<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Violet build log</title>
    <link>https://heyviolet.io/blog/</link>
    <description>Dated notes from the Violet build, written plainly as the work happens. Posts appear only when something real changed, so the log may be quiet.</description>
    <language>en</language>
    <lastBuildDate>Sat, 04 Jul 2026 00:00:00 GMT</lastBuildDate>
    <atom:link href="https://heyviolet.io/blog/feed.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Build log 001: what is actually built</title>
      <link>https://heyviolet.io/blog/build-log-001.html</link>
      <guid isPermaLink="true">https://heyviolet.io/blog/build-log-001.html</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[This is the first Violet build log: a dated inventory of what exists in the repository today and what does not. The companion client, the tested cloud spine, the relationship layer, and this knowledge library are built. The fleet shells are scaffolds with no binaries, checkout is an honest 501 stub, nothing is deployed to production, and there are no users. Every line is checkable against the code.]]></description>
    </item>
    <item>
      <title>How Violet&#39;s encryption works, line by line</title>
      <link>https://heyviolet.io/blog/encryption-line-by-line.html</link>
      <guid isPermaLink="true">https://heyviolet.io/blog/encryption-line-by-line.html</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Most encryption claims are marketing sentences. This post is the code instead: a line-by-line walk through the file that seals Violet's synced data, from passphrase to PBKDF2-SHA256 at 200,000 iterations to a non-extractable AES-256-GCM key to the two-field envelope the server stores. It ends with what a database thief actually gets and the honest limits of the design.]]></description>
    </item>
    <item>
      <title>Why Violet shows you nothing instead of something</title>
      <link>https://heyviolet.io/blog/honest-empty-states.html</link>
      <guid isPermaLink="true">https://heyviolet.io/blog/honest-empty-states.html</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Violet renders an honest nothing instead of a fabricated something. This post walks through three real empty states in the codebase, from the trust panel to the managed inference endpoint, explains why placeholder data erodes trust in AI products, and shows how real-or-nothing rails are enforced in review and tests.]]></description>
    </item>
    <item>
      <title>What password stretching standards recommend, and what we ship</title>
      <link>https://heyviolet.io/blog/kdf-standards-vs-shipped.html</link>
      <guid isPermaLink="true">https://heyviolet.io/blog/kdf-standards-vs-shipped.html</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[OWASP recommends Argon2id first for password storage and reserves a 600,000 iteration figure for PBKDF2. Violet ships PBKDF2-SHA256 at 200,000 iterations in the browser, because the Web Cryptography API offers no memory-hard alternative and the client ships without dependencies. This post sets the current standards next to the exact shipped parameters, walks the threat math in plain words, and names the conditions under which the parameters change.]]></description>
    </item>
    <item>
      <title>How strong does your passphrase actually need to be</title>
      <link>https://heyviolet.io/blog/passphrase-strength.html</link>
      <guid isPermaLink="true">https://heyviolet.io/blog/passphrase-strength.html</guid>
      <pubDate>Sat, 04 Jul 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Passphrase strength is measured in bits of entropy, which count how many guesses an attacker would need in the worst case. Length adds bits fast; symbol substitutions barely help, and the math only applies when the passphrase is chosen randomly. In an end-to-end encrypted system the passphrase is the only wall, so use a randomly generated passphrase of five or more words and accept that losing it means losing the data.]]></description>
    </item>
  </channel>
</rss>
