Writing
Notes
Field notes on typography, tools, and the craft of building software.
A running collection of essays and working notes. The list below is generated from the posts themselves, newest first. Many articles are about me documenting what I learn from the designs and implementations of the various systems I work with.
Browse by tag 66
2026
- The Header That Can't Be Cached
Cache-Control from first principles — and why a page carrying a CSP nonce must be told never to be stored, not merely "don't cache."
- Trust No Script
Why a strict Content Security Policy is one of the hardest headers to deploy — and how to read a real one with Google's CSP Evaluator.
- Can I Use This Library?
A strict CSP quietly turns every dependency into a security decision. Here is the tree I walk to make it — per library, and across a whole app.
- The URL Is the Hash
Content-addressing on the wire — how the web quietly became a content-addressed store, where fingerprinted URLs and Subresource Integrity are real Merkle edges and the cache that looks most like one isn't.
- You Don't Want Separate Repos
A repository is a database; splitting a subproject out trades a content hash for a version string — and there's only one case where that trade is actually forced.
- node_modules Is the Heaviest Object in the Universe
The same "the hash is the identity" idea that powers a build cache also explains why pnpm stores on disk what npm copies a hundred times over.
- There Are No Phases
Buck2's DICE engine collapses load, analysis, and execution into a single graph — and the decision to rebuild rather than adopt.
- The Widest Box Is the Bug
A flamegraph turns thousands of stack samples into one picture where the slow code is, almost literally, the biggest thing on the screen.
- The Build That Restarts Itself
Inside Skyframe, Bazel's incremental engine — and the strange trick at its heart.
- With the Grain
The original turned a big integer into bytes one byte at a time, fighting the machine. The rewrite went with its grain — whole machine words, packed in C. That structural choice is why it's still ~15× faster fifteen years on, even as CPython sped up underneath it.
- Utils Is Where Modularity Goes to Die
Module boundaries should follow the dependency graph, not your folder intuitions — and "optimal" can be defined precisely.
- The Grain of the Machine
A processor isn't a featureless calculator — it has a shape: words, cache lines, vector lanes. Code that moves with that grain runs many times faster than code that fights it, on the very same data. Here's the shape, and a measured case where the same arithmetic runs 22× slower against it.
- The Hash Is the Identity
Content-addressing in the build cache — content-addressed storage and Merkle trees turn a build cache into a shared resource, so your build is proportional to anyone's change.
- A Language That Can't Loop Forever
Bazel's Starlark forbids unbounded loops and recursion on purpose, and gets analyzability, caching, and parallelism in return. Buck2 quietly allows recursion back — and the split shows which restriction is load-bearing.
- A Little Uncertainty Buys a Lot of Space
Bloom filters trade a small chance of being wrong for an enormous saving in memory — a bargain storage engines take and build systems, so far, refuse.
- The Build Is Proportional to the Change
What every build system is really doing — and the one decision that separates the ones that scale.
- Scaffolding a Typographic Portfolio Site
The design philosophy behind this site — why it's built from durable tools and a purposeful type system instead of a framework, and why every choice is aimed at lasting.
- The Patch Bram Applied
A small contribution to Vim, the man who took it, and the editor I still open every morning.
- Designing an API That Outlives You
I wrote watchdog in 2010. Fifteen years and three maintainers later it still ships the same public API I designed — here's what made it last.
2025
- Everything Is an Action
The architecture of Firebase Genkit rests on one primitive — a self-describing, observable, callable function — and the whole SDK is layers of specializations of it.
- Reading a Codebase
A method for taking real software apart at the source level — find the one type everything hangs from, extract the algebra, and learn what the designers refused to allow.
2009
- I like the way Aquamacs looks. I don’t use it because it feels different
Why I keep stock GNU Emacs over Aquamacs — one consistent editor across every OS.
- Even faster String.prototype.trim() implementation in JavaScript
A faster, non-regex String.prototype.trim() — later adopted into early JS frameworks.
- Making the browser download scripts in parallel
Loading multiple scripts concurrently instead of the browser’s serial default.
- memcache.js for Google App Engine application front-ends?
Caching AJAX responses on the client by mapping App Engine’s datastore to JS objects.
- Implementing a Pythonic range() function in JavaScript
A Python-style range() helper instead of typing out a sequence by hand.
Linked from 68
- Scaffolding a Typographic Portfolio Site
- Notes tagged “api-design”
- Notes tagged “architecture”
- Notes tagged “archive”
- Notes tagged “bazel”
- Notes tagged “bloom-filters”
- Notes tagged “browsers”
- Notes tagged “buck2”
- Notes tagged “build-systems”
- Notes tagged “cache”
- Notes tagged “caching”
- Notes tagged “cdn”
- Notes tagged “content-addressing”
- Notes tagged “cpu”
- Notes tagged “cpython”
- Notes tagged “csp”
- Notes tagged “dependencies”
- Notes tagged “design-system”
- Notes tagged “dice”
- Notes tagged “dissecting-systems”
- Notes tagged “emacs”
- Notes tagged “flamegraphs”
- Notes tagged “gen-ai”
- Notes tagged “genkit”
- Notes tagged “git”
- Notes tagged “google-app-engine”
- Notes tagged “gradle”
- Notes tagged “hardware”
- Notes tagged “http”
- Notes tagged “incremental-computation”
- Notes tagged “javascript”
- Notes tagged “language-design”
- Notes tagged “merkle”
- Notes tagged “methodology”
- Notes tagged “modularity”
- Notes tagged “monorepo”
- Notes tagged “npm”
- Notes tagged “observability”
- Notes tagged “open-source”
- Notes tagged “optimization”
- Notes tagged “org-mode”
- Notes tagged “package-managers”
- Notes tagged “performance”
- Notes tagged “pnpm”
- Notes tagged “probabilistic-data-structures”
- Notes tagged “profiling”
- Notes tagged “python”
- Notes tagged “reading-code”
- Notes tagged “refactoring”
- Notes tagged “remote-execution”
- Notes tagged “sdk-design”
- Notes tagged “security”
- Notes tagged “simd”
- Notes tagged “skyframe”
- Notes tagged “software-design”
- Notes tagged “starlark”
- Notes tagged “subresource-integrity”
- Notes tagged “supply-chain”
- Notes tagged “tools”
- Notes tagged “tribute”
- Notes tagged “typography”
- Notes tagged “versioning”
- Notes tagged “vim”
- Notes tagged “watchdog”
- Notes tagged “web-performance”
- Notes tagged “web”
- Notes tagged “xss”
- Saṃhitā | संहिता