Blog

Tech blog on web, security & embedded

April 15, 2024

Save the planet, code in Rust

The number of data centers worldwide is constantly increasing, and so is their electricity consumption. One way to become more power-efficient is certainly the constant development of better hardware, but we as developers should do our share. This post shows how coding in Rust can help to use existing resources more efficiently, to help preserve our planet — at least a little bit.

web-development why-rust rust

March 7, 2024

Sudo-rs dependencies: when less is better

When sudo-rs development started, we added several dependencies using Rust’s crates ecosystem to quickly ramp up development. During development we accrued approximately 135 transitive (direct and indirect) dependencies. Once this was identified, we managed to reduce our total dependencies down to three. In this blog, we explain why and how we did this.

open-source security rust

March 1, 2024

“Software must become safer,” but how?

Our tagline reads “Software must become safer”, and for good reason; We feel very strongly about this. But it does lead to the obvious and fair question: “What exactly do you do to ensure that the software your teams produce is safe and secure?”

development security why-rust memory-safety

February 28, 2024

Teach-rs: Rust 101 evolved

At the end of 2022, we announced the creation of Rust 101, a university course that introduces students of computer science to Rust. Initially, the course was created for the Faculty of Informatics and Information Technologies at STU Bratislava (FIIT), but from the start we've wanted to create an open-source, modular and reusable set of teaching resources. Having now achieved that milestone, it is time for a new announcement: Rust 101 has evolved to teach-rs.

open-source education rust

February 26, 2024

Rust in Production at Tweede golf (podcast)

In February of 2024, I was invited by Matthias Endler of Corrode to join him on his podcast Rust in Production. We discussed how Tweede golf uses Rust in production, to ensure the safety and security of critical infrastructure software.

development why-rust rust

February 20, 2024

Sequential-storage: efficiently store data in flash

While using a full-blown filesystem for storing your data in non-volatile memory is common practice, those filesystems are often too big, not to mention annoying to use, for the things I want to do. My solution?

I've been hard at work creating the sequential-storage crate. In this blog post I'd like to go over what it is, why I created it and what it does.

tools embedded rust

February 14, 2024

Building an Async Runtime with mio

Asynchronous programming is pretty weird. While it is straightforward enough to understand in principle (write code that looks synchronous, but may be run concurrently yada yada yada), it is not so obvious how and when async functions actually perform work. This blog aims to shed light on how that works in Rust.

open-source web-development rust

February 6, 2024

Rust for hardware vendors

At Tweede golf we're big fans of creating applications on embedded devices with Rust and we've written a lot about it.

But if you're a hardware vendor (be it chips or full devices/systems), should you give your users Rust support in addition to your C support?

In this blog I argue that the answer to the question is yes.

embedded why-rust rust

December 19, 2023

Introducing ntpd-rs metrics

In Dutch we have a saying 'meten is weten', which translates to 'to measure is to know'. That sentiment is frequently overlooked in setting up computers and networks.

tools open-source timing ntpd-rs pendulum rust

December 18, 2023

An unusual tool for unused code

Ever wanted to have a quickly put together command-line tool to delete large chunks of your project automatically? Me neither, but my colleague Marc made a pretty convincing argument as to why such a tool could be useful. So we went ahead and made it. Here are the results.

tools memory-safety rust

December 8, 2023

Implementing NTPv5 in ntpd-rs

At Tweede golf, we are working on modern implementations of time synchronization protocols in Project Pendulum. The ntpd-rs project is part of it, and we've recently implementend the draft specification of NTPv5, for which we built a test server at IETF 118. This blogs covers the what, why and how (including a 'how to run').

open-source timing ntpd-rs pendulum

November 29, 2023

Pendulum long-term goals: usability and security (video)

I was invited by OCP-TAP to join them in their 87th Project Call to talk about Pendulum, our Rust implementations of NTP and PTP. The recording of this call on 8 Nov 2023 is now available.

statime timing ntpd-rs pendulum

November 20, 2023

ntpd-rs: Folkert explains the project (video)

