guid><description>Link: https://cryptography.io/en/latest/statements/state-of-openssl/</description><pubDate>Wed, 14 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://cryptography.io/en/latest/statements/state-of-openssl/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://cryptography.io/en/latest/statements/state-of-openssl/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;More recommended reading linked within:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;https://www.haproxy.com/blog/state-of-ssl-stacks&quot;&gt;The State of SSL Stacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/ctz/graviola&quot;&gt;Graviola: High quality, fast and easy to build cryptography for Rust&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>Daniel Caesar: Tiny Desk Concert</title><link>https://eligrubb.com/writings/bookmarks/2026/daniel-caesar-tiny-desk/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/daniel-caesar-tiny-desk/</guid><description>Link: https://youtu.be/rMWjbb2l5BE</description><pubDate>Thu, 08 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/rMWjbb2l5BE&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/rMWjbb2l5BE&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Daniel Caesar returned to Tiny Desk this week 😌&lt;/p&gt;
&lt;p&gt;Also worth revisiting his first appearance from 2018: &lt;a href=&quot;https://youtu.be/PBKa-AAy_vo&quot;&gt;https://youtu.be/PBKa-AAy_vo&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>music</category><category>watching</category><author>Eli Grubb</author></item><item><title>University of Utah finds tape with only known copy of UNIX V4 hidden in storage</title><link>https://eligrubb.com/writings/bookmarks/2026/university-of-utah-unix-v4-tape/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/university-of-utah-unix-v4-tape/</guid><description>Link: https://www.sltrib.com/news/education/2026/01/07/university-utah-finds-tape-with/</description><pubDate>Wed, 07 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.sltrib.com/news/education/2026/01/07/university-utah-finds-tape-with/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.sltrib.com/news/education/2026/01/07/university-utah-finds-tape-with/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;Hidden in storage, a University of Utah research associate happened upon the only known copy of this ‘revolutionary’ software&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Stories like this revitalize my love for computing PLUS it’s great seeing the Flux research group highlighted 🫶.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>reading</category><category>history</category><author>Eli Grubb</author></item><item><title>Internet Security Research Group (ISRG) 2025 Annual Report</title><link>https://eligrubb.com/writings/bookmarks/2026/isrg-2025-annual-report/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/isrg-2025-annual-report/</guid><description>Link: https://www.abetterinternet.org/documents/2025-ISRG-Annual-Report.pdf</description><pubDate>Tue, 06 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.abetterinternet.org/documents/2025-ISRG-Annual-Report.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.abetterinternet.org/documents/2025-ISRG-Annual-Report.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;A cool reminder that Let’s Encrypt, Divvi Up, and Prossimo are all run by the same org.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>systems</category><category>reading</category><author>Eli Grubb</author></item><item><title>What can strong engineers do that weak engineers can&apos;t?</title><link>https://eligrubb.com/writings/bookmarks/2026/strong-weak-engineers/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2026/strong-weak-engineers/</guid><description>Link: https://www.seangoedecke.com/weak-engineers/</description><pubDate>Tue, 06 Jan 2026 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.seangoedecke.com/weak-engineers/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.seangoedecke.com/weak-engineers/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;One way to tell a weak engineer in a discussion thread about some problem is to
see who is bringing in specific facts about how the system currently works, and
who is making purely general recommendations that could apply to any system.
If their messages could all be public tweets, they’re probably not adding much
value.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>reading</category><category>career</category><author>Eli Grubb</author></item><item><title>Against Cipher Agility in Cryptography Protocols (2019)</title><link>https://eligrubb.com/writings/bookmarks/2025/against-cipher-agility-in-crypto-protocols/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/against-cipher-agility-in-crypto-protocols/</guid><description>Link: https://paragonie.com/blog/2019/10/against-agility-in-cryptography-protocols</description><pubDate>Mon, 29 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://paragonie.com/blog/2019/10/against-agility-in-cryptography-protocols&quot; rel=&quot;noopener noreferrer&quot;&gt;https://paragonie.com/blog/2019/10/against-agility-in-cryptography-protocols&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>secure design</category><category>reading</category><author>Eli Grubb</author></item><item><title>Behind the Scenes with iOS Security (2016)</title><link>https://eligrubb.com/writings/bookmarks/2025/behind-the-scenes-ios-security/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/behind-the-scenes-ios-security/</guid><description>Link: https://blackhat.com/docs/us-16/materials/us-16-Krstic.pdf</description><pubDate>Mon, 29 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://blackhat.com/docs/us-16/materials/us-16-Krstic.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://blackhat.com/docs/us-16/materials/us-16-Krstic.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Ivan Krstić at Black Hat 2016, &lt;a href=&quot;https://youtu.be/BLGFriOKz6U&quot;&gt;video available&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>memory safety</category><category>cryptography</category><category>zeroization</category><category>watching</category><author>Eli Grubb</author></item><item><title>It&apos;s not your codebase</title><link>https://eligrubb.com/writings/bookmarks/2025/its-not-your-codebase/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/its-not-your-codebase/</guid><description>Link: https://www.seangoedecke.com/not-your-codebase/</description><pubDate>Mon, 29 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.seangoedecke.com/not-your-codebase/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.seangoedecke.com/not-your-codebase/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>Signatures are like backups (2024)</title><link>https://eligrubb.com/writings/bookmarks/2025/signatures-are-like-backups/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/signatures-are-like-backups/</guid><description>Link: https://alexgaynor.net/2024/sep/09/signatures-are-like-backups/</description><pubDate>Mon, 29 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://alexgaynor.net/2024/sep/09/signatures-are-like-backups/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://alexgaynor.net/2024/sep/09/signatures-are-like-backups/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>systems</category><category>reading</category><author>Eli Grubb</author></item><item><title>Key Transparency: Introduction, recent results, and active research areas - Melissa Chase</title><link>https://eligrubb.com/writings/bookmarks/2025/key-transparency-introduction-recent-results-melissa-chase/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/key-transparency-introduction-recent-results-melissa-chase/</guid><description>Link: https://youtu.be/GKn0wqwQHCw</description><pubDate>Tue, 23 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/GKn0wqwQHCw&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/GKn0wqwQHCw&lt;/a&gt;&lt;/p&gt;&lt;p&gt;The legendary Melissa Chase recently gave a perfect introduction to Key Transparency, including recent results/active areas.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>transparency</category><category>watching</category><category>key management</category><author>Eli Grubb</author></item><item><title>Building a Transparent Keyserver</title><link>https://eligrubb.com/writings/bookmarks/2025/building-a-transparent-keyserver/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/building-a-transparent-keyserver/</guid><description>Link: https://words.filippo.io/keyserver-tlog/</description><pubDate>Sat, 20 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://words.filippo.io/keyserver-tlog/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://words.filippo.io/keyserver-tlog/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>transparency</category><category>cryptography</category><category>key management</category><category>reading</category><author>Eli Grubb</author></item><item><title>Invisible Salamanders Are Not What You Think (2024)</title><link>https://eligrubb.com/writings/bookmarks/2025/invisible-salamanders-are-not-what-you-think/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/invisible-salamanders-are-not-what-you-think/</guid><description>Link: https://soatok.blog/2024/09/10/invisible-salamanders-are-not-what-you-think/</description><pubDate>Sat, 20 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://soatok.blog/2024/09/10/invisible-salamanders-are-not-what-you-think/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://soatok.blog/2024/09/10/invisible-salamanders-are-not-what-you-think/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>key management</category><category>reading</category><author>Eli Grubb</author></item><item><title>Picking parameters (2022)</title><link>https://eligrubb.com/writings/bookmarks/2025/picking-parameters/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/picking-parameters/</guid><description>Link: https://www.imperialviolet.org/2022/03/15/pickingparameters.html</description><pubDate>Sat, 20 Dec 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.imperialviolet.org/2022/03/15/pickingparameters.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.imperialviolet.org/2022/03/15/pickingparameters.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>Experimenting with Post-Quantum Cryptography</title><link>https://eligrubb.com/writings/bookmarks/2025/experimenting-with-post-quantum-cryptography-wolfssl/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/experimenting-with-post-quantum-cryptography-wolfssl/</guid><description>Link: https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>post-quantum cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>Your job is to deliver code you have proven to work</title><link>https://eligrubb.com/writings/bookmarks/2025/your-job-deliver-code-proven-to-work/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/your-job-deliver-code-proven-to-work/</guid><description>Link: https://simonwillison.net/2025/Dec/18/code-proven-to-work/</description><pubDate>Tue, 18 Nov 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://simonwillison.net/2025/Dec/18/code-proven-to-work/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://simonwillison.net/2025/Dec/18/code-proven-to-work/&lt;/a&gt;&lt;/p&gt;&lt;blockquote&gt;
&lt;p&gt;We need to deliver code that works—and we need to include proof that it works
as well. Not doing that directly shifts the burden of the actual work to whoever
is expected to review our code.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>llms</category><category>reading</category><author>Eli Grubb</author></item><item><title>What Every Programmer Should Know about How CPUs Work • Matt Godbolt</title><link>https://eligrubb.com/writings/bookmarks/2025/what-every-programmer-should-know-about-how-cpus-work/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/what-every-programmer-should-know-about-how-cpus-work/</guid><description>Link: https://youtu.be/-HNpim5x-IE</description><pubDate>Wed, 12 Nov 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/-HNpim5x-IE&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/-HNpim5x-IE&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>systems</category><category>programming</category><category>watching</category><author>Eli Grubb</author></item><item><title>The Typestate Pattern in Rust</title><link>https://eligrubb.com/writings/bookmarks/2025/typestate-pattern-in-rust/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/typestate-pattern-in-rust/</guid><description>Link: https://cliffle.com/blog/rust-typestate/</description><pubDate>Fri, 07 Nov 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://cliffle.com/blog/rust-typestate/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://cliffle.com/blog/rust-typestate/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Cryptography-specific chaser: &lt;a href=&quot;https://blog.patternsinthevoid.net/index.html&quot;&gt;Implementing As-Safe-As-Possible, Misuse-Resistant Cryptographic Libraries: Part I&lt;/a&gt;.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>rust</category><category>programming</category><category>secure design</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>clipping.: Tiny Desk Concert</title><link>https://eligrubb.com/writings/bookmarks/2025/clipping-tiny-desk/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/clipping-tiny-desk/</guid><description>Link: https://youtu.be/h0-k7vW9Xek</description><pubDate>Wed, 05 Nov 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/h0-k7vW9Xek&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/h0-k7vW9Xek&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>music</category><category>watching</category><author>Eli Grubb</author></item><item><title>Arenas in Rust (2021)</title><link>https://eligrubb.com/writings/bookmarks/2025/arenas-in-rust/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/arenas-in-rust/</guid><description>Link: https://manishearth.github.io/blog/2021/03/15/arenas-in-rust/</description><pubDate>Thu, 16 Oct 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://manishearth.github.io/blog/2021/03/15/arenas-in-rust/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://manishearth.github.io/blog/2021/03/15/arenas-in-rust/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>rust</category><category>memory-management</category><category>reading</category><author>Eli Grubb</author></item><item><title>Too Much Crypto (2019)</title><link>https://eligrubb.com/writings/bookmarks/2025/too-much-crypto/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/too-much-crypto/</guid><description>Link: https://eprint.iacr.org/2019/1492.pdf</description><pubDate>Sun, 05 Oct 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2019/1492.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://eprint.iacr.org/2019/1492.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href=&quot;https://x.com/veorq/status/1974809904985649246&quot;&gt;JP Aumasson on Too Much Crypto in 2025&lt;/a&gt;:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Too Much Crypto hasnt aged … [as expected, just diminishing returns from incremental high-complexity/memory cryptanalysis.]&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>Should I Switch From Git to Jujutsu?</title><link>https://eligrubb.com/writings/bookmarks/2025/should-i-switch-git-to-jujutsu/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/should-i-switch-git-to-jujutsu/</guid><description>Link: https://etodd.io/2025/10/02/should-i-switch-from-git-to-jujutsu/</description><pubDate>Thu, 02 Oct 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://etodd.io/2025/10/02/should-i-switch-from-git-to-jujutsu/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://etodd.io/2025/10/02/should-i-switch-from-git-to-jujutsu/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>jj</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>The UK Is Still Trying to Backdoor Encryption for Apple Users</title><link>https://eligrubb.com/writings/bookmarks/2025/uk-still-trying-to-backdoor-apple-encryption/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/uk-still-trying-to-backdoor-apple-encryption/</guid><description>Link: https://www.eff.org/deeplinks/2025/10/uk-still-trying-backdoor-encryption-apple-users</description><pubDate>Wed, 01 Oct 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.eff.org/deeplinks/2025/10/uk-still-trying-backdoor-encryption-apple-users&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.eff.org/deeplinks/2025/10/uk-still-trying-backdoor-encryption-apple-users&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>privacy</category><category>eff</category><category>reading</category><author>Eli Grubb</author></item><item><title>Don&apos;t wait for FHE, encryption-in-use is possible today*!</title><link>https://eligrubb.com/writings/thoughts/2025/encryption-in-use-today/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2025/encryption-in-use-today/</guid><description>Don&apos;t wait for FHE, encryption-in-use is possible today*!</description><pubDate>Fri, 26 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;* This post is an extension of a recent
&lt;a href=&quot;https://x.com/grubbbyte/status/1972824596039786803&quot;&gt;social&lt;/a&gt;
&lt;a href=&quot;https://bsky.app/profile/eligrubb.com/post/3lzzchs7vbs2g&quot;&gt;media&lt;/a&gt;
&lt;a href=&quot;https://www.threads.com/@elijahlloydgrubb/post/DPNPJnLjKy8&quot;&gt;thread&lt;/a&gt;.*&lt;/p&gt;
&lt;p&gt;Fully Homomorphic Encryption (FHE) is really cool!
&lt;a href=&quot;https://www.youtube.com/@lauriewired&quot;&gt;LaurieWired&lt;/a&gt;’s recent thread on the topic
has great pointers,
&lt;a href=&quot;https://bsky.app/profile/lauriewired.bsky.social/post/3lzootjhrfc2l&quot;&gt;check&lt;/a&gt;-&lt;a href=&quot;https://www.threads.com/@lauriewired/post/DPCX9oUklk8&quot;&gt;it&lt;/a&gt;-&lt;a href=&quot;https://x.com/lauriewired/status/1971293688786755926&quot;&gt;out&lt;/a&gt;!&lt;/p&gt;
&lt;p&gt;However, FHE isn’t the only answer to “encryption-in-use”. Other solutions exist
that are efficient, employ well-established cryptography, and are deployable
today!&lt;/p&gt;
&lt;p&gt;There is just one small catch:&lt;/p&gt;
&lt;h2 id=&quot;why-not-fhe&quot;&gt;Why &lt;em&gt;not&lt;/em&gt; FHE?&lt;/h2&gt;
&lt;p&gt;&lt;img alt=&quot;mizu arms&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;3024&quot; height=&quot;4032&quot; src=&quot;https://eligrubb.com/_astro/mizu_arms.NUs7kttu_2n05V4.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;FHE’s draw comes from its universality, it’s called &lt;em&gt;fully&lt;/em&gt; homomorphic
encryption for a reason. But performance concerns in practical use are real.&lt;/p&gt;
&lt;p&gt;Laurie references the recent speedups; unfortunately most of the breakthroughs
fail to address the complexity inherent to FHE, instead optimizing constant
factors.&lt;/p&gt;
&lt;p&gt;For example, Zama’s recent blog post&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;1&lt;/span&gt;&lt;/sup&gt; cites impressive speed ups to 64-bit
encrypted addition and multiplication, clocking in at 8.7 milliseconds and 32
milliseconds per operation, respectively.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-zama&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 1&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://www.zama.ai/post/bootstrapping-tfhe-ciphertexts-in-less-than-one-millisecond&quot;&gt;https://www.zama.ai/post/bootstrapping-tfhe-ciphertexts-in-less-than-one-millisecond&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;&lt;img alt=&quot;zama 64-bit add and mul benchmarks&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;2534&quot; height=&quot;1094&quot; src=&quot;https://eligrubb.com/_astro/zama-fhe-add-mul-bench-hq.ov76A58Q_ZVW4f9.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;That’s a real performance improvement and awesome to see! I recommend you
check out the full post for all the juicy details.&lt;/p&gt;
&lt;p&gt;But Zama’s experiments were on an AWS &lt;code&gt;hpc7a.96xlarge&lt;/code&gt; instance, with 192 cores
and 768 GiB of memory,&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;2&lt;/span&gt;&lt;/sup&gt; so let’s compare it with unencrypted &lt;code&gt;add&lt;/code&gt; and &lt;code&gt;mul&lt;/code&gt;
on Apple’s 2020 M1 chip.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-aws&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 2&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://aws.amazon.com/ec2/instance-types/hpc7a/&quot;&gt;https://aws.amazon.com/ec2/instance-types/hpc7a/&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;An M1 addition is ~1 cycle, and multiplication is ~3 cycles.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;3&lt;/span&gt;&lt;/sup&gt; On
a 3.2Ghz chip, a.k.a. 3.2 billion cycles per second, that’s 0.3125 nanoseconds
or 0.0003125 microseconds or 0.0000003125 milliseconds per add. And 0.9375
nanoseconds or 0.0009375 nanoseconds or 0.0000009375 milliseconds per
mul. This doesn’t take into account the M1’s multiple cores or the CPU’s
internal parallelism.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;4&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-firestorm&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 3&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://dougallj.github.io/applecpu/firestorm-int.html&quot;&gt;https://dougallj.github.io/applecpu/firestorm-int.html&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;&lt;aside id=&quot;sidecar-footnote-cpu&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 4&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Modern CPU’s can actually progress on more than one instruction per
cycle. If you, like me until an embarrassing age, didn’t know that, check out
the &lt;a href=&quot;https://computerenhance.com&quot;&gt;performance-aware programming series&lt;/a&gt; for
more. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;That’s a 27,840,000-34,133,133X gap between FHE and unencrypted computation,
and the gap only grows more plain as the computation grows in
complexity.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;5&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-silicon&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 5&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;In particular, the decision to invest heavily in custom hardware is
a fun one to overanalyze. Although insanely cool, creating your own silicon is
not cheap. To me, the armchair cryptographer, it reads as a lack of confidence
that the theoretical complexity of FHE will meaningly improve in the near
future. So money is hedging its bets by investing R&amp;#x26;D elsewhere. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;However, many people much smarter than I are all in on FHE, and I’m still
bullish on it long term.&lt;/p&gt;
&lt;h2 id=&quot;if-not-fhe-then-what&quot;&gt;If not FHE, then what?&lt;/h2&gt;
&lt;p&gt;&lt;img alt=&quot;mizu glare&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;3120&quot; height=&quot;2080&quot; src=&quot;https://eligrubb.com/_astro/mizu_glare.D4AJrwUo_aBnmC.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;So what can we do, in practice, today?&lt;/p&gt;
&lt;p&gt;The term fully homomorphic encryption begs the question, is there such a thing
as partially or somewhat homomorphic encryption? Yes!&lt;/p&gt;
&lt;p&gt;System design is all about compromise. By softening some of FHE’s guarantees
(universal applicability, specific security properties) other approaches
gain performance. While these schemes aren’t universal, they address a large
percentage of the everyday computation many businesses are doing. And many only
have a performance overhead of 5-30%!&lt;/p&gt;
&lt;h3 id=&quot;searchable-encryption&quot;&gt;Searchable Encryption&lt;/h3&gt;
&lt;p&gt;An underrated approach is Searchable Encryption (SE). With SE, you can search,
filter, and perform analytics on structured data. SE isn’t applicable to every
possible computation over encrypted data, but some of the most common (sum, avg,
count, min, max) have realistic solutions.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;6&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-sesurvey&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 6&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;I recommend reading &lt;a href=&quot;https://dl.acm.org/doi/10.1145/3617991&quot;&gt;this excellent recent
survey&lt;/a&gt; and following the citations and
follow-up work of whatever interests you. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;From startups like Blind Insight&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;7&lt;/span&gt;&lt;/sup&gt; to big companies like
MongoDB’s Queryable Encryption,&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;8&lt;/span&gt;&lt;/sup&gt; searchable encryption is about to
hit production-ready.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-blindinsight&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 7&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://www.blindinsight.com/&quot;&gt;https://www.blindinsight.com/&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;&lt;aside id=&quot;sidecar-footnote-mongodb&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 8&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://www.mongodb.com/docs/manual/core/queryable-encryption/&quot;&gt;https://www.mongodb.com/docs/manual/core/queryable-encryption/&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;h3 id=&quot;oblivious-ram&quot;&gt;Oblivious RAM&lt;/h3&gt;
&lt;p&gt;“Oblivious” computation comes from relaxing the strict security guarantees of
encryption.&lt;/p&gt;
&lt;p&gt;While encryption guarantees complete secrecy, oblivious schemes only guarantee
indistinguishability from “similar” computation patterns. Your data and
operations aren’t completely private, but you still get a haze of deniability in
return for performance gains.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;9&lt;/span&gt;&lt;/sup&gt; &lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;10&lt;/span&gt;&lt;/sup&gt; Oblivious RAM (ORAM) is an
oblivious scheme built for general computation.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;11&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-ringoram&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 9&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2014/997&quot;&gt;https://eprint.iacr.org/2014/997&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;&lt;aside id=&quot;sidecar-footnote-pathoram&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 10&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2013/280&quot;&gt;https://eprint.iacr.org/2013/280&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;&lt;aside id=&quot;sidecar-footnote-oram&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 11&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://dl.acm.org/doi/pdf/10.1145/100216.100289&quot;&gt;https://dl.acm.org/doi/pdf/10.1145/100216.100289&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;There’s even brand new research that combines SE and ORAM techniques to enable
semantic text search over encrypted data via a privacy-preserving Retrieval
Augmented Generation (RAG) system.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;12&lt;/span&gt;&lt;/sup&gt; RAGs are a hot topic today due to
their relevance in vector databases and LLMs. End-to-end encrypted vector database
soon? 👀&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-compass&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 12&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2024/1255&quot;&gt;https://eprint.iacr.org/2024/1255&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;h3 id=&quot;somewhat-homormorphic-encryption&quot;&gt;Somewhat Homormorphic Encryption&lt;/h3&gt;
&lt;p&gt;It turns out, &lt;em&gt;Somewhat&lt;/em&gt; Homomorphic Encryption (SHE) is a real, formally defined,
thing! Instead of restricting the &lt;em&gt;type&lt;/em&gt; of encryption, SHE sets a maximum on
the &lt;em&gt;complexity&lt;/em&gt; of the possible computations over encrypted data.&lt;/p&gt;
&lt;p&gt;By setting a upper bound at initialization, cryptographic system designers can
make assumptions that allow for optimizations to the total system’s
performance complexity.&lt;/p&gt;
&lt;p&gt;SHE is still an emerging area of research, gaining popularity in recent years,
with regular exciting theoretical breakthroughs.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;13&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-she&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 13&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2024/1760&quot;&gt;https://eprint.iacr.org/2024/1760&lt;/a&gt; &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;h2 id=&quot;conclusion&quot;&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;&lt;img alt=&quot;mizu grug&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;3024&quot; height=&quot;4032&quot; src=&quot;https://eligrubb.com/_astro/mizu_grug.BWGo2j15_Z2vSSCM.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;I didn’t even scratch the surface on the nifty tricks and applications of
these schemes. And there are other, adjacent, techniques I didn’t have time
to mention.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;14&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-other&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 14&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Multi-party computation, linearly homomorphic encryption,
homomorphic secret sharing and private information retrieval first come to
mind as techniques with dense histories, that have potential applications to
encryption-in-use schemes. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;&lt;strong&gt;Feedback&lt;/strong&gt;: If you’re interested in any research I’ve mentioned
here, if I forgot your favorite primitive/protocol, or if you’d like to
disuss anything related to applied cryptography and systems &lt;a href=&quot;mailto:folkcrypto@eligrubb.com&quot;&gt;send me an
email&lt;/a&gt;.&lt;/p&gt;
