In our 1980s networking research, we came across this: a 1988 paper out of the National University of Singapore where Gee-Swee Poo and Tiow-Seng Tan benchmarked the file server performance of 3Com…

Loudoun County, Virginia, was the most permissive jurisdiction in the United States for hyperscale data center construction. As of this quarter, it has nearly flipped 180 degrees. Is this the…

Discover why streaming services collect extensive personal data and track everything you watch. Learn the privacy risks, GDPR limitations, and why physical media offers true ownership and privacy.

Mercure v0.23.5 just landed, and the dominant theme is the Helm chart. If you run hubs on Kubernetes, this release tightens defaults and adds the kind of policy templates that previously required…

Hi there!🛡️ Security & PrivacyNotepad++ CVE-2026-3008: a %s format specifier in nativeLang.xml triggers a string injection in FindInFiles, enabling DoS crashes and memory…

AWS publishes a JSON file every day that nobody reads. It’s at ip-ranges.json. 2.4MB, no story.

copy.fail ( CVE-2026-31431 ) is a Linux kernel bug where an in-place modification of a pipe scatter list by the algif_aead module (crypto module's AEAD algorithm) can be used to modify the disk cache…

If you are using Cloudflare products like Workers, R2, or D1, you have probably checked the dashboard more times than you would like. It works, but it is manual, repetitive, and not very scalable.…

Did you know you can make your Docker web app containers available via simple names instead of hard-to-remember port numbers?

I already posted my thoughts on AI and why I don’t think it’s going away any time soon. Unfortunately, it seems some people who don’t like LLMs are using AI-induced outages and…

Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […] The post Extending Burp Suite for fun and…

A patch I contributed to Apache Cassandra 6 cuts p99 read latency by 5x during compaction.Compaction pollutes the page cache with data the application knows is throwaway, but the kernel does not.…

This post covers the most common errors when trying to run the eBPF selftests using vmtest.sh, including compilation errors on kfuncs declarations, missing or mismatched libraries, and other…

Runner Dock operating report Snapshot as of 2026-05-05 09:04 BST / 08:04 UTC. Recommendation: CEO should approve the GCP-controlled GitHub Actions design-partner outbound path and pricing-test…

Continuing my journey into learning the Cloudflare Developer Platform, I decided to figure out how to use Queues today. While Workers are the central compute component of the platform, you need…

Re-verifying failed backups with Proxmox Backup Server I'm running Proxmox Backup Server using Backblaze B2 (an S3 compatible object storage service) for storing backups. This does work fine, but my…

Figure 1: Plato's Cave by Jan Pietersz Saenredam; 24 hour clock licensed under CC3 from Wikimedia; systemd logo by the systemd project licensed under CC-BY-SA 4.0 My favorite metonymic technology…

The Taipei Times has reported that a 23-year-old university student in Taiwan has been arrested after using a software-defined radio and hand held radio to hack into Taiwan High Speed Rail…

One of the major changes in SatPulse 0.2 is a new architecture for the PHC synchronization subsystem. The PHC synchronization subsystem has two inputs: a stream of timestamps from the PHC and a…

Gateway API is what Ingress should have been from day one. I don’t say that lightly. I’ve spent years wrangling Kubernetes Ingress resources, writing controller-specific annotations, and…

When you run podman login with rootless Podman, the command succeeds, but after rebooting the machine, pulling a private image looks like you were never logged in. This usually does not mean the…

Table of Contents Introduction The vulnerability Analyzing the shellcode Setting up the lab Setting up rootless Podman Running the exploit inside a container Tracing the exploit mechanism Why…

One slight annoyance on my computer is that when i log in, thereby identifying myself to the computer, my password database remains locked. It may be worse security practice, but i like the…

Previously [I wrote](/blog/2026/04/24/define-static-array/): > [Template parameter objects of array type] are permitted to overlap or be > coalesced, just like `initializer_list`s and string…

Containers were never designed to be a security boundary, yet we have spent the last decade treating them like one. I’m joined by Alex Zenla, Founder and CTO of Edera, to explore how that…

The Kubernetes iceberg. If I’d have to describe my homelab setup via analogy I guess it would be similar to me on a unicycle carrying plates with both of my hands, or maybe a leaking barrel with…

I had been hearing a lot of people raving about Tailscale as a solution for interconnecting devices, or in other words for creating your own mesh VPN. It does seem great on paper: easy to set up,…

Amazon S3 Intelligent-Tiering is about as smart as it can be, given what S3 actually knows. With better context, it could often do a lot better.

