Thanks for visiting my blog. I’m just getting things cranking around here, but let me explain to you who I am and what I’m up to.
I’m Mike Doyle and Maror Security is my consultancy. When I entered the computer science program at The Georgia Institute of Technology, I wanted to be a hotshot systems programmer. Back then, almost nobody was getting paid to hack the linux kernel, so I didn’t know how I was going to make this happen, but I had spunk.
Unlike a lot of programs at the time that taught a full curriculum in Java, C#, or Lisp, Ma Tech wanted her engineers to be helluva no matter what the task was at hand. She started us off on a Pascal-like pseudocode, then Java, then C. After that there was a mandatory course on programming language concepts utilizing Sebesta’s wonderful work on the subject, and then students were off to find what parts of the science tickled their fancy.
Adapting to this flexibility definitely helped me out later, as we’ll see.
In addition to the usual college stuff, I spent nights reading t-files, phrack, and the Cult of the Dead Cow. I read through the source to Back Orifice. I regularly dropped by the first (and perhaps only???) brick and mortar store dedicated to open source software, the Linux General Store. I built from source, screwed around with all the different distros, and took systems and networks specialization courses. I got work as a TA, finding bugs in student’s C code.
I begrudgingly took a databases class. Definitely helped me later, as we’ll see.
I got out in ‘03, smack dab in the middle of the dot bomb error. no one was hiring entry level system engineers, every place had a hiring freeze. I got sysadmin work, trying to edge my way into development. This was back when Dev and Ops were like Bloods and Crips though. Fortunately, found out that you could get paid to hack into computers, so I made my way into information security, and then into penetration testing at Cigital, where my systems development knowledge, database knowledge, and experience finding deep bugs in systems code proved very useful.
In 2023 I was working in supply chain security, and decided to whip up a little project to protect dev environments from malicious dependencies. It was stuff I already knew how to do in C: chroot, drop privs, fork and exec, so I decided to try writing it in the up and coming Rust language.
This was a true “Like A Virgin” moment for me. In the past if I wanted to pick up a programming language, I just did it. I picked up Go and developed a highly well-received course on developing Go securely in just a few months.
I appreciate the way that Rust uses enums to eliminate classes of defects that stem from not exhaustively checking return types. I appreciate the way the ownership system encourages developers to develop zero-copy interfaces to eliminate wasted cycles and memory.
But yowza is it hard to learn to write code that compiles cleanly.
So this blog is going to document my journey as a learner. Because Rust changes all the time, I’m building this in hugo on GitHub pages, so I can revision control posts, (I hate it when an awesome post from just a few years ago stops working because some aspect of the language changed!) and keep them relevant, as well as get pull requests from the community when they find bugs, obsolescences, and typos.
I’m also going to use this as my own open reference work. Expect a mix of short posts and links to cool stuff mixed in with longer technical content. Expect infosec content that isn’t related to Rust, or systems development, or programming at all. Expect that something gets too deep for me to explain on Discord or X and I have to break out a blog post explaining it here.
Thanks, and check back soon!
