I was invited by OCP-TAP to join them in their 87th Project Call to talk about Pendulum, our Rust implementations of NTP and PTP. The recording of this call on 8 Nov 2023 is now available. At the GOSIM Conference in Shanghai, last September, I had the opportunity to talk about ntpd-rs, our project implementing the Network Time Protocol. About one year ago, Tweede Golf announced "Statime", a Rust implementation of the Precision Time Protocol (PTP). The result of that first phase was a working proof of concept. Quite a bit has changed since then. Thanks to funding from NLNet and ISRG, the sudo-rs team was able to request an audit from Radically Open Security (ROS). In this post, we'll share the findings of the audit and our response to those findings.
One of the hot topics in software security is memory safety. This article covers two questions: What is it? And why do we think it is worth investing in?
At Tweede golf we are convinced that if software is written in Rust, it will be more robust (compared to legacy languages such as C, C++ or Java), and more efficient (compared to code written in PHP or Python and again, Java).
In order to get more robust software out there, we have to get Rust code running on computers of people who are not themselves Rust developers.
We're proud to announce that 5 October 2023 marked the first stable release of ntpd-rs!
Just because we're engineers, doesn´t mean we build ALL our applications ourselves. But sometimes inspiration hits and good things happen. So our company planner is now canvas-rendered, has a Rust backend and works like a charm.
Rust is maturing and every year more software is being made with it. In fact, Rust can be used as a competitor to C. In this article I will argue that this is now also the case for embedded Rust!
When we first introduced Rust 101 to you on our website, preparations for its first run where in full swing. The action started in February 2023; 20 students of the Faculty of Informatics and Information Technologies of the Slovak University of Technology in Bratislava followed 9 lectures and 9 tutorials, and worked on their own rust project to round off the course. The course was completed in May. Sovereign Tech Fund will support our effort to build modern and memory-safe implementations of the Network Time Protocol (NTP) and the Precision Time Protocol (PTP). The latest release of ntpd-rs compiles on several new targets: the FreeBSD and macOS operating systems now work, and ntpd-rs now supports musl libc on Linux. The PRs adding support for these platforms are all community contributions, which is very exciting. A while ago, in 2020, I wrote a blog post similar to this one. Sure, it has a bit of a clickbait-y title, but it couldn't be more accurate. At the time I was full of amazement about the way Rust tackles embedded software development. I forsaw great things for Rust's future, even though Rust and its ecosystem were yet not quite mature. We're 3 years further down the road right now, which is like 300 Rust years as Rust is progressing fast. About time for an update! In April 2023 Wouter (left in picture) and I and went to Paris to attend CYSAT, a conference about cyber security for the space industry. We met up with our client GAMA's Chris de Claverie (right in picture). Wouter and Chris (and also Dion) had been working together for months and teamed up to explain to the audience how and why they were putting Rust in space. In March/April 2023 ntpd-rs underwent a security audit. The audit was executed by Radically Open Security and funded by NLnet Foundation. The audit did not uncover any major issues, but did help us make ntpd-rs more robust. It has been extremely valuable to have someone from outside of the development team look at the code in detail.
Since I joined Tweede golf as the security lead, I’ve had the chance to work on improvements regarding security and privacy for all projects, as well as for the organisation in general.
At RustNL 2023, a Rust conference held in Amsterdam recently, I had the opportunity to talk about ntpd-rs, our project implementing the Network Time Protocol.
For some time, we have been quietly laying the groundwork for a new implementation of sudo in Rust. Now we are excited to talk about it!
This article is an adaptation of the original, published by Prossimo.
We're happy to announce that the Internet Security Research Group has officially made us the maintainers of the open-source memory-safe implementation of NTP,
ntpd-rs. As such, we are now also looking for early adopters.
The implementation includes a server and client, as well as full support for Network Time Security (NTS), which brings encryption and greater integrity to time synchronization. Timing is precise and stable, as reflected by excellent performance in the NTP pool.
NLR, Royal Netherlands Aerospace Centre, invited embedded lead Dion to explain the benefits of programming in Rust to the company.
While working on the Roc compiler, we regularly dive deep on computer science topics. A recurring theme is speed, both the runtime performance of the code that we generate, as well as the performance of our compiler itself.
