Things I build, break, fix, and write about

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

5 July 2026
Keeping smart bulbs powered with Zigbee wall switch

Zigbee wall switch controllers fix the bit people keep getting wrong, the wall still feels normal, but it stops murdering smart bulbs. I prefer that...

Latest blog posts you might like

27 June 2026
MMR proof indexing in a bridge dispatcher audit

The ugly part of an Ethereum bridge dispatcher is not the proof itself, it is the gap between a tidy verification trace and the bytes that finally reach custody logic. If those two ever diverge, the...

26 June 2026
Uniswap V2 spot reads distort reward payouts

A pair reserve is a terrible price feed when someone can shove it around for one transaction. I have seen the same bad read turn cheap stake entry into inflated principal, then pay out rewards from...

26 June 2026
Web shell persistence in BadIIS loaders

BadIIS is not clever, just persistent, and that is what makes it unpleasant. It survives IIS restarts, rewrites selected traffic, and leaves behind enough build artefacts, like demo.pdb, to give...

25 June 2026
OpenVPN vulnerabilities and patch priority

OpenVPN vulnerabilities are easy to shrug off until they hit the client, where malformed packets can knock out remote access before the tunnel is even trusted. I would patch that before almost...

25 June 2026
Operational threat intelligence for IIS hijacking

IIS hijacking is boring until it is not, which is exactly why a threat intelligence programme has to watch for the awkward bits, not the headline alert. When redirects, 503 spikes, and odd proxying...

24 June 2026
GitHub source code exposure via third-party tooling

GitHub source code exposure rarely starts with the platform itself, it starts with something trusted too much. I care less about the headline breach than the awkward bit underneath, where a...

24 June 2026
Data exfiltration signs from signed Setup.exe flows

Signed `Setup.exe` did not fool me for long, because the runtime behaviour was wrong from the start. The interesting bit in cloud environment exfiltration is usually the small `.config` file beside it...

23 June 2026
Hardening ig build against command injection

Inspektor Gadget OCI images sound harmless until a build value slips into shell syntax and the pipeline starts executing it for you. I prefer build steps that stay boring, because once they stop being...

23 June 2026
Prototype pollution in Adobe Acrobat PDF code paths

Prototype pollution in Adobe Acrobat PDF code paths is not a neat edge case, it is what happens when privileged JavaScript trusts the wrong shape of data. I keep coming back to the same point,...

22 June 2026
Human-in-the-loop AI pentesting for exploit paths

AI pentesting is useful when it speeds up the grunt work and leaves judgement where it belongs. I care less about noisy findings than about whether a small mistake can be chained into a working path,...