Blog
Topics for Founders, Operators, and the Terminally Overwhelmed
KEIBIDROP Series
Building Post-Quantum Encrypted File Sync
The full technical overview. 7,000 lines of Go, 140 hours, and lessons learned building a cross-platform encrypted file sync tool with ML-KEM and X25519.
6 min read
Debugging FUSE Deadlocks on Intel Macs
How lock ordering and brief-lock patterns saved us from frozen filesystems. pprof, structured logging, and the Intel vs M1 difference.
8 min read
Hybrid Post-Quantum Encryption for gRPC
ML-KEM + X25519 handshake, custom gRPC transport credentials, 3ms overhead. Defense in depth applied to cryptography.
10 min read
Cross-Platform File Sync: The Hidden Complexity
macOS atomic saves, Windows mandatory locking, 47 Linux distros. The sync state machine and why you should budget 3x the time.
9 min read
Building KEIBIDROP While Burned Out
127 commits, 60 hours, 9 months. Sustainable development after burnout. Small progress is still progress.
7 min read
The Write/Release Race Condition
When the kernel closes your file mid-write. Timestamp debugging, RWMutex discipline, and knowing when lock rules apply.
8 min read
10x FUSE Performance via Block Size Tuning
One line changed st_blksize from 4KB to 2MB. 300 MB/s became 3,400 MB/s. Empirical systems engineering.
7 min read
Making Git Work Inside a FUSE Filesystem
mmap, fsync races, fcopyfile quirks, and per-file direct_io. Five bugs, five fixes, git works.
9 min read
Why macOS Preview Can't Read Your FUSE Files
Three-layer debugging: sandboxing + Gatekeeper + mmap. Each fix alone does nothing. All three required.
8 min read
Privacy-Preserving P2P Discovery: How the Relay Works
Dual key derivation, encrypted registration blobs, and why the relay sees nothing. Room passwords, lookup tokens, and the privacy model.
8 min read
Forward Secrecy: Automatic Key Rotation During Sessions
Rekey after 1 GB or 1M messages. Hybrid ML-KEM + X25519 rekey protocol. Counter-based nonces with direction prefixes.
9 min read
Building a CLI for AI Agents
The kd tool: daemon + Unix socket, JSON output, direct function calls. How to build CLI tools that AI agents can actually use.
7 min read
Testing P2P Systems Without External Dependencies
Mock relay, TestPair harness, dynamic ports, cgofuse one-mount workaround. 36 integration tests in 139 seconds, all self-contained.
8 min read
Optimizing Encrypted P2P Transfer: From 225 to 452 MB/s
Layer-by-layer benchmarking and six optimizations. Cipher caching, combined TCP writes, in-place decryption, async cache writes, push-based streaming, and the irreducible 51% FUSE overhead.
8 min read
Cutting 29% CPU from the Encrypted Transport
CPU profiling found 29% of time in memmove, not encryption. Replacing bytes.Buffer with direct slice handoff and adding sync.Pool pushed PullFile throughput to 623 MB/s. ~30 lines changed.
8 min read
Adding AES-256-GCM with Hardware Acceleration
Automatic AES-NI detection and cipher negotiation. Encrypted gRPC throughput from 442 MB/s to 490 MB/s (+11%). Same wire format, domain-separated key derivation, ~80 lines of new code.
8 min read
Benchmarks vs croc, wormhole, LocalSend, and scp
Localhost loopback benchmarks with all tools built from source. KeibiDrop gRPC: 442 MB/s. croc: 153 MB/s. wormhole: 126 MB/s. LocalSend protocol: 612 MB/s. Cipher isolation and overhead breakdown included.
10 min read
Git Clone Between Two FUSE Peers: The Last Puzzle Piece
Eight bugs fixed to make git clone, commit, and checkout work between encrypted P2P FUSE peers. Rename races, pack file truncation, kernel cache poisoning, notification flooding, LFS corruption, and cache coherency.
14 min read
Security Leadership & Strategy
NIST RMF Roles for Startups: Who Does What
How to assign NIST RMF roles across 5 or 50 people. Which roles must never be combined. How two acquired companies handled separation of duties.
10 min read
Building Trust Between Entities: A Philosophy for Security
What trust means in business relationships. Sun Tzu, Richard Stallman, NIST trust models, and practical lessons from security questionnaires and acquisitions.
8 min read
Why Startups Need a Fractional CISO
Senior security expertise without the full-time cost. When it makes sense and what you actually get.
4 min read
Compliance & Operations
ISO 27001 in 90 Days: A Realistic Guide
How to get certified fast without cutting corners. A practical timeline based on real experience.
5 min read
How to Survive Your First Security Questionnaire
Security reviews don't have to be chaos. What B2B startups need to know before they open that spreadsheet.
3 min read
Your SaaS Demo Broke. Again. Time to Fix It.
If your product keeps crashing during sales calls, it's not "bad luck." It's infra debt. You need to stabilize it so you can stop sweating during Zoom calls.
2 min read
Engineering & Architecture
Post-Quantum Cryptography in Practice: ML-KEM + X25519
How KeibiDrop uses ML-KEM-1024 + X25519 hybrid key exchange for post-quantum security. What we use, what we don't use yet, and why hybrid.
4 min read
Detect Security Issues Fast: A Practical DevSecOps Guide
Learn how to integrate security into your CI/CD pipelines using automated scans and best practices based on the OWASP DevSecOps guidelines.
8 min read
Notes on Cryptographic Primitives
Benchmarks and tradeoffs: availability, integrity, and confidentiality of files.
10 min read
go-fp in Production: Metaprogramming + Functional Composition
XSD code generation meets go-fp. 113 generated files, 13 catalogue types, 1 generic function. How we handle healthcare data imports for Romania's national health system.
7 min read
Algorithms & Complexity
The MST Problem: Three Subproblems to Linear Time
Decomposing the famous open problem into three independent targets. Pointer machines, approximate union-find, density partitions, and cycle hierarchies. From my 2018 master's thesis at DIKU.
12 min read