One extremely useful technique that we have been playing with is data-oriented design: the idea that the actual data you have should guide how code is structured.
MailCrab is an email test server for development, written entirely in Rust.
TrustZone-m is a technology by ARM that allows you to create a Trusted Execution Environment (TEE) in your software. You can use it for example to keep your encryption keys secret or to separate a big vulnerable networking stack from your own code.
Over the last three months I've been working on a set of crates (Rust libraries) with the aim of making the usage of TrustZone-m a lot easier.
Not all Tweede golf projects are about deep technical challenges. Today, we’d like to talk about a project called Mindsort, to show what this fun project is about and also to give some insight into how we collaborated closely with a university research institute.
Imagine you've just deployed an embedded device in the world and of course, you have tested it thoroughly and it works. To monitor the device, you've set up some logging.
During the Rust meetup titled "Run Rust Anywhere" in Utrecht, August 2022, Dion talked about his Embedded Rust work.
In 2009 Rust was a new language. In 2022 that isn't true anymore. Nor does Rust have anything to prove. It's made it to the Linux Kernel, and Microsoft have dubbed it "the Industry’s Best Chance at Safe Systems Programming".
Our year in Rust
A company-changing year in a short story,
begins with a thank you, for this new-found glory.
We want to be clear in this prelude,
It is to Rust we owe our gratitude.
I’ve organized a couple of Rust meetups in The Netherlands this year, and last was not least. On Nov 30 we had four very interesting talks and a cool crowd at the Rust in critical infrastructure meetup in Amsterdam. A round-up.
Google recently published a blog article and paper introducing their SIMD-accelerated sorting algorithm.
SIMD stands for single instruction, multiple data. A single instruction is used to apply the same operation to multiple pieces of data. The prototypical example is addition, where one instruction can do e.g. 4 32-bit additions. A single SIMD addition should be roughly 4 times faster than performing 4 individual additions.
This kind of instruction-level parallelism has many applications in areas with a lot of number crunching, e.g. machine learning, physics simulations, and game engines. But how can this be used for sorting? Sorting does not involve arithmetic, and the whole idea of sorting is that each element moves to its unique correct place in the output. In other words, we don't want to perform the same work for each element, so at first sight it's hard to see where SIMD can help.
To understand the basic concepts, I played around with the ideas from the paper Fast Quicksort Implementation Using AVX Instructions by Shay Gueron and Vlad Krasnov. They provide an implementation in (surprisingly readable) assembly on their github. Let's see how we can make SIMD sort.
Pioneering Rust in the high-tech industry!
Together with High Tech Software Cluster, we organized an event to showcase Rust’s strengths and safety features to tech companies in the Brainport region in the Netherlands.
For the last couple of months we at Tweede golf have been working on implementing a Network Time Protocol (NTP) client and server in Rust.
The project is a Prossimo initiative and is supported by their sponsors, Cisco and AWS. Our first short-term goal is to deploy our implementation at Let's Encrypt. The long-term goal is to develop an alternative fully-featured NTP implementation that can be widely used.
When conducting a penetration test (also known as a hack test) on a website, one of the first things that will catch my eye is the configured (or better, not-configured) security headers on the targeted website. Security headers are a defense-in-depth measure, in the form of response headers, that let the browser know what is allowed and what is not. Browsers will respect the rules defined by these headers and thereby protect visitors from client-side attacks and potentially leaking sensitive information.
For the last couple of months, we've been working on a Rust implementation of the Precision Time Protocol called Statime ("statim" is Latin for immediately), and we're proud to announce the completion of the first phase of the project.
When iHub's Bernard van Gastel asked us to help them start with Rust, we were somewhat surprised by their bold step but absolutely happy to assist. In this article we'll describe how we went about designing a workshop for the iHub team.
It is no secret that we at Tweede golf love Embedded Rust, you can read about it in our other blog posts. But we thought it'd be fun to hear from the community too!
Last September, at the start of my internship at Tweede Golf, my tutors gave me a LoRa-E5 Dev Board. My task was to do
something that would make it easier to write applications for this device in Rust. Here's what I did.
When you enabled Google Analytics (GA) on your website maybe you thought "I don't really have another viable option". Or maybe you thought "the negative effect on my visitors isn't that bad, is it?"
