Things I build, break, fix, and write about

16 July 2026
LiteLLM exploit chains at the auth boundary

LiteLLM exploit chains only work because the auth boundary is doing too much, and failing badly when the database wobbles. I trust a proxy less when a bad lookup can quietly turn into proxy-admin identity, which is exactly the sort of mess I like to trace by hand.

16 July 2026
Manual validation in AI-assisted pentesting

AI-assisted pentesting is useful until it starts sounding certain, and that is where I get suspicious. The machine can surface a neat story, but...

15 July 2026
Corecrypto proofs against FIPS 203 and FIPS 204

Apple’s corecrypto formal verification work is interesting because it is properly dull, in the best sense. It ties a portable C implementation back to...

15 July 2026
alloc_pipe_info: why soft limits shrink new pipes

When pipe-user-pages-soft bites, the kernel stops being predictable in the way people like to assume. I prefer to check F_GETPIPE_SZ and watch the...

Latest blog posts you might like

16 July 2026
LiteLLM exploit chains at the auth boundary

LiteLLM exploit chains only work because the auth boundary is doing too much, and failing badly when the database wobbles. I trust a proxy less when a bad lookup can quietly turn into proxy-admin...

16 July 2026
Manual validation in AI-assisted pentesting

AI-assisted pentesting is useful until it starts sounding certain, and that is where I get suspicious. The machine can surface a neat story, but manual validation is where you find out whether it...

15 July 2026
Corecrypto proofs against FIPS 203 and FIPS 204

Apple’s corecrypto formal verification work is interesting because it is properly dull, in the best sense. It ties a portable C implementation back to FIPS 203 and FIPS 204, then leaves the optimised...

15 July 2026
alloc_pipe_info: why soft limits shrink new pipes

When pipe-user-pages-soft bites, the kernel stops being predictable in the way people like to assume. I prefer to check F_GETPIPE_SZ and watch the slab class shift for myself, because the difference...

14 July 2026
Detecting hosting infrastructure abuse in transit

A clean brand can hide a dirty transport chain, and that is where hosting infrastructure abuse detection starts to matter. I care less about the logo than the packets, because if the upstream changes...

14 July 2026
Proxmox VE 9.2 VM migration after storage changes

Proxmox VE 9.2 VM migration gets awkward the moment storage changes underneath it. I have seen a VM boot happily on one node, then fall over on the next because the disk still points at the old...

13 July 2026
Coordinating upgrades in Proxmox Datacenter Manager 1.1

Proxmox Datacenter Manager 1.1 only behaves if you keep the control plane ahead of the mess underneath. I prefer to upgrade the manager first, then watch the inventory like a hawk, because stale state...

13 July 2026
Sitecore cache poisoning coverage after WAF merge

Cloudflare WAF rule merging is exactly the sort of tidy-looking change that can muddle your monitoring. I have seen a live block disappear from a dashboard simply because the rule name moved, which is...

13 July 2026
Weekly Tech Digest | 13 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

12 July 2026
Managed ruleset tuning after Cloudflare rule changes

Cloudflare WAF managed rules do change under you, and the tidy-looking rule in the dashboard is not always the one doing the blocking. I have learned to trust Security Events first, then tune, because...