MoreRSS

site iconThe Practical DeveloperModify

A constructive and inclusive social network for software developers.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of The Practical Developer

💻 Flutter V2Ray Client Desktop Plugin — V2Ray/Xray & Sing-Box VPN for Windows, macOS, Linux

2025-11-12 04:46:11

🧩 Following the success of flutter_v2ray_client (mobile), I'm excited to introduce the Desktop Edition — a premium Flutter plugin that brings V2Ray, Xray, and Sing-Box VPN/TUN capabilities to Windows, macOS, and Linux.

Ideal for developers and companies building cross-platform VPN or proxy tools.

🎥 Quick Youtube Video Demo

Watch Demo

Watch on YouTube

💎 Premium Highlights

🔒 2-Year Guarantee — Free updates & maintenance

💬 Priority Support — Fast Telegram support for all premium users

🚀 Advanced Features — Real-time stats, VPN/TUN mode, delay tests

⚠️ Need help? Contact @AmirZrDevv or open a GitHub issue. Support replies within 24 hours.

🖥️ Overview

flutter_v2ray_client_desktop lets you run V2Ray/Xray and Sing-Box (VPN/TUN) with a unified Flutter API.

It includes system proxy management, URL parsing, and real-time network stats — all in pure Dart.

Component Version
Xray Core 25.10.15
Sing-Box 1.12.10

With each Xray and Sing-Box update, you will receive new updates.

🔎 Key Use Cases

  • Build a cross‑platform VPN client with TUN/VPN and system proxy modes.
  • Parse vmess/vless/trojan/ss/socks links to valid Xray configs.
  • Show live bandwidth, totals, and uptime in your UI.
  • Run delay tests (HTTP/ICMP/TCP) to auto‑pick the fastest server.

✨ Core Features

  • 🔌 Connection Modes: proxy, systemProxy, vpn
  • 📊 Live Status: speed, totals, uptime, connection state
  • ⚙️ System Proxy Control: Windows/macOS/Linux
  • 🔒 VPN/TUN with Sing-Box
  • ⏱️ Server Delay Test: HTTP / ICMP / TCP
  • 🔗 Share-Link Parser: vmess/vless/trojan/ss/socks → Xray JSON

🌐 Platform Setup

Platform Binary Location Notes
Windows windows/resources/ Run app as Administrator for VPN mode
macOS macos/Resources/ Requires sudoPassword at runtime for VPN
Linux linux/resources/ Requires sudoPassword at runtime for VPN

⚠️ VPN mode requires admin/root privileges.

📦 Installation

dependencies:
  flutter:
    sdk: flutter
  flutter_v2ray_client_desktop:
    git:
      url: # Replace with the actual path to your local flutter_v2ray_client_desktop directory
    # Example (uncomment and modify as needed):
    # path: /path/to/your/local/flutter_v2ray_client_desktop

Run flutter pub get.

🚀 Quick Start

import 'package:flutter_v2ray_client_desktop/flutter_v2ray_client_desktop.dart';

final client = FlutterV2rayClientDesktop(
  logListener: print,
  statusListener: print,
);

await client.startV2Ray(
  config: jsonConfig,
  connectionType: ConnectionType.systemProxy,
);

Stop it:

await client.stopV2Ray();

🧠 Logs & Status

logListener(String log)

→ Receives raw logs: "[Xray]...", "[sing-box]...".

statusListener(V2rayStatus status)

→ Fires every second:

V2rayStatus(
  state: ConnectionState.connected,
  duration: 0:02:15,
  download: 12456,
  upload: 2345,
  totalDownload: 3456789,
  totalUpload: 456789,
)

🧩 Parser API (V2rayParser)

Convert links into full configs:

final parser = V2rayParser();
await parser.parse('vmess://...');

final fullJson = parser.json();
await client.startV2Ray(
  config: fullJson,
  connectionType: ConnectionType.systemProxy,
);

Supported protocols:

vmess://, vless://, trojan://, ss://, socks://

🧰 API Reference (Summary)

Type Description
ConnectionType proxy, systemProxy, vpn
DelayType http, icmp, tcp
V2rayStatus Tracks speed, totals, duration
FlutterV2rayClientDesktop Main controller

❓ FAQ

  • Does VPN/TUN work on all platforms? Yes. TUN mode uses Sing‑Box. It requires admin/root privileges.
  • How do I disable the system proxy when stopping? stopV2Ray() automatically disables the system proxy or stops VPN depending on ConnectionType (see FlutterV2rayClientDesktop.stopV2Ray() in lib/flutter_v2ray_client_desktop.dart).
  • Can I query versions at runtime? Yes: getXrayVersion() and getSingBoxVersion() return core versions.
  • Which outbound does live stats track? By default it reads outbound>>>proxy uplink/downlink via Xray API (see _startStatusTimer() implementation).