Both are relatable, but recently Data Protection Authorities have put GA under a microscope and concluded it actually is pretty bad. Some things in GA violate the GDPR. Apart from the question of whether it is legal or not, the fact that your visitors are tracked across the internet - we feel - is just awful. And, as it turns out, you do have options.
Over the past months, we have worked with Scailable to optimize their neural network evaluation. Scailable runs neural networks on edge devices, taking a neural network specification and turning it into executable machine code.
It's time for another technical blog post about async Rust on embedded.
This time we're going to pitch Embassy/Rust against FreeRTOS/C on an STM32F446 microcontroller.
Let me introduce myself, I'm Dion Dokter, 24 years old (as of writing) and the newest member at Tweede golf (TG). I've always been into computers and started writing desktop software and games in 2013, embedded software in 2015, and started with Rust in 2019.
In our last post, we've seen that
async can help reduce power consumption in embedded programs. The async machinery is much more fine-grained at switching to a different task than we reasonably could be. Embassy schedules the work intelligently, which means the work is completed faster and we race to sleep. Our application actually gets more readable because we programmers mostly don't need to worry about breaking up our functions into tasks and switching between them. Any
await is a possible switching point.
Now, we want to actually start using async in our programs. Sadly there are currently some limitations. In this post, we'll look at the current workarounds, the tradeoffs, and how the limitations might be partially resolved in the near future.
Previously we talked about conserving energy using async. This time we'll take a look at performing power consumption measurements. Our goal is first to get a feel for how much power is consumed, and then to measure the difference between a standard synchronous and an async implementation of the same application.
Most of our web applications use either Node.js or Symfony for their server-side part. Both offer a lot in terms of productivity. But every now and again, when you look at the computing power used or the amount of time a simple HTTP request takes, you can't help to think "what if..?".
Sending documents over the internet can be a pain. Email providers generally support attachments with a maximum size between 10 and 50 MB, for larger files one would need to find another way. Most people would probably use one of the many public cloud or file sender solutions. But what if the files to be sent contain personal information, medical information or are private family photos? And how do you know that only the recipient can access and download these files?
CI/CD (continuous integration/continous deployment) is a proces where developers integrate new code into the main branch in regular intervals (preferably several times per day). Using CI/CD allows us to get up to a quick iteration pace and gives us a way to gather feedback quickly.
To more effectively write Embedded Rust applications, we want a clearer picture of two aspects: how can we ergonomically perform multiple tasks concurrently, and how can we exploit low-power modes to save energy. In the coming weeks, we want to write a small but non-trivial application that communicates with 2 sensors, uses async, and uses the low-power modes to conserve energy.
In embedded systems, energy efficiency is crucial for practical applications. Usually devices run on a battery, so the less energy you use, the longer the power supply will last. In this post we'll look at the basics of going to sleep and waking back up, and build a proof of concept using the nRF52840 development kit.
It is common wisdom that one should avoid implementing their own cryptography if at all possible. This is generally good wisdom as writing correct cryptography code can be very tricky and takes quite a bit of time to get done right.
As owner and technical lead of our company I'm very motivated to keep up to speed with all new developments and to continuously innovate our tech stack. Nevertheless, every once in a while I find myself lacking in in-depth, hands-on experience in languages and tools I really want to be on top of. At that moment, I know I need to hit pause and take the time for a deep dive, in the form of a personal learning project.
You might have seen the logo above on your identity card or passport. If you have it on there, then your card contains a NFC chip that allows it to be read by a computer. This way airport customs is supposed to more securely determine if your passport is really yours. But of course we could also try to read it ourselves with our own NFC reader.
David is Tweede golf's newest addition, and not just any addition, he combines his work as a software engineer with a PhD in theoretical high energy physics. Specialized in the field of privacy and security, David brings a lot of knowledge to the team. For 2021 we were on the look-out to strengthen our expertise in this domain. David joining the team is just that!
KubiKey as a project started out with one main goal: streamline and make more secure the process of accessing the kubernetes cluster used by Tweede golf.
Welcome to the age of communication. It's 2021 and technology has come a long way. People, large machines and small devices communicate more intensively than ever before, and many technologies to enable them to do so have been developed. Some of those technologies use physical pathways like fibreglass to reach their receivers, others use radio signals to send messages. It's these wireless communication technologies that spark the imagination the most.
