miniblog.

← Back to all posts
Apr 23, 2018 at 22:13
Finding a security bug in CouchDB due to different JSON libraries interpreting repeated keys differently!
Remote Code Execution in CouchDB
tl;dr There was a vulnerability in CouchDB caused by a discrepancy between the database’s native JSON parser and the Javascript JSON parser used during docum...

Related Posts

Dec 31, 2025 at 08:29
7
Igalia's post on self-hosting CI runners is a masterclass in build engineering. It shows dealing with weird API constraints, but still finding good designs. I also learnt that some CI systems use OCR on Apple's installers to automate!
Web engine CI on a shoestring budget
Web engine CI on a shoestring budget
How we built a CI runner orchestration system that halved Servo’s build times for only 300 EUR a month.
Feb 4, 2025 at 16:32
I've just squeezed another 5% of performance out of difftastic by finding a few HashSet values that weren't FxHashSet. I do wonder whether hash DoS resistance is a good default. Sure, Rust programs are often pretty fast anyway, but it feels like a different threat model to the rest of Rust.
Oct 22, 2024 at 07:10
Whilst LLMs don't always give an accurate answer, the UI is really compelling. I keep finding users whose favourite way of doing research is an LLM.