Blog

Tech blog on web, security & embedded

May 6, 2025

What is my fuzzer doing?

Fuzz testing is incredibly useful: it has caught many a bug during the development of NTP packet parsing and gzip/bzip2 (de)compression.

But I've always been unsatisfied with the fuzzer being a black box. When it runs for hours and reports no issues, what do we actually learn from that? In ntpd-rs we've previously had a bug fly under the radar because the fuzzer just did not reach a large chunk of code. So, does my fuzzer actually exercise the code paths that I think it should?

tools development testing rust

April 23, 2025

Does using Rust really make your software safer?

We keep saying that Rust is how we make software safer. In this blog, we'll tackle a real-world vulnerability, 'rewrite it in Rust', and show you the results of our empirical research, both as a high-level overview and a tech deep-dive.

research security why-rust rust c

April 15, 2025

SIMD in zlib-rs (part 1): Autovectorization and target features

I'm fascinated by the creative use of SIMD instructions. When you first learn about SIMD, it is clear that doing more multiplications in a single instruction is useful for speeding up matrix multiplication. But how can all of these weird instructions be used to solve problems that aren't just arithmetic?

data-compression rust

March 11, 2025

Translating bzip2 with c2rust

Over the past couple of months we've been hard at work on libbzip2-rs, a 100% Rust drop-in compatible implementation the bzip2 compression and decompression functionality.

For this project, we used c2rust for the initial translation from the C code to a Rust implementation. The generated Rust code has now been cleaned up and made safe where possible. This post describes our experiences using c2rust for this project.

open-source data-compression rust c

February 25, 2025

zlib-rs is faster than C

We've released version 0.4.2 of zlib-rs, featuring a number of substantial performance improvements. We are now (to our knowledge) the fastest api-compatible zlib implementation for decompression, and beat the competition in the most important compression cases too.

open-source data-compression rust

February 10, 2025

Mix in Rust with Java (or Kotlin!)

Java is one of the most commonly used programming languages that we have not yet discussed in our Rust Interop Guide. In this article, we will discuss three different methods to call Rust code from Java: JNI, JNR-FFI and Project Panama. We will show the differences between these methods and we will do some basic benchmarking to compare their performance. These methods not only work for Java but also for other JVM languages like Kotlin. Here we will mainly focus on Java, but Kotlin examples are available in the Kotlin branch of our GitHub repository.

interop java rust kotlin

January 24, 2025

OpenLEADR 3.0: Initial Traction and Future Plans

Last November, we announced that our open-source Rust implementation of the latest version of the Open Automated Demand Response (OpenADR) standard had officially joined the Linux Energy Foundation’s OpenLEADR project. Today, we’re excited to share some of the early traction we’re seeing, outline our future plans, and invite your support in shaping what’s next.

January 21, 2025

The hunt for error -22

This article is a linear retrospective of how we searched for and eventually fixed a hard-to-find bug in our embedded software. If you're only interested in the outcome, then make sure to read the last three sections.

December 18, 2024

Power consumption of an experimental webserver

This article was authored by Jordy Aaldering and Folkert de Vries

Over the past couple of months, we teamed up with Bernard van Gastel and Jordy Aaldering at Radboud University's Software Energy Lab to measure nea's energy efficiency.

web-development energy rust

December 6, 2024

Travelling to the land of the rising sun with Statime

At the beginning of October, David and I went to ISPCS in Tokyo. The ISPCS (IEEE Symposium on Precision Clock Synchronization) is all about the PTP protocol and related technologies, and we attended because of Statime, our Rust implementation of the Precision Time Protocol.

research statime timing pendulum

November 25, 2024

Manipulating time through (S)NTP

The NTP protocol is used by many devices to synchronize their system clocks. However, many devices use SNTP clients (Simple NTP) which are even more vulnerable to interference. As most (S)NTP packets are unauthenticated, they are vulnerable to spoofing, making it possible to change a device's time by manipulating (S)NTP packets.

In this blog, we discuss how (S)NTP packets can be forged to manipulate a device's system clock. Especially on the default SNTP client for many Linux systems, this turned out to be very easy. We will also dicuss the consequences of such attacks, as well as how these attacks can be prevented.

security timing pendulum

November 13, 2024

Rust implementation of OpenADR 3.0 becomes part of OpenLEADR

OpenLEADR development is ramping up again with a new Rust implementation of OpenADR 3.0 becoming part of the OpenLEADR project.

open-source rust

November 12, 2024

Rust needs an official specification

Can we currently reason about Rust code with absolute certainty? Not really, but we should be able to. In this article, we dive into the reasons why it may be time for a Rust specification.

October 30, 2024

Enabling pools in NTS

We previously talked about how secure time is required for a safe internet. We mentioned how we want to increase the adoption of NTS, the secure time synchronization standard built on top of NTP. For this, we proposed to develop a public NTS pool. In this article, we expand on what pooling is, and what is required to enable an NTS pool.

open-source timing ntpd-rs pendulum

October 7, 2024

Rust is rolling off the Volvo assembly line

In my job I get to speak to lots of people about Rust. Some are just starting out, some have barely ever heard of it, and then some people are running Rust silently in production at a very large company in a very serious product.

embedded automotive rust

October 4, 2024

ISPCS paper: Estimating noise for clock-synchronizing Kalman filters

Our Statime project now provides strong synchronization performance and accurate synchronization error estimates without manual tuning for any specific hardware, because it automatically determines the main uncertainty parameters for a Kalman-based clock servo. This process is described in a scientific paper, soon to be published by the IEEE.

statime timing pendulum rust

September 30, 2024

Rust interop in practice: speaking Python and Javascript

We've been writing how-tos about using Rust in existing C, Python, and C++ projects, but this article shows you an in-production example of Rust interoperability: Recently I worked on exposing the TSP Rust API to Python and NodeJS users.

development interop rust javascript python

September 17, 2024

Mix in Rust with C++

This article will help you to slowly introduce some Rust into your C++ project. We'll familiarize ourselves with the tooling and go through some examples.

development interop rust c++

August 27, 2024

Mix in Rust with Python: PyO3

In this article, we'll dive into combining Rust with Python. Specifically, this post covers calling modules written in Rust from Python scripts.

development interop rust python

August 26, 2024

Current zlib-rs performance

Our zlib-rs project implements a drop-in replacement for libz.so, a dynamic library that is widely used to perform gzip (de)compression.

open-source data-compression rust