Things I build, break, fix, and write about

9 July 2026
Checking Logpush field mappings after schema updates

Cloudflare Logpush datasets do not always announce when they change shape, and that is where the trouble starts. I check the field map against real exports, because a parser that still runs can be quietly throwing away useful data.

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly...

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

Latest blog posts you might like

22 March 2026
Petabyte leaks start with uncontrolled backup access

A single compromised credential reaching both production and backup storage across the same network boundary turns one day's data loss into months or years. Isolation done badly is barely isolation at...

21 March 2026
Video file naming and structure for decade-scale retrieval

A video archive you cannot read a decade later is just a warm drive waiting to die. Ambiguous filenames and missing verification schedules kill cold storage video archival; fix those two things, and...

20 March 2026
Backup retention policy: writing it down saves arguments

A backup schedule that works is not the same as a documented one. When recovery fails and a client asks why their data is gone, a working cron job and a vague memory are not a defence; a policy...

19 March 2026
n8n | stable

n8n 2.12.3: patch fixes leader takeover event emission on mismatch, restores editor command bar workflow search, recommended upgrade

16 March 2026
Object storage encryption at rest in homelab setups

Encryption without object lock is a half-measure. A misconfigured script or compromised service account can still wipe everything, which is why S3-compatible storage on a homelab needs layered defence...

16 March 2026
Ring Outdoor Camera Battery + 2 more Amazon tech bargains

Discover the Ring Outdoor Camera Battery and two more Amazon tech deals this week.

16 March 2026
Document what your backup excludes, not just what it covers

I've built backup jobs that looked fine right up until the restore failed. The gap between what you think is covered and what actually is covered lives in the space where documentation should be;...

16 March 2026
Docker Compose for portable homelab deployments

Vendor lock-in creeps in quietly: a pinned cloud dashboard, a backup tool in a proprietary format, a reverse proxy config hardcoded to an IP nobody wrote down. By the time you need to migrate, the...

15 March 2026
Mitigating Win+X paste attacks with PowerShell settings

Use this blueprint to harden Windows Terminal and PowerShell, reduce exposure and detect post-compromise behaviour. You get clear settings, AppLocker and WDAC guidance, logging checks and audits you...

10 March 2026
Amazon Fire TV Stick 4K Max + 3 more Amazon tech bargains

Discover the Amazon Fire TV Stick 4K Max and three more tech deals for your home.