BugBash 2026 was two days in Washington D.C., organized by Antithesis, dedicated to extracting reliable software from the slop factory . The conference brought together thirty speakers from across…

An opinionated guide to building your own always-on personal AI assistant using Pi, OpenCode Go, Telegram, Resend, Hetzner, Tailscale, GitHub, and Nginx.

Shutterstock #2041259501 and Asahi Logo Over on Mastodon I mentioned, offhand, that I'd been daily driving (meaning, using daily but not as my primary machine) Asahi on a Macbook Air M2 (15") and…

We'll spend some time going through most of the options, in the end you'll have confidence to set up a system to your liking.

Part 6 of Modernizing my Terminal-Based Development Environment. Part 5 introduced crib. Let’s say a Capybara spec fails inside the container and dumps a screenshot to a png in tmp/. How do I…

What logical decoding, replication slots, and the WAL actually cost when you stream the outbox table to Kafka with Debezium - You proposed the transactional outbox pattern for your service. The…

How to ship schema changes with zero downtime using the expand and contract pattern. A practical walk-through of the three phases with real code.

t's a new space race with a number of satellite operators pushing out LEO satellite services that operate directly to hand-held devices, or D2D.

One Kamal accessory for encrypted Rails database and Active Storage backups, restore drills, and redacted evidence for security reviews.

The scariest line in homelab automation is the one that edits a firewall rule on the router you’re SSH’d in through. Here’s how Claude Code and I edit them anyway. The Fear I needed…

I recently converted all my machines from zram swap to zswap. In this post I go over the differences between the two and why zswap is almost certainly better for any general use-case.

Another small this and that post. Blog Stuff I decided to remove all web fonts from my blog. At the end it was nearly 500Kb just for a slightly different font. Well, I used self-hosted WOFF2 Fonts.…

Motivation # I wanted to test out the new Unsloth models for Qwen3.6 and Gemma4 on my gaming PC. llama.cpp on Windows is tedious to compile, and I have littered my Windows installation with too many…

Modern applications rarely do just one thing at a time. An API request creates an order, and then another service needs to reserve stock, another to charge the customer, another to send an email, and…

Andrew Wilder (our CEO), on the NerdPress blog: From start to finish, this was a coordinated team effort: updates, firewall protections, client communication, and vendor collaboration all happening…

Microsoft is displaying escalating Secure Boot warnings starting May 13 (Windows 10) and May 16 (Windows 11). The original 2011 certificates expire in October 2026. Unpatched systems may refuse to…

CVE-2026-41940 is a CVSS 9.8 authentication bypass in cPanel/WHM affecting every version after 11.40. It was a zero-day for two months, 44,000 IPs are now scanning, ransomware has deployed, and a…

Move over #vulnpocalypse — there's a new term we need to talk about: the #slopdemic. AI didn't invent low-quality vuln reports, but it just turbocharged them, and F/OSS is drowning.

If you have the key in a file and want to know what kind of SSH key you have, you can do: # On OSX % base64 -d -i keyfile | hexdump -C | head 00000000 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 03 01…

Bot Gate is real: I wanted to build something like pinchflat but wound up running into a strange issue that I haven't been able to resolve. YouTube is not a fan of ytdl (shocker) and works really…

For a long time, I assumed Kamal was only for applications you build yourself: push your repo, and Kamal builds the image and ships it to your server. That’s the path the documentation walks you…