Concurrency isn't easy and implementing its primitives is even harder. I found myself in need of
some no-std, no-alloc Rust async concurrency primitives and decided to write some. I kept the
scope small so even you and I can understand it. Even so, it still involved futures, wakers,
atomics, drop and unsafe. I'll introduce each of those to you while building a simple primitive.
At the end, you will be able to implement your own primitives!
With the current pandemic situation, it is hard to hold meetings at an appropriate and safe distance. Looking for secure alternatives, our local city government approached Tweede golf with developing a novel authenticated variant of videoconferencing, with the intention of holding city council meetings using this solution.
Recently, we worked on an embedded (STM32) project in Rust
and we got some hands-on experience with
the abstractions commonly used for that.
embedded-hal, which offers abstractions related to
timing, GPIO pins and
common communication peripherals like SPI and USART.
There's also multiple
which offer abstractions over
most of the peripherals of different STM32 CPU families.
Although many of them were nice to use,
we found some parts to be lacking
and we'd like to propose some potential improvements
embedded-hal and its implementing crates.
If one person at Tweede golf is a Rustacean, it’s definitely Wouter. Whether it’s about web, embedded, or even games: he tried it. And probably not just tried it, but prototyped, created, documented, presented, and nailed it. Just take a look at Wouter’s GitHub page.
He’s also engaged in the Rust community as an organizer of RustFest, member of the Dutch Rust foundation, and as maintainer of several open-source crates. He believes that Rust is well on its way to perfection.
Lars started at Tweede golf about a year ago. We lured him in with the prospect of working on a cool embedded project in Rust. Since then he clocked a lot of Rust hours on it and on a research project we are running. Still, he manages to astound us with critical notes on Rust. Rightly so? Let's just say interviewing a functional programming purist like Lars gives us a lot of new perspectives around Rust.
Marlon is the rookie at Tweede golf, joining us a few months back. He started out with Rust not too long ago and is therefore the guy to talk to about his learning experience with Rust.
Ruben has experience with a lot (and I mean a lot) of programming languages. When I asked which ones, he could name 21 off the top of his head. He loves experimenting with them, seeing what each can and can’t do. What makes a language unique? What can one language do better than the other? Why was Ruben the one to first evangelize Rust within Tweede golf? Let’s ask him!
The Dutch government offers the AHN [](https://www.ahn.nl/) as a
way to get information about the height of any specific place in the country.
They offer this data by using a point cloud. That is, a large set of points
with some additional meta information. With the current version of the AHN the
resolution of the dataset is about eight points per square meter. This results
in about 2.5TB of compressed data for the relatively small area of the
Netherlands. While this is something that is not impossible to store locally,
it does offer some challenges.
First-up is Henk Dieter, backend developer at Tweede golf. He has been interested in Rust for quite some time. Actually, it’s how Henk Dieter found out about Tweede golf, as it was one of the first companies in the Netherlands to adopt Rust as their weapon of choice.
In June 2020 Rust was voted Stack Overflow's Most Loved language for the 5th (!!!) year running. Stack Overflow is a leading resource for developers and its yearly developer survey the primary source for developers' preferences.
Typically embedded devices are developed using C++. At Tweede golf we have chosen to use Rust instead for implementing our embedded devices. This is controversial as the embedded hardware field is generally quite conservative. Convincing our clients to adopt Rust for their products can be a challenge.
The API documentation of cloud storage providers can be quite intimidating. If you are simply looking for a few straight forward storage actions these extensive APIs might seem a bit overkill. Another hurdle is that storage providers define their own distinctive APIs.
Rust is nice for a lot of things. At Tweede golf we've been using the language primarily for high-performance web applications. But that's not all Rust can do. Rust can be used to write embedded applications as well.
The point of setting up a miniservice architecture is to enable horizontal scaling, improve reusability and to speed up development by separating each domain into an independent application. Miniservices depending on a database pose a number of challenges. We'll explore a couple of them.
Embedded software has an issue that most software doesn't: It can be very hard
to get it patched. Sometimes a device hangs 5 meters high on a street light in
the middle of a highway in another country. Sometimes a device is attached to a
customer's heart. Sometimes strict validation requirements make changes to the
software very expensive. In each case it is important to build software that
doesn't fail, even in unpredictable conditions.
