wchan, and thinking beneath the syscall

Wrangling wayward event loops with Linux perf and eBPF

Digital signatures are free-range rows

An oncall meta-runbook

Your security is only as good as you can prove

Distributed hash ring maintenance

An application should sit in a deep dark hole

Shimming S3

Should all databases be shard-per-core?

A good database is a stateless database

Software artifacts: hash, don't sign

Isolation of libraries is surprisingly easy

Don't build "The Vault"

Why Kubernetes failed

Queueing theory for the working software engineer

JIT access considered harmful

A hierarchy of enclaves

VPN rots your brains

Nonces are bad and we should stop using them

The single version rule is good for Google and bad for you

Don't use golden images. Do this instead.

Don't trust aws:SourceIP!

But actually, how do flamegraphs work?

Observations about S3

Contracts do not bind

Safer S3 signed URLs

Security tiers considered harmful

iostat's %util is wrong

Why bother with immutable infrastructure?