Alex Gaynor

Hi, I'm Alex. I'm a software resilience engineer. I care about building systems that work. I've worked for the government, in the private sector, and on open source. I'm based in Washington, DC.

  • Home
  • About
  • Quotes
  • Reading List
  • Contact
  • Github

© 2025. All rights reserved.

  • Putting a Price Tag on Open Source Tue, Apr 8, 2025
  • Postel's Law and the Three Ring Circus Tue, Mar 25, 2025
  • Notes on coreutils in Rust Sat, Mar 22, 2025
  • Things have reasons Thu, Mar 6, 2025
  • Generality Wed, Mar 5, 2025
  • Do tech workers have a reason to love monopolies? Wed, Feb 19, 2025
  • The SSO Tax is Smart Business, and Bad Security Fri, Feb 7, 2025
  • Stop Demanding Performance Mon, Jan 27, 2025
  • Challenges to funding open source Mon, Jan 13, 2025
  • Risky Business Mon, Oct 21, 2024
  • Philosophies of Cryptographic Libraries Fri, Sep 27, 2024
  • Signatures are like backups Mon, Sep 9, 2024
  • The impact of memory safety on sandboxing Fri, Aug 30, 2024
  • Safer C++ Sun, Aug 18, 2024
  • Defining the memory safe problem Mon, Oct 2, 2023
  • Buffers on the edge: Python and Rust Sun, Oct 23, 2022
  • What's in a version number? (Or: Musings on backwards compatibility) Thu, Oct 7, 2021
  • Why software ends up complex Mon, Nov 30, 2020
  • CSVs: The good, the bad, and the ugly Thu, Sep 24, 2020
  • What science can tell us about C and C++'s security Wed, May 27, 2020
  • Dayenu for Open Source Fri, Apr 10, 2020
  • Scaling Software Development Tue, Feb 18, 2020
  • 2019 Security Wish List In Review Tue, Dec 24, 2019
  • On Safety Critical Software Thu, Nov 7, 2019
  • A Memory Safety Research Agenda Mon, Sep 2, 2019
  • Introduction to Memory Unsafety for VPs of Engineering Mon, Aug 12, 2019
  • Read code more Thu, Jul 11, 2019
  • Modern C++ Won't Save Us Sun, Apr 21, 2019
  • Notes on the challenges to the adoption of security keys Wed, Apr 10, 2019
  • Chrome + Windows Exploit: Security Beyond Bugfixes Thu, Mar 7, 2019
  • Notes on fuzzing ImageMagick and GraphicsMagick Tue, Feb 5, 2019
  • Security wish list for 2019 Sun, Jan 6, 2019
  • Optimize for Auditability Thu, Dec 13, 2018
  • The worst truism in information security Fri, Jul 20, 2018
  • Lessons learned at USDS Tue, Mar 20, 2018
  • Known unknowns - zero-days in the wild Tue, Feb 20, 2018
  • The mysterious case of (deny dynamic-code-generation) Mon, Jan 29, 2018
  • A vulnerability by any other name Mon, Nov 20, 2017
  • Response to Deputy Attorney General Rosenstein's remarks on Encryption Fri, Oct 13, 2017
  • Surviving Apache Struts CVE-2017-5638 Mon, Sep 18, 2017
  • Categorizing Security Engineering Work Mon, Sep 11, 2017
  • Forward secrecy is the most important thing Wed, Apr 26, 2017
  • Introduction to Certificate Transparency for Server Operators Mon, Apr 17, 2017
  • A year of tracking my HTTP requests Sun, Mar 26, 2017
  • SHA1 and Richard Feynman Sun, Feb 26, 2017
  • Looking for work Fri, Dec 23, 2016
  • OSS-Fuzz initial impressions Sat, Dec 3, 2016
  • Intro to threat modeling Fri, Jul 29, 2016
  • Anatomy of a Crypto Vulnerability Mon, Mar 14, 2016
  • Announcing letsencrypt-aws Wed, Jan 20, 2016
  • Don't have environments Tue, Jan 19, 2016
  • Shrinking your code review Tue, Dec 29, 2015
  • 5 critically important security projects Sat, Nov 28, 2015
  • Telemetry for Open Source Thu, Sep 3, 2015
  • Rust: A modern programming environment Mon, Jul 20, 2015
  • Tips for Improving Your Company's Security Mon, Jun 8, 2015
  • Tips for Scaling Web Apps Wed, May 27, 2015
  • Introduction to Fuzzing in Python with AFL Mon, Apr 13, 2015
  • Red Hat and the Open Source Community Mon, Mar 30, 2015
  • DevOps vs. Platform Engineering Fri, Mar 6, 2015
  • Software Of the People, By the People, For the People Tue, Feb 3, 2015
  • The State of the News and TLS: Part II Tue, Dec 30, 2014
  • The West Wing Revisited: Let Bartlet Be Bartlet Sun, Dec 21, 2014
  • The State of the News and TLS Wed, Nov 12, 2014
  • I Hope Twitter Goes Away Thu, Oct 30, 2014
  • My Ideal Development Environment Mon, Oct 27, 2014
  • The West Wing Revisited: Six Meetings Before Lunch Sun, Oct 19, 2014
  • The West Wing Revisited: The White House Pro-Am Sat, Oct 18, 2014
  • The West Wing Revisited: 20 Hours in L.A. Fri, Oct 17, 2014
  • The West Wing Revisited: Celestial Navigation Thu, Oct 16, 2014
  • The West Wing Revisited: Take this Sabbath Day Wed, Oct 15, 2014
  • The West Wing Revisited: Take out the Trash Day Tue, Oct 14, 2014
  • Advocating for the Devil Mon, Oct 13, 2014
  • The West Wing Revisited: He Shall, From Time to Time? Mon, Oct 13, 2014
  • The West Wing Revisited: Lord John Marbury Sun, Oct 12, 2014
  • The West Wing Revisited: In Excelsis Deo Sat, Oct 11, 2014
  • The West Wing Revisited: The Short List Fri, Oct 10, 2014
  • The West Wing Revisited: Enemies Thu, Oct 9, 2014
  • The West Wing Revisited: The State Dinner Wed, Oct 8, 2014
  • The West Wing Revisited: Mr. Willis of Ohio Tue, Oct 7, 2014
  • How to Code Review Without Being a Jerk Mon, Oct 6, 2014
  • HTTP Considered Unethical Mon, Oct 6, 2014
  • The West Wing Revisisted: The Crackpots and These Women Mon, Oct 6, 2014
  • The West Wing Revisited: Five Votes Down Sun, Oct 5, 2014
  • The West Wing Revisited: A Proportional Response Fri, Oct 3, 2014
  • The West Wing Revisited: Post Hoc Ergo Propter Hoc Thu, Oct 2, 2014
  • Python for Ada Tue, Sep 23, 2014
  • The West Wing Revisited Sun, Sep 21, 2014
  • Math Games Mon, Aug 4, 2014
  • There is a flash of light! Your PYTHON has evolved into ... Fri, Jul 4, 2014
  • Quo Vadimus? Mon, May 26, 2014
  • Service Mon, May 19, 2014
  • Best of PyCon 2014 Thu, Apr 17, 2014
  • House and Twitter Thu, Mar 20, 2014
  • Why Crypto Wed, Feb 12, 2014
  • Why Travis CI is great for the Python community Mon, Jan 6, 2014
  • PyPI Download Statistics Fri, Jan 3, 2014
  • About Python 3 Mon, Dec 30, 2013
  • Gender neutral language - An FAQ Sat, Nov 30, 2013
  • Affirmative action Wed, Nov 27, 2013
  • Security process for Open Source Projects Sat, Oct 19, 2013
  • Meritocracy Sat, Oct 12, 2013
  • Thoughts on Lavabit Wed, Oct 2, 2013
  • Effective Code Review Thu, Sep 26, 2013
  • Being negative Sun, Sep 22, 2013
  • Doing a release is too hard Tue, Sep 17, 2013
  • You guys know who Philo Farnsworth was? Sun, Sep 15, 2013
  • Your project doesn't mean your playground Sun, Sep 8, 2013
  • Why I support diversity Wed, Aug 28, 2013
  • An open letter to the security community Sat, Aug 3, 2013
  • You don't have to be a jerk to code review Tue, Jul 16, 2013
  • Your tests are not a benchmark Mon, Jul 15, 2013
  • Thoughts on OpenStack Thu, Jul 11, 2013
  • Weekly Updates Thu, Jun 20, 2013
  • Moving to Rackspace Mon, May 6, 2013
  • Perception Tue, Apr 16, 2013
  • Disambiguating BSON and msgpack Sat, Feb 16, 2013
  • Software Design: 80/20 libraries Sun, Jan 6, 2013
  • Linux on the Desktop Dead Mon, Sep 3, 2012
  • The compiler rarely knows best Thu, Jul 12, 2012
  • Why personal funding Wed, Jul 4, 2012
  • 5 years, 2 months, and 28 days Sat, May 26, 2012
  • The perils of polyglot programming Fri, Dec 23, 2011