</content:encoded><category>Thoughts</category><category>programming</category><category>cryptography</category><category>fully homomorphic encryption</category><category>encryption-in-use</category><category>searchable encryption</category><category>somewhat homomorphic encryption</category><category>oram</category><author>Eli Grubb</author></item><item><title>A Tour of WebAuthn (2024)</title><link>https://eligrubb.com/writings/bookmarks/2025/a-tour-of-webauthn/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/a-tour-of-webauthn/</guid><description>Link: https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html</description><pubDate>Wed, 24 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>passkeys</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>Shooting Moving Masters Zemeckis Style (2021)</title><link>https://eligrubb.com/writings/bookmarks/2025/shooting-moving-masters-zemeckis-style/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/shooting-moving-masters-zemeckis-style/</guid><description>Link: https://youtu.be/lhyV097_Q-g</description><pubDate>Mon, 22 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/lhyV097_Q-g&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/lhyV097_Q-g&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>filmmaking</category><category>movies</category><category>watching</category><author>Eli Grubb</author></item><item><title>Don&apos;t write bugs</title><link>https://eligrubb.com/writings/bookmarks/2025/dont-write-bugs/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/dont-write-bugs/</guid><description>Link: https://www.teamten.com/lawrence/programming/dont-write-bugs.html</description><pubDate>Fri, 19 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.teamten.com/lawrence/programming/dont-write-bugs.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.teamten.com/lawrence/programming/dont-write-bugs.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>programming</category><category>debugging</category><category>reading</category><author>Eli Grubb</author></item><item><title>&lt;code&gt;TIGER_STYLE&lt;/code&gt;</title><link>https://eligrubb.com/writings/bookmarks/2025/tiger-style/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/tiger-style/</guid><description>Link: https://github.com/tigerbeetle/tigerbeetle/blob/main/docs/TIGER_STYLE.md</description><pubDate>Wed, 17 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://github.com/tigerbeetle/tigerbeetle/blob/main/docs/TIGER_STYLE.md&quot; rel=&quot;noopener noreferrer&quot;&gt;https://github.com/tigerbeetle/tigerbeetle/blob/main/docs/TIGER_STYLE.md&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Add asserts everywhere.&lt;/p&gt;
&lt;p&gt;Also see matklad’s &lt;a href=&quot;https://matklad.github.io/2023/10/06/what-is-an-invariant.html&quot;&gt;What is an Invariant?&lt;/a&gt;.&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>zig</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>Burroughs&apos; B6500/B7500 stack mechanism (1968)</title><link>https://eligrubb.com/writings/bookmarks/2025/burroughs-stack-mechanism/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/burroughs-stack-mechanism/</guid><description>Link: https://people.eecs.berkeley.edu/~culler/courses/cs252-s05/papers/burroughs.pdf</description><pubDate>Tue, 16 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://people.eecs.berkeley.edu/~culler/courses/cs252-s05/papers/burroughs.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://people.eecs.berkeley.edu/~culler/courses/cs252-s05/papers/burroughs.pdf&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>mainframes</category><category>history</category><category>reading</category><category>systems</category><author>Eli Grubb</author></item><item><title>Lord of the &lt;code&gt;io_uring&lt;/code&gt;</title><link>https://eligrubb.com/writings/bookmarks/2025/lord-of-the-io_uring/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/lord-of-the-io_uring/</guid><description>Link: https://unixism.net/loti/index.html</description><pubDate>Wed, 10 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://unixism.net/loti/index.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://unixism.net/loti/index.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>systems</category><category>linux</category><category>async</category><category>reading</category><author>Eli Grubb</author></item><item><title>&lt;code&gt;Scrypt&lt;/code&gt; is Maximally Memory-Hard (2016)</title><link>https://eligrubb.com/writings/bookmarks/2025/scrypt-is-maximally-memory-hard/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/scrypt-is-maximally-memory-hard/</guid><description>Link: https://eprint.iacr.org/2016/989.pdf</description><pubDate>Wed, 10 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2016/989.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://eprint.iacr.org/2016/989.pdf&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>cryptography</category><category>kdfs</category><category>reading</category><author>Eli Grubb</author></item><item><title>Inside Zig&apos;s New Writer</title><link>https://eligrubb.com/writings/bookmarks/2025/inside-zigs-new-writer/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/inside-zigs-new-writer/</guid><description>Link: https://joegm.github.io/blog/inside-zigs-new-writer-interface/</description><pubDate>Wed, 03 Sep 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://joegm.github.io/blog/inside-zigs-new-writer-interface/&quot; rel=&quot;noopener noreferrer&quot;&gt;https://joegm.github.io/blog/inside-zigs-new-writer-interface/&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>zig</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>&quot;Clean&quot; Code, Horrible Performance (2023)</title><link>https://eligrubb.com/writings/bookmarks/2025/clean-code-horrible-performance/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/clean-code-horrible-performance/</guid><description>Link: https://youtu.be/tD5NrevFtbU</description><pubDate>Tue, 26 Aug 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://youtu.be/tD5NrevFtbU&quot; rel=&quot;noopener noreferrer&quot;&gt;https://youtu.be/tD5NrevFtbU&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>zig</category><category>programming</category><category>watching</category><author>Eli Grubb</author></item><item><title>TIL: Testing Secure Zeroization in Zig with Custom Memory Allocators</title><link>https://eligrubb.com/writings/notes/2025/til-zig-custom-memory-allocator/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2025/til-zig-custom-memory-allocator/</guid><description>Learn how a custom Zig allocator can automatically verify zeroization and catch memory leaks in your security-critical code.</description><pubDate>Wed, 20 Aug 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;or, How Zig’s explicit memory management makes it easy to test your sanitization
guarantee&lt;/p&gt;
&lt;p&gt;While &lt;a href=&quot;https://x.com/grubbbyte/status/1935793372679356447&quot;&gt;spending the summer learning
Zig&lt;/a&gt; I have come to love
and appreciate one of the language’s core philosophies: what you see is what
you get.&lt;/p&gt;
&lt;p&gt;In Zig, there’s no operator overloading and memory allocations are always
explicit. Simply reading the code should reveal &lt;em&gt;exactly&lt;/em&gt; what your software is
instructing the computer to do. If a library allocates memory, the idiomatic
approach is to accept a memory allocator as an input, so callers can pick the
memory management strategy that matches the end use-case.&lt;/p&gt;
&lt;p&gt;There are exceptions,&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;1&lt;/span&gt;&lt;/sup&gt; and other languages have reasons they allow
such abstractions, but I’ve enjoyed working in this style. It aligns well with
my current interests and experience. When I return to other, more “sugary”,
languages, using Zig has improved my feel for where the “hidden” allocations
and functionality are.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-nerd&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 1&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Well 🫵, actually ☝️, &lt;em&gt;any&lt;/em&gt; language at all is an abstraction and,
therefore 🤓, a lie 😌. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;h2 id=&quot;an-idea-begins-to-form&quot;&gt;An idea begins to form&lt;/h2&gt;
&lt;p&gt;In particular, this is useful for &lt;strong&gt;testing that your custom memory
management strategies are, actually, working&lt;/strong&gt;. My first “real” Zig project, the
&lt;a href=&quot;https://github.com/eligrubb/zecrecy&quot;&gt;Zecrecy&lt;/a&gt; library, zeros out sensitive
data before freeing the memory to &lt;a href=&quot;https://dwheeler.com/essays/heartbleed.html#overwrite-critical&quot;&gt;mitigate the
impact&lt;/a&gt; of
Heartbleed-style vulnerabilities.&lt;/p&gt;
&lt;p&gt;Because Zig is explicit and its docs are still maturing, you are reading the
standard library’s source code by the time you build much more than “hello
world”.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;2&lt;/span&gt;&lt;/sup&gt; I’d read the code for the &lt;code&gt;std.mem.Allocator&lt;/code&gt; interface, along
with several of the allocator implementations in the standard library, so I
felt confident enough to try it when the idea popped into my head: a custom
allocator that panics if asked to free non-zero memory.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-mh&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 2&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;I recently heard &lt;a href=&quot;https://mitchellh.com/&quot;&gt;Mitchell Hashimoto&lt;/a&gt; on a
podcast say when he’s learning a new language, his first step is to read
the standard library. After, effectively, being forced to do so to truly learn
Zig, I’m ready to co-sign this approach (&lt;a href=&quot;https://x.com/grubbbyte/status/1957989330166992944&quot;&gt;massive
news&lt;/a&gt;, I know). I need to
try with at least one more language to be sure - Zig, by design, is relatively
simple. Reading the standard library too early could be unnecessarily
overwhelming in some other languages. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;Of course, this is not a novel idea. I learned it from the Zig Standard
Library’s testing &lt;code&gt;Allocator&lt;/code&gt;, a nifty implementation that takes advantage of
Zig’s memory management paradigm. In testing, use &lt;code&gt;std.testing.allocator&lt;/code&gt; when
a call requests a memory allocator. The test will panic if the
allocator detects any memory leaks during testing.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;3&lt;/span&gt;&lt;/sup&gt;&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-leak&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 3&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;So far, this has only caught &lt;code&gt;defer .deinit()&lt;/code&gt; statements missing from
the tests themselves. But, that helped build the habit of using Zig’s
&lt;code&gt;defer&lt;/code&gt; keyword and memory management style. It’s because of this, and very
nice feedback on Zig’s discord (thank you @silversquirl), that I built the
&lt;code&gt;Zecrecy&lt;/code&gt; library around a &lt;code&gt;defer .deinit()&lt;/code&gt; management pattern. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;To improve Zecrecy’s testing quality, I wrote
&lt;a href=&quot;https://github.com/eligrubb/zecrecy/blob/trunk/src/testing/ZerosOnlyAllocator.zig&quot;&gt;ZerosOnlyAllocator&lt;/a&gt;.
It’s pretty simple, it wraps a child allocator to handle the actual
allocations. This has a couple benefits:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;I don’t have to write my own allocation logic just for a bit of testing,
and&lt;/li&gt;
&lt;li&gt;If the child allocator is &lt;code&gt;std.testing.allocator&lt;/code&gt;, then I get
memory-leak detection in the same test run!&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The core “functionality” lies in the &lt;code&gt;free()&lt;/code&gt; function:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;zig&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;/// Panics if the memory is not zeroed before freeing.&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;fn&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt; free&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    ctx&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;*anyopaque&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    buf&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: []&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;u8&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    alignment&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;mem&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;Alignment&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    ret_addr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;usize&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;void&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; {&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; self&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;*&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;ZerosOnlyAllocator&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; @ptrCast&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;@alignCast&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;ctx&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;));&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    for&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;buf&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;|&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;byte&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;|&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; {&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;        if&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;byte&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; !=&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;@panic&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt;&quot;non-zero byte freed&quot;&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;    }&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    self&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;child_allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;rawFree&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;buf&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;alignment&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;ret_addr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;I love this kind of thing because it only gains value the more tests I add.
