Things I build, break, fix, and write about

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in the way that only shows up in production.

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

Latest blog posts you might like

4 June 2026
Patch diffing Adobe Acrobat PDF prototype pollution

Adobe Acrobat PDF prototype pollution is one of those bugs that only looks neat after the fact. The diff shows three separate failures, and the ugly bit is how ordinary object lookup, trusted...

4 June 2026
Human-led AI-assisted pentesting and review limits

AI-assisted pentesting is useful in the boring middle, where it can sort noise, group candidates, and keep a large target set moving. The trouble starts when it sounds certain about nonsense, so I...

3 June 2026
F_SETPIPE_SZ and soft page quota effects

Soft page quota effects are easy to miss, until a pipe that should be 65536 bytes turns up at 8192 and your spray no longer lands where you expected. I have seen pipe_buffer capacity limits quietly...

3 June 2026
Public GitHub leaked AWS GovCloud credentials

A public GitHub repository should not have been holding AWS GovCloud credentials, yet there they were, alongside backups, passwords and internal deployment files. I spent too long on the dull bit,...

2 June 2026
Audit RFI history offline with CSV export

Cloudflare Security Center CSV export is one of those dull features that matters once you need a clean paper trail. I prefer the file on disk, where I can sort it, cross-check it, and stop relying on...

2 June 2026
React Server Components DoS patterns and WAF limits

Some Next.js Server Components vulnerabilities are crude enough for a WAF to catch, but the awkward ones sit in routing, cache behaviour, and middleware. I prefer patching first, because a broad block...

1 June 2026
Cloudflare WAF rule merges for CVE-2025-53693

Cloudflare is folding a new Sitecore cache poisoning detection into an older Java deserialisation rule, and that is exactly the sort of tidy merge that makes tracking awkward. With Cloudflare WAF rule...

1 June 2026
Cloudflare Managed Ruleset changes in Security Events

Cloudflare Managed Ruleset updates do not always announce themselves politely; the useful clues often turn up first in Security Events. I keep checking there, because a rule can keep the same name...

1 June 2026
Weekly Tech Digest | 01 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

31 May 2026
CVE-2026-42945: rewrite directive failure mode

nginx rewrite module bugs are the sort I distrust most, because they sit in config that looks harmless until a crafted URI tips it over. I dug through this one and found the usual pattern, stale state...