⚙️ Utility Methods

await client.setSystemProxy('socks://127.0.0.1:10808');
await client.setSystemProxy(''); // disable proxy

final delay = await client.getServerDelay(
  url: 'vmess://...',
  type: DelayType.tcp,
);

print('Delay: ${delay}ms');

🖼 Screenshots

Android

Android Screenshot 1Android Screenshot 2

Desktop

Linux Screenshot

macOS Screenshot

Windows Screenshot

🔗 Related Links

👨‍💻 About the Author

I’m Amir Ziari, a full-stack developer passionate about privacy, VPN technologies, and Flutter performance.

I help developers build secure and reliable network apps.

🏁 Final Words

With flutter_v2ray_client_desktop, you can bring V2Ray/Xray & Sing-Box to desktop Flutter apps — with one unified API and cross-platform control.

Build your next-gen VPN or proxy tool with confidence ⚡

Mastering Cryptography: A Senior's Guide to Design, Attack, and Defend

2025-11-12 04:34:05

From the first whispered secret you tried to pass in school to the last password you sent over a chat app, you’ve already lived inside the world of cryptography. Sometimes you wanted to hide what you were saying. Sometimes you wanted to avoid attracting attention altogether. Sometimes you needed to prove you were you without giving away anything else. And sometimes you just needed reassurance that what arrived was exactly what was sent. Those familiar, everyday needs are the spine of a field that’s far broader—and more strategic—than most introductions admit.

This guide is a deliberately practical map. It sets a senior-level structure you can carry in your head, shows where the seams between subfields actually live, and gives you a step-by-step way to think about both building and breaking systems. It won’t drown you in folklore or buzzwords. It will give you a small number of frameworks you can reuse, and a minimalist mathematical core you can reason about in your own work.

What exactly is cryptography, beyond “secret writing”?

At its simplest, cryptography is the science of protecting information. Historically, it’s thousands of years old because humans recognized early that some information is valuable precisely because it’s scarce and hidden. Today, it’s a discipline with several intertwined roles:

  • Hiding the content of information (encryption).
  • Enforcing who can access it (confidentiality and access control).
  • Proving who is who (authentication).
  • Preserving correctness in transit and storage (integrity).

That wider scope matters. Not every confidentiality mechanism is an encrypting algorithm. Authentication can be achieved with digital signatures; integrity is often enforced with hash functions. And even “hiding” itself comes in two flavors: hiding content (cryptography) and hiding the fact that any communication occurred (steganography). Keeping these roles distinct will save you from category mistakes later.

The four jobs of cryptography: Hide, Limit, Prove, Preserve
A memory-friendly framework:

  • Hide: Encrypt the content so that an observer sees only unintelligible data.
  • Limit: Control who gets access; this includes key distribution and access management, not just ciphers.
  • Prove: Authenticate parties and actions. Digital signatures fit here.
  • Preserve: Maintain integrity so content cannot be altered undetected. Hash functions are essential.

All four jobs recur across systems. If you can’t point to the specific mechanism doing each job, you either have a gap—or you haven’t understood the design.

How do symmetric and asymmetric systems actually differ?
The intuitive distinction is simple:

  • Symmetric systems use the same key for encryption and decryption. If you and I share a secret key, I encrypt with it and you decrypt with it.
  • Asymmetric systems use different keys: one to encrypt (or verify) and one to decrypt (or sign). This is the “public/private” key model.

Two practical observations follow from this:

  • Symmetric systems can achieve very strong security; the canonical extreme is the one-time pad, which is mathematically unbreakable under the right conditions. It is symmetric.
  • Modern systems rely heavily on asymmetric methods because they solve the key distribution problem at scale. Yet in practice, hybrids are common: asymmetric methods help with exchanging or managing keys, while symmetric methods efficiently protect bulk data.

You don’t need to memorize a zoo of algorithms to be effective. You do need to recognize which side of the symmetric/asymmetric line a given mechanism lives on—and why it was chosen.

