Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

8 May 2026
React dashboards for DShield web honeypot logs

React dashboards make web honeypot logs readable, but only if you strip out the noise first. I prefer to reduce the stream to a few hard facts, then let the interface show the pattern; anything else...

7 May 2026
Prioritising patches from Stormcast threat signals

ISC Stormcast is useful when it changes the queue, not when it just adds another tab to the pile. I care less about loud advisories than about whether a service is exposed, reachable, and already...

7 May 2026
Cognito federated login before user persistence

AWS Cognito’s awkward bit is not token issuance, it is timing. If `AWS Cognito PreSignUp_ExternalProvider` is not doing the real gatekeeping, you are already in cleanup territory, and I have no...

7 May 2026
AWS Cognito PreSignUp_ExternalProvider and federated account creation

Federated sign-in in Cognito is less tidy than people assume. If you put the check in the wrong trigger, AWS Cognito PreSignUp_ExternalProvider can still let a user record land before anyone else gets...

7 May 2026
Blocking AI traffic with DNS filtering

Blocking AI traffic starts at the resolver, not the firewall. I’d rather break a query cleanly with DNS filtering than watch it slip through a public resolver and look ordinary, which is exactly why...

7 May 2026
n8n | stable

n8n v2 19 4: bugfix release, dynamic Quick Connect disclaimer, webhook mode hooks, GIT SSH COMMAND restored, Snowflake Insert and Update fixed

6 May 2026
Siri privacy settings for shared rooms and offices

Siri privacy settings are only useful if the microphone is not sitting in the wrong room, listening for the wrong thing. I trust fewer devices in shared spaces, because voice assistant privacy usually...

6 May 2026
Token spend caps for AI APIs

AI token spend caps are one of the few sane ways to stop convenience from turning into a bill I have to explain later. Alerts are useful, but they arrive after the request has already spent the money;...

4 May 2026
Bosch High Pressure Washer EasyAquatak 120 + 2 more Amazon tech bargains

Discover the Bosch High Pressure Washer EasyAquatak 120 and two more tech bargains this week.

30 April 2026
n8n | stable

n8n 2 18 5: hide AI workflows, warn on publishing AI gateway creds, editor fixes, open executions from Connect usage, OpenAI dynamic image models