Imagine this: you have made the wise choice of taking the monolith-first approach, setting up an application. You have read my previous article about the pros and cons of miniservices. And now, the time has come to start the transition to a miniservice architecture. How do you go about that?
De verhouding tussen groen (bomen, struiken, gras) en grijs (bebouwing, tegels, straat) is door de jaren heen verslechterd, met name in de steden. Weinig groen kan voor veel problemen zorgen, zoals slechte opname van regenwater en het lang vasthouden van hitte waardoor het in de stad een aantal graden warmer is dan daarbuiten.
Tweede golf has built quite a few big web applications over the last ten years. One of our specialties being the development of Symfony applications, some of these applications have become massive, with a lot of separate functionality baked into a single monolith. For now, this situation is being contained as we've been strict about minimizing technical debt. In practice, however, it's extremely hard to completely avoid accumulation of technical debt, which is one of the reasons we have started looking into introducing microservice architectures into our projects.
One of our clients helps companies in becoming GDPR-compliant. A goal is to recognize sensitive pieces of user data in a big pile of registrations, receipts, emails, and transcripts, and mark them to be checked out later. As more and more data is collected by companies, finding and eliminating sensitive data becomes harder and harder, to the point where it is no longer possible for mere human employees to keep up without assistance.
At Tweede golf, we’ve been visiting meetups and conferences throughout the years. As we have high hopes for Rust, and a strong personal adoration for the language, we decided on hosting our own Rust meetup and starting a Rust Nijmegen group.
We often get the question how productive working with Rust is. "We know that it is awesome, but isn't it hard to learn? Don’t you struggle with the borrow checker?".
Well, we put it to the test in Google's Hash Code 2019 programming competition.
At Tweede golf I've been working with Rust a lot lately. My interest in Rust has been there for years, so I was very happy to start applying it in my working life, about a year ago. Since then I have worked with Rust both for our clients as well as employing it for our operations setup. I have also experimented with Rust for web . Until now however we did not contribute to the Rust ecosystem. About time that we get our feet wet and publish our first crate!
Wat is over 5 jaar het winnende open source webplatform? Inmiddels begint PHP - ondanks PHP7 - zijn ouderdom te tonen. Alternatieven als NodeJS zijn wel werkbaar, maar in lang niet alle scenario’s geschikt. We vertellen je graag waarom wij denken dat Rust de nieuwe speler kan worden voor high-performance applicaties op het web.
Client-side rendering versus server-side rendering. Wat zijn de voor- en nadelen van beide methodes en hoe kun je het beste uit beide combineren? En wat zijn hiervan de consequenties op verschillende niveaus?
We all want our 3D visualisations to be as real as possible. A basic premise seems to be that they adhere to the laws of physics. No small feat! Or is it?
We decided to give it a go during a two-day programming contest. Our team's idea was to develop a web-based game where the user cycles around and has to avoid crashing into cars. To create the game, we needed a physics engine.
In 2014 we won an innovation grant from the province of Gelderland based on our proposal to provide 'intelligent' gardening advice to users of Draw Your Garden (Dutch: Teken Je Tuin). We created this web application for one of our clients and we have been gradually expanding it since its release. In the app users can both design their garden and view it in 3D as well as order products and contact gardeners, who in turn can submit proposals based on the users' design.
The Collada format is the most commonly used format for 3D models in Three.js. However, the Collada format is an interchange format, not a delivery format.
Follow up post on point light shadows in Three.js.
At tweede golf, we value innovation: we take the time to research new technologies and subsequently challenge ourselves to try out these new techniques in order to discover new applications. We also like to learn by doing: build something first, ask questions later.
For a research and development project we created a small garden environment in which you can place lights. The objective was to visualise what your garden would look like during the night, beautifully lit according to your personal light design.
In this post we create a first person 3D setting, and we use rotations to accomplish this.
Let's start simple. Our first WebVR application is a big cube in Threejs and a simple 3D scene floating inside that cube. The 3D scene consists of a transparent floor with a few simple rectangular shapes placed on it.
The history of virtual reality (VR) dates back to the 1950's. Since then, a lot of - sometimes quite exotic - devices have been developed.