System Architecture

I’m thinking out loud here about how to get development rolling for MyTerms. Right now I see three pieces required for a proof of concept: Browser plugin Web (content management system, or CM…

How borrowing distributed systems patterns from Erlang creates maintainable, efficient terminal applications with independently managed regions.

My former colleagues and I wrote a detailed paper^dbms to better understand io_uring. This post is a concise, high-level overview aimed at systems engineers: It should help you...

A look at the ever-present drive to make software delivery faster and how it might break down various activity loops in organizations.

Embrace your API legacy, integrate your AI future. Naftiko turns API sprawl into a governed capability fabric that teams can depend on.

Pyodide compiles CPython to WebAssembly, letting developers run full Python directly in the browser without servers or installations.

Zero Trust is a security framework requiring all users to be authenticated, authorized, and continuously validated before being granted access.

A deep dive into building an ngrok-like tunneling system using Elixir/Phoenix on the server and Rust for the CLI. We explore the challenges of multiplexing HTTP requests over a single WebSocket connection, the elegance of Phoenix Channels, and how the BEAM's real-time capabilities make this architecture surprisingly simple.

Fred Brooks's classic book The Mythical Man-Month was published 50 years ago. It was hugely influential on the then-nascent discipline of software development. How does it stand up today?

Salvatore Zappalà's Weblog

Yesterday, the Bazel team at Google did not have a very Merry Boxing Day. An SSL certificate expired for and as shown in this screenshot from the github issue. This expired certificate apparently b…

CVE-2025-14847 allows attackers to read any arbitrary data from the database's heap memory. It affects all MongoDB versions since 2017, here's a simple explanation:

Much of the data on the Internet is shared using a simple format called JSON. JSON is made of two composite types (arrays and key-value maps) and a small number of primitive types (64-bit floating-point numbers, strings, null, Booleans). That JSON became ubiquitous despite its simplicity is telling. { "name": "Nova Starlight", "age": 28, "powers": … Continue reading JSON-complete data formats and programming languages

In the early 2010s, a simple tool thrown together by a lone programmer ignited an explosion of anti-censorship activity. Over the next decade, that simple tool–Shadowsocks–spawned a vast ecosystem of tools and techniques, developed by thousands and relied on by millions. We’ll need a firm grasp on how Shadowsocks works under the hood to better […]

This article aims to express the mental model that I have built over the last few years for thinking about human-computer interfaces, software, and how we might produce a step-function increase in building and using software. A new way to program, if you will. Note that this is more of a mental-model/philosophy than a falsifiable scientific theory, and not fundamentally novel. For many years I have been searching for an idea to work on within software that is deep, impactful, personally fulfilling, and one that enables a massive business to be built on top of it.

A design technique leading to a more predictable, composable, and maintainable code.

Most books and courses introduce Linux through shell commands, leaving the kernel as a mysterious black box doing magic behind the scenes. In this post, we will run some experiments to demystify it: the Linux kernel is just a binary that you can build and run.

After having spent the better part of 2 weeks learning Linux’s cgroup (control group) concept, I thought I better write this down for the next brave soul. 🦸

An interesting anecdote from this month's Linux Plumbers Conference in Tokyo is that Meta (Facebook) is using the Linux scheduler originally designed for the needs of Valve's Steam Deck..

This document defines a collection of common data types to be used with the YANG data modeling language. It includes several new type definitions and obsoletes RFC 6991.

Tales of two pages… What's the difference between these two pages?: https://www.example.com/ https://www.example.com/?utm_source=email I mean they've got different URLs, but many of us would probably guess that that utm_source URL query parameters (or "URL params" or "search params" as it's

Accessibility programming doesn't feel accessible, and this needs to change.

Improving Package Management & Security for Linux systems. (Dev: @pkgforge-dev | Communtity: @pkgforge-community | Security Research: @pkgforge-security) - Package Forge