Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

22 May 2026
Weekly Tech Digest | 22 May 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

22 May 2026
Measuring route_controller_route_sync_total in Kubernetes

`route_controller_route_sync_total` is the sort of metric I trust only when I put it next to real node activity. By itself it tells you little; alongside churn, it shows whether the route controller...

22 May 2026
Incident response after GitHub code exposure

A GitHub internal repositories breach rarely starts with the code itself, it starts with a weak boundary and ends in places people forgot to check. I care less about the headlines than the tokens,...

21 May 2026
Rebuild WinRE trust after CVE-2026-33825 changes

BitLocker zero-day mitigations are easy to half-apply and then forget, which is exactly how trouble lingers. I had to rebuild WinRE trust after CVE-2026-33825 changes, because removing autofstx.exe is...

21 May 2026
Malicious VS Code extensions and workstation compromise

Malicious VS Code extensions do not need to look suspicious to do damage. I care less about the marketplace listing and more about what the thing can reach once it is installed, because that is where...

20 May 2026
Arch Linux PinTheft patch validation steps

PinTheft Arch Linux root escalation is only interesting if the kernel still exposes RDS, so I start there, not with exploit code. If the patched build really closes the hole, it should fail cleanly,...

20 May 2026
Least privilege for agentic AI tool calling

Agentic AI is easiest to trust when it has very little to do, and even less power. I prefer to treat tool calling like any other risky admin path, with tight permissions, short-lived credentials, and...

19 May 2026
Fraud detection signs in redirector and payment domains

website fraud toolchains are rarely clever at first glance, which is why I trust the ugly details, the redirects, duplicate card prompts, and any thank-you page that appears after a decline. Once you...

19 May 2026
Using ISC Stormcast to set patch priority

ISC Stormcast strips the noise out of vulnerability watching, and that matters when patch windows are tight. I use it to decide what jumps the queue, what stays logged, and what is simply not worth...

18 May 2026
Outlook Junk folder link preview bypass

Outlook Junk Folder link preview bypass is a neat reminder that preview text is not validation. I trust the HTML, or I do not trust the mail at all; anything in between is how people get caught out.