Hey, I'm pyk

A Security Researcher, which is a fancy way of saying I get paid to find bugs in smart contracts. This site is my personal notebook for things I'm learning, tools I'm building with Rust and my ongoing experiments with fuzzing.

Latest projects

This is a collection of my open-source tools and libraries. Each one started as an experiment to learn something new or to fix a problem I had. You'll find they're mostly written in Rust, simply because I enjoy building things with it.

• cmdtest: CLI testing for Zig

• xdgdir: A tiny Rust crate that finds the right directories for your app's config and data, following the XDG spec.

• envfmt: A tiny Rust crate to expand environment variables in a string, just like your shell does.

Latest posts

This blog is my public notebook. It's where I document what I'm doing, share solutions to bugs, and write down my thoughts on Rust and other tech. These are basically my notes-to-self, which I post here in case they're useful to you.

• Story Time: I Accidentally Kept a Pointer to the Stack in Zig

  November 18, 2025

  A classic stack-use-after-return bug I ran into with Zig. I was trying to be clever and pass a reader by reference, but ended up with a dangling pointer.

• Memory Allocation in Zig: Reading stdout

  November 17, 2025

  Working on cmdtest, my Zig CLI testing tool, I ran into the problem of reading stdio from long-lived processes. This is my dive into why memory allocation is key for handling program output.

• Brainstorming "Zig Object Validator" API

  November 8, 2025

  My journey designing a Zod-like validation library in Zig. A dive into comptime, type generation, and the trade-offs for good tooling support.

• cmdtest v0.2.0

  November 7, 2025

  I'm sharing my experience building cmdtest, a Zig package for testing CLI apps. This post covers Zig I/O, comptime vs runtime, and build.zig import quirks.

• Building VS Code Extensions with Bun and Mise

  October 23, 2025

  My notes on building a VS Code extension using Bun and Mise. Covers build scripts, tasks, and a macOS fix for zsh PATH issues.

• Fixing the Unresolved Dynamic Import in Astro

  October 20, 2025

  Vite's bundler was too smart for its own good and kept failing my dynamic import in Astro. This is the one-line trick I used to outsmart it.

• Fixing Astro's 'Import Declaration Conflicts' Error

  October 20, 2025

  I hit an 'Import declaration conflicts' error in Astro. My page and a component had the same name. Here's how I fixed it with an import alias.

• My Strategy for Winning

  October 20, 2025

  I'm building a custom security research env in VS Code to find more bugs, integrating Foundry and Medusa to make my workflow faster.

• A Plan Is Not a Strategy

  October 16, 2025

  My takeaways from a Roger Martin HBR video on plan vs. strategy. It showed me I was making to-do lists instead of figuring out how to win.

• Tracking Pagefind Search with Umami

  October 15, 2025

  I wanted to see what people search for on my site. Here's how I connected Pagefind to Umami with a simple MutationObserver trick.

Show all posts