At the GOSIM Conference in Shanghai, last September, I had the opportunity to talk about ntpd-rs, our project implementing the Network Time Protocol.

open-source ntpd-rs pendulum rust

November 8, 2023

Statime continues: Boundary Clocks and Master Ports

About one year ago, Tweede Golf announced "Statime", a Rust implementation of the Precision Time Protocol (PTP). The result of that first phase was a working proof of concept. Quite a bit has changed since then.

stm32 statime timing pendulum rust

November 6, 2023

sudo-rs' first security audit

Thanks to funding from NLNet and ISRG, the sudo-rs team was able to request an audit from Radically Open Security (ROS). In this post, we'll share the findings of the audit and our response to those findings.

open-source security memory-safety rust

November 1, 2023

Why we sponsor memory safety event Tectonics

One of the hot topics in software security is memory safety. This article covers two questions: What is it? And why do we think it is worth investing in?

security memory-safety rust

October 30, 2023

Dealing with Dependencies in Rust

At Tweede golf we are convinced that if software is written in Rust, it will be more robust (compared to legacy languages such as C, C++ or Java), and more efficient (compared to code written in PHP or Python and again, Java).

In order to get more robust software out there, we have to get Rust code running on computers of people who are not themselves Rust developers.

security memory-safety rust

October 17, 2023

First stable release of ntpd-rs

We're proud to announce that 5 October 2023 marked the first stable release of ntpd-rs!

open-source memory-safety ntpd-rs pendulum rust

September 12, 2023

Our pixel-rendered planner with a Rust backend

Just because we're engineers, doesn´t mean we build ALL our applications ourselves. But sometimes inspiration hits and good things happen. So our company planner is now canvas-rendered, has a Rust backend and works like a charm.

advanced-UIs web-development rust typescript

September 5, 2023

Are we embedded yet?

Rust is maturing and every year more software is being made with it. In fact, Rust can be used as a competitor to C. In this article I will argue that this is now also the case for embedded Rust!

August 21, 2023

Rust 101's first run at STU Bratislava

When we first introduced Rust 101 to you on our website, preparations for its first run where in full swing. The action started in February 2023; 20 students of the Faculty of Informatics and Information Technologies of the Slovak University of Technology in Bratislava followed 9 lectures and 9 tutorials, and worked on their own rust project to round off the course. The course was completed in May.

open-source rust

August 10, 2023

Sovereign Tech Fund invests in Pendulum

Sovereign Tech Fund will support our effort to build modern and memory-safe implementations of the Network Time Protocol (NTP) and the Precision Time Protocol (PTP).

statime memory-safety timing ntpd-rs pendulum rust

July 19, 2023

Target practice: ntpd-rs on FreeBSD and other platforms

The latest release of ntpd-rs compiles on several new targets: the FreeBSD and macOS operating systems now work, and ntpd-rs now supports musl libc on Linux. The PRs adding support for these platforms are all community contributions, which is very exciting.

timing ntpd-rs pendulum rust

July 12, 2023

Why Rust is a great fit for embedded software - 2023 update

A while ago, in 2020, I wrote a blog post similar to this one. Sure, it has a bit of a clickbait-y title, but it couldn't be more accurate. At the time I was full of amazement about the way Rust tackles embedded software development. I forsaw great things for Rust's future, even though Rust and its ecosystem were yet not quite mature. We're 3 years further down the road right now, which is like 300 Rust years as Rust is progressing fast. About time for an update!

embedded why-rust rust

June 30, 2023

Our talk at CYSAT 2023

In April 2023 Wouter (left in picture) and I and went to Paris to attend CYSAT, a conference about cyber security for the space industry. We met up with our client GAMA's Chris de Claverie (right in picture). Wouter and Chris (and also Dion) had been working together for months and teamed up to explain to the audience how and why they were putting Rust in space.

security meetup rust

June 21, 2023

Report: NTP security audit

In March/April 2023 ntpd-rs underwent a security audit. The audit was executed by Radically Open Security and funded by NLnet Foundation. The audit did not uncover any major issues, but did help us make ntpd-rs more robust. It has been extremely valuable to have someone from outside of the development team look at the code in detail.

security timing ntpd-rs pendulum

May 31, 2023

Threat Modelling

Since I joined Tweede golf as the security lead, I’ve had the chance to work on improvements regarding security and privacy for all projects, as well as for the organisation in general.