Test setup is only three lines:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;zig&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; ZerosOnlyAllocator&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; @import&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt;&quot;testing/ZerosOnlyAllocator.zig&quot;&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;var&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; zeros_only_allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;ZerosOnlyAllocator&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; .&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;init&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;std&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;testing&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; allocator&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; zeros_only_allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;();&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Now, every single test automatically verifies our core security guarantee
with zero additional effort.&lt;/p&gt;
&lt;h2 id=&quot;debugging-detour&quot;&gt;Debugging detour&lt;/h2&gt;
&lt;p&gt;Except! The first time I ran unit tests using the shiny, new, custom allocator,
every single test panicked:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;bash&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;~&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;/zecrecy&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;&gt;&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; zig test src/secret.zig&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;thread&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 3381248&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; panic:&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; non-zero&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; byte&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; freed&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;~&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;/zecrecy/src/testing/ZerosOnlyAllocator.zig:59:24: 0x104dbc753 in free (&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;test&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;)&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;        if&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;byte&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; !=&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;@panic(&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;&quot;non-zero byte freed&quot;&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;                       ^&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;~&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;/.cache/zig/p/N-V-__8AAPWKhxNMNK6YniIioDpRryBzI7DMp0hJB4rExlGU/lib/std/mem/Allocator.zig:147:25: 0x10236238f in free__anon_5332 (&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;test&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;)&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    return&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; a.vtable.free&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;a.ptr,&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; memory,&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; alignment,&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; ret_addr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;                        ^&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;~&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;/zecrecy/src/secret.zig:120:34: 0x10235e12b in deinit (&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;test&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;)&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;            secret.allocator.free(secret.data&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Turns out, my assumption that reading the standard library once makes one an
expert was, unsurprisingly, wrong. The custom allocator’s logic was correct,
but the standard library contained some unexpected functionality that broke my
assumptions:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;zig&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;/// From `std.mem.Allocator`:&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;///&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;/// Free an array allocated with `alloc`.&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;/// If memory has length 0, free is a no-op.&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#6A737D&quot;&gt;/// To free a single item, see `destroy`.&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;pub&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; fn&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt; free&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;self&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;Allocator&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;, &lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;memory&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;: &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;anytype&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;void&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; {&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; Slice&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; @typeInfo&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;@TypeOf&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;memory&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;)).&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;pointer&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; bytes&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; mem&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;sliceAsBytes&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;memory&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; bytes_len&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; bytes&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;len&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; +&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;                      if&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;Slice&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;sentinel&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;() &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;!=&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; null&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;@sizeOf&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;Slice&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;child&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;else&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    if&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;bytes_len&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; ==&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;) &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;return&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;    const&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt; non_const_ptr&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt; =&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; @constCast&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;bytes&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;ptr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;    @memset&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;non_const_ptr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;..&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;bytes_len&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;], &lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;undefined&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;);&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;    self&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;rawFree&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;non_const_ptr&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;[&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;0&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;..&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;bytes_len&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;], .&lt;/span&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;fromByteUnits&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;(&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;Slice&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color:#FFAB70&quot;&gt;alignment&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;), &lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;@returnAddress&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;());&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;All tests panicked because &lt;code&gt;std.mem.Allocator.free&lt;/code&gt;&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;4&lt;/span&gt;&lt;/sup&gt; writes &lt;code&gt;undefined&lt;/code&gt;
into freed memory before calling &lt;code&gt;.rawFree&lt;/code&gt;. In Debug and ReleaseSafe modes
&lt;a href=&quot;https://ziglang.org/documentation/master/#undefined&quot;&gt;Zig fills undefined
bytes&lt;/a&gt; with a debug
pattern (&lt;code&gt;0xAA&lt;/code&gt;) to catch use-after-free bugs,&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;5&lt;/span&gt;&lt;/sup&gt; which meant my test allocator
saw non-zero bytes.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-oops&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 4&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Not to be mistaken with &lt;code&gt;std.mem.Allocator.vtable.free&lt;/code&gt;. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;&lt;aside id=&quot;sidecar-footnote-zero&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 5&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;At other optimization levels, the compiler probably removes the
&lt;code&gt;memset&lt;/code&gt; operation completely. This is why libraries like Zecrecy are
important, compilers have free reign to do unsightly things to your code in the
name of optimization. Even when you try your hardest and follow best practices,
&lt;a href=&quot;https://eprint.iacr.org/2023/1713&quot;&gt;it can be impossible to completely stop the compiler from doing things like
this&lt;/a&gt;. But that’s the subject of a future
rant :). &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;The solution? Bypass the layer altogether and call &lt;code&gt;.rawFree()&lt;/code&gt;
directly.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;6&lt;/span&gt;&lt;/sup&gt; Now, we can verify zeroization at the layer closest to
deallocation.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-test&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 6&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;I considered modifying &lt;code&gt;.deinit&lt;/code&gt; to check if it’s being called from a
test, using either &lt;code&gt;.rawFree&lt;/code&gt; or &lt;code&gt;.free&lt;/code&gt; based on the result. But, I
dislike the idea of creating branches designed to be untestable. I could be
swayed, but a little responsibility is fine if it means tests follow the same
paths as normal library use. &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;&lt;code&gt;mem.Allocator.free&lt;/code&gt; does what it does for a reason, and I don’t skip it
lightly. The name &lt;code&gt;.rawFree&lt;/code&gt; is meant to make you nervous. For example, in
Debug or ReleaseSafe mode, setting all bytes to &lt;code&gt;undefined&lt;/code&gt; means you get some
use-after-free protection that we could be losing by calling &lt;code&gt;.rawFree&lt;/code&gt;
instead.&lt;/p&gt;
&lt;p&gt;However, in this case, I felt comfortable with this choice after familiarizing
myself.&lt;/p&gt;
&lt;p&gt;The first three lines of &lt;code&gt;Allocator.free&lt;/code&gt; are because memory can be &lt;code&gt;anytype&lt;/code&gt;,
so the code verifies memory is a slice, handles a potential sentinel, etc.
This the only function I call &lt;code&gt;.rawFree&lt;/code&gt; in is &lt;code&gt;.deinit&lt;/code&gt;, which only accepts
slices. No &lt;code&gt;@typeInfo&lt;/code&gt; magic needed.&lt;/p&gt;
&lt;p&gt;What about the &lt;code&gt;@memset&lt;/code&gt;? Zecrecy uses standard library’s &lt;code&gt;crypto.secureZero&lt;/code&gt;
function to wipe memory, which uses techniques intended to avoid optimization
removal. However, those techniques have their own &lt;a href=&quot;https://users.cs.utah.edu/~regehr/papers/emsoft08-preprint.pdf&quot;&gt;flawed history and corner
cases&lt;/a&gt;. Test
reinforcement is always valuable, never take security for granted.&lt;/p&gt;
&lt;p&gt;Outside of actually calling &lt;code&gt;.rawFree&lt;/code&gt;,  the only change I is to return early
if the data length is 0. This has no security/correctness benefits but offers a
small performance bump by avoiding the virtual function call when it’s not
needed. Due to the nature of the library (how often will someone will be
initializing a secret of length 0?), I think even if I had skipped this no-op
opportunity, the &lt;code&gt;.rawFree&lt;/code&gt; call is fine.&lt;/p&gt;
&lt;p&gt;And boom! All tests pass:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;bash&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#F97583&quot;&gt;~&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt;/zecrecy&lt;/span&gt;&lt;span style=&quot;color:#F97583&quot;&gt;&gt;&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; zig test src/secret.zig&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;All&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; 15&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; tests&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; passed.&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;With each one, I can feel a tiny bit better
knowing all secrets were actually zeroed before they were freed.&lt;/p&gt;
&lt;h2 id=&quot;conclusion&quot;&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;The effort required was low for the value gained, I’ve barely scratched the
surface of using custom memory allocators to improve testing.&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;7&lt;/span&gt;&lt;/sup&gt; Reducing the
“black box” opaqueness that sometimes hangs like a fog over unit tests is a
nice tool to have. I’m optimistic that Zig’s upcoming async/IO changes will
provide similar opportunities to get surgical during testing.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-fail&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 7&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Do you test if your system gracefully and securely handles failing
memory allocations? Well, in Zig you easily can with
&lt;code&gt;std.testing.FailingAllocator&lt;/code&gt;! &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;And, of course, building test harnesses that enforce application invariants is
far from unique to Zig. It’s a powerful technique with demonstrated value.
