1. OpenSSL PRNG is not (really) fork-safe

    An analysis of the fork-safety of OpenSSL's Pseudo-Random Number Generator (PRNG), including a discussion of the Android SecureRandom incident, the impact of forking on PRNG state, and the implications of relying on uninitialized memory for entropy.

  2. We need to sign Ruby Gems! But how?

    A comprehensive analysis of the need for signing Ruby Gems, exploring various code signing solutions from Java, Linux distros, Android, and iOS, and discussing their advantages and disadvantages in the context of RubyGems.

  3. Breaking Murmur: Hash-flooding DoS reloaded

    A detailed analysis of the hash-flooding DoS attack against MurmurHash, including a step-by-step explanation of how the attack works and how it can be mitigated.

  4. How are Enumerators for arbitrary objects implemented?

    An exploration of how Ruby's Enumerators are implemented for arbitrary objects, including a discussion of eager vs. lazy evaluation and the use of Fibers for efficient iteration.