The agile turtles blog
Practical writing from agile turtles on client-side encryption, building production systems, and the tools we ship.
A look at the architecture behind Kerveros — a zero-knowledge encrypted file collaboration app built with Tauri v2 and Rust. Key derivation, an encrypted manifest, atomic locks over S3, and offline license verification, with the trade-offs that shaped each decision.
Most cloud storage is encrypted — and most of it can still be read by the provider. Here is the difference between server-side and end-to-end encryption, what "service improvement" clauses actually permit, and how to check whether you or your provider holds the keys.
Adding another SaaS subscription feels cheaper and safer than building. Often it is — and sometimes it quietly becomes the expensive option. Here is a principle-based way to decide when a small custom internal tool beats yet another monthly seat.
Most people keep their games in their head, their films in Letterboxd, and their shows in a different app entirely. Here is how to consolidate all three into one backlog in 2026 — and why a single list changes how you actually pick what to do next.
Dropbox acquired Boxcryptor in late 2022 and wound it down for individual and new users. If you still rely on client-side encryption over your own cloud storage, here is an honest look at what changed and where to move next.