Blog posts and open-source work



  • Co-owner & Lead developer

Marlon is co-owner of Tweede golf and our lead developer. He has a background in computer science (MSc in Digital ​​Security) and over 10 years of experience in building a wide range of applications, from front-end web development to systems programming. You can rely on him to always deliver software quickly, and inspire his team members through leading by example.

His remarkable prototyping skills, going from idea to polished implementation at an insane pace, have made him the regular winner of Tweede golf hack days. His favourite projects allow him to do full stack development: from design and frontend to backend and operations.

His recent work includes sudo-rs, the memory-safe implementation of sudo, Krill, an RPKI Certificate Authority, and his pet project Mailcrab, an email test server for development.

The number of data centers worldwide is constantly increasing, and so is their electricity consumption. One way to become more power-efficient is certainly the constant development of better hardware, but we as developers should do our share. This post shows how coding in Rust can help to use existing resources more efficiently, to help preserve our planet — at least a little bit.
Thanks to funding from NLNet and ISRG, the sudo-rs team was able to request an audit from Radically Open Security (ROS). In this post, we'll share the findings of the audit and our response to those findings.
Just because we're engineers, doesn´t mean we build ALL our applications ourselves. But sometimes inspiration hits and good things happen. So our company planner is now canvas-rendered, has a Rust backend and works like a charm.

Open-source work

Show all


Sudo-rs is a memory safe implementation of sudo and su, a project by Prossimo jointly implemented by Ferrous Systems and Tweede golf.

Read more in this blog post.


MailCrab is an email test server for development, written entirely in Rust.

MailCrab was inspired by MailHog and MailCatcher. It uses Axum for the backend and Yew for the frontend.


ntpd-rs is an open-source implementation of the Network Time Protocol completely written in Rust, with a focus on exposing a minimal attack surface. This video explains how ntpd-rs brings NTP into the modern era.

The project was initially funded by ISRG's Prossimo, as part of their mission to achieve memory safety for the Internet's most critical infrastructure. The NTP initiative page on Prossimo's website tells the story.

ntpd-rs is part of Project Pendulum. In July of 2023 the Sovereign Tech Fund invested in Pendulum, securing development and maintenance in 2023, and maintenance and adoption work in 2024.


Developed by Ruben, RP1 is a procedural macro that generates a set of useful basic CRUD (Create-Read-Update-Delete) endpoints in a REST-like API with JSON output.

Check out the blog post RP1: an experimental Diesel-based CRUD for Rocket, for more.


TGuard is a web-based sending and decrypting service for irmaseal-encrypted messages that is currently in development at Tweede Golf.

TGuard utilizes IRMA to allow a user to encrypt messages client-side. These messages can be decrypted client-side once the receiver proves to be the owner of attributes the message was encrypted for, like an e-mail address, name, or an identifying number.


For ID Contact we researched the possibilities of digital identification: how can residents organize their personal government affairs in a simpler and more reliable way? By telephone, via chat or via a video call.

The ID Contact innovation pilot is a collaboration between the municipalities of Arnhem, Nijmegen and the Drechtsteden and knowledge partners such as the Tax Authorities and iHub (Radboud University).

Within the ID Contact team we developed the software that makes secure digital identification possible.

Cloud storage abstraction for Node.js

Developed by Daniel, storage-abstraction provides an abstraction layer for interacting with a storage; this storage can be a local file system or a cloud storage. Currently local disk storage, Backblaze B2, Google Cloud and Amazon S3 and compliant cloud services are supported.

Also see the related blog post, Cloud storage simplification and abstraction for Node.js or give the npm package a try.