Which Pixel should you buy for GrapheneOS in 2026? Full comparison of Pixel 7a, 8a, 9a, 10a, and Pixel 10 for security support, value, and GrapheneOS compatibility. Updated June 2026 with Pixel 10a…

Today I read something about one of Mullvad’s founders, Daniel Berntsson, donating to a fascist party in Sweden. Because I have been championing for Mullvad for a long time, I thought I’d do some…

Agents need delegated access, not inherited human access. Put policy between the agent and the tool before agents touch real systems.

Effective AI-driven vulnerability discovery does not require a restricted frontier model. This is a concrete run that shows it, start to finish: I pointed IronCurtain’s vuln-discovery workflow…

I previously wrote about the upcoming UEFI CA rollover. Well, it's happened now - the old Microsoft UEFI CA from 2011 expired yesterday: Third Party Marketplace Root (used for signing option ROMs and…

Weeknote 26:2026 Coding fever On Monday, I started a speedrun cleaning up the modernization issue queue for the freistilbox infrastructure code. I was fed up with our team running into roadblocks all…

It is difficult to express how the feel of capitalism has changed over the course of my lifetime. When I was a kid, you didn’t know who was […]

You might see, BREAKING NEWS, RUSSIAN Hackers steal SIGNAL BACKUP KEYS, or other such styled headlines. Wow this sounds super … Continue reading If you ask people, often they just do things!

Last post I said the most important decision in Orbit is splitting cluster state into two planes, and then I made you wait for it. Here it is. If you only read one post in this series, read this one,…

I moved my repos from pre-commit to prek, a reimplementation of the same framework in Rust. It reads your existing .pre-commit-config.yaml unchanged, so the switch is mostly a no-op. Two things sold…

Abidjan clients on WACS report an outage began 4 AM local time today. Outage began with a severe drop of 385 volts. Investigation shows the fault lies in segment S3C between the first and second…

LLMs have been around for a while now. When Anthropic released a statement that nation state attackers are using Claude for attacks, I read it with a lot of skepticism.

Withdrawing its opposition under behind-the-scenes pressure from Gov. Gavin Newsom and lawless threats from the US Department of Homeland Security (DHS), the California legislature has agreed to fund…

I run Claude Code, and its VS Code extension, inside dev containers. The reason is isolation. Editor extensions and the toolchains a project pulls in have been a real supply-chain vector lately, and…

Mullvad is a “proper” VPN that does its VPN job without collecting or selling your data to various partners. It made a bit of splash recently by vocally objecting to the UK’s authoritarian plans to…

How Reddit accidentally leaked its spamurai system.

Wie hier schon kurz angeteasert, habe ich mir mal degoog auf den heimischen Raspberry Pi gedengelt. »Search engine aggregator with a comprehensive plugin/extension system« Die Installation gestaltete…

I had intended that the next release of onak, my OpenPGP keyserver, would be 0.7.0, and include OpenPGP v6 support (RFC9580). However events conspired to make a 0.6.5 release a really good idea.…

GPT-5.6 Sol matters because the performance story is strong. OpenAI says Sol is its strongest cyber model yet . On ExploitBench , it says Sol is competitive with Claude Mythos Preview while using…

Install MinerU with: uv tool install "mineru[all]"After that, mineru and mineru-gradio can both start. But the first real conversion may still fail. The first error I hit was: RuntimeError:…

Yesterday's release post introduced the new native Linux desktop port. This post is the detailed version: what it is, why the hard parts were hard, and how to build one. What is Codename One? Codename

There’s still a bit of a tone in some security circles that we’re somehow unique in constantly having to push back against ill-advised moves, or even outright craziness, from our business,…

The server problems the other day was identified this as a DDoS attack, and my host seems to have resolved it some time yesterday night.

A flaw in the Linux kernel called pedit COW lets a regular, unprivileged user rewrite /bin/su in memory and become root, while the copy on disk never changes and a file integrity check comes back…

No phone number. No username. No directory. Just a secure connection between two people.

