Things I build, break, fix, and write about

Explore the Ring Outdoor Camera Battery and two more tech bargains this week.

Dirty Frag is the sort of bug I mistrust on sight, because the damage lands in page-cache corruption before disk ever notices. If you rely on Linux to keep shared buffers honest, this one is worth a...

ISC Stormcast is useful when you strip away the diary clutter and look only at the indicators that survive a second glance. I trust hostnames, paths, dates and hashes far more than the banner around...

I built this from web honeypot logs because the raw output is mostly noise, and the useful part is buried in repetition, timing, and source clusters. The trick is to stop the dashboard turning into a...

Older clients rarely fail politely after an SSL.com root certificate rotation, and I have seen enough broken TLS to stop trusting “it works on my laptop”. The real problem is usually old trust stores...

Microsoft Edge cleartext password storage is not a theoretical gripe; once the session is live, the browser can hand over saved credentials far more easily than most people expect. I would treat that...

SANS Internet Storm Center diary indicators are only useful once they stop being a header and start becoming something you can test. I treat the stub as a pointer, not evidence; until there is a...

React dashboards make web honeypot logs readable, but only if you strip out the noise first. I prefer to reduce the stream to a few hard facts, then let the interface show the pattern; anything else...

ISC Stormcast is useful when it changes the queue, not when it just adds another tab to the pile. I care less about loud advisories than about whether a service is exposed, reachable, and already...

AWS Cognito’s awkward bit is not token issuance, it is timing. If `AWS Cognito PreSignUp_ExternalProvider` is not doing the real gatekeeping, you are already in cleanup territory, and I have no...