Snowflake ID Generators
Matthew’s work on distributed ID generation shines through three complementary projects. sf100-rs-py bridges Rust and Python via a simple shell wrapper, letting you call into a 100-bit Snowflake generator from Python scripts without ever leaving your interpreter–under the hood it leans on PyO3 for zero-copy FFI and targets Python 3.8+. If you’d rather keep things in Rust, snowflake96-rs delivers a native 96-bit implementation that embeds a Modified Julian Date x 1 000 000 timestamp, a 24-bit HMAC-derived node ID, and Crockford Base32 encoding for human-readable strings. For environments demanding extreme throughput, snowflake80-rs pares things down further to an 80-bit layout (40 bits timestamp | 16 bits geo-prefix | 24 bits node/sequence), pushing over a million IDs per second on modern hardware–and even supports Merkle-anchored integrity checks when you need them.
Threat Intelligence & Content Sanitization
On the defensive side, doxa aggregates feeds from MISP, AlienVault OTX, and Recorded Future into a unified Rust-powered CLI that fetches OSINT asynchronously (via reqwest), normalizes it with Serde, and exports to JSON or SQLite for downstream analysis. When you need to strip dangerous content from documents before sharing or archiving, toilet-duck combines BeautifulSoup-driven HTML cleaning and a Pandoc wrapper to eliminate scripts, iframes, and even embedded VB macros–ideal for compliance workflows. And to prove your SQLite clustering can survive chaos, chaos-testing spins up an rqlite cluster in Docker (via the Python SDK), then randomly kills nodes or partitions the network to validate leader re-election and data consistency under duress.
Secure Messaging & Chat Meshes
Privacy-focused chat gets experimental treatment in two “OWL” ports and a pair of ChatGuard prototypes. In owl-rs, a Rust CLI implements Noise XX handshakes, XSalsa20-Poly1305 encryption, and ephemeral PRIVMSG keys to whisper messages under cover, while its Go sibling owl builds on the same protocol with a minimal tcell-based TUI and wire-compatible transport over UDP. Meanwhile, chat-guard reimagines chat tunnels with DTLS overlays and PSK-based message integrity–think WireGuard, but for IRC/XMPP–and chatguard-unified layers mesh discovery (mDNS + gossip) and Bloom-filter deduplication on top, so you can run a small-scale LAN mesh that resists eavesdropping and replay attacks.
Human-Centered, Bot-Resistant Authentication
Rather than CAPTCHA’s frustration, simple-auth offers a tiny HTML widget that blends honeypot fields, timing analysis, and a quick JS challenge to prove you’re human before a server-side action. Its follow-on, simple-auth-accounting, wraps that widget in Go middleware with SQLite logging, producing SAP-style CSV reports per user or IP so you can audit every verification event–ideal for high-assurance workflows that still need a light touch.
Infrastructure & DevOps Helpers
When managing large DNS fleets, zones processes zonefiles en masse–validating with named-checkzone, sorting records, and aggregating DS entries via GNU parallel–so migrating hundreds of domains becomes a scriptable breeze. configo flips configuration on its head by letting Go structs (with YAML/JSON/TOML tags) drive CLI flags, environment overrides, and automatic --help docs, while GCM supplies shell wrappers around Go-INI loaders and rsync-based deployments for static configs. To harden SSH, endlessh-go-fail2ban ties Endlessh-Go tarpitting into Fail2Ban’s auto-ban rules, and go-bot-trap stands guard on your web edge–fingerprinting user-agents, verifying JS execution, then throttling or redirecting suspected bots with HTTP 429 and CAPTCHA challenges.