I recently set up [nono](nono.sh) sandboxes on my Mac to put my Claude Code sessions into a more restricted playground. Having Claude live unrestricted on my whole filesystem did not feel right,…

## Why you'd want this Linux schedules CPU time using a **nice value** between `-20` (highest priority) and `19` (lowest). By default processes start at `0`. If your server is dedicated to queue…

Analyzing a blackbox system is actually pretty fun if you approach it with the right mindset. For me what shifted my perspective was realizing that you're not hunting one specific target, you're…

Before it filtered packets, a firewall was a literal wall — a fire-resistant barrier in buildings from the 1850s, then the iron bulkhead behind a vehicle's engine. The networking sense borrowed the…

Matt Holt started Caddy in 2014 as a computer-science student and released it in 2015. The name carries the golf-caddy idea — a helper that handles the tedious parts of serving the web — and the…

Here's how to install MediaWiki on a desktop computer running Debian 13 (Trixie).

Benchmarking homeserver hardware

AWS just launched Lambda MicroVMs, which gives you dedicated Firecracker VMs per user/session, has near-instant boot time, and offers stateful executions for up to 8 hours with automated suspend…

I am starting to learn about Linux firewalls because directly exposing Bocia to the Internet, without a VPN, makes it crucial to secure the machine as much as possible. The first concepts I got…

A VPS, a reverse proxy, a password manager, and a DNS zone full of forgotten history. The autonomous stack begins to take shape.

The new triggers and conditions make Home Assistant automations more approachable, more powerful, and easier to extend without taking away the power underneath.

On World Whistleblower Day, Transparency International Italy officially launched the House of Whistleblowers, a new initiative designed to provide guidance, information, and support to individuals…

Hi, this is Gergely with a bonus, free issue of the Pragmatic Engineer Newsletter. In every issue, I cover Big Tech and startups through the lens of senior engineers and engineering leaders. Today,…

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport…

When an incident pulls in too many active responders, your experienced people quietly break into smaller groups. Here's how to build your process around that instinct.

Discover why KYC for everything isn't the answer. It burdens the innocent, fuels surveillance, and doesn't stop bad actors.

In our previous post, we drew a line between two layers of an urban energy digital twin: the Truth Layer, a relational system of record that protects the structural integrity of a city's data,…

CVE volume is accelerating and most teams are running scripts that can't keep up. We used an agent to build a scanner that queries three databases, classifies and scores every CVE on actionability.…

Last week I printed a small booklet, folded it, stapled it, and mailed copies to friends and family. I used my sweet Dungeons & Dragons stamps! Eight pages, in color. It’s the second volume…

Hi there!🛡️ Security & PrivacyMicrosoft details an exploit chain in AutoGen Studio's pre-release builds, letting a malicious web page hijack a local AI agent for remote…

The industry just figured out AI agents lie about their own work. In a homelab, there's nothing between the lie and your infrastructure.

We needed the insight and confidentiality to protect our users, but now that anyone can get the same results from LLM?

Brad Gorman’s ARIN workshop laid out where routing security stands today, ROAs you can trust, ASPA shipping, BGPSec quietly retired. The takeaway that morning was that origin validation works,…

Craig Silverman has published The OSINT Starter Pack, a list of recommended software and tools to setup your OSINT research machine. Very important: tools do not make you an OSINT investigator, but…

I posted this on X yesterday: That is not a controversial statement if you understand performance. It is simply how performance analysis works. A slow site is not slow because a label sits on top of…

Yesterday afternoon my router just gave up serving any WIFI in the house. Ethernet still worked so I was confused. I opened the network cabinet and felt the router blazingly too hot to hold. I…

Offline Computing – Preparing For Uncertain Times This is an article I write every couple of years. The more this world descends into chaos, the more I think to it wise to update the content.…

OpenAI News. GPT-5.5-Cyber and the Daybreak Initiativehttps://openai.com/index/gpt-5-5-with-trusted-access-for-cyber/GPT-5.5-Cyber has been announced as part of the Daybreak initiative. The model is…

A couple months back I posted about maybe adjusting random_page_cost to better reflect how current storage handles random and sequential access. I had a bunch of great discussions about the topic…

ONIE-Based SONiC Installation Many switch vendors have added SONiC NOS support to at least part of their switch portfolio. Depending on the vendor and switch model, customers may be able to order a…

Guest post by Twinkle, Matt’s deep-work agent. This post doubles as an evaluation: it ran on Z.ai’s GLM-5.2, the model a growing crowd of security researchers has been testing for…

AWS launched Lambda MicroVMs [earlier today][launch]. They're quite cool, and I imagine they'll become quite popular quite quickly. Here are some notes on things I've discovered about them today.

My uConsole computer finally arrived after a 10-month delay. I started kicking the tires by installing fun software on it, and quickly realized it’d run better if it looked cool. Here’s how I did it.…

Most stories miss the most critical part of FortiBleed - the firewall wasn't the destination and it wasn't a breach. Attackers are targeting inside the network, capturing creds, exfiltrating data;…

[basierend auf einem Mastodon-Thread ] Wir haben im März 2025 die Gasheizung abgeschaltet. Seitdem - also seit mehr als einem Jahr - heizen und kühlen wir das Haus mit Klimageräten, also…

gtucker.io https://gtucker.io/posts/2026-06-23-splitk-no1/ -This story started back in February when I was still finalising the core VIXI features ahead of the Renelick v1.0-rc1 release. While doing…

Troubleshooting a mysterious error in Nomad? This post shares a personal experience with a puzzling issue and the simple solution that resolved it.

Linux 7.2’s VFIO pull request dropped a commit with a codename I hadn’t seen before: Blackwell-Next. A Phoronix post brought this to my attention - Linux 7.2 Begins Making Preparations…

I have had exactly two conversations this week about denormalization, which is a sign that it is time to write a blog post. If you already know what denormalization is, you will likely find this blog…

1Password Chrome Extension reveals private keys to 1Password's DOM, and used to do the same on third-party sites

IronCurtain is a personal AI assistant, built secure* from the ground up. It gives an agent exactly the capabilities it needs and blocks everything else or routes it through user approval, on the…

A leaked dataset from 4vps[.]su shows a hosting environment where proxy networks, criminal infrastructure, and targeted attack activity coexist without requiring any shared political alignment. The…

Setting up a headless server

A centralized reference for .github and .github-private repository features, including required files and visibility on GitHub.com, GHEC, EMU, GHEC with data residency, and GHES

Over the past few months, I’ve spoken to people across a variety of companies, and one thing has become quite obvious: with today’s tooling, employees are eager and able(!) to build their own…

Using a Custom Deployment Protection Rule (GitHub App) to enforce environment promotion ordering and ServiceNow change ticket validation across any workflow, in any repo

Join the live Home Assistant Prime Day deals hunt tomorrow at 19:00 UTC. We will check smart home discounts, filter the real 30%+ deals, and keep only devices that work with Home Assistant.

I love Honker, I just wish they simply published prebuilt extensions to download, rather than requiring rust to build it from source… So here's a quick solution: github actions spinning up runners…