Things I build, break, fix, and write about

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in the way that only shows up in production.

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

Latest blog posts you might like

10 May 2026
Dirty Frag: page-cache corruption in Linux

Dirty Frag is the sort of bug I mistrust on sight, because the damage lands in page-cache corruption before disk ever notices. If you rely on Linux to keep shared buffers honest, this one is worth a...

10 May 2026
Operational indicators from ISC Stormcast to check

ISC Stormcast is useful when you strip away the diary clutter and look only at the indicators that survive a second glance. I trust hostnames, paths, dates and hashes far more than the banner around...

10 May 2026
Building an analytics UI from web honeypot logs

I built this from web honeypot logs because the raw output is mostly noise, and the useful part is buried in repetition, timing, and source clusters. The trick is to stop the dashboard turning into a...

9 May 2026
Older clients after root CA rotation

Older clients rarely fail politely after an SSL.com root certificate rotation, and I have seen enough broken TLS to stop trusting “it works on my laptop”. The real problem is usually old trust stores...

9 May 2026
Local access exposes Microsoft Edge saved passwords

Microsoft Edge cleartext password storage is not a theoretical gripe; once the session is live, the browser can hand over saved credentials far more easily than most people expect. I would treat that...

8 May 2026
Turning ISC diary entries into detection checks

SANS Internet Storm Center diary indicators are only useful once they stop being a header and start becoming something you can test. I treat the stub as a pointer, not evidence; until there is a...

8 May 2026
React dashboards for DShield web honeypot logs

React dashboards make web honeypot logs readable, but only if you strip out the noise first. I prefer to reduce the stream to a few hard facts, then let the interface show the pattern; anything else...

7 May 2026
Prioritising patches from Stormcast threat signals

ISC Stormcast is useful when it changes the queue, not when it just adds another tab to the pile. I care less about loud advisories than about whether a service is exposed, reachable, and already...

7 May 2026
Cognito federated login before user persistence

AWS Cognito’s awkward bit is not token issuance, it is timing. If `AWS Cognito PreSignUp_ExternalProvider` is not doing the real gatekeeping, you are already in cleanup territory, and I have no...

7 May 2026
AWS Cognito PreSignUp_ExternalProvider and federated account creation

Federated sign-in in Cognito is less tidy than people assume. If you put the check in the wrong trigger, AWS Cognito PreSignUp_ExternalProvider can still let a user record land before anyone else gets...