May 30, 2023

ntpd-rs: NTP for the modern era (video)

At RustNL 2023, a Rust conference held in Amsterdam recently, I had the opportunity to talk about ntpd-rs, our project implementing the Network Time Protocol.

open-source timing ntpd-rs pendulum rust

May 17, 2023

Re-implementing Sudo in Rust (when you want more than just a sandwich)

For some time, we have been quietly laying the groundwork for a new implementation of sudo in Rust. Now we are excited to talk about it!

open-source memory-safety rust

April 25, 2023

Memory Safe Network Time (NTP) Has New Home, Seeks Early Adopters

This article is an adaptation of the original, published by Prossimo.

We're happy to announce that the Internet Security Research Group has officially made us the maintainers of the open-source memory-safe implementation of NTP, ntpd-rs. As such, we are now also looking for early adopters.

The implementation includes a server and client, as well as full support for Network Time Security (NTS), which brings encryption and greater integrity to time synchronization. Timing is precise and stable, as reflected by excellent performance in the NTP pool.

memory-safety timing ntpd-rs pendulum rust

March 31, 2023

Rust at Royal Netherlands Aerospace Centre

NLR, Royal Netherlands Aerospace Centre, invited embedded lead Dion to explain the benefits of programming in Rust to the company.

embedded why-rust rust

March 15, 2023

Optimizing a parser/compiler with data-oriented design: a case study

While working on the Roc compiler, we regularly dive deep on computer science topics. A recurring theme is speed, both the runtime performance of the code that we generate, as well as the performance of our compiler itself.

One extremely useful technique that we have been playing with is data-oriented design: the idea that the actual data you have should guide how code is structured.

tools data-engineering open-source rust

February 24, 2023

Introducing MailCrab!

MailCrab is an email test server for development, written entirely in Rust.

web-development devops rust

February 10, 2023

TrustZone, trials and tribulations

TrustZone-m is a technology by ARM that allows you to create a Trusted Execution Environment (TEE) in your software. You can use it for example to keep your encryption keys secret or to separate a big vulnerable networking stack from your own code.

Over the last three months I've been working on a set of crates (Rust libraries) with the aim of making the usage of TrustZone-m a lot easier.

open-source rust

February 8, 2023

Mindsort: Building a research tool for the Donders Institute

Not all Tweede golf projects are about deep technical challenges. Today, we’d like to talk about a project called Mindsort, to show what this fun project is about and also to give some insight into how we collaborated closely with a university research institute.

research web-development

January 12, 2023

Crash! And now what?

Imagine you've just deployed an embedded device in the world and of course, you have tested it thoroughly and it works. To monitor the device, you've set up some logging.

embedded open-source rust

January 10, 2023

Low power & low frustration (video)

During the Rust meetup titled "Run Rust Anywhere" in Utrecht, August 2022, Dion talked about his Embedded Rust work.

embedded meetup rust

December 22, 2022

Rust 101: an open-source university course

In 2009 Rust was a new language. In 2022 that isn't true anymore. Nor does Rust have anything to prove. It's made it to the Linux Kernel, and Microsoft have dubbed it "the Industry’s Best Chance at Safe Systems Programming".

open-source why-rust rust

December 21, 2022

Our year in Rust

Our year in Rust

A company-changing year in a short story,
begins with a thank you, for this new-found glory.

We want to be clear in this prelude,
It is to Rust we owe our gratitude.

December 16, 2022

Meetup: Rust in open-source critical infrastructure

I’ve organized a couple of Rust meetups in The Netherlands this year, and last was not least. On Nov 30 we had four very interesting talks and a cool crowd at the Rust in critical infrastructure meetup in Amsterdam. A round-up.

open-source memory-safety meetup pendulum rust