Why I stopped using nix-darwin on macOS after slow rebuilds, painful updates, installer script issues, and corporate tooling conflicts.

An 8 GB VPS at 90% memory, 50,000 Cloudflare purge jobs in one cycle, and 12 Horizon supervisors running wild. Here is how I brought LaraPlugins.io back under control, with real numbers.

There is a documented enforcement gap in Conditional Access policies that apply to “all resources” but have an exclusion for at least one resource. What is not documented, is that this gap is much…

It was Cloudflare’s announcement of Markdown for Agents a few months bac that made everything click for me. I’m revisting the note I had saved in my Obsidian vault in preparation for my…

A weekend that started with a grep.app search for leaked password prefixes and ended in a 16-actor Chinese reward-farming (薅羊毛) ecosystem: its script DRM, its C2, its credential theft, and the civic…

For the last few days I have been playing with RFC8950 setup, which allows routing of IPv4 on top of IPv6. While logically it’s quite simple, it has a very powerful application towards making…

There's nothing more satisfying than having a clean and problem-free boot sequence.

The hardest part is getting your data out of Gel in a useable format, the rest is easy (but mind your links on the way in, warning near the end).

Welcome back to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week. 1.EXPLOITATION OF MODEL…

Design of a Simulated 5G & Wi-Fi IIoT Thermal State Monitoring System (TSMS) for a Power Grid Cyber TwinProject Design Purpose : This article introduces the design and implementation of a…

Tutorial Part 1 got SangamIO running on the vacuum, exposing its motors, wheel encoders, IMU and LiDAR over TCP port 5555. Part 2 connects that to ROS 2 the easy way — a prebuilt Docker image that…

The first step on my homelab improvement journey is setting up a reverse proxy. What’s a reverse-proxy? A reverse proxy is a server that sits in front of your other servers. Instead of sending…

Merge-queue deploys, robust releases and chores you keep forgetting

Part 2 — how the git proxy intercepts HTTPS, forces a parseable pack, logs every commit, pins the objects