Things I build, break, fix, and write about

9 July 2026
Checking Logpush field mappings after schema updates

Cloudflare Logpush datasets do not always announce when they change shape, and that is where the trouble starts. I check the field map against real exports, because a parser that still runs can be quietly throwing away useful data.

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly...

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

Latest blog posts you might like

18 May 2026
Outlook Junk folder link preview bypass

Outlook Junk Folder link preview bypass is a neat reminder that preview text is not validation. I trust the HTML, or I do not trust the mail at all; anything in between is how people get caught out.

18 May 2026
Reading exploit trends from ISC Stormcast

ISC Stormcast is only useful if you treat it as live signal, not background noise. I watch for repeated behaviour around the same service or exploit family, because that is what changes patch...

18 May 2026
Amazon Fire TV Stick 4K Plus and 2 more Amazon tech bargains

Discover the Amazon Fire TV Stick 4K Plus and more tech deals this week.

17 May 2026
hassh drift breaks Outlaw SSH detection

hassh drift is exactly why I do not trust one fingerprint for long; malware library updates change the banner and the hash, while the real mess sits in the commands and file writes after login. If you...

11 May 2026
Ring Outdoor Camera Battery + 2 more Amazon tech bargains

Explore the Ring Outdoor Camera Battery and two more tech bargains this week.

10 May 2026
Dirty Frag: page-cache corruption in Linux

Dirty Frag is the sort of bug I mistrust on sight, because the damage lands in page-cache corruption before disk ever notices. If you rely on Linux to keep shared buffers honest, this one is worth a...

10 May 2026
Operational indicators from ISC Stormcast to check

ISC Stormcast is useful when you strip away the diary clutter and look only at the indicators that survive a second glance. I trust hostnames, paths, dates and hashes far more than the banner around...

10 May 2026
Building an analytics UI from web honeypot logs

I built this from web honeypot logs because the raw output is mostly noise, and the useful part is buried in repetition, timing, and source clusters. The trick is to stop the dashboard turning into a...

9 May 2026
Older clients after root CA rotation

Older clients rarely fail politely after an SSL.com root certificate rotation, and I have seen enough broken TLS to stop trusting “it works on my laptop”. The real problem is usually old trust stores...

9 May 2026
Local access exposes Microsoft Edge saved passwords

Microsoft Edge cleartext password storage is not a theoretical gripe; once the session is live, the browser can hand over saved credentials far more easily than most people expect. I would treat that...