[new blog post]
TLA+ as a Design Accelerator: Lessons from the Industry
muratbuffalo.blogspot.com/2026/03/tla-...
10.03.2026 21:33
π 13
π 3
π¬ 0
π 0
[new blog post]
TLA+ as a Design Accelerator: Lessons from the Industry
muratbuffalo.blogspot.com/2026/03/tla-...
i like the solution of explicitly stating the security model because it makes the expectations clear. and i think overall open source security response (having done it myself) is much less stressful if non critical stuff is just bugs rather than "oh no a cve, hair on fire".
yeah, to be clear, i want this protocol to succeed: not having indices is nice and i generally feel like avro is quite nice overall (and certainly has a better Haskell impl than protobuf), but i just accidentally found these impl issues that any of us could have written.
enormously hot take: the reason a bunch of midwit software dev people are in their feels about agentic tooling is that it proves that good requirements specification and technical project management were the hard problem it's important for a human to be able to solve all along, not Codingβ’
Pauly Walnuts very seriously telling someone that βitβs called Broad daylight because women light up the worldβ
international womenβs day
*looks inside* claudeslop readme
*closes tab*
we just live in hell where vendors want to build moats, but MCP itself has done progress on this interop that nobody has done before, just in a very dumb way
incredible. that's so much fail
you *can* just do this actually :) we yolo'd "prs should ideally be 300 lines or less" into there hehehe
concept: put safety ii propaganda in AGENTS.md
lesbians are soooo cool goddamn
curious about siso here actually: does it do the same thing? does it just not have observability? what's up with this
i did this to glean.software, gave it the spec and the schema and a repl and it wrote the query i wanted. i had it expand from a single example to a more generic query.
makes me think about the work with m1n1 on the asahi project. if you can sandbox the gremlins in your computer and have a target that isn't especially breakable, it's very believable.
an artwork by Spindle of the character Ottilie, a human with brown hair tied up a bun, wearing a black turtleneck, green cardigan, and yellow socks. Sitting in the "Bad Girlfriend Box." Because she ate all the cookies
the girlfriend punishment box
yeah i was gonna say, you could totally fuck this up without ai. it's a pretty classic infra mishap, alas.
i have had the lesson burned into me that if tfc plans imply divergence you need to lock the workspace and call up someone who knows why.
thinking about the word "manel" but what about "marchitecture review board", "mboard of directors"?
is this anything
you might enjoy looking at mkosi, which i think is basically a test runner and a systemd tech demo in a box :)
OH: we know the worst its gonna do is waste memory, and as any haskeller knows, allocating memory is not a side effect!
holy fuckin shit lmao
a supply chain attack perpetrated by a prompt injection in a github ISSUE TITLE
eh. coding agents? what could go wrong
TL;DR: apache avro RPC: looks actually pretty cool! just don't attach any of the official implementations to the public internet, they are not designed for possibly-malicious input.
CAPEC-141: Cache Poisoning, CWE-345: Insufficient Verification of Data Authenticity, CWE-602: Client-Side Enforcement of Server-Side Security
Bonus bug: clients can allocate 4gb if they want, for fun!
github.com/apache/avro/...
code which naively accepts whatever the client gives you:
github.com/apache/avro/...
2009 bug report: "WONTFIX, implementing canonical json cross language is hard" issues.apache.org/jira/browse/...
note this is fixable by the server simply hashing the client input and discarding the given hash.
full disclosure of an @apache.org avro rpc DoS vulnerability:
handshake with clientHash = victim-protocol's-hash, serverHash = whatever, clientProtocol = wrong-protocol
server now has a poisoned cache for the victim proto hash if they have not yet connected to the server, cannot deserialize it
omg. i need safety ii propaganda.
glean is not a sourcegraph alternative but merely a part of one. you need a symbol naming format and so you really need to run a glass service as well. and then you have to write an entire web ui, but you still need zoekt for text search. it's a whole project. i want to. just. lots of stuff to do.
remote build execution via the bazel protocol is real and fun. there's some hacks for supporting it with nix by making kinda evil docker images. currently everything is local but it will change.