Stream vs block, substitution vs permutation: a compact 2×2
A second mental model that scales well:

  • Stream vs block:

    • Stream methods operate symbol-by-symbol (or bit-by-bit), often transforming a continuous flow. Classic substitution ciphers fall here.
    • Block methods operate on fixed-size blocks (e.g., take a 1024-bit chunk and transform it as a unit). Modern block designs often apply multiple rounds of operations to each block.
  • Substitution vs permutation:

    • Substitution replaces elements with other elements (e.g., swapping letters according to a mapping).
    • Permutation reorders elements (e.g., shuffling positions inside a block).

Many robust block designs mix substitution and permutation across rounds. That mixing—replacing and reordering—amplifies confusion and diffusion until local patterns wash out. You can reason about a block construction by explicitly asking: which components substitute, which permute, and how are they combined?

When should you hide the content vs hide the very presence of content?
Cryptography hides what you say. Steganography hides that you’re saying anything at all.

  • Use cryptography when your threat model accepts that observers know you’re communicating, but must not learn the content.
  • Use steganography when detection itself is dangerous and you need plausible deniability that any message exists.

Both can be combined: first encrypt to protect content, then embed the ciphertext so the communication blends into the background.

Steganography in two moves: medium vs data
Steganographic methods cluster into two memorable categories:

  • Hiding in the medium: Think physical substrates and simple tricks. Write with invisible ink on paper, then reveal it under UV light or by heating. The message “exists” physically but is concealed by the medium’s properties.
  • Hiding in data: Embed information inside digital carriers so the presence of the message is difficult to detect. The carrier looks ordinary even though it contains hidden content.

Hybrid methods exist and are useful: you can hide a cryptographic message within an innocuous medium. The key is to stay honest about your objective—are you hiding content, presence, or both—and choose techniques accordingly.

Who are Alice, Bob, and Eve—and why do they keep showing up?

Alice and Bob are conventional stand-ins for the communicating parties. They were popularized simply because their initials align with the start of the alphabet: A and B. Over time, they became memes with familiar roles in diagrams.

Eve is the eavesdropper—the adversary trying to listen in. The name “Eve” comes from the English “eavesdropper” and is reserved by convention for the attacker who listens. If you need more parties, you march onward through the alphabet, but you skip E: Eve is taken.

The minimal math you actually need to reason about encryption

A system-level view benefits from the cleanest possible mathematical model. You only need a few pieces.

Everything else—hashes, signatures, key exchange—can be layered around this core. Keep it handy; it clarifies design discussions quickly.

How does a cryptanalyst really start?
Popular stories jump to clever finales. In practice, cryptanalysis starts with disciplined process and a willingness to iterate. Even for “toy” ciphers, the workflow matters.

  • First, obtain the ciphertext (the “cryptogram”). Without sufficient material, smart methods starve.
  • Second, hypothesize the encryption system. You rarely know the exact algorithm upfront. Instead, constrain the space of plausible systems:
    • Use knowledge of the sender’s usual tools or context.
    • Narrow to the systems commonly deployed in the environment you’re analyzing.
    • Look for telltale artifacts in the ciphertext (e.g., length patterns, alphabet, structure).
  • Third, apply attacks appropriate to the hypothesized system:
    • For a simple substitution (single alphabet), frequency analysis is your first lever. Human languages leave statistical fingerprints; align ciphertext symbol frequencies with expected language frequencies.
    • For bigram-based ciphers, extend frequency analysis to pairs to capture richer structure.
    • For some systems, strategic guessing of keywords can collapse uncertainty quickly.

Two realistic loopbacks:

  • If an attack fails, you may have chosen the wrong family. Go back, refine your hypothesis, and try again.
  • If an attack stalls, you may not have enough ciphertext. Grow your corpus of cryptograms until your statistical tools have signal to work with.

And one hard constraint: some systems aren’t breakable by design. The one-time pad is the canonical example—its security can be proved mathematically. Recognizing such cases saves time and prevents overpromising.

A step-by-step checklist for attacking a ciphertext (ethically)
Use this as a disciplined template when you face an unknown cryptogram.

  1. Acquire and curate the material
  2. Collect the ciphertext and any related transmissions. Normalize formats carefully.
  3. Preserve metadata where available (timing, lengths, channel characteristics). Even when content is encrypted, side information helps you hypothesize the system.

