Andrew Lilley Brinker
@alilleybrinker.com
Memory safety, open source software, security, baseball • alilleybrinker.com
Principal Engineer at MITRE (opinions are my own)
Principal Engineer at MITRE (opinions are my own)
Pinned
Andrew Lilley Brinker
@alilleybrinker.com
· Nov 10
Memory Safety for Skeptics - ACM Queue
queue.acm.org
"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!
queue.acm.org/detail.cfm?i...
#rustlang
queue.acm.org/detail.cfm?i...
#rustlang
GitHub showing me completely unstyled pages for a couple seconds 🙃
December 23, 2025 at 5:05 PM
GitHub showing me completely unstyled pages for a couple seconds 🙃
Reposted by Andrew Lilley Brinker
Reposted by Andrew Lilley Brinker
This Yglesias piece in the NYT is horrifically bad. Almost every "fact" it cites is provably false. At best it is cocktail party banter from a pundit who knows nothing of energy. At worst, it was cut/paste from oil industry talking points. So, a rebuttal: www.nytimes.com/2025/12/18/o...
Opinion | Obama Supported It. The Left in Canada and Norway Does. Why Don’t Democrats?
www.nytimes.com
December 20, 2025 at 2:57 PM
This Yglesias piece in the NYT is horrifically bad. Almost every "fact" it cites is provably false. At best it is cocktail party banter from a pundit who knows nothing of energy. At worst, it was cut/paste from oil industry talking points. So, a rebuttal: www.nytimes.com/2025/12/18/o...
Good reminder that Matt Yglesias and his peers are cowards and losers.
3. Leadership is about doing what is necessary, not just what is popular. Read literally anything our founders wrote about virtue, and the inherent risks to a society based on democratic processes to sustain the rule of law to the extent that unvirtuous people gain power.
December 20, 2025 at 6:08 PM
Good reminder that Matt Yglesias and his peers are cowards and losers.
Time to reread
December 18, 2025 at 2:40 AM
Time to reread
Congrats to "THE" for winning the 1982 Stanley Cup
Going with the trend of the day, i also asked an AI if it could tell me the last 40 Stanley Cup winners and ... what are we even doing here, man
December 17, 2025 at 6:10 PM
Congrats to "THE" for winning the 1982 Stanley Cup
Re: doxing of Rust OSS maintainers.
As Hbomberguy said in "Plagiarism and You(Tube)":
"I want to clarify right now that if anyone harasses Somerton on my behalf, they are worse than him and will not see the light of Heaven."
"I want to clarify right now that if anyone harasses Somerton on my behalf, they are worse than him and will not see the light of Heaven."
Plagiarism and You(Tube)
YouTube video by hbomberguy
youtu.be
December 16, 2025 at 11:11 PM
Re: doxing of Rust OSS maintainers.
Pitch: a Benoit Blanc movie with an Isaac-Chotiner-like character. Chotiner keeps hitting Blanc with tough and insightful questions during Blanc's interrogations and reveals, throwing him off and annoying him, before they provide the insight that lets him solve the case.
I could watch a million Benoit Blanc mysteries
December 16, 2025 at 11:09 PM
Pitch: a Benoit Blanc movie with an Isaac-Chotiner-like character. Chotiner keeps hitting Blanc with tough and insightful questions during Blanc's interrogations and reveals, throwing him off and annoying him, before they provide the insight that lets him solve the case.
Reposted by Andrew Lilley Brinker
Extremely disappointed in the Rust community on this one. Changing your name online should be a very understandable thing to want to do in a trans and neurodivergent inclusive community. For example, having a publicly visible link between your name and deadname can cause real harm. 1/7
December 16, 2025 at 10:52 PM
Extremely disappointed in the Rust community on this one. Changing your name online should be a very understandable thing to want to do in a trans and neurodivergent inclusive community. For example, having a publicly visible link between your name and deadname can cause real harm. 1/7
To ensure no useless uses of cat, check out good-cat, the cat that can't be piped!
December 16, 2025 at 9:21 PM
To ensure no useless uses of cat, check out good-cat, the cat that can't be piped!
As the MIT license says: "THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND"
speaking of reminders: I think open source authors should have the absolute right to withdraw their work and personal information from circulation, and no argument about "supply chain security" overrides this bsky.app/profile/stev...
a uh, psa about bincode www.reddit.com/r/rust/comme...
December 16, 2025 at 9:18 PM
As the MIT license says: "THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND"
I stopped posting to /r/rust a while ago, and seeing a shockingly large number of pro-doxing or "what did you expect?" type comments on it has only strengthened my resolve not to post there.
Please I need to understand what’s going on in that thread. “I don’t know what you expected other than a doxxing when you rewrite git history” “yeah it’s bad that they did that but you were vaguely suspicious so idk what to tell you” what the fuck
December 16, 2025 at 9:16 PM
I stopped posting to /r/rust a while ago, and seeing a shockingly large number of pro-doxing or "what did you expect?" type comments on it has only strengthened my resolve not to post there.
Congrats to my Oxide friends for officially shipping self-service update support!
Self-service updates have arrived! Oxide system v17 adds support for installing complete system updates without Oxide involvement, further enabling organizations to own your cloud.
Here's a look at what's new in v17:
Here's a look at what's new in v17:
December 16, 2025 at 5:25 PM
Congrats to my Oxide friends for officially shipping self-service update support!
Love to be the Rust Guy at work and get random messages about Rust or from folks wanting to find Rust projects to work on.
December 15, 2025 at 5:31 PM
Love to be the Rust Guy at work and get random messages about Rust or from folks wanting to find Rust projects to work on.
It's called the social *security* number because it's absolutely secure and will never leak from a database that stores it. /s
i had a databases class in college in which we were designing a users table and the professor guided us to use (firstname, lastname) as the primary key, and i asked what we'd do if there were two people with the same name, and they said to include the social security number, i think of this a lot
December 15, 2025 at 4:50 PM
It's called the social *security* number because it's absolutely secure and will never leak from a database that stores it. /s
Howdy y'all 👋 reminder that our survey of safety-critical Rust users for potential Project Goals in 2026 ends next Friday
Check the quoted post for more details!
bsky.app/profile/safe...
Check the quoted post for more details!
bsky.app/profile/safe...
Are you in a safety-critical industry? Using the Rust programming language (@rust-lang.org) or would like to? Make your voice heard when it comes to what you'd like to see for Rust Project Goals!
(survey link below)
(survey link below)
December 12, 2025 at 7:35 PM
“Heats up” is the right headline to use here given the serious heat dissipation issues of this bad “data centers in space” idea
We can't afford replication studies
(but we trained an LLM in space)
Climate models need funding
(while we trained an LLM in space)
(but we trained an LLM in space)
Climate models need funding
(while we trained an LLM in space)
December 12, 2025 at 5:04 PM
“Heats up” is the right headline to use here given the serious heat dissipation issues of this bad “data centers in space” idea
This is why I care so much about memory safety. These are serious weaknesses that often lead to critical vulnerabilities.
For more on why memory safety matters:
For more on why memory safety matters:
December 11, 2025 at 8:23 PM
This is why I care so much about memory safety. These are serious weaknesses that often lead to critical vulnerabilities.
For more on why memory safety matters:
For more on why memory safety matters:
The 2025 CWE Top 25 list is out! For memory safety we have:
#5: Out-of-bounds write
#7: Use-after-free
#8: Out-of-bounds read
#11: Classic buffer overflow
#13: Null pointer dereference
#14: Stack-based buffer overflow
#16: Heap-based buffer overflow
So >25% of the top 25 are memory safety related!
#5: Out-of-bounds write
#7: Use-after-free
#8: Out-of-bounds read
#11: Classic buffer overflow
#13: Null pointer dereference
#14: Stack-based buffer overflow
#16: Heap-based buffer overflow
So >25% of the top 25 are memory safety related!
CWE -
2025 CWE Top 25 Most Dangerous Software Weaknesses
Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.
cwe.mitre.org
December 11, 2025 at 8:21 PM
The 2025 CWE Top 25 list is out! For memory safety we have:
#5: Out-of-bounds write
#7: Use-after-free
#8: Out-of-bounds read
#11: Classic buffer overflow
#13: Null pointer dereference
#14: Stack-based buffer overflow
#16: Heap-based buffer overflow
So >25% of the top 25 are memory safety related!
#5: Out-of-bounds write
#7: Use-after-free
#8: Out-of-bounds read
#11: Classic buffer overflow
#13: Null pointer dereference
#14: Stack-based buffer overflow
#16: Heap-based buffer overflow
So >25% of the top 25 are memory safety related!
Innovation! My Furby never had a position on Taiwan!
This is so fucking funny dude.
December 11, 2025 at 7:34 PM
Innovation! My Furby never had a position on Taiwan!
This is Hacklore outdated security concern #3!
December 11, 2025 at 5:13 PM
This is Hacklore outdated security concern #3!
Tree's position is nonsense. He can absolutely set up his own PDS if he wants to, but what he wants is for others to be obligated to provide him with free PDS hosting.
Hosts have the right to refuse service, and that's not silencing you.
Hosts have the right to refuse service, and that's not silencing you.
December 11, 2025 at 4:29 PM
Tree's position is nonsense. He can absolutely set up his own PDS if he wants to, but what he wants is for others to be obligated to provide him with free PDS hosting.
Hosts have the right to refuse service, and that's not silencing you.
Hosts have the right to refuse service, and that's not silencing you.
Reposted by Andrew Lilley Brinker
I love getting to work on strange debugging problems and get to learn a little more about a system oxide.computer/blog/cosmo-sp
A disappearing Service Processor / Oxide
A disappearing Service Processor
oxide.computer
December 11, 2025 at 3:57 PM
I love getting to work on strange debugging problems and get to learn a little more about a system oxide.computer/blog/cosmo-sp
Includes a new "Optimizing Build Performance" section added to the Cargo Book!
December 11, 2025 at 3:38 PM
Includes a new "Optimizing Build Performance" section added to the Cargo Book!