Vivian Voss

Vivian Voss

Vivian Voss

System Architect & Software Developer. 37 years in the game. 26 professionally.

Building minimal tools that earn every byte. Inspired by the demoscene. Guided by Unix philosophy. Using AI to engineer, educate and validate, not to replicate the bloat faster.

What I Do

I design systems where reduction is the method, not the compromise. Small binaries. Semantic markup. Honest interfaces. Every abstraction must justify its weight.

Currently Senior Developer at a German DIY wholesale giant, working with React, TypeScript, and Spryker. Privately building min2max, ultralight web tools rooted in demoscene constraints.

The Hardware Trail

1989 Amiga 500 1992 Atari Mega STE 1994 486 DX2/66 1996 Unix/Linux 1996 Matrox Millennium 1998 3dfx Voodoo2 2000 First paycheck for code 2000 IBM ThinkPad 2008 MacBook Pro
Rust C Java Python Swift HTML CSS JavaScript TypeScript Tcl/Tk PHP Lua sh FreeBSD Linux BeOS QNX AS/400 BASIC Pascal Rust C Java Python Swift HTML CSS JavaScript TypeScript Tcl/Tk PHP Lua sh FreeBSD Linux BeOS QNX AS/400 BASIC Pascal

Latest Writing

10 July 2026
freebsd security containers openssh

The Bug in the Gap

The third and last of Boring on Purpose. When regreSSHion landed in July 2024, FreeBSD corrected six branches in five minutes and forty seconds under one advisory; Linux fleets got a week of scattered ones. That gap is where the bug lives too: the November 2025 runc break-outs happened in the seam between kernel, namespaces and runtime, each part individually correct. One tree leaves no gap to hide in. Security Review ⊣ Boring on Purpose, 3 of 3.

8 July 2026
softwarearchitecture sqlite unix freebsd

The Layers That Hide What They Should Bound

The fourth and last of the four breaks, and the close of the diagnosis. Layering was built to bound complexity, then quietly shifted to postponing the look beneath it, so the thing below leaks up and you carry the layer and the thing at once. Lehman's law explains the tower: complexity accrues, reduction is unfunded. The counter-proof is the code allowed to finish, SQLite in one file on four billion phones, plus awk, sed, make and pf. Lean Software ⊣ How We Got Here, 5 of 18.

6 July 2026
bsd freebsd openbsd netbsd

The Line Without the Paper

Second of four portraits of the Unix family. The certified Unixes shared a word; the BSDs share a code lineage. Four siblings forked from one Berkeley source and each stayed whole: FreeBSD, whose jails shipped containers in 2000; OpenBSD, which gave the world OpenSSH; NetBSD, which runs anywhere; DragonFly, with HAMMER2. They forked without fragmenting because each inherited a base system, one source tree. Unix Universe ⊣ The Unix Family, 2 of 4.

5 July 2026
philosophy ai liability ownership

The Code You Did Not Write

First of three Sundays on what we can no longer read. At three in the morning a service breaks and git blame names a colleague who only pressed accept. You can read the line, not where it came from; the model cannot be forked or called to account. Only 21% think AI will ever write secure code unwatched. AB 316 and the EU's Product Liability Directive make the shipper liable regardless. Acceptance is not authorship. IT Philosophy ⊣ The Weight You Cannot Read, 1 of 3.

3 July 2026
freebsd security linux ebpf

The Program in the Kernel

The second of three Fridays on a dependable server OS. eBPF lets you load a program the kernel runs in Ring 0; one static analyser, the verifier, stands guard, and about 68% of eBPF vulnerability classes are the memory-safety bugs it exists to stop. The kernel now ships unprivileged eBPF off by default, its own verdict. DTrace gives the same trace, built so the dangerous program cannot be formed. A verifier can have a bug; a missing capability cannot. Security Review ⊣ Boring on Purpose, 2 of 3.

All articles →

This Page Right Now

No framework. No build step. Measured live in your browser. Pure CAST Daemon.

--- TTFB
--- FCP
--- LCP
0 ms TBT
--- CLS
--- Transfer Size

The numbers above are measured live in your browser: your connection, your device, no averages. Below is what Google thinks of the result. Lighthouse audits four dimensions: raw speed, semantic accessibility, security and API hygiene, and search engine visibility. Four perfect scores from a self-made Rust binary web server with zero dependencies.

Performance
Accessibility
Best Practices
SEO

Google Lighthouse. Measured on vivianvoss.net, this site, served by CASTD — an extremely fast self-made and full scale web and content server written in pure Rust with zero dependencies.