Andrew Lilley Brinker
LightNews LightNews
banner
alilleybrinker.com
Andrew Lilley Brinker
@alilleybrinker.com
1.6K followers 290 following 4.9K posts
Memory safety, open source software, security, baseball • alilleybrinker.com

Principal Engineer at MITRE (opinions are my own)
Posts Replies Media Videos
Pinned
alilleybrinker.com
Andrew Lilley Brinker @alilleybrinker.com · 17d
"Memory Safety for Skeptics," where I argue why memory safety is worthwhile to pursue amid competing priorities!

queue.acm.org/detail.cfm?i...

#rustlang
Memory Safety for Skeptics - ACM Queue
queue.acm.org
Reposted by Andrew Lilley Brinker
elizas.website
most code handles mutex poisoning by panicking, which is correct.
mitsuhiko.at Armin Ronacher @mitsuhiko.at · 1h
Mutex poisoning was a good idea, but in practice it has created more harm than good. Most code is not handling poisoning at all and it is also almost impossible to handle correctly.
November 27, 2025 at 11:23 PM
Reposted by Andrew Lilley Brinker
sunshowers.io
Incredibly disappointed (shocked even) that the plan is to make the default Rust mutex not poisonable in the 2027 edition. Poisoning is one of the best examples of Rust focusing on rigor, and removing it from the default mutex would be a massive step backwards.
November 27, 2025 at 7:36 PM
alilleybrinker.com
I know folks hate on syn for build time impact, but uh, it's a great crate!
November 26, 2025 at 10:05 PM
Reposted by Andrew Lilley Brinker
alilleybrinker.com
People also seem to rely on the existence of a bubble as evidence for impending death of all AI technologies.

Internet companies had a giant bubble in the late 90's/early-2000s! It popped! Then internet companies went on to be the biggest companies in the world.
November 26, 2025 at 8:18 PM
alilleybrinker.com
Intuit setup an "AI Payroll Agent" which proceeded to break payroll for customers
tpepper.bsky.social Tim Pepper @tpepper.bsky.social · 2d
I’m seeing this too! And their support lines seem swamped like others are discovering it too. 🤦
vinceness.bsky.social Leaves Fallon @vinceness.bsky.social · 7d
apparently intuit recently rolled out AI in quickbooks, which completely fucked payroll at my tech job. it switched all but one person to paper checks for reasons unknown and then did not issue them lol
November 25, 2025 at 9:39 PM
alilleybrinker.com
LLVM now supports its first constant-time intrinsics!

The article mentions work to bring this to std::intrinsics in Rust, but I can't find the relevant discussion. If anyone can, share the link!

#rustlang
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Trail of Bits developed constant-time coding support for LLVM 21 that prevents compilers from breaking cryptographic implementations vulnerable to timing attacks, introducing the __builtin_ct_select f...
blog.trailofbits.com
November 25, 2025 at 4:56 PM
alilleybrinker.com
Better
Very simplified version of the earlier code, showing better use of the question mark operator, the unwrap_or_default method, and the filter_map method.
November 25, 2025 at 12:02 AM
alilleybrinker.com
In 1998, buyers for the new Diamondbacks and Devil Rays franchises paid $130 million *each* (roughly $260 million in today's money) to own the teams.

If MLB teams don't make money, why would buyers pay that much?
craigcalcaterra.bsky.social Craig Calcaterra @craigcalcaterra.bsky.social · 3d
Never become a billionaire failson, folks. It makes you think everyone else in the world is a fuckin' idiot.
Hal Steinbrenner said it is "not fair" to assume the Yankees make a profit. "I don't want to get into it, but that's not a fair statement or an accurate statement. Everybody wants to talk about revenues. They need to talk about our expenses, including the $100 million dollar expense to the City of New York that we have to pay every February 1, including the Covid year. So it all starts to add up in a hurry."
November 24, 2025 at 9:47 PM
Reposted by Andrew Lilley Brinker
filippo.abyssdomain.expert
This Bernstein crap drives me up the wall because IT MAKES NO SENSE.

Why would the NSA be picking weak crypto to protect US NatSec?!

They have mathematicians and clusters in China, too!

Dual_EC_DRBG was a NOBUS backdoor. There is NOWHERE to hide a NOBUS backdoor in ML-KEM.
November 24, 2025 at 9:27 PM
alilleybrinker.com
Started @hipcheck.mitre.org as an internal project and wrote it in Rust because I could.
timclicks.dev Tim McNamara @timclicks.dev · 3d
How did you get your first job programming with Rust?

I have a suspicion that most people just added Rust to their company's tech stack before it was officially sanctioned, thus creating a Rust job.
November 24, 2025 at 8:56 PM
alilleybrinker.com
Writing the Good Code today
Screenshot of Rust language code showing a large number of nested maps. This is basically a result of a lot of nested Vec types full of Options.
November 24, 2025 at 7:25 PM
Reposted by Andrew Lilley Brinker
ellearmageddon.bsky.social
i’m one of the people who signed onto this open letter, because i’m fed up with seeing urban legend touted as security advice.

this is normal guidance, for normal people, derived from the combined experience of over 80 security practitioners sick of seeing scare tactics used to drive clicks.
boblord.bsky.social Bob Lord @boblord.bsky.social · 3d
📢 Announcing hacklore.org 📢

It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐

Blog: medium.com/@boblord/let...

Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 4:53 PM
alilleybrinker.com
¿Por qué no los dos?

Cooldowns can be implemented immediately as a mitigation while work on sandboxing and credential protection continues.
insanitybit.bsky.social InsanityBit @insanitybit.bsky.social · 3d
I think the dependency "cooldown" approach is fundamentally flawed and a total distraction from the work that would actually solve supply chain issues - sandboxing and attestation.

insanitybit.github.io/2025/11/22/o...
On Dependency Cooldowns - InsanityBit
insanitybit.github.io
November 24, 2025 at 4:27 PM
alilleybrinker.com
Today's update: IETF mailing list members are asking for technical help on how to completely block all emails from DJB.
alilleybrinker.com Andrew Lilley Brinker @alilleybrinker.com · Oct 13
For anyone unfamiliar, DJB has taken to spamming IETF mailing lists with lengthy diatribes with headers like "IETF as a Criminal Organization."
tmthrgd.at Tom Thorogood @tmthrgd.at · Oct 13
His current crusade against the IETF reads like the work of a sovereign citizen shouting about the Magna Carta. It was popular on Reddit.
November 24, 2025 at 4:15 PM
Reposted by Andrew Lilley Brinker
boblord.bsky.social
📢 Announcing hacklore.org 📢

It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐

Blog: medium.com/@boblord/let...

Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 3:05 PM
alilleybrinker.com
BREAKING: NATO forces invade Roblox
mackuba.eu Kuba Suder 🇵🇱🇺🇦 @mackuba.eu · 6d
Please tell me these are not related
Trending: Roblox, NATO, National Guard
November 21, 2025 at 7:00 PM
alilleybrinker.com
Yeah, seems obviously right. At the very least, this will test vendors' claims that they can quickly detect bad packages pre-installation; if that's true, then a widespread cooldown policy wouldn't cause windows of opportunity to widen.
We should all be using dependency cooldowns
blog.yossarian.net
November 21, 2025 at 4:22 PM
alilleybrinker.com
Kubernetes: Ops Pain
Nix: Compiler Pain
alilleybrinker.com Andrew Lilley Brinker @alilleybrinker.com · 7d
I guessed Kubernetes, but it was the Compiler Pain not the Ops Pain project
November 20, 2025 at 8:16 PM
Reposted by Andrew Lilley Brinker
labbott.name
Oxide is hiring in the embedded space. If you enjoy baffling choices by hardware vendors and debugging performance issues come join me.

oxide.computer/careers/sw-e...
Embedded Systems Engineer / Oxide
oxide.computer
November 20, 2025 at 4:55 PM
alilleybrinker.com
Another day, another GitHub outage stopping me from working: www.githubstatus.com/incidents/cg...
Disruption with some GitHub services
GitHub's Status Page - Disruption with some GitHub services.
www.githubstatus.com
November 20, 2025 at 6:12 PM
Reposted by Andrew Lilley Brinker
davidcrespo.bsky.social
cool job at a very special computer company

- write TypeScript and Rust
- everyone makes $235k
- fully remote
- everything is open source
Product Engineer / Oxide
oxide.computer
November 19, 2025 at 6:33 PM
Reposted by Andrew Lilley Brinker
steveklabnik.com
People want a technical solution to what is ultimately a judgement problem.

People know that unwrap can cause a panic. That's the choice that's being made when you unwrap. Changing the name won't change that.
November 19, 2025 at 4:51 PM
Reposted by Andrew Lilley Brinker
steveklabnik.com
all these people go on about how stable C and C++ are, and how Rust changes too much.... but then they also talk about how their work codebase is stuck on C89 or C++17.

gcc's "codebase isn't fully C++20 ready" gcc.gnu.org/pipermail/gc...
[PATCH] GCC, meet C++20
gcc.gnu.org
November 19, 2025 at 4:07 PM
alilleybrinker.com
I've implemented random reordering of list like this before!

The OmniBOR project governance page lists the Core Team, and the order is randomized

omnibor.io/project/#gov...
jcoglan.com -2147483648 @jcoglan.com · 9d
browsers should be allowed to display the <li> in a <ul> in whatever order they like
November 18, 2025 at 10:11 PM
Reposted by Andrew Lilley Brinker
alilleybrinker.com
Me: "Yes hi I'd like my code please"
GitHub, a code host: "No"
November 18, 2025 at 9:11 PM