Zig’s win, for me, is in making every decision explicit and shoving the reality
of an implementation into your face at all times. You naturally think deeper
about how to wield the verbosity in your favor.&lt;/p&gt;
&lt;p&gt;Have any cool, weird, or otherwise nerdy uses you’ve gotten out of Zig’s memory
management explicitness? Do you have a favorite method for testing your
system’s security guarantees? &lt;a href=&quot;mailto:eli@eligrubb.com&quot;&gt;Send me an email&lt;/a&gt; or a
&lt;a href=&quot;https://twitter.com/grubbbyte&quot;&gt;message&lt;/a&gt;!&lt;/p&gt;
&lt;p&gt;TL;DR:
&lt;img alt=&quot;The Drake meme. On top, Drake rejecting the common refrain &amp;#x22;RTFM&amp;#x22; (Read The
F***ing Manual). On bottom, Drake approving the text &amp;#x22;RTFSTD&amp;#x22; (Read The
F***ing Standard Library.&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;500&quot; height=&quot;500&quot; src=&quot;https://eligrubb.com/_astro/meme.zR9tPDUj_XoO7X.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
</content:encoded><category>Notes</category><category>TIL</category><category>programming</category><category>zig</category><category>systems engineering</category><category>memory management</category><category>security</category><category>zeroization</category><author>Eli Grubb</author></item><item><title>Zig 0.15.1 Release Notes</title><link>https://eligrubb.com/writings/bookmarks/2025/zig-release-notes/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/zig-release-notes/</guid><description>Link: https://ziglang.org/download/0.15.1/release-notes.html</description><pubDate>Wed, 20 Aug 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://ziglang.org/download/0.15.1/release-notes.html&quot; rel=&quot;noopener noreferrer&quot;&gt;https://ziglang.org/download/0.15.1/release-notes.html&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>zig</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation (2005)</title><link>https://eligrubb.com/writings/bookmarks/2025/shredding-your-garbage/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/shredding-your-garbage/</guid><description>Link: https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/chow/chow.pdf</description><pubDate>Mon, 18 Aug 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/chow/chow.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/chow/chow.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;From USENIX Security 2005!&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;without [secure deallocation], data can remain in memory for days or weeks,
even persisting across reboots.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;blockquote&gt;
&lt;p&gt;The span from first write to last read is the &lt;em&gt;ideal lifetime&lt;/em&gt;. The data
must exist in the system at least this long. The span from first write to
deallocation is the &lt;em&gt;secure deallocation lifetime&lt;/em&gt;. The span from first write
to the first write of the next allocation is the &lt;em&gt;natural lifetime&lt;/em&gt;. Because
programs often rely on reallocation and overwrite to eliminate sensitive data,
the natural lifetime is the expected data lifetime in systems without secure
deallocation.&lt;/p&gt;
&lt;/blockquote&gt;</content:encoded><category>Bookmarks</category><category>zeroization</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>Jujutsu For Busy Devs</title><link>https://eligrubb.com/writings/bookmarks/2025/jujutsu-for-busy-devs/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/jujutsu-for-busy-devs/</guid><description>Link: https://maddie.wtf/posts/2025-07-21-jujutsu-for-busy-devs</description><pubDate>Mon, 04 Aug 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://maddie.wtf/posts/2025-07-21-jujutsu-for-busy-devs&quot; rel=&quot;noopener noreferrer&quot;&gt;https://maddie.wtf/posts/2025-07-21-jujutsu-for-busy-devs&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>jj</category><category>programming</category><category>reading</category><author>Eli Grubb</author></item><item><title>Zero Knowledge Proofs Alone Are Not a Digital ID Solution to Protecting User Privacy</title><link>https://eligrubb.com/writings/bookmarks/2025/zkp-digital-id-privacy/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/zkp-digital-id-privacy/</guid><description>Link: https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-alone-are-not-digital-id-solution-protecting-user-privacy</description><pubDate>Wed, 30 Jul 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-alone-are-not-digital-id-solution-protecting-user-privacy&quot; rel=&quot;noopener noreferrer&quot;&gt;https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-alone-are-not-digital-id-solution-protecting-user-privacy&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>privacy</category><category>cryptography</category><category>zero-knowledge proofs</category><category>reading</category><category>eff</category><author>Eli Grubb</author></item><item><title>High-assurance zeroization (2023)</title><link>https://eligrubb.com/writings/bookmarks/2025/high-assurance-zeroization/</link><guid isPermaLink="true">https://eligrubb.com/writings/bookmarks/2025/high-assurance-zeroization/</guid><description>Link: https://eprint.iacr.org/2023/1713.pdf</description><pubDate>Tue, 29 Jul 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;a href=&quot;https://eprint.iacr.org/2023/1713.pdf&quot; rel=&quot;noopener noreferrer&quot;&gt;https://eprint.iacr.org/2023/1713.pdf&lt;/a&gt;&lt;/p&gt;</content:encoded><category>Bookmarks</category><category>zeroization</category><category>cryptography</category><category>reading</category><author>Eli Grubb</author></item><item><title>TIL: compile with a locally patched Zig standard library via &lt;code&gt;--zig-lib-dir&lt;/code&gt;</title><link>https://eligrubb.com/writings/notes/2025/til-zig-lib-dir/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2025/til-zig-lib-dir/</guid><description>TIL: compile with a locally patched Zig standard library via &lt;code&gt;--zig-lib-dir&lt;/code&gt;</description><pubDate>Fri, 25 Jul 2025 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;alt-title: find a way to narrow down the scope of your comparisons (and
compilations).&lt;/p&gt;
&lt;p&gt;While &lt;a href=&quot;https://eligrubb.com/#TBC&quot;&gt;benchmarking the impact&lt;/a&gt; of &lt;a href=&quot;https://github.com/ziglang/zig/pull/24429&quot;&gt;Zig removing inlines from their
standard cryptography library&lt;/a&gt;, my
naive initial approach compared the changes from the perspective of the Zig
project as a whole, not just the standard library itself. In reality, this
meant every time I modified a Zig crypto implementation while experimenting,
even just to call &lt;code&gt;std.debug.print&lt;/code&gt;, I was rebuilding the entire project from
source.&lt;/p&gt;
&lt;p&gt;The Zig build system feels powerful and I’m planning out a new project to coat
myself in all the grimy details&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;1&lt;/span&gt;&lt;/sup&gt;. In the meantime, I got started with Loris
Cro’s excellent &lt;a href=&quot;https://www.youtube.com/watch?v=jy7w_7JZYyw&quot;&gt;Zig Build System Basics
video&lt;/a&gt;, and the &lt;a href=&quot;https://ziglang.org/learn/build-system/&quot;&gt;existing
documentation&lt;/a&gt;. I followed the Zig
wiki’s instructions for &lt;a href=&quot;https://github.com/ziglang/zig/wiki/Building-Zig-From-Source&quot;&gt;building from
source&lt;/a&gt; on both
&lt;a href=&quot;https://eligrubb.com/#TBC&quot;&gt;mac and linux&lt;/a&gt;.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-1&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 1&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Hint: it involves porting the build system of an existing (academic) C++
project I’ve long admired, with a goal of extending the code base using
Zig. More soon! &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;But, of course, &lt;strong&gt;there’s a flag for that&lt;/strong&gt;:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;zsh&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;$&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; zig&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; build&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; --help&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;Usage:&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; zig&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; build&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; [steps] [options]&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;...&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;Advanced&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; Options:&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;  ...&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;  --zig-lib-dir&lt;/span&gt;&lt;span style=&quot;color:#E1E4E8&quot;&gt; [arg]          Override path to Zig lib directory&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt;  ...&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;We can input the path of the &lt;code&gt;lib&lt;/code&gt; directory containing an instantiation of the
Zig standard library and &lt;code&gt;zig build&lt;/code&gt; will compile without extra steps or
linking. Now instead of feeling stuck at the bird’s eye view of the &lt;em&gt;entire&lt;/em&gt;
Zig source, it’s much easier to quickly compare and contrast the small nudges
and curiosities.&lt;/p&gt;
&lt;p&gt;Just call:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;zsh&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span style=&quot;color:#B392F0&quot;&gt;zig&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; build&lt;/span&gt;&lt;span style=&quot;color:#79B8FF&quot;&gt; --zig-lib-dir&lt;/span&gt;&lt;span style=&quot;color:#9ECBFF&quot;&gt; ../zig-master/lib&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Those familiar with the &lt;a href=&quot;https://github.com/ziglang/zig&quot;&gt;ziglang codebase&lt;/a&gt; may
note that the directory for the standard library isn’t &lt;code&gt;lib/&lt;/code&gt;, it’s &lt;code&gt;lib/std/&lt;/code&gt;.
This means that &lt;code&gt;--zig-lib-dir&lt;/code&gt; allows us specify a lot more than &lt;em&gt;just&lt;/em&gt; the
standard library for injection, we’re just scratching the surface here&lt;sup&gt;&lt;span data-footnote-ref=&quot;&quot;&gt;2&lt;/span&gt;&lt;/sup&gt;.&lt;/p&gt;&lt;aside id=&quot;sidecar-footnote-2&quot; class=&quot;sidecar-box sidecar-box--right sidecar-footnote&quot;&gt;&lt;p class=&quot;sidecar-box__title&quot;&gt;Note 2&lt;/p&gt;&lt;div class=&quot;sidecar-box__body&quot;&gt;
&lt;p&gt;Have a cool use for this flag in your workflow? Send me an message! &lt;/p&gt;
&lt;/div&gt;&lt;/aside&gt;
&lt;p&gt;Benchmarking changes is much smoother now. I simply point my script to the
appropriate &lt;code&gt;git worktree&lt;/code&gt; directory for each version and away we go!&lt;/p&gt;
</content:encoded><category>Notes</category><category>zig</category><category>TIL</category><category>programming</category><author>Eli Grubb</author></item><item><title>Madrid Culture Nuances</title><link>https://eligrubb.com/writings/thoughts/2019/madrid-culture-things/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2019/madrid-culture-things/</guid><description>Madrid Culture Nuances</description><pubDate>Thu, 05 Sep 2019 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;em&gt;Last Updated: 05-September-2019&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;I am spending this fall in Madrid working at the &lt;a href=&quot;http://software.imdea.org/&quot;&gt;IMDEA Software
Institute&lt;/a&gt; with &lt;a href=&quot;https://www.dariofiore.it/&quot;&gt;Dario
Fiore&lt;/a&gt;. This is my first time in Europe and I feel
extremely lucky that it is for an extended period of time so I have a chance to
shallowly experience daily life here.&lt;/p&gt;
&lt;p&gt;This post is an on-going, incomplete, extremely biased look at the little and
unique things I’ve noticed about the culture here compared to what I am used
to.&lt;/p&gt;
&lt;p&gt;Obviously there is no scientific rigour behind any of this. These are just
things that stood out to me with my background of being raised in Utah and
having fairly recently moved to the Washington D.C. area and what things I have
happened to notice. What I’ve noticed may not actually true. Or maybe where I’m
from is the same way and I have just been ignorant to that fact. This is all
very subjective and is more a collection of anecdotes than a document meant to
inform.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;The personal space bubble is much smaller here.&lt;/strong&gt; Whether sitting or
standing, whether on the metro or in line or at a park, the standard bubble of
personal space seems smaller here. Just enough smaller that you notice how
often people end up there. It’s taken some getting used to that strangers are
comfortable being that close even when they don’t necessarily have to be.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Madridians love to sit.&lt;/strong&gt; If there is an open seat on the metro, it is
immediately taken by the next passenger. Related to my previous point, it
doesn’t matter if there are people in the seats beside it, you take the open
seat. When someone gets up from a bus bench or a metro seat if there are people
standing by they immediately fill the new opening. In my experience on metros
in the US people are just as likely to stand as to sit directly next to a
stranger.  That is not a problem here.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;There is much more smoking in public spaces.&lt;/strong&gt; I have heard that the rates of
smoking are very high here and that pretty much everyone smokes. I have had no
experience to confirm or deny that. However, there is a definite increase in
the number of people smoking in public areas. I am not sure if the concept of
a designated smoking area is a thing here.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Dinner really is eaten very late.&lt;/strong&gt; It’s definitely been an odd experience
for me to find that when it’s warm it doesn’t matter if it’s 11pm on a Tuesday
night, as you walk around the streets of Madrid you will find many people
eating dinner and drinking wine at outdoor seating from restaurants and bars.
You generally don’t have to walk more than 10-15 minutes to find a restaurant
that is at least 80% full at that time.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;There is no rush or promptness in day to day life.&lt;/strong&gt; Everything moves
somewhat slowly. Most meetings are held “around” a time instead of at a
specific time. There is a common attitude of things will happen when they
happen. Unless the next metro train is about to leave. Then you must full on
sprint to take it because suddenly waiting 5 minutes for the next one would be
too much.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;There are very few fat people here.&lt;/strong&gt; As an overweight person I have noticed
that in fact, yes, obesity is a very American problem. I don’t see many other
fat people and I certainly do not see any my age. I believe I have gotten more
than a few stares for being a member of such a small group.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;They refer to their metro lines by number.&lt;/strong&gt; This may not be weird for other
Americans who have lived in other cities, but both the public light rails in
Salt Lake City and Washington D.C. are colloquially referred to by the line’s
color. However, due to the size of the city and the resulting metro system, it
becomes hard to refer to the “blue line” when there are several shades of blue.
Instead you would ask whether someone had taken the 10 or the 5 to get there.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>Personal</category><category>archive</category><category>spain</category><author>Eli Grubb</author></item><item><title>Odd tcsh issue on alpine linux [UPDATED]</title><link>https://eligrubb.com/writings/notes/2018/tcsh-and-alpine-linux-bug/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2018/tcsh-and-alpine-linux-bug/</guid><description>Odd tcsh issue on alpine linux [UPDATED]</description><pubDate>Mon, 05 Feb 2018 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;I’m currently working with &lt;a href=&quot;https://alpinelinux.org/&quot;&gt;alpine linux&lt;/a&gt;, trying to
port some existing systems over to this minimal OS. It’s not an easy task.
