Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

10 June 2026
Call-tracking data in tech support fraud

Call-tracking data is useful until it is not, and tech support fraud knows that better than most. Rotate enough numbers, split the complaints, and the abuse starts to look like ordinary churn, which...

10 June 2026
Abuse detection gaps in server fleets

Abuse rarely stays put for long, and a hosting provider abuse problem usually survives because the signals never meet in one place. I have seen enough fleets to know the weak point is not logging, it...

9 June 2026
Streaming auth code theft in subscription apps

Streaming auth code theft is dull in the way most real abuse is, a few weak joins, a live session, and suddenly the whole thing can be relayed and resold. I keep coming back to the same point, if the...

9 June 2026
Detecting malicious Composer releases in Packagist

Composer supply chain attack is one of those phrases that sounds abstract until a normal looking release starts carrying poisoned code. I trust tags less than I used to, because once they move,...

8 June 2026
PreSignUp_ExternalProvider gaps in AWS Cognito

AWS Cognito PreSignUp_ExternalProvider is where the awkward bit starts, because the claim becomes a user record before most of the usual checks wake up. I’ve seen enough homelab messes to know that a...

8 June 2026
HTTP header injection in CFITSIO filename parsing

CFITSIO Extended Filename Syntax is the bit that makes a harmless-looking path dangerous. Once I let untrusted input reach `fits_open_file`, I am no longer passing a filename, I am handing control to...

8 June 2026
Weekly Tech Digest | 08 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

8 June 2026
Using CouchDB and Nginx Proxy Manager for Obsidian LiveSync

I already had Obsidian LiveSync working inside the local network using the CouchDB IP address and port. That was fine while I was at home or in the office, but it was not enough once I wanted my notes...

7 June 2026
Cisco Catalyst SD-WAN authentication bypass at the boundary

Cisco Catalyst SD-WAN authentication bypass is the sort of flaw that turns a controller into an entry point, then a staging area. Once someone has admin-level access without a login, I stop assuming...

7 June 2026
Defensive monitoring for unpatchable systems

large-scale patch releases do not just create risk, they expose how much of your estate is already running on borrowed time. I prefer monitoring that catches odd process chains, strange logins and...