Alok Menghrajani

Previously: security engineer at Square, co-author of HackLang, put the 's' in https at Facebook. Maker of CTFs.

This blog does not use any tracking cookies and does not serve any ads. Enjoy your anonymity; I have no idea who you are, where you came from, and where you are headed to. Let's dream of an Internet from times past.

Contact me | Github | | Feed | Consulting services | Tools & games


YCombinator logo



Hacker News' favorite XKCD comics

Daily QRCode

Types of circuit boards

Alok's Sliding Puzzle

Quine Maze Game


Running a 40-plus-year-old piece of code in today's browser (part 3)

Running a 40-plus-year-old piece of code in today's browser (part 2)

Rust on nCipher 🦀🛡️

Unicode(*) superscript 💩

Square CTF: How to run a capture the flag


Pure Digital CSS, Swiss Made, Clock. No JavaScript, No HTML.

<blink> howto

Running a 40-plus-year-old piece of code in today's browser (part 1)

VII-segment display

BIP39 input validation demo

Truncating hashes

Sqchess Set

IBM Ponder This · April 2020 Solution

Deterministic ECDSA Cross Validation

Generative Plotter Art


Winter Spring Summer Fall


Security Formula

Random Things on the Internet

PagedOut! Issue #2

Square CTF 2019

Chess puzzle in four acts

International marquee day


Advent of code 2018

Square CTF 2018

Open Sourcing Subzero: Square's Bitcoin Cold Storage Solution

Kudos from Jack

Bootable CD + retro game in a tweet

Bitcoin Transaction Malleability in 2018


Advent of code 2017

Square CTF 2017

3D printed chess set

Thoughts on web security & privacy


Advent of code 2016

Building multi-master distributed systems using feeds

Year of Plenty

My $3/month backup setup

Exploring 3 insecure usage of RSA

The hardware CTF

Programming an at89s4051 with an Arduino

On the design of Hack

AFOL (adult fan of Lego)

Voting experience for a Swiss expat


Crypto white elephant gift exchange puzzle

Advent of code 2015

Three cylinders: random geometry geekery

Interested in working at Square?

A simple yet robust approach to sanitizing user supplied HTML and CSS

µ mod player from scratch

A few (easy | fun) math puzzles


Reporting "authenticity_token is not random across page loads" to a bunch of companies

A chess engine to improve my Golang-fu

My experience serving in the Swiss army

git rebase + conflicts with deleted files

Bootloader + retro game in a tweet

A simple, auditable and anonymous voting scheme

Hackerone for open source projects

Open sourcing Keywhiz: Protecting infrastructure secrets

PGP 'quine': a key where the user == the key's fingerprint

WebRTC leaks internal IP addresses

Message Board over PGP Key Servers

Detecting incognito mode in Chrome


A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

Forth Haiku
mixing math, art and Forth

I am working at Square

Abusing JSON Esolang

Dodecahedron Folding

Rough thoughts on Login Systems

(minor) WTF Openssl

2048-undo: a modification to 2048 which lets you undo as many moves as you wish

Prolog program to solve "inverting three signals" puzzle


CSRF & state mutation on read requests

Universal logic gates

Various wood (and non-wood) projects using lathes, laser cutters & 3d printers

JSONP & handcrafted Flash files

qrquine: a QR code based quine

Combining React and Firebase: sample TicTacToe game & chat widget

Secure browsing by default (https @ Facebook, part 2)

Piet: a language where programs are works of modern art

WTF Python

Ten Technology Ideas

Obfuscated coding contest

Some dark corners of C (Rob Kendrick)

Do you know your bitwise operators?

GIF encoder from scratch

Arduino: showing information from a GPS on a LCD

Sum of first n natural numbers

A perpetual calendar in JavaScript

a linter and visualizer for regular expressions

Mapping an IP address to an ASN

Random list of extinct web or software technology

JavaScript model of Ackermann steering

Regular expression to match multiples of 3

WTF jQuery

FAT12 file system "driver" in javascript

WTF Adobe! Adobe Flash: a quirk in TextFields

2012 and older

fun with HP-15C

Getting your first commit in an open source project

219 bytes tron: javascript size optimization fun

Facebook Rubik Cube in javascript

Taint support for PHP

PHP turtles: a list of things you might not know about PHP

An unsophisticated ray tracer in PHP

A Continued Commitment to Security (https @ Facebook, part 1)

LinearML: write safe, fast, parallel program without any garbage collector

(legally) Hacking my manager's Facebook account

Tab nabbing attack

Types in web applications

Pastebin: easy way to share text

Synergy: a software keyboard & mouse switch

Slax 6.0 released

Managing passwords with Keepass

Tiger team TV show

Covert communications: subverting Windows applications (pdf)

Patent granted

Ray casting

étude sur l'utilisation des moyens informatiques à l'UNIL (in french)

A VGA controller in VHDL

Bioinspired Adaptive Machines

Mars rover in OpenGL.

Maze mapper

Transparent PLD use from Java

Teaching assistant experience

License Plate Recognition

Operating System Design & Implementation

Compiler design & implementation


Mobile payments

Writing Your Own Unix Shell

Mips microprocessor

Building Virtual Worlds


Hugi: taquin

Binary Adder (transistor-less)