Currently my issue is with &lt;a href=&quot;http://www.tcsh.org/&quot;&gt;&lt;code&gt;tcsh&lt;/code&gt;&lt;/a&gt;. It seems that &lt;code&gt;tcsh&lt;/code&gt;
is triggering some kind of core dump every time it is called. Here’s the output
when it’s called:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;plaintext&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span&gt;(nil) current memory allocation:                                                                                &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;free:       0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0                       &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;used:       0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0    0                       &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;        Total in use: 0, total free: 0                                                                          &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;        Allocated memory from 0x55bd1509d000 to 0xffffffffffffffff.  Real top at 0x55bd1509d000                 &lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;nbytes=64: Out of memory                                                                                        &lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;I’ve been googling and going through alpine’s &lt;a href=&quot;https://bugs.alpinelinux.org/projects/alpine/search?utf8=%E2%9C%93&amp;#x26;q=tcsh&amp;#x26;scope=all&amp;#x26;all_words=&amp;#x26;all_words=1&amp;#x26;titles_only=&amp;#x26;issues=1&amp;#x26;news=1&amp;#x26;documents=1&amp;#x26;changesets=1&amp;#x26;wiki_pages=1&amp;#x26;messages=1&amp;#x26;projects=1&amp;#x26;attachments=0&amp;#x26;options=0&amp;#x26;commit=Submit&quot;&gt;bug
tracker&lt;/a&gt;
but there’s no mention of &lt;code&gt;tcsh&lt;/code&gt; in there system beside the day they committed
it to their repository. It is worth noting that the package is &lt;a href=&quot;https://pkgs.alpinelinux.org/package/edge/testing/x86/tcsh&quot;&gt;currently in
the testing branch&lt;/a&gt;
of their apk package manager so there were no guarantees. It is interesting
that there seems to be literally no evidence anyone else has run into this
issue. Also somewhat intriguing is the fact that the alpine maintainers have no
documented interest in moving &lt;code&gt;tcsh&lt;/code&gt; to a stable branch anytime soon. I agree
that it’s probably an outdated tool, but still popular enough it should have
higher priority.&lt;/p&gt;
&lt;p&gt;If anyone has any potential solutions &lt;a href=&quot;mailto:grubb@cs.utah.edu&quot;&gt;shoot me an email&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;UPDATE (February 12, 2018):&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Having submitted the bug to the Alpine Linux issue tracker, I received a
&lt;a href=&quot;https://bugs.alpinelinux.org/issues/8483&quot;&gt;pointer to a patch&lt;/a&gt; in the
&lt;a href=&quot;https://github.com/openwrt/packages/blob/master/utils/tcsh/patches/001-sysmalloc.patch&quot;&gt;openwrt&lt;/a&gt;
project that seems to fix this issue. At the very least, &lt;code&gt;tcsh&lt;/code&gt; actually boots
and seems to function as a shell once it’s applied. I’m going to work on either
getting the patch committed to the actual alpine package repo or build a custom
&lt;code&gt;tcsh&lt;/code&gt; for my system with the patch.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;UPDATE 2 (February 27, 2018):&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;This patch has now been &lt;a href=&quot;https://github.com/alpinelinux/aports/pull/3302&quot;&gt;committed to alpine’s apk
repository&lt;/a&gt;. This took a
little more effort than expected, and there’s definitely still some open issues
with the package before it can be moved from the edge branch to the main
package repo branch. As referenced in the linked github PR, the musl libc
appears to break a lot of basic functionality in &lt;code&gt;tcsh&lt;/code&gt;. As you can see
&lt;a href=&quot;http://tpaste.us/L6R4&quot;&gt;here&lt;/a&gt; the number and nature of regression tests failed
is somewhat alarming. However, by hand testing shows that basic functionality
needed for my project works. Who knows, maybe it will convince some old-timers
to switch to a more modern shell like &lt;code&gt;bash&lt;/code&gt; ;).&lt;/p&gt;
&lt;p&gt;It does however, bring up an interesting conversation about whether there is
sufficient motivation for these issues to ever be fixed. The last few remaining
active &lt;code&gt;tcsh&lt;/code&gt; developers have no desire to work to get their package working
with an upstart libc like &lt;code&gt;musl&lt;/code&gt; and &lt;code&gt;musl&lt;/code&gt; developers have no motivation to
work on supporting a shell none of their target users actively rely on. I think
my work has fallen into a rather small demographic.&lt;/p&gt;</content:encoded><category>Notes</category><category>archive</category><category>Software</category><category>Programming</category><category>linux</category><author>Eli Grubb</author></item><item><title>Alpine Package Names</title><link>https://eligrubb.com/writings/notes/2017/alpine-package-names/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2017/alpine-package-names/</guid><description>Alpine Package Names</description><pubDate>Wed, 08 Nov 2017 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;As part of my research work in the &lt;a href=&quot;http://www.flux.utah.edu&quot;&gt;Flux Research
Group&lt;/a&gt; I’ve been working very closely with &lt;a href=&quot;https://www.alpinelinux.org&quot;&gt;Alpine
Linux&lt;/a&gt;. My current project involves translating a
bunch of scripts for building a particular Ubuntu image into the same process
for an Alpine image. As such, I’ve had the fun of finding packages in Alpine’s
&lt;a href=&quot;https://pkgs.alpinelinux.org/packages&quot;&gt;apk&lt;/a&gt; package manager that are currently
being installed through apt-get. This is just a quick post to serve as a
reference for inconsistencies I’ve found across the two, and the packages I
installed instead.&lt;/p&gt;













































&lt;table&gt;&lt;thead&gt;&lt;tr&gt;&lt;th align=&quot;center&quot;&gt;Ubuntu (16.04)&lt;/th&gt;&lt;th align=&quot;center&quot;&gt;Alpine (3.6)&lt;/th&gt;&lt;/tr&gt;&lt;/thead&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;libtool-bin&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;libtool&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;libssl-dev&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;openssl-dev&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;libboost-dev&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;boost-dev&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;iputils-ping&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;iputils&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;perl-modules&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;???&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;libwww-perl&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;perl-libwww&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;tcsh&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;tsch@testing*&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;ksh&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;mksh&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td align=&quot;center&quot;&gt;brctl&lt;/td&gt;&lt;td align=&quot;center&quot;&gt;bridge-utils&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;
&lt;p&gt;* tcsh is currently only found in the testing branch of apk. You have to add
the link to the testing branch to /etc/apk/repositories as described
&lt;a href=&quot;https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Add_a_Package&quot;&gt;here&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;If anyone has any corrections, questions or additions to this short list feel
free to reach out to me on &lt;a href=&quot;https://twitter.com/judgegrubb&quot;&gt;twitter&lt;/a&gt; or by
&lt;a href=&quot;mailto:grubb@cs.utah.edu&quot;&gt;email&lt;/a&gt;.&lt;/p&gt;</content:encoded><category>Notes</category><category>archive</category><category>Programming</category><category>Software</category><category>linux</category><author>Eli Grubb</author></item><item><title>Some Thoughts... On Designing My New Site</title><link>https://eligrubb.com/writings/thoughts/2017/some-thoughts-on-new-site/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2017/some-thoughts-on-new-site/</guid><description>Some Thoughts... On Designing My New Site</description><pubDate>Thu, 30 Mar 2017 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;It has been a while. How are you? I’m tired. It’s almost 2am here.&lt;/p&gt;
&lt;p&gt;I’m hoping to post more here now, both about Computer Science based topics and about other things that peak my interest.&lt;/p&gt;
&lt;p&gt;This is the first of a couple “Some Thoughts…” posts that are going to come out over the next few days. I’ve been thinking about a lot lately and trying to put more of it down.&lt;/p&gt;
&lt;p&gt;I spent most of the night tonight redesigning/rebuilding my &lt;a href=&quot;http://www.elijahgrubb.com&quot;&gt;personal homepage&lt;/a&gt;. I wanted to build a page that would best help me in my path forward. I based the design off of &lt;a href=&quot;http://www.cs.cmu.edu/~pavlo/&quot;&gt;Andy Pavlo’s site&lt;/a&gt;, &lt;a href=&quot;http://ezyang.com/&quot;&gt;Edward Yang’s site&lt;/a&gt;, my old homepage and just the general design and organization I’ve seen PhD students use.&lt;/p&gt;
&lt;p&gt;One of the points in Matt Might’s &lt;em&gt;amazing&lt;/em&gt; &lt;a href=&quot;http://matt.might.net/articles/what-cs-majors-should-know/&quot;&gt;undergrad CS major advice column&lt;/a&gt; that’s always hit hardest with me is his emphasis of a portfolio over a resume. While building out my new homepage I’m trying to focus on that idea. My goal is a nice-looking, simple page that allows people to easily get to know me and my experience. However, since my long term goals more and more involve academia, I’m also trying to emphasize my research experience and give it a look that is familiar for those who have experience with academic personal sites.&lt;/p&gt;
&lt;p&gt;The tweaking will continue for the foreseeable future. I’ve also come across how barren my side projects section is. In the near future I plan to build out a user level threads library and I’ll add it to the list once it’s semi-functional. Over the summer I’m also planning on building a rudimentary DBMS as I study the designs of database kernels, so that will be added as well.&lt;/p&gt;
&lt;p&gt;Anyways, I believe it’s a huge improvement over its old form. Hopefully this more accurately represents who I am.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>archive</category><category>Programming</category><category>Software</category><category>meta</category><author>Eli Grubb</author></item><item><title>On Rejection</title><link>https://eligrubb.com/writings/thoughts/2017/on-rejection/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2017/on-rejection/</guid><description>On Rejection</description><pubDate>Wed, 29 Mar 2017 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;I wrote a &lt;a href=&quot;https://eligrubb.com/writings/thoughts/2015/microsoft-interview/&quot;&gt;post&lt;/a&gt; a while back about my
experience interviewing with Microsoft for an internship in the Fall of 2015. I
never got around to updating my blog, but I did not get an offer.&lt;/p&gt;
&lt;p&gt;Instead, I spent last summer interning at Goldman Sachs. Excuse me, I wasn’t an
“intern”, I was a “Technology Summer Analyst”. Let me tell you, I still hate
putting that title on my resume.&lt;/p&gt;
&lt;p&gt;Goldman Sachs was an okay experience. I met some really cool people there,
especially my &lt;a href=&quot;https://www.instagram.com/p/BI9RUu8DGKh/&quot;&gt;fellow&lt;/a&gt;
&lt;a href=&quot;https://www.instagram.com/p/BIeQUBLDJhv/&quot;&gt;interns&lt;/a&gt;. However, the culture was a
major turn off. While the internship experience was great, the impression I got
from my time there was that full time employees were often overworked and in
the long term, the growth and learning of employees was not a priority. It
didn’t help that the full time offer I received at the end of the summer was
nothing to write home about.&lt;/p&gt;
&lt;p&gt;This last fall I interviewed around again, planning for another internship for
this coming summer. Another year older and wiser too, I had slightly more
success in my efforts.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;I received an offer from &lt;a href=&quot;https://www.instructure.com/&quot;&gt;Instructure&lt;/a&gt; who
had declined me last year.&lt;/li&gt;
&lt;li&gt;I received an offer from &lt;a href=&quot;https://www.qualtrics.com/&quot;&gt;Qualtrics&lt;/a&gt; who I had
turned down last year.&lt;/li&gt;
&lt;li&gt;I got to a final round interview with Facebook but they ultimately decided
not give me an offer.&lt;/li&gt;
&lt;li&gt;My resume was once again swallowed up by Google’s &lt;a href=&quot;https://www.nytimes.com/2017/03/25/opinion/sunday/thanks-for-submitting-your-resume-to-this-black-hole.html&quot;&gt;black
hole&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;And, once again, I got to a final round interview with Microsoft. I flew out to
Seattle this past fall and really enjoyed my stay. I got to visit my cousin
(he’s since moved to the bay area) and one of the days it was raining so I went
and enjoyed the water.&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;Water Pic 1&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;4048&quot; height=&quot;3036&quot; src=&quot;https://eligrubb.com/_astro/seattle-lake-1.CL5YiWuf_1wn4TA.webp&quot; srcset=&quot;&quot;&gt;
&lt;img alt=&quot;Water Pic 2&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;4048&quot; height=&quot;3036&quot; src=&quot;https://eligrubb.com/_astro/seattle-lake-2.B1rETJkh_ZtVskr.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;The interview portion of the trip went well too, I thought. I had three
interviews, all with very great people. They were part of the Office 365 team
working on the web version of Microsoft’s Office products. While I won’t go
into detail like my last post, these are the basics of my interview questions:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Given two strings of character trees, one preorder and one in order, recreate
the tree.&lt;/li&gt;
&lt;li&gt;Given an array of size N, containing the integers from 0 to N, find all that
are missing. For both the case where each number exists once and where numbers
can be repeated.&lt;/li&gt;
&lt;li&gt;Given a 2D array filled with Xs representing walls, and an S representing the
start and an E representing the end, find the shortest path from S to E.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;I have never felt so confident coming out of an interview as I did that
afternoon. I had nailed every question and felt like I had a reasonable
connection with all my interviewers for the time spent together.&lt;/p&gt;
&lt;p&gt;I waited eagerly to see if I would get an offer from Microsoft. My buddy
&lt;a href=&quot;http://tannerbarlow.com/&quot;&gt;Tanner&lt;/a&gt; received his offer from Microsoft the day of
the interview, but I went back to my hotel room empty handed.&lt;/p&gt;
&lt;p&gt;I waited until the end of the next week with no response. I sent a follow-up
email to my recruiter, who asked for my patience.&lt;/p&gt;
&lt;p&gt;Another week, another email.&lt;/p&gt;
&lt;p&gt;And again.&lt;/p&gt;
&lt;p&gt;Then, exactly one month to the day, I finally received an email confirming that
Microsoft wouldn’t be moving forward with an offer at this time. It hurt. While
last year I could name 20 different mistakes and moments of frustration, this
time had felt different. It hurt all the more because I have no idea what I
would do differently even if I could hit the redo button.&lt;/p&gt;
&lt;p&gt;The timing didn’t help either. I had to extend my offer from Qualtrics and was
in a weird place interviewing with Facebook because I was strung along for a
full month after my interview, despite being told I would hear back in less
than two weeks.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Rejection is a bitch&lt;/strong&gt;. When you get your hopes up and they’re cut from under
you, that fall hurts. There is no getting around it.&lt;/p&gt;
&lt;p&gt;I ended up accepting Qualtrics’ offer, so I’ll be spending my summer in Provo.
