Things I build, break, fix, and write about

15 July 2026
Corecrypto proofs against FIPS 203 and FIPS 204

Apple’s corecrypto formal verification work is interesting because it is properly dull, in the best sense. It ties a portable C implementation back to FIPS 203 and FIPS 204, then leaves the optimised bits to earn their keep under scrutiny, not faith.

15 July 2026
alloc_pipe_info: why soft limits shrink new pipes

When pipe-user-pages-soft bites, the kernel stops being predictable in the way people like to assume. I prefer to check F_GETPIPE_SZ and watch the...

14 July 2026
Detecting hosting infrastructure abuse in transit

A clean brand can hide a dirty transport chain, and that is where hosting infrastructure abuse detection starts to matter. I care less about the logo...

14 July 2026
Proxmox VE 9.2 VM migration after storage changes

Proxmox VE 9.2 VM migration gets awkward the moment storage changes underneath it. I have seen a VM boot happily on one node, then fall over on the...

Latest blog posts you might like

15 July 2026
Corecrypto proofs against FIPS 203 and FIPS 204

Apple’s corecrypto formal verification work is interesting because it is properly dull, in the best sense. It ties a portable C implementation back to FIPS 203 and FIPS 204, then leaves the optimised...

15 July 2026
alloc_pipe_info: why soft limits shrink new pipes

When pipe-user-pages-soft bites, the kernel stops being predictable in the way people like to assume. I prefer to check F_GETPIPE_SZ and watch the slab class shift for myself, because the difference...

14 July 2026
Detecting hosting infrastructure abuse in transit

A clean brand can hide a dirty transport chain, and that is where hosting infrastructure abuse detection starts to matter. I care less about the logo than the packets, because if the upstream changes...

14 July 2026
Proxmox VE 9.2 VM migration after storage changes

Proxmox VE 9.2 VM migration gets awkward the moment storage changes underneath it. I have seen a VM boot happily on one node, then fall over on the next because the disk still points at the old...

13 July 2026
Coordinating upgrades in Proxmox Datacenter Manager 1.1

Proxmox Datacenter Manager 1.1 only behaves if you keep the control plane ahead of the mess underneath. I prefer to upgrade the manager first, then watch the inventory like a hawk, because stale state...

13 July 2026
Sitecore cache poisoning coverage after WAF merge

Cloudflare WAF rule merging is exactly the sort of tidy-looking change that can muddle your monitoring. I have seen a live block disappear from a dashboard simply because the rule name moved, which is...

13 July 2026
Weekly Tech Digest | 13 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

12 July 2026
Managed ruleset tuning after Cloudflare rule changes

Cloudflare WAF managed rules do change under you, and the tidy-looking rule in the dashboard is not always the one doing the blocking. I have learned to trust Security Events first, then tune, because...

12 July 2026
Cloudflare URL Scanner Agent Readiness scores

Cloudflare URL Scanner Agent Readiness is one of those checks that makes a site look different once you know what it is measuring. I like that it is blunt, because the web is full of pages that work...

11 July 2026
Heap overflow in ngx_http_script_copy_capture_code()

I spent too long trusting rewrite logic that looked harmless, and that is usually when nginx rewrite module is_args bites back. Escaped input, stale state, and a buffer sized on the wrong assumption...