  4. Generate and rank hypotheses about the system

  5. Ask: stream or block? Fixed block sizes often leave periodic artifacts; streams often do not.

  6. Ask: substitution, permutation, or a mix? Substitution leaks frequency patterns; pure permutations preserve symbol counts exactly.

  7. Ask: symmetric or asymmetric? If there’s evidence of public distribution or key exchange, asymmetric methods may be at play.

3.Select attack families that match the hypothesis

  • If you suspect simple substitution, lead with frequency analysis and constrained mapping reconstruction.
  • If you suspect bigram or n-gram substitution, extend your statistics to pairs or higher-order n-grams.
  • If you suspect a permutation within fixed-size chunks, analyze block boundaries and search for position-based regularities.
  1. Iterate with more data or revised models
  2. If you can’t reach a useful confidence level, obtain more ciphertext. Many attacks need volume.
  3. If multiple attack families yield no traction, revisit your system assumptions. Validate, then generalize Once you recover plausible plaintext, validate against known content or context. Document the working hypothesis-to-attack pipeline so it’s reusable on related material.

Finally, maintain a stop condition: if evidence suggests an unbreakable construction (e.g., the one-time pad under proper use), accept it and reframe your objective.

Key management is where systems live or die
Choosing an algorithm is rarely the hard part. Distributing and managing keys safely is. Two big ideas set the stage:

  • Key distribution is itself a discipline. Mechanisms exist to allow parties to agree on keys over insecure channels. Their design and correctness directly affect confidentiality.
  • Quantum cryptography’s most practical face is key distribution. Quantum key distribution sits squarely in the key management space rather than content encryption per se.

Learn to separate “how we protect content” from “how we agree on and rotate the keys that enable protection.” Many system failures come from muddling these concerns.

Why hash functions matter everywhere
Hash functions are the quiet workhorses across the map:

  • They support integrity by producing compact digests; if the digest changes, the content changed.
  • They underpin digital signatures; signing a digest is far more practical and structured than signing raw content.
  • They appear in both symmetric and asymmetric construction patterns.
  • They’re integral to distributed ledgers: blockchains anchor their structure on hash-linked data and proofs.

If your design or analysis ignores hash functions, it’s probably incomplete. Treat them as first-class elements in your system diagrams.

Where blockchain and quantum fit on this map

  • Blockchain and distributed ledgers are not “cryptographic” because they hide anything; they’re cryptographic because the integrity of the structure and the validity of actions rest on cryptographic primitives—especially hash functions and signatures. The “crypto-” prefix points to its roots, not to secrecy.
  • Quantum technologies interact with cryptography most strongly through key management. That is the main bridge to keep in view.

You don’t need to speculate about far futures to be effective today. Organize your understanding around the primitives already in use and the clear interfaces to adjacent fields.

When protecting personal data means “learning without revealing”
There’s a class of protocols that allow you to obtain information without revealing exactly what you obtained. This “obtaining hidden information” pattern is especially relevant to personal data protection: one party can respond to a query without learning which specific item the other party learned. Treat it as a specialized tool for privacy-preserving access when the mere shape of your request is sensitive.

A minimal taxonomy you can retell tomorrow
If someone asked you for a two-minute summary at a whiteboard, here’s a structure that sticks:

  • Two outer goals:

    • Cryptography: hide content.
    • Steganography: hide the fact of communication.
  • Two internal splits:

    • Symmetric vs asymmetric keys.
    • Stream vs block operations.
  • Two elemental operations:

    • Substitution (replace).
    • Permutation (reorder).
  • Four jobs of the system:

    • Hide (encryption).
    • Limit (confidentiality/access).
    • Prove (authentication/signatures).
    • Preserve (integrity/hashes).
  • Two adjacent bridges:

    • Key management (classical and quantum).
    • Distributed ledgers (hash-anchored integrity).

If you can place a technique in this grid and point to which job it does, you understand it well enough to reason about design and risk.