I’m excited about experiencing a more startup-esque, free flowing culture than
I’m used to. &lt;a href=&quot;https://en.wikipedia.org/wiki/Holy_War_(Utah_vs._BYU)&quot;&gt;I’m less excited about the
city&lt;/a&gt;. I’m grateful for
the opportunity and can’t wait to see what adventures await me.&lt;/p&gt;
&lt;p&gt;It still stings. But there’s nowhere to go but up. And one rejection doesn’t
mean the end of the world. And, unfortunately, there’s a whole lot of rejection
in my future, especially considering my career choice. An entire world of
possibilities is still ahead of me. Can’t wait to see what’s next.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>archive</category><category>Personal</category><category>Programming</category><author>Eli Grubb</author></item><item><title>gitignore_global</title><link>https://eligrubb.com/writings/notes/2015/gitignore-global/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2015/gitignore-global/</guid><description>gitignore_global</description><pubDate>Fri, 02 Oct 2015 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;I need git for every change I make anywhere on my computer apparently.&lt;/p&gt;
&lt;p&gt;Today while working on a project for CS 3500 I ran into a curious bug that made me wonder what in the world I was thinking at the time.&lt;/p&gt;
&lt;p&gt;In trying to commit some .dll files as resources to my Visual C# app in Visual Studio I came to the odd realization that they weren’t actually included in my repo. Curious.&lt;/p&gt;
&lt;p&gt;It got even weirder when I manually right-clicked and added it to my git. Yet when I clicked commit I got an error claiming that I wasn’t committing any files even though they were both RIGHT THERE. Curiouser and curiouser.&lt;/p&gt;
&lt;p&gt;Finally I was able to debug my issues when I happened upon some extremely helpful git commands thanks to &lt;a href=&quot;http://stackoverflow.com/questions/32417729/an-error-occurred-detailed-message-no-changes-nothing-to-commit-visual-studi&quot;&gt;this&lt;/a&gt; stack overflow post.&lt;/p&gt;
&lt;p&gt;Using the described techniques I found a file in my Documents folder (no where near or associated with my C# development) titled “gitignore_global”. This document explicitly set git to ignore several visual studio specific files including, you guessed it, *.dll.&lt;/p&gt;
&lt;p&gt;I renamed the file and what do you know? It all committed nice and easy now! WOO HOO!&lt;/p&gt;
&lt;p&gt;I still have no idea why I created that file in the first place. And why in my Documents folder that has nothing to do with any of my development projects??&lt;/p&gt;
&lt;p&gt;I’m still scratching my head. Oh well. I guess that’s better then banging it against my desk in frustration.&lt;/p&gt;
&lt;p&gt;Sometimes even the best technologies are just plain dumb.&lt;/p&gt;</content:encoded><category>Notes</category><category>archive</category><category>Software</category><category>Programming</category><author>Eli Grubb</author></item><item><title>Interviewing with Microsoft</title><link>https://eligrubb.com/writings/thoughts/2015/microsoft-interview/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2015/microsoft-interview/</guid><description>Interviewing with Microsoft</description><pubDate>Wed, 16 Sep 2015 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;Yesterday I had the amazing opportunity to interview with one of the most prolific software companies in the world: Microsoft.&lt;/p&gt;
&lt;p&gt;A few weeks back a couple of Microsoft Reps visited Campus and I gave them my resume. Last week I received a call from a Microsoft rep to set up an on campus interview. This post is just to detail what it was like and some of the questions I was asked to help others prep for similar situations.&lt;/p&gt;
&lt;p&gt;Scattered through the interview were the typical job interview questions:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;“Why do you want to work for Microsoft?”&lt;/li&gt;
&lt;li&gt;“Tell me about a time you had trouble in a group?”&lt;/li&gt;
&lt;li&gt;“Tell a me a bit about yourself.”&lt;/li&gt;
&lt;li&gt;ETC.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;In the 30ish minute interview there were also 2 problem solving questions.&lt;/p&gt;
&lt;h4 id=&quot;problem-1-ftoa&quot;&gt;Problem #1: ftoa&lt;/h4&gt;
&lt;p&gt;The first was to build a ‘ftoa’ function. That is a method that takes in a string like “1234” or “25” and returns the integer form of it: 1234 or 25.&lt;/p&gt;
&lt;h6 id=&quot;answer&quot;&gt;Answer:&lt;/h6&gt;
&lt;p&gt;The solution is pretty simple once you think about it:&lt;/p&gt;
&lt;pre class=&quot;astro-code github-dark&quot; style=&quot;background-color:#24292e;color:#e1e4e8; overflow-x: auto;&quot; tabindex=&quot;0&quot; data-language=&quot;plaintext&quot;&gt;&lt;code&gt;&lt;span class=&quot;line&quot;&gt;&lt;span&gt;public static int myStringToInteger(String str) {&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;	int answer = 0, factor = 1;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;	for (int i = str.length()-1; i &gt;= 0; i--) {&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;		answer += (str.charAt(i) - &apos;0&apos;) * factor;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;		factor *= 10;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;	}&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;	return answer;&lt;/span&gt;&lt;/span&gt;
&lt;span class=&quot;line&quot;&gt;&lt;span&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;It’s just based on the ASCII values of char’s that are integers being the same distance from ‘0’ as that integer really is from 0.&lt;/p&gt;
&lt;p&gt;Now, this method does contain an error. Ints are inherently 32-bit and you have a risk of overflow. Since these are signed integers that will occur once answer &gt; 2^31 - 1. For your own little brain teaser, see how you would handle dictating this as a Long (which is basically a 64-bit integer). The twist is you can only use ints.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;HINT: Instead of answer, use two values like int answerHi and int answerLo to detail the more significant 32-bits and less significant 32-bits respectively.&lt;/strong&gt;&lt;/p&gt;
&lt;h4 id=&quot;problem-2-lightbulb-dropping&quot;&gt;Problem #2: Lightbulb Dropping&lt;/h4&gt;
&lt;p&gt;The other problem solving question was a logic puzzle.&lt;/p&gt;
&lt;p&gt;Let’s assume your research department built a lightbulb that is supposed to be ‘indestructible’. Obviously, you are skeptical of this claim and decide to test it for yourself.&lt;/p&gt;
&lt;p&gt;You have access to a 100 story building and exactly 2 of these lightbulbs. (They are really expensive)&lt;/p&gt;
&lt;p&gt;Using just these supplies how can you test what floor the lightbulb will break at when dropped?&lt;/p&gt;
&lt;p&gt;And, how can you optimize this algorithm to minimize the number of drops in the worst case scenario?&lt;/p&gt;
&lt;p&gt;For the record, you can develop and optimize an algorithm down to where the worst case scenario is 19 drops.&lt;/p&gt;
&lt;p&gt;I’ll give you a minute to work it out.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;HINT: What happens if you drop a lightbulb and it doesn’t break?&lt;/strong&gt;&lt;/p&gt;
&lt;h6 id=&quot;answer-1&quot;&gt;Answer:&lt;/h6&gt;
&lt;p&gt;Now, the simplest algorithm is to realize that if you drop a lightbulb and it doesn’t break, you can drop it again! So if you start at floor one and successively move up dropping it at each floor until it breaks you will know exactly what floor it can no longer survive the landing force. However, worst case scenario, you are going to be dropping this lightbulb 100 times! Let’s make use of &lt;em&gt;both&lt;/em&gt; of our lightbulbs and optimize the number of drops.&lt;/p&gt;
&lt;p&gt;Optimizing it is simple. Let’s say you deside to drop the first lightbulb every 5 levels. When it breaks you simply need to do the original algorithm from the last known safe level. I.e. if you drop your lightbulb and it’s safe at levels 5, 10, 15, 20, and 25 but breaks on 30 all you need to do is take your second lightbulb and drop it at levels 26, 27, 28 and 29 to see which level is the breaking point! If it doesn’t break at any of those levels then you know that level 30 is the breaking point.&lt;/p&gt;
&lt;p&gt;Of course this would result in a worst case scenario of 24 drops. To get rid of those last few drops it turns out dropping from every 10th floor results in the best worst case scenario.&lt;/p&gt;
&lt;h4 id=&quot;conclusion&quot;&gt;Conclusion:&lt;/h4&gt;
&lt;p&gt;All in all, it was a very enlightening experience. I would like to thank Microsoft for the opportunity to interview with them and everyone cross your fingers that I hear back from a recruiter in 3 weeks time.&lt;/p&gt;
&lt;p&gt;Wish me luck!&lt;/p&gt;</content:encoded><category>Thoughts</category><category>archive</category><category>Programming</category><author>Eli Grubb</author></item><item><title>Testing Class Libraries with C# in Visual Studio</title><link>https://eligrubb.com/writings/notes/2015/testing-class-libraries/</link><guid isPermaLink="true">https://eligrubb.com/writings/notes/2015/testing-class-libraries/</guid><description>Testing Class Libraries with C# in Visual Studio</description><pubDate>Tue, 08 Sep 2015 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;When building a Class Library for my CS 3500 class we are required to build our own little testing suites on our machines. These tests aren’t to be uploaded to the GitHub repository for our project, but obviously it is necessary if we want to build a functioning program. As this is my first foray into the world of C# and, more importantly, Visual Studio, I found it slightly difficult to figure out out to write even rudementary Console Application tests for my Class Library. This post is to act as a reminder as to how to successfully add a ConsoleApplication Project to a solution and use it to test a Class Library.&lt;/p&gt;
&lt;p&gt;&lt;em&gt;Note: This was done using Visual Studio 2015 Enterprise and any differences in your setup is probably a result of this&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;Once you have your initial Class Library created with a class and method you would like to test, you will find yourself to run any tests within the same project. Due to Class Librarys compiling down to .dll files and not something like a .exe there is no way to run that project directly. Instead you need to create another project that &lt;em&gt;does&lt;/em&gt; compile down to a .exe and have it reference your Class Library&lt;/p&gt;
&lt;p&gt;The first thing you will do is select File -&gt; New -&gt; Project…&lt;/p&gt;
&lt;p&gt;In this case I am testing my project using a Console Application so I will choose Visual C# -&gt; Windows -&gt; Console Application as my application type.&lt;/p&gt;
&lt;p&gt;It doesn’t matter what your project’s name is, but for simplicity I suggest using the format &lt;classlibraryprojectname&gt;Test. In this case since I’m working on a Class Library called Formula Evaluator I’m naming my Console Application FormulaEvaluatorTest.&lt;/classlibraryprojectname&gt;&lt;/p&gt;
