Tag
Notes tagged “dissecting-systems”
Every note filed under dissecting-systems, newest first.
A filtered view of the notes.
2026
- The Header That Can't Be Cached
Cache-Control from first principles — and why a page carrying a CSP nonce must be told never to be stored, not merely "don't cache."
- Trust No Script
Why a strict Content Security Policy is one of the hardest headers to deploy — and how to read a real one with Google's CSP Evaluator.
- Can I Use This Library?
A strict CSP quietly turns every dependency into a security decision. Here is the tree I walk to make it — per library, and across a whole app.
- The URL Is the Hash
Content-addressing on the wire — how the web quietly became a content-addressed store, where fingerprinted URLs and Subresource Integrity are real Merkle edges and the cache that looks most like one isn't.
- You Don't Want Separate Repos
A repository is a database; splitting a subproject out trades a content hash for a version string — and there's only one case where that trade is actually forced.
- node_modules Is the Heaviest Object in the Universe
The same "the hash is the identity" idea that powers a build cache also explains why pnpm stores on disk what npm copies a hundred times over.
- There Are No Phases
Buck2's DICE engine collapses load, analysis, and execution into a single graph — and the decision to rebuild rather than adopt.
- The Widest Box Is the Bug
A flamegraph turns thousands of stack samples into one picture where the slow code is, almost literally, the biggest thing on the screen.
- The Build That Restarts Itself
Inside Skyframe, Bazel's incremental engine — and the strange trick at its heart.
- With the Grain
The original turned a big integer into bytes one byte at a time, fighting the machine. The rewrite went with its grain — whole machine words, packed in C. That structural choice is why it's still ~15× faster fifteen years on, even as CPython sped up underneath it.
- Utils Is Where Modularity Goes to Die
Module boundaries should follow the dependency graph, not your folder intuitions — and "optimal" can be defined precisely.
- The Grain of the Machine
A processor isn't a featureless calculator — it has a shape: words, cache lines, vector lanes. Code that moves with that grain runs many times faster than code that fights it, on the very same data. Here's the shape, and a measured case where the same arithmetic runs 22× slower against it.
- The Hash Is the Identity
Content-addressing in the build cache — content-addressed storage and Merkle trees turn a build cache into a shared resource, so your build is proportional to anyone's change.
- A Language That Can't Loop Forever
Bazel's Starlark forbids unbounded loops and recursion on purpose, and gets analyzability, caching, and parallelism in return. Buck2 quietly allows recursion back — and the split shows which restriction is load-bearing.
- A Little Uncertainty Buys a Lot of Space
Bloom filters trade a small chance of being wrong for an enormous saving in memory — a bargain storage engines take and build systems, so far, refuse.
- The Build Is Proportional to the Change
What every build system is really doing — and the one decision that separates the ones that scale.
- Designing an API That Outlives You
I wrote watchdog in 2010. Fifteen years and three maintainers later it still ships the same public API I designed — here's what made it last.
2025
- Everything Is an Action
The architecture of Firebase Genkit rests on one primitive — a self-describing, observable, callable function — and the whole SDK is layers of specializations of it.
- Reading a Codebase
A method for taking real software apart at the source level — find the one type everything hangs from, extract the algebra, and learn what the designers refused to allow.