Things I build, break, fix, and write about

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in the way that only shows up in production.

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

Latest blog posts you might like

13 June 2026
Kubernetes v1.36 PodGroup scheduling cycle explained

Kubernetes v1.36 makes gang scheduling less hand-wavy, and the PodGroup scheduling cycle is where the sharp edges show. I like the clarity, but it also means there is nowhere for a bad placement to...

13 June 2026
Kubernetes Service externalIPs deprecation and migration

Kubernetes Service externalIPs was always a blunt instrument, and I have seen enough clusters to know blunt tools get misused. The warnings in 1.36 are the polite bit, because once address ownership...

12 June 2026
Aggregated Discovery during API server upgrades

Kubernetes Mixed Version Proxy is one of those fixes that only matters when an upgrade goes sideways, which is exactly when I want it. Aggregated Discovery finally gives older API servers enough sight...

12 June 2026
Track CCM route syncs against cloud API quotas

`route_controller_route_sync_total` is one of those rare counters that tells you something useful, if you bother to watch it. I use it to catch route reconciliation that is chewing through cloud API...

11 June 2026
Chunked gRPC range requests in etcd 3.7

etcd 3.7’s RangeStream makes large reads less painful, but it also clears out a lot of old v2 baggage, which is where upgrades tend to go wrong. I like the new read path; I do not trust any release...

11 June 2026
Apex One zero-day: Windows endpoint checks

Trend Micro Apex One zero-day is not the sort of bug you shrug off, because the server-side flaw lets a compromised admin box start pushing code to trusted agents. If you run Apex One on Windows, the...

10 June 2026
Call-tracking data in tech support fraud

Call-tracking data is useful until it is not, and tech support fraud knows that better than most. Rotate enough numbers, split the complaints, and the abuse starts to look like ordinary churn, which...

10 June 2026
Abuse detection gaps in server fleets

Abuse rarely stays put for long, and a hosting provider abuse problem usually survives because the signals never meet in one place. I have seen enough fleets to know the weak point is not logging, it...

9 June 2026
Streaming auth code theft in subscription apps

Streaming auth code theft is dull in the way most real abuse is, a few weak joins, a live session, and suddenly the whole thing can be relayed and resold. I keep coming back to the same point, if the...

9 June 2026
Detecting malicious Composer releases in Packagist

Composer supply chain attack is one of those phrases that sounds abstract until a normal looking release starts carrying poisoned code. I trust tags less than I used to, because once they move,...