&lt;p&gt;Make sure it’s in the same location as your Class Library Project and add to the existing solution to ensure continuity.&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;New Project&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;1413&quot; height=&quot;806&quot; src=&quot;https://eligrubb.com/_astro/new-project.DVkt1BIL_Z2eGiVz.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;After you create this new project it will open up it’s Program.cs file which contains what this whole process is about, the Main Function. Now you have a program that can actually execute operations. However, you are not quite done.&lt;/p&gt;
&lt;p&gt;To ensure you have access to your Class Library in your new project, in the Solution Explorer right-click on your Console Application and select Add -&gt; Reference…&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;Add Reference&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;1055&quot; height=&quot;1019&quot; src=&quot;https://eligrubb.com/_astro/add-reference.BayhkUYi_yIgSY.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;Select Projects -&gt; Solution from the left hand column and find your Class Library in the center pane. Make sure that it’s checkbox is checked, then hit OK. You should now be able to write the line using MyClassLibrary in your console application without any errors.&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;Reference Manager&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;1180&quot; height=&quot;815&quot; src=&quot;https://eligrubb.com/_astro/reference-manager.BA33YTIN_Zy1Acq.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;You are just about done. But wait! When you attempt to run your Console Application, you probably end up with this error:&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;Startup Error&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;663&quot; height=&quot;364&quot; src=&quot;https://eligrubb.com/_astro/start-up-error.UpVPlm7e_Zaqlpq.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;Your solution is automatically choosing your Class Library to run when you run the solution as a whole and this just doesn’t work. Like we discussed earlier, since Class Libraries compile down to a .dll file you cannot run it. You need to run the .exe file that your Console Application compiles down to.&lt;/p&gt;
&lt;p&gt;To change this you simple right-click on your Console Application and select Set as StartUp Project&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;Set as StartUp Project&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;727&quot; height=&quot;1018&quot; src=&quot;https://eligrubb.com/_astro/set-as-start-up.CKbzuF78_Z2q1n3U.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;Now when you hit the Start button on the top toolbar to run your solution, it is your Console Application that will run.&lt;/p&gt;
&lt;p&gt;&lt;img alt=&quot;It&amp;#x27;s Working!&quot; loading=&quot;lazy&quot; decoding=&quot;async&quot; width=&quot;1920&quot; height=&quot;1021&quot; src=&quot;https://eligrubb.com/_astro/its-working.Dn6I395h_1vQS6P.webp&quot; srcset=&quot;&quot;&gt;&lt;/p&gt;
&lt;p&gt;Happy (C#) Hacking!&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;UPDATE 9/16:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;I finally learned how to do this with unit tests. And I feel rather silly now that I’ve been taught. Simply replicate my process but instead of selecting a console application, select the “Tests” category on the left and choose a Unit Test Application. Unit Tests are so much better than testing with a Console Application and I’m not looking back. But that’s mainly because of how silly I feel not knowing how to use unit tests before.&lt;/p&gt;</content:encoded><category>Notes</category><category>Programming</category><category>Testing</category><category>Software</category><category>archive</category><author>Eli Grubb</author></item><item><title>Hello World</title><link>https://eligrubb.com/writings/thoughts/2015/hello-world/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2015/hello-world/</guid><description>Hello World</description><pubDate>Mon, 07 Sep 2015 00:00:00 GMT</pubDate><content:encoded>&lt;h3 id=&quot;welcome-to-my-world&quot;&gt;Welcome to my world&lt;/h3&gt;
&lt;p&gt;On this blog I will be discussing things that either interest me or bug me. Mostly this will consist of software and general Computer Science issues, but there may be other things that crop up. I’m glad you could join me.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>Personal</category><category>archive</category><author>Eli Grubb</author></item><item><title>The Power of an Artist</title><link>https://eligrubb.com/writings/thoughts/2013/the-power-of-an-artist/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2013/the-power-of-an-artist/</guid><description>The Power of an Artist</description><pubDate>Thu, 01 Aug 2013 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;em&gt;October 9, 2018: This post is an old draft of mine on Medium, written sometime in mid-2013. It has now been moved here, for the record and your groans.&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;I have recently become interested in what an artist is. I maybe even slightly thought I could be one.&lt;/p&gt;
&lt;p&gt;But, how?&lt;/p&gt;
&lt;p&gt;So, I looked up the definition of artist: &lt;em&gt;“a person who produces works in any of the arts that are primarily subject to aesthetic criteria” or “a person whose work exhibits exceptional skill”&lt;/em&gt;.&lt;/p&gt;
&lt;p&gt;The thing is, that doesn’t satisfy me.Because, while I know that we all can be artists, and I know that we all could do work that &lt;em&gt;“exhibits exceptional skill”&lt;/em&gt;, true artists are not &lt;strong&gt;just&lt;/strong&gt; about showing off what they’ve done. They’re about much, much more.&lt;/p&gt;
&lt;p&gt;We are all contributing in one way. We all have to power to effect other’s lives, and even cause everlasting changes. But, once again, how? How can we do something that alters the very destiny of those around us? Because it’s only when we create something that makes a difference, that we can truly call ourselves an artist.&lt;/p&gt;
&lt;p&gt;One of my favorite artists once said:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;See life’s a beautiful struggle, I record it&lt;/p&gt;
&lt;p&gt;Hope it helps you maneuvering through yours&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Whatever our medium is, this is all we can do before we become an artist.&lt;/p&gt;
&lt;p&gt;Whether you’re a rapper, a singer, a musician,&lt;/p&gt;
&lt;p&gt;Whether you’re a painter, a sculptor, a sketcher,&lt;/p&gt;
&lt;p&gt;Whether you’re an author, a journalist, a writer,&lt;/p&gt;
&lt;p&gt;Whether you’re a politician, a speaker, a leader,&lt;/p&gt;
&lt;p&gt;Whether you’re a programmer, a CEO, a visionary,&lt;/p&gt;
&lt;p&gt;Whether you’re a architect, a fashion designer, or a wedding planner,&lt;/p&gt;
&lt;p&gt;&lt;em&gt;No matter who you are, or what you do:&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;You can be an artist.&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;As soon as your work becomes not about making the money, or making a name for yourself, but about the lives of the people who experience your work everyday, that’s how you know. That’s when you become an artist, and that is when you feel, and can exercise the power of one. They are powerful, I promise. The artists are the ones who will shape and effect the future of this planet. They’re the ones who you should be friends with. Or better yet, become an artist yourself.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>Personal</category><category>archive</category><author>Eli Grubb</author></item><item><title>If Only You Would Just Ask</title><link>https://eligrubb.com/writings/thoughts/2013/if-only-you-would-just-ask/</link><guid isPermaLink="true">https://eligrubb.com/writings/thoughts/2013/if-only-you-would-just-ask/</guid><description>If Only You Would Just Ask</description><pubDate>Mon, 29 Jul 2013 00:00:00 GMT</pubDate><content:encoded>&lt;p&gt;&lt;em&gt;October 9, 2018: This post originally appeared on Medium. It has now been moved here.&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;I adore my little 3-year old cousin Brooklynn. She has me wrapped around her little finger. She’s an adorable girl, and I’d do anything for her, but today I learned an important lesson from her.&lt;/p&gt;
&lt;p&gt;We were racing around my driveway, her on her cute little pink princess bike. Her mother, my aunt, calls to her, it’s time for her to come inside to eat dinner.&lt;/p&gt;
&lt;p&gt;As Brooklynn hops up and runs off towards her mother, I gently remind her that she needs to put her bike away.&lt;/p&gt;
&lt;p&gt;“Can you please put my bike away Eli?” she sweetly asks me.&lt;/p&gt;
&lt;p&gt;Of course I can. How can I say no to adorable little Brooklynn?&lt;/p&gt;
&lt;p&gt;And yet, as I walked away, carrying the pink princess bike, I consider what I had just done. Was I creating a spoiled personality, rotten and expected others to serve her? Was I making life too easy for her, leading her to expect everything to be done for her in life?&lt;/p&gt;
&lt;p&gt;Then something occurred to me. There was a key difference to our interaction then there was to those of one who is spoiled.&lt;/p&gt;
&lt;p&gt;She had &lt;strong&gt;asked&lt;/strong&gt; me to put the bike away.&lt;/p&gt;
&lt;br&gt;
&lt;hr&gt;
&lt;br&gt;
&lt;p&gt;All too often you worry about seeming out of hand. You worry about upsetting other people around you. It bothers you to think that your request, your needs could be a bother to someone else.&lt;/p&gt;
&lt;p&gt;But if you would just ask, whole worlds of possibility can open up to you.&lt;/p&gt;
&lt;p&gt;You should never be afraid to ask when you are in need of something.&lt;/p&gt;
&lt;p&gt;What’s the worst they can say? “No”?&lt;/p&gt;
&lt;p&gt;If you aren’t willing to ask others for help when you need it, you are going to be left carrying everything on your own shoulders. Why would you do everything by yourself, be forced to find your own out of the way solution to your problems, when a simple question, a plea for help can have it possibly solved so much quicker?&lt;/p&gt;
&lt;br&gt;
&lt;hr&gt;
&lt;br&gt;
&lt;p&gt;A 2008 study by US National Library of Medicine found that we as people are far too pessimistic when it comes to the success of asking:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;“People underestimated by as much as 50% the likelihood that others would agree to a direct request for help”&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Why are we so afraid, so determined that everyone is out to refuse us? As people, we cannot and should not get hung up on the idea that others don’t want to help us. We should want to help others, and at least hope that others want to help us.&lt;/p&gt;
&lt;br&gt;
&lt;hr&gt;
&lt;br&gt;
&lt;p&gt;The difference between being spoiled and being someone who is willing to ask for help, is that simple question. By asking that question, Brooklynn was showing that she wasn’t spoiled brat who expects everything to be done for her, but a polite girl who is willing to ask for help when she feels she needs it.&lt;/p&gt;
&lt;p&gt;At least I like to think so.&lt;/p&gt;</content:encoded><category>Thoughts</category><category>Personal</category><category>archive</category><author>Eli Grubb</author></item></channel></rss>