Things I build, break, fix, and write about

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in the way that only shows up in production.

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

Latest blog posts you might like

8 June 2026
PreSignUp_ExternalProvider gaps in AWS Cognito

AWS Cognito PreSignUp_ExternalProvider is where the awkward bit starts, because the claim becomes a user record before most of the usual checks wake up. I’ve seen enough homelab messes to know that a...

8 June 2026
HTTP header injection in CFITSIO filename parsing

CFITSIO Extended Filename Syntax is the bit that makes a harmless-looking path dangerous. Once I let untrusted input reach `fits_open_file`, I am no longer passing a filename, I am handing control to...

8 June 2026
Weekly Tech Digest | 08 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

8 June 2026
Using CouchDB and Nginx Proxy Manager for Obsidian LiveSync

I already had Obsidian LiveSync working inside the local network using the CouchDB IP address and port. That was fine while I was at home or in the office, but it was not enough once I wanted my notes...

7 June 2026
Cisco Catalyst SD-WAN authentication bypass at the boundary

Cisco Catalyst SD-WAN authentication bypass is the sort of flaw that turns a controller into an entry point, then a staging area. Once someone has admin-level access without a login, I stop assuming...

7 June 2026
Defensive monitoring for unpatchable systems

large-scale patch releases do not just create risk, they expose how much of your estate is already running on borrowed time. I prefer monitoring that catches odd process chains, strange logins and...

6 June 2026
IIS server monitoring for BadIIS redirects

BadIIS is the sort of mess that hides in plain sight, because the site still loads while visitors are quietly sent elsewhere. I look for odd IIS log patterns, stray build artefacts, and service...

6 June 2026
Patching OpenVPN 2.6.x and 2.8_git

OpenVPN vulnerabilities are tedious until they are not; this one lives in the handshake path, so a crafted packet can knock the process over before you have even noticed the client has connected. I...

5 June 2026
GitHub file access through compromised development tools

A third-party development software compromise does not need to reach production to hurt. If a tool can read GitHub files, it can still expose source code, secrets, and enough context to make the next...

5 June 2026
Kernel ring-buffer drops in Inspektor Gadget

Inspektor Gadget is only useful if I can trust the trace, and a full kernel ring-buffer makes that harder than it ought to be. Once events start dropping, the neat output is lying by omission, which...