Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

1 June 2026
Cloudflare WAF rule merges for CVE-2025-53693

Cloudflare is folding a new Sitecore cache poisoning detection into an older Java deserialisation rule, and that is exactly the sort of tidy merge that makes tracking awkward. With Cloudflare WAF rule...

1 June 2026
Cloudflare Managed Ruleset changes in Security Events

Cloudflare Managed Ruleset updates do not always announce themselves politely; the useful clues often turn up first in Security Events. I keep checking there, because a rule can keep the same name...

1 June 2026
Weekly Tech Digest | 01 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

31 May 2026
CVE-2026-42945: rewrite directive failure mode

nginx rewrite module bugs are the sort I distrust most, because they sit in config that looks harmless until a crafted URI tips it over. I dug through this one and found the usual pattern, stale state...

31 May 2026
Joining R2 Data Catalog tables in R2 SQL

Cloudflare R2 SQL JOINs are useful when the relationship matters more than a single table scan, but I still reach for them with a bit of caution. The syntax is easy enough; the awkward part is keeping...

30 May 2026
Cloudflare Tunnel for local webhook previews

Cloudflare Tunnel is one of those tools I only appreciate after fighting without it. For local webhook previews, a stable hostname matters more than a tidy demo link, and once you need that fixed...

30 May 2026
Cloudflare Artifacts repo-scoped tokens in Wrangler CLI

Cloudflare Artifacts repo-scoped tokens are the bit worth caring about, because they keep Git access tied to one repository instead of a loose account-wide key. I like that. Narrow the boundary, test...

29 May 2026
Cloudflare Radar MRT Explorer in the browser

Cloudflare Radar MRT Explorer keeps the awkward part local, which is usually where it belongs. I prefer that to uploading a route dump to somebody else’s parser and hoping it comes back in one piece.

29 May 2026
Subscribe to repository lifecycle events in Artifacts

Cloudflare Artifacts event subscriptions give you a clean way to react to repository changes without bolting on another watcher. I like that the split between lifecycle and activity events is blunt,...

28 May 2026
Qwen3.7-Max agent workflows with tool bounds

Qwen3.7-Max agent workflows only behave when the tool chain is fenced in, and I trust boundaries more than clever prompts. Let the model read, decide, and draft, but keep secrets, writes, and...