Practical vignettes: connecting the dots without buzzwords

  • You see two parties exchanging messages in the open. The content is unreadable, and each message is the same length. You’re likely seeing content encryption (Hide) without steganography. If there’s a visible key exchange step, you’re probably looking at asymmetric key establishment followed by symmetric data protection.
  • You discover what looks like normal media with no obvious payload. Ask whether the requirement is to avoid detection. If yes, steganography is the relevant discipline. If the content must also be protected if found, combine stego with cryptography.
  • You’re asked to “sign” a document. Recognize that this sits in Prove and Preserve: you’ll hash the content (Preserve), then apply a signing mechanism tied to identity (Prove), so others can verify authorship and integrity.
  • You’re tasked with analyzing a ciphertext of unknown origin. Use the cryptanalyst’s checklist: obtain sufficient material, hypothesize the system family (stream/block, substitution/permutation, symmetric/asymmetric), apply the corresponding attacks (frequency for simple substitutions, bigram analysis for pairwise schemes), iterate or grow the corpus, and respect the limits of unbreakable schemes.

Notes on culture and clarity
A few conventions reduce friction:

  • Diagrams often label the parties as Alice and Bob; the eavesdropper is Eve. If more parties appear, proceed through the alphabet but keep E reserved for the adversary.
  • Keep your math minimal and explicit: Enc, Dec, the bitstring domains, and the core identity Dec(Enc(m,k),k)=m. It’s enough to align teams and cut through confusion.
  • Recognize steganography as a sibling discipline, not a subroutine. Its goal—hiding presence—is different from hiding content. It deserves its own methods and threat models.

A quick study path for builders and breakers

If you’re getting your team up to speed or you’re refreshing your own map:

  • Start with stream substitution methods to build intuition about symbol mappings and frequency patterns. They’re simple but teach you what leakage looks like.
  • Move to block methods and examine how substitution and permutation combine across rounds. Practice reasoning about blocks as units.
  • Learn, use, and abuse hash functions. Treat them as first-class integrity tools.
  • Practice the cryptanalyst’s workflow on small, controlled problems: single substitution, then bigram-based schemes. Train your eye on frequency, structure, and hypothesis testing.
  • Add key management: understand how systems handle key distribution and rotation. Place quantum key ideas in that box.
  • Explore steganography’s two modes: hiding in mediums and hiding in data. Implement at least one of each to feel the trade-offs.
  • Keep asymmetric methods in view for authentication (digital signatures) and for managing keys. Pair them with symmetric methods for efficient content protection.

Final Thoughts

The field looks sprawling from the outside, but the core is compact. Hide content when that’s enough, hide communication when detection is the risk, prove identities when you need accountability, and preserve integrity everywhere. Underneath, you have a few crisp axes—symmetric vs asymmetric, stream vs block, substitution vs permutation—and a tiny math model that tells you whether your design even makes sense: Dec(Enc(m,k),k)=m.

The craft improves when you keep the map visible. Before you add a new component, ask which job it does in the system. Before you attempt a break, say which family you think you’re facing and why. And before you promise a result, remember that some constructions, like the one-time pad, are provably beyond reach.

If there’s a place to start today, pick one small system and place it in the frameworks above. Name what it hides, how it proves, how it preserves. Then decide whether you need to hide the message—or the fact that you sent one at all.

Djowda — Looking for a New Steward for an Open FoodTech Ecosystem

2025-11-12 04:32:38

Hey folks,

I’ve been building Djowda for the past few years — a large-scale, open, and decentralized ecosystem designed to connect local food chains across the world.

It started with a question:

“If we can decentralize finance, why can’t we decentralize food?”

From that question came a family of Android apps, a global spatial database, and a concept called the Intelligent Cell System — an architecture inspired by neurons, where every cell learns, remembers, and shares.

Over time, Djowda grew into more than code. It became a living idea:
a vision for fair, local, and intelligent food networks that operate without dependency on Big Tech or centralized control.

🚀 What’s Included

I’ve decided to pass the entire project and its identity to someone (or an organization) who truly believes in this mission.
Everything is available for free — not for profit, but for continuity.

Included assets:

🌍 djowda.com domain name

🔗 Social handles @djowda across major platforms

💻 GitHub repositories with full architecture, documentation, and source code

📱 Google Play Console admin (Android app listings)

🧭 The Vision

Djowda’s core idea is simple:

“Empower communities to manage food systems through open, local intelligence.”

Technically, it blends:

Firebase + Room for distributed data handling

MQTT + IPFS for peer-to-peer exchange

Spatial grid mapping for location-based store discovery (no Maps API dependency)

A modular Android ecosystem (Store, Farmer, Factory, Wholesaler, User, etc.)

The entire platform was built to scale from one cell to a global mesh of interconnected food nodes.

👐 The Call

If you’re part of:

an open-source collective,

a university or research lab,

a non-profit working on food systems, or

just an individual developer who wants to make something that matters —

I’d love to transfer Djowda to you.
No money. No strings. Just the hope that it continues to evolve.

The only request is to keep it open, transparent, and aligned with the public good.

This isn’t a sunset post. It’s a hand-off.
The architecture is built, the idea is strong — it just needs a new mind (or many) to carry it forward.

If this resonates with you, reach out.
Let’s make decentralized food systems a reality — together.

opensource #android #firebase #mqtt #ipfs #decentralization #foodtech #sustainability #djowda

Djowda Project Transfer

Podcast: ConformIQ CEO & LayerLens Co-Founder on the Reality of AI in Testing

2025-11-12 04:26:21

Hi Everyone,

My name is Mark, and I'm new to the group. I work at ConformIQ, where we focus on solving a major source of friction in the CI/CD pipeline: unreliable and high-maintenance automated testing.

I'm joining this community to learn, but I wanted to introduce myself by sharing some value first.

Our CEO, Mark Creamer, recently sat down with Archie Chaudhury (Co-Founder of LayerLens) for a deep-dive podcast series. They cut through the "GenAI hype" and addressed the "95% AI failure rate" that's causing so many flaky tests to break builds.

Here are the episodes:

Ep. 1: The Problem: Common QA challenges that become pipeline bottlenecks, from test maintenance to coverage gaps.
Link: https://lnkd.in/dq5E8xW5

Ep. 2: The Hype: Why reliability is non-negotiable and the risks of "black box" GenAI tools in a build process.
Link: https://lnkd.in/dVTuWsfW

Ep. 3: The Solution: How a verifiable, hybrid strategy (what we call #HyperAI) can turn AI failures into success.
Link: https://lnkd.in/df5cq-Hq

This series explains our philosophy of blending GenAI's speed with the deterministic, logical power of Symbolic AI.

I hope you find it valuable! I'm curious, how is this group thinking about the new wave of GenAI tools and their impact on pipeline reliability?

Looking forward to being part of the community.

What Actually Happens When You Type a URL in the Browser?

2025-11-12 04:25:07

Imagine you’re at your desk, maybe with a little mug of tea, and you open your browser. You type www.google.com, hit Enter, and in what feels like a heartbeat, you’re staring at the Google homepage.

Simple, right?

Here’s the thing: behind that one keystroke lies a chain reaction, a series of machines, protocols, translations, negotiations, all secretly working together so you can see a web page. It’s less magic, more engineering, but still pretty magical when you think about it.

Step 1: The URL — Your Digital Address

When you typed https://www.google.com, you essentially said:

“Browser, take me to the house called google.com using the secure road (HTTPS).”

Breaking it down:

  • Protocol: https:// – tells the browser how to speak to the server (securely).
  • Domain name: www.google.com – tells it where to go.
  • Path/query (might be something like `/search?q=…” but not in our simple example) – tells it what exactly to fetch inside that domain.

Once you hit Enter, your browser thinks: “Okay, got the address. Now how do I get there?”

Step 2: DNS – The Internet’s Phonebook

Image of DNS

Your browser doesn’t know “google.com” as a house, it knows numbers (IP addresses). So it uses the Domain Name System (DNS) to translate the friendly name into an IP.
Here’s a link diving into how DNS works: What is DNS – Cloudflare
And another good read: How DNS works – freeCodeCamp

Roughly this happens:

  1. The browser checks its cache to see if it already knows the IP.
  2. If not found, the OS checks its cache.
  3. If still no, the request goes to the ISP’s DNS resolver which starts querying the DNS hierarchy (root servers → TLD servers → authoritative name servers) to find the IP. (GeeksforGeeks)
  4. Once the IP is found, your browser has a destination.

Step 3: Establishing a Connection – TCP Handshake

With the IP in hand, your browser knocks on the server’s door using TCP (Transmission Control Protocol). It’s a three-way handshake: browser says “hi,” server replies “hi,” browser says “let’s talk.” This establishes reliable communication.
We often gloss over this, but the handshake ensures both sides are ready and synchronised.

Step 4: Adding a Layer of Security – TLS Handshake

Since we used https://, there’s another handshake: the Transport Layer Security (TLS) handshake. This explains:

  • The server presents a certificate to prove “I am who I say I am.”
  • Browser and server agree on encryption keys so the data transfer is private and secure.

Once that’s done, your browser and the server can talk securely.

Step 5: Making the Request – The HTTP Request

Image of the HTTP request

Now we’re ready. Your browser says something like:

“Server at the IP I found, please send me your homepage.”

That’s an HTTP request (Hypertext Transfer Protocol). If you’re curious, check this link: HTTP Requests and Responses: A Beginner’s Guide
And a more canonical source: MDN – HTTP Messages

The request includes:

  • Method (GET, POST, etc)
  • Path (which page or resource)
  • Headers (browser type, language, cookies)
  • Possibly a body (for POST requests)

Step 6: Server Response – The HTML Arrives

The server processes your request and sends back an HTTP response. It includes:

  • A status code (200 = OK, 404 = Not Found, etc.)
  • Response headers (type of content, caching rules, etc)
  • The body (which, for our case, is the HTML of the Google homepage) You can explore What is HTTP? – W3Schools for details.

Step 7: Rendering – Painting the Page

Image of Rendering

Your browser now has a blueprint (the HTML, CSS, JS, images…) and it starts building:

  1. Parse the HTML to build the DOM (Document Object Model).
  2. Parse CSS to figure out layout and styles.
  3. Run JS to add interactivity.
  4. Download images/fonts/videos as needed.
  5. Render all of this visually so you see the page.

This is where the magic of “appears instantly” happens.

Step 8: Optimization, Caching & the Background Work

Even after you see the page, work continues:

  • The browser caches resources (so next time it'll load faster).
  • DNS entries may be kept in cache too.
  • The server might have chosen a data-centre close to you (via load-balancing/CDNs) so the journey was short. These optimisations are why websites feel snappy.

Step 9: Click, New URL, Repeat

When you click a link or type another URL, the process essentially repeats — but thanks to caching and persistent connections, parts of it are faster now.

Final Thought

Typing a URL is deceptively simple. Under the hood it triggers a global ballet of protocols, machines, translation services and security layers, so you can get your webpage, often within milliseconds. Next time a page loads with no hiccup, take a moment to appreciate how many invisible actors just did their job.

Building a Neo4j NIF for Elixir: When the Ecosystem Doesn't Have What You Need

2025-11-12 04:17:52

I'm building Grimoire, a tool that helps story writers create AI-powered content for games. Writers define quests, locations, and narrative guardrails—then the system generates infinite personalized content for players.

The Graph Database Problem

Story data is inherently relational. The connections between characters, locations, and plot points matter more than the nodes themselves. A traditional relational database doesn't capture this well.
Neo4j made sense. I needed to store story graphs and traverse them efficiently. For production, that meant Neo4j Aura with SSL connections.

The Driver Problem

I'm building Grimoire in Elixir. When I tried the existing Neo4j drivers:
The official driver: Unmaintained, doesn't support modern Neo4j versions
bolt_sips: Couldn't handle Aura's SSL connection requirements (bolt+s:// protocol)
I was stuck.

The Wrong Solution

My first instinct: build a gRPC service as a proxy. Elixir talks to the service, service talks to Neo4j.
I started implementing it, but something felt wrong. I was building a relationship database repository pattern when what I actually needed was graph traversal. I wanted to write Cypher queries and get graph results back—not abstract it away behind an API.

The Right Solution: Rust NIFs

After some research, I discovered Rustler makes it straightforward to build Native Implemented Functions (NIFs) for Elixir. And because it's Rust, I get type safety and memory safety.
I found neo4rs, a well-maintained Rust driver for Neo4j that supports everything I need—including Aura's SSL connections.
The NIF setup was easier than expected. Now I'm working through the neo4rs Row API implementation to properly return query results to Elixir.
Current Status
Working:

✅ Connections to Neo4j (including Aura)
✅ Query execution framework
✅ Comprehensive type conversion for Neo4j types

In progress:

🚧 Row API implementation for returning actual results

Repo: https://github.com/chwarner-solo/neo4j_nif
I'm building this in public. If you've worked with neo4rs or have experience building Elixir NIFs for database drivers, I'd love your input.
This library will be published to Hex once the Row API is complete—the Elixir ecosystem needs a maintained Neo4j driver.

Tags: #elixir #rust #neo4j #buildinginpublic #nif