Rewords.

Projects/Pinata

@@ -17,11 +17,11 @@ Piñata transmits the private key to a bitcoin wallet which is filled with ~10BT
 
 On startup, the Piñata generates its certificate authority on the fly, including
 certificates and private keys.  This means that only the Piñata itself contains
-private keys which can authenticate successfully, thus an attacker has to find
+private keys which can authenticate successfully, and an attacker has to find
 an exploitable flaw in any software layer (OCaml runtime, virtual network
-device, TCP/IP stack, TLS library, X.509 validation, or elsewhere).
+device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.
 
-The Piñata is online since February 2015, and although thousands of unique IP
+The Piñata is online since February 2015, and even though thousands of unique IP
 addresses initiated connections, the wallet still contains the 10 BTC.
 
 By using a Bitcoin wallet, the Piñata is a transparent bug bounty.  Everybody

Projects/TLStunnel

@@ -8,15 +8,15 @@ abstract: ![TLS reverse proxy](/static/img/reverse.png)
 
 The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
 listens for TLS connections, and forwards requests to backend services, such as a
-web server.  The specific backend is chosen by inspecting the Server Name
+web server.  The backend is chosen by inspecting the Server Name
 Indication, a widely deployed extension of the TLS protocol, where a client
 requests the server name to talk with during the TLS handshake.
 
-It is similar to other projects such as stunnel or stud, but uses our TLS
+The project is similar to others, such as stunnel or stud, but uses our TLS
 implementation written in the memory-safe language OCaml, instead of one written
-in the error-prone language C.  The backend web servers don't need TLS support,
-which lowers the maintainence burden.  Many security issues in TLS
-implementations are due to memory safety and support for outdated ciphersuites.
+in C.  The backend web servers don't need TLS support,
+which lowers the maintainence burden.  Most security problems in TLS
+implementations are caused by unsafe memory handling and support for weak cryptographic primitives.
 
 This TLS reverse proxy is deployed on various websites, including [Real World
 OCaml](https://realworldocaml.org) since 2015.

Technology

@@ -167,13 +167,13 @@ simcorp, lexifi) and academia.
 
 The OCaml compiler generates native code for x86, arm, etc., and has a bytecode
 backend, which can target microcontrollers (PIC18 family in the [OcaPIC project](http://www.algo-prog.info/ocapic/web/?id=OCAPIC:OCAPIC)).
-OCaml can also be compiled to JavaScript, which allow to develop both client
-and server side of a web application in a single language (more details at the [ocsigen project](http://ocsigen.org/)).
+OCaml can also be compiled to JavaScript, so both client
+and server side of a web application can be developed in the same language with shared interface code (more details at the [ocsigen project](http://ocsigen.org/)).
 
 In 2016, Facebook developed [reason](https://reasonml.github.io/), a dialect of
 OCaml which syntax is closer to JavaScript, and easier to comprehend for
-beginners.  Reason and OCaml code can be easily combined in a single
-application, since the same compiler is used.
+beginners.  Reason and OCaml code can be easily combined into a single
+application, since they use the same compiler.
 
 More literature on why OCaml is a good choice has been
 written by Yaron Minsky (Jane Street) in the article [OCaml for the masses](http://queue.acm.org/detail.cfm?id=2038036), and more recently by the crypto-ledger [tezos](https://www.tezos.com/static/papers/position_paper.pdf).