Blog posts and open-source work



  • Security software engineer
  • david@tweedegolf.com

David was once one of the core developers of identity wallet IRMA. Currently David is the lead developer for the Rust implementation of the Network Time Protocol, ntpd-rs. He is also working on the other component of the Pendulum Project, the Rust implementation of the Precision Time Protocol called Statime. And let's not forget his considerable contributions to the Verder Helpen platform, which provides authentication services to local governments.

Obviously, David is a privacy and security expert. He isn't only experienced though; he is also friendly, broadly interested and meticulously analytic. Present him with a complex problem and he will get to the heart of the matter in no time. Did we mention that David is also a highly skilled cryptographer...?

David combines his work for Tweede golf with a PhD in physics. In his spare time, he plays the piano and likes to show his competitive side in programming contests. For example, he attended the World programming championships for students.

PTP was originally designed for networks in which all devices were ultimately trusted. In version 1, no security mechanism was present, and version 2 only provided an experimental mechanism. However, with version 2.1 of the PTP standard (IEEE 1588-2019) there is now a normative security mechanism in section 16.14.
Messing around with people's clocks can be a great source of practical jokes. Even nowadays, with many people getting their time digitally, this is not as impossible as you might think. (And the month of April, with the switch to summer time and April Fool's Day, provided the perfect timing for this experiment, of course...)
I was invited by OCP-TAP to join them in their 87th Project Call to talk about Pendulum, our Rust implementations of NTP and PTP. The recording of this call on 8 Nov 2023 is now available.

Open-source work

Show all


ntpd-rs is an open-source implementation of the Network Time Protocol completely written in Rust, with a focus on exposing a minimal attack surface. This video explains how ntpd-rs brings NTP into the modern era.

The project was initially funded by ISRG's Prossimo, as part of their mission to achieve memory safety for the Internet's most critical infrastructure. The NTP initiative page on Prossimo's website tells the story.

ntpd-rs is part of Project Pendulum. In July of 2023 the Sovereign Tech Fund invested in Pendulum, securing development and maintenance in 2023, and maintenance and adoption work in 2024.


Statime is an initiative of Tweede golf, an open-source implementation of the Precision Time Protocol (PTP) in Rust.

High-precision timing is part of crucial networking infrastructure. With Statime we provide a memory-safe alternative for existing implementations.

The first milestones of the project were kindly co-funded by the NLnet Foundation.

Statime is part of Project Pendulum. In July of 2023 the Sovereign Tech Fund invested in Pendulum, securing development and maintenance in 2023, and maintenance and adoption work in 2024.





Rust library for interfacing with IRMA servers.

IRMA is a set of free and open-source software projects implementing the Idemix attribute-based credential scheme, created by the Privacy by Design Foundation.

It allows users to safely and securely authenticate themselves as privacy-preserving as the situation permits.


For ID Contact we researched the possibilities of digital identification: how can residents organize their personal government affairs in a simpler and more reliable way? By telephone, via chat or via a video call.

The ID Contact innovation pilot is a collaboration between the municipalities of Arnhem, Nijmegen and the Drechtsteden and knowledge partners such as the Tax Authorities and iHub (Radboud University).

Within the ID Contact team we developed the software that makes secure digital identification possible.