Streamystats is the stats tool for Jellyfin. Watch history, library analytics, AI recommendations, custom watchlists, and a Year in Review that shows you exactly what you watched.

I have been using TailScale from 4 years. Recently, I wanted to self-host HeadScale(open source TailScale server) on my own server. During self hosting, I realised that HeadScale is not a drop-in…

Give GitHub Copilot its own microVM with a firewall and monitoring so that you can worry less about what your AI is doing.

Docker Sandboxes (sbx) runs your coding agent inside a microVM instead scoped to a single project directory, behind a network policy you control. Here's how to set it up on Windows, step by step.

A practical, step-by-step walkthrough of CI/CD for React: from a git push to GitHub Actions, quality gates, preview deployments, production releases, monitoring, and rollback - with interactive demos…

Intro this.style.color='', 1000); return false;" >§ This is a guide to running a Windows 11 VM with an NVIDIA dGPU passed straight through to it, displayed via Looking Glass directly on the primary…

Every platform needs a database, and for most of what you build it should be PostgreSQL. The managed versions, RDS and Cloud SQL and the rest, are convenient, and they bill you for that convenience…

There is a misconception I keep running into, and it causes real harm in production. People are afraid to increase checkpoint_timeout. They think a longer timeout means a longer recovery after a…

Operation Endgame's SocGholish takedown was good news. It was also a warning. The cleanup bought time. The fix is what happens next. The post Cleaned Isn’t Fixed appeared first on Aaron D.…

The honest math on building your own AI box in June 2026, who it actually makes sense for, and why timing matters more than people think.

The week's biggest cybersecurity stories, filtered for defender impact, patch urgency, active exploitation, and what IT teams should actually do next.

Hey TCPAWorld! Check this out. The Seventh Circuit recently issued an opinion in Hossfeld v. Allstate Ins. Co., Nos. 25-1518 & 25-1672, 2026 WL 1815908 (7th Cir. June 24, 2026), holding that…

AI approval gates: reversibility-tiered human-in-the-loop design with four health metrics that prevent reviewer atrophy at machine speed.

CORS is a browser security mechanism, not a server one. What the Origin header and preflight checks actually do, what CORS protects against, and why it is not CSRF protection.

When an AI security tool misses an intrusion, blocks production, leaks sensitive data, or runs the wrong remediation, liability does not disappear into the algorithm. It follows the people and…

Samsung confirms Galaxy S26's pixel-level privacy display, using dedicated hardware to block shoulder surfing. Customizable and part of Knox security.

A lot of ink has been spilled on this blog lately concerning the question of whether texts are “calls” under Section 227(c) of the TCPA. This week, a court in the Southern District of Texas touched…

Ampache to Navidrome, with a side of Proxmox and Tailscale

Part I traveled further than I expected. The line that caught was the thirty-eight minutes: Fable 5 took an empty directory to a booting, NT-shaped kernel in Rust in thirty-eight minutes of active…

At first glance, Tuta Mail seems like just another email provider. It isn’t. It’s one of the few services I’m aware of that has consistently prioritised privacy and security for protocols that were…

How I moved a 10TB media drive from a Proxmox VM to an NFS share on OpenMediaVault with zero downtime and no changes to 32 Docker containers.

Server Side Apply (SSA) 從 Kubernetes v1.22（2021 年 8 月）宣告 GA，也發了 blog 說大家都該使用它。 2022 年 10 月，Argo CD v2.5.0 宣布支援 SSA。2025 年 11 月，Helm 4.0.0 發布，新安裝的 release 預設啟用 SSA。究竟「SSA」是何方神聖？

SpaceX/xAI has acquired Cursor. What does that mean for your data privacy? If you are NOT an enterprise customer, and you are using private data with Cursor, now is the time to find a competing…