Things I build, break, fix, and write about

11 July 2026
Cloudflare Managed WAF rules: watch action changes

Cloudflare Managed WAF rules are easy to misread if you only skim the release notes. I look at the Security Events dashboard instead, because that is where a quiet detection turns into a block, or a merged rule starts muddying what actually changed.

10 July 2026
Handling backend restarts in Cloudflare Realtime SFU

Cloudflare Realtime WebSocket adapter handles brief backend restarts better than I expected, but only within a hard five-second window. That is enough...

9 July 2026
Detect Split ClientHello failures in TLS 1.3

Split ClientHello failures are exactly the sort of thing that waste an afternoon, because the server looks fine until a fragmented post-quantum...

9 July 2026
Checking Logpush field mappings after schema updates

Cloudflare Logpush datasets do not always announce when they change shape, and that is where the trouble starts. I check the field map against real...

Latest blog posts you might like

11 July 2026
Cloudflare Managed WAF rules: watch action changes

Cloudflare Managed WAF rules are easy to misread if you only skim the release notes. I look at the Security Events dashboard instead, because that is where a quiet detection turns into a block, or a...

10 July 2026
Handling backend restarts in Cloudflare Realtime SFU

Cloudflare Realtime WebSocket adapter handles brief backend restarts better than I expected, but only within a hard five-second window. That is enough to turn a wobble into a pause; after that, the...

9 July 2026
Detect Split ClientHello failures in TLS 1.3

Split ClientHello failures are exactly the sort of thing that waste an afternoon, because the server looks fine until a fragmented post-quantum handshake trips over something in the middle. TLS...

9 July 2026
Checking Logpush field mappings after schema updates

Cloudflare Logpush datasets do not always announce when they change shape, and that is where the trouble starts. I check the field map against real exports, because a parser that still runs can be...

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name...

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself. I have seen perfectly sane machines fail because...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The interesting bit is not the packet capture, it is...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use strings, imports, and control flow to separate real...

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in...

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.