Things I build, break, fix, and write about

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in the way that only shows up in production.

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

5 July 2026
Layout trade-offs in Design Engineering Magazine

Design Engineering Magazine only works if the structure holds under real reading, not just in a tidy mock-up. I care less about pretty grids than...

Latest blog posts you might like

2 July 2026
Malware delivery through chatgpt.com/s links

ChatGPT share links can look boringly legitimate, which is exactly the problem. Once a trusted domain starts rendering attacker-controlled HTML, I stop trusting the address bar and start checking...

1 July 2026
cifs.upcall root trust and NSS lookup risk

A forged `cifs.spnego` request should die in the kernel, but on affected builds it reaches root-owned helper code instead. The ugly bit is `cifs.upcall`, where CIFS authentication key descriptions can...

1 July 2026
Harden PAN-OS by disabling auth override cookies

PAN-OS GlobalProtect authentication bypass is not a clever trick, it is a trust error with a neat finish. I prefer the boring fix, disable auth override cookies, then check the portal and gateway...

30 June 2026
Conditional access still anchors ZTNA policy

Zero Trust Network Access looks tidy until you test the policy against a failed identity provider, a stale token, or a changing location. I have seen too many setups where conditional access does all...

30 June 2026
ZTNA access policies for self-hosted services

ZTNA access policies only work when I treat the service, not the subnet, as the thing being protected. Once you start drawing the boundary around the app, rather than the VLAN, the gaps show up...

29 June 2026
Persisting federated users in AWS Cognito

AWS Cognito writes the user record before most people notice the decision point has gone, so I keep the real check in AWS Cognito PreSignUp_ExternalProvider. Anything later is tidying up after the...

29 June 2026
fits_open_file can copy arbitrary paths before validation

CFITSIO Extended Filename Syntax is the bit that makes me distrust a filename on sight. If `fits_open_file` gets attacker input, it can copy, fetch, or touch paths before FITS validation even starts,...

29 June 2026
Weekly Tech Digest | 29 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

28 June 2026
Android security boundary failures around AuthToken handling

Android Biometric AuthToken handling is one of those details that looks tidy until you trace what actually trusts it. I pay closest attention to the hand-off points, because that is where a neat...

28 June 2026
Access control in WrappedADS authorised mint flow

WrappedADS wrapTo() mint path is not hiding much, and that is the point. If the caller is trusted, the mint goes through; if that trust is wrong, supply moves just as easily.