  • Why del defaultdict()[k] should raise an error Mon, Nov 28, 2011
  • RCOS NumPy Talk Fri, Nov 18, 2011
  • The run-time distinction Tue, Oct 11, 2011
  • So you want to write a fast Python? Sun, Jul 10, 2011
  • DjangoCon Europe 2011 Slides Tue, Jun 7, 2011
  • This Summer Fri, May 6, 2011
  • My experience with the computer language shootout Sun, Apr 3, 2011
  • PyPy San Francisco Tour Recap Wed, Mar 9, 2011
  • Django and Python 3 (Take 2) Thu, Feb 17, 2011
  • Announcing VCS Translator Fri, Jan 21, 2011
  • PyCon 2011 is going to be Awesome Fri, Jan 21, 2011
  • 2010 in Review Fri, Dec 31, 2010
  • Getting the most out of tox Fri, Dec 17, 2010
  • Programming Languages Terminology Fri, Nov 19, 2010
  • Symptoms and Diseases Thu, Nov 18, 2010
  • A statically typed language I'd actually want to use Thu, Nov 4, 2010
  • Not everything sucks Thu, Nov 4, 2010
  • The continuous integration I want Tue, Nov 2, 2010
  • National Blog Post Month Mon, Nov 1, 2010
  • Priorities Sun, Oct 24, 2010
  • Cui Bono Thu, Oct 21, 2010
  • Prohibition doesn't Work Thu, Oct 14, 2010
  • The Pakistan Problem Wed, Oct 6, 2010
  • US Interventionism and its Fallout Sun, Oct 3, 2010
  • Dynamic and Static Programming Languages and Teaching Wed, Sep 29, 2010
  • US Counterinsurgency and Terrorism Policy Sun, Sep 26, 2010
  • Afghani Elections Tue, Sep 21, 2010
  • django-taggit 0.9 Released Tue, Sep 21, 2010
  • Political Religion Mon, Sep 20, 2010
  • Democracy in Colonial Areas Tue, Sep 14, 2010
  • Upcoming Content Tue, Sep 14, 2010
  • DjangoCon 2010 Slides Mon, Sep 13, 2010
  • Education Slides Mon, Aug 16, 2010
  • PyOhio Slides Mon, Aug 2, 2010
  • Testing Utilities in Django Tue, Jul 6, 2010
  • MultiMethods for Python Sat, Jun 26, 2010
  • Hey, could someone write this app for me Tue, Jun 8, 2010
  • DjangoCon.eu slides Mon, May 24, 2010
  • PyPy is the Future of Python Sat, May 15, 2010
  • A Tour of the django-taggit Internals Sun, May 9, 2010
  • Why Utilitarianism Fails Thu, May 6, 2010
  • Cool New django-taggit API Tue, May 4, 2010
  • Making Django and PyPy Play Nice (Part 1) Fri, Apr 16, 2010
  • Designer Developer Relations Mon, Mar 29, 2010
  • Towards Application Objects in Django Sun, Mar 28, 2010
  • Languages Don't Have Speeds, Or Do They? Mon, Mar 15, 2010
  • PyCon Roundup - Days 2-4 Mon, Mar 8, 2010
  • PyCon Roundup - Days 0 and 1 Fri, Feb 26, 2010
  • Committer Models of Unladen Swallow, PyPy, and Django Thu, Feb 25, 2010
  • Thoughts on HipHop PHP Tue, Feb 2, 2010
  • Why Open Source Works Wed, Jan 27, 2010
  • I Have Talent Fri, Jan 15, 2010
  • Dive into Python 3 Review Tue, Jan 12, 2010
  • Hot Django on WSGI Action (announcing django-wsgi) Mon, Jan 11, 2010
  • A New Home Fri, Jan 8, 2010
  • A few thoughts on education Wed, Dec 2, 2009
  • A month in review Tue, Dec 1, 2009
  • You Built a Metaclass for *what*? Mon, Nov 30, 2009
  • Getting Started with Testing in Django Sun, Nov 29, 2009
  • Django and Python 3 Sat, Nov 28, 2009
  • Why Meta.using was removed Fri, Nov 27, 2009
  • Just a Small Update Thu, Nov 26, 2009
  • Final Review of Python Essential Reference Wed, Nov 25, 2009
  • Filing a Good Ticket Tue, Nov 24, 2009
  • Using PLY for Parsing Without Using it for Lexing Mon, Nov 23, 2009
  • A Bit of Benchmarking Sun, Nov 22, 2009
  • Things College Taught me that the "Real World" Didn't Sat, Nov 21, 2009
  • Announcing django-admin-histograms Thu, Nov 19, 2009
  • Another Pair of Unladen Swallow Optimizations Thu, Nov 19, 2009
  • Writing a Lexer Tue, Nov 17, 2009
  • My Next Blog Mon, Nov 16, 2009
  • Initial Review: Python Essential Reference Sun, Nov 15, 2009
  • Why jQuery shouldn't be in the admin Sat, Nov 14, 2009
  • Syntax Matters Fri, Nov 13, 2009
  • Why I'm not very excited about Go Thu, Nov 12, 2009
  • When Django Fails? (A response) Wed, Nov 11, 2009
  • The State of MultiDB (in Django) Tue, Nov 10, 2009
  • Software that deserves a thank you Mon, Nov 9, 2009
  • Another Unladen Swallow Optimization Sun, Nov 8, 2009
  • My Workflow Sat, Nov 7, 2009
  • Towards a Better Template Tag Definition Syntax Fri, Nov 6, 2009
  • The Pycon Program Committee and my PyCon Talk Thu, Nov 5, 2009
  • Django's ManyToMany Refactoring Wed, Nov 4, 2009
  • Diving into Unladen Swallow's Optimizations Tue, Nov 3, 2009
  • Introduction to Unladen Swallow Mon, Nov 2, 2009
  • Another month of blogging? Sun, Nov 1, 2009
  • Optimising compilers are there so that you can be a better programmer Sat, Oct 10, 2009
  • Django-filter 0.5 released! Fri, Aug 14, 2009
  • pyvcs .2 released Sun, Jul 12, 2009
  • Announcing pyvcs, django-vcs, and piano-man Sun, Jul 5, 2009
  • A response to "Python sucks" Thu, Jun 4, 2009
  • EuroDjangoCon 2009 Tue, May 5, 2009
  • Ajax Validation Aministrivia Thu, Apr 16, 2009
  • ORM Panel Recap Mon, Mar 30, 2009
  • PyCon Wrapup Mon, Mar 30, 2009
  • Google Moderator for PyCon ORM Panel Sun, Mar 15, 2009
  • Announcing django-filter Sat, Feb 14, 2009
  • A Second Look at Inheritance and Polymorphism with Django Tue, Feb 10, 2009
  • Building a Magic Manager Sat, Jan 31, 2009
  • Django Ajax Validation 0.1.0 Released Sat, Jan 24, 2009
  • Optimizing a View Mon, Jan 19, 2009
  • New Admin URLs Wed, Jan 14, 2009
  • 2008 and 2009 Sat, Jan 3, 2009
  • Building a Read Only Field in Django Sun, Dec 28, 2008
  • Building a Function Templatetag Thu, Dec 25, 2008
  • Many Thanks to Webfaction Thu, Dec 25, 2008
  • PyCon '09, Here I come! Mon, Dec 15, 2008
  • Playing with Polymorphism in Django Fri, Dec 5, 2008
  • A month in review Tue, Dec 2, 2008
  • A Few More Thoughts on the Identity Mapper Mon, Dec 1, 2008
  • Fixing up our identity mapper Mon, Dec 1, 2008
  • Building a simple identity map in Django Sat, Nov 29, 2008
  • Other ORM Goodies Sat, Nov 29, 2008
  • Some thoughts on Blogging Thu, Nov 27, 2008
  • What aggregates are going to look like Thu, Nov 27, 2008
  • Home Sweet Home Wed, Nov 26, 2008
  • A timeline view in Django Mon, Nov 24, 2008
  • A quick update Sun, Nov 23, 2008
  • Thinking about netbooks Sun, Nov 23, 2008
  • My Programming Language - Status Update Fri, Nov 21, 2008
  • Why I don't use easy_install Thu, Nov 20, 2008
  • Uncoupled code is good, but doesn't exist Wed, Nov 19, 2008
  • What Python learned from economics Tue, Nov 18, 2008
  • Running the Django Test Suite Mon, Nov 17, 2008
  • What I'm excited about in Django 1.1 Sun, Nov 16, 2008
  • Python Things Sat, Nov 15, 2008
  • And now for the disclaimer Fri, Nov 14, 2008
  • Django Models - Digging a Little Deeper Thu, Nov 13, 2008
  • What software do I use? Wed, Nov 12, 2008
  • Getting Started With PLY - Part 3 Mon, Nov 10, 2008
  • How the Heck do Django Models Work Mon, Nov 10, 2008
  • Getting Started With PLY - Part 2 Sun, Nov 9, 2008
  • Getting Started With PLY Sat, Nov 8, 2008
  • That's not change we can believe in Fri, Nov 7, 2008
  • Building a Programming Language with Python Thu, Nov 6, 2008
  • PyGTK and Multiprocessing Wed, Nov 5, 2008
  • More Laziness with Foreign Keys Tue, Nov 4, 2008
  • Lazy User Foreign Keys Mon, Nov 3, 2008