Archive - Bomfather

How We Secure Builds With fs-verity

We used to do our builds the "normal" way, but we have learned that it wasn't enough...

Feb 16 • Nathan Naveen

Confidential Computing Adds A Crazy Amount of Overhead to GPUs

I knew that confidential computing added an overhead when running on GPUs, but I never knew it was this absurd...

Feb 4 • Nathan Naveen

January 2026

Dynamic Runtime Policies in eBPF Using Bitmasks

This is a cross-post of https://substack.com/home/post/p-181032541 on eBPFChirp

Jan 8 • Neil Naveen

December 2025

Tracking Shell Scripts (and Python, Perl, etc) with eBPF is Hard

Interpreted languages are painfull to monitor with eBPF, if you want any guarantees

Dec 26, 2025 • Neil Naveen

Making Pigs Fly (AKA Getting the Verifier To Approve eBPF Code)

Your eBPF code may work on your system, but the verifier won't let it work anywhere else.

Dec 10, 2025 • Neil Naveen

Upbit was hacked $37M Solana. How could we have hacked and protected it?

Upbit was hacked and lost $37M of Solana. Here's how it could have happened and how we could have defend it with eBPF and LSM.

Dec 1, 2025 • Nathan Naveen

November 2025

How we managed to secure $25K in GCP credits without a VC

We didn't know it was possible to get GCP credits without a VC

Nov 26, 2025 • Nathan Naveen

Securing Runtime of the L2 Base Ethereum Nodes

Nov 13, 2025 • Neil Naveen

Breakdown of New RunC vulnerabilities CVE-2025-31133, CVE-2025-52565, and CVE‑2025‑52881

I recommend reading the actual exploit https://seclists.org/oss-sec/2025/q4/161. It’s mind-blowing, how complex and how many jumps it takes actually to…

Nov 9, 2025 • Neil Naveen

October 2025

L2 Base Node Builds are Insecure

The docker builds for L2 base/node are full of holes

Oct 30, 2025 • Nathan Naveen

Stopping kill signals against your eBPF programs

Death has never been fun, let's avoid it (with eBPF)

Oct 29, 2025 • Neil Naveen

GitHub’s ubuntu-latest Runners Have 1,681 Packages and 9 HIGH-Severity Vulnerabilities

We build our platform in Go and C. Our production containers are stripped down to exactly what we need. Removing unnecessary packages and minimizing the…

Oct 26, 2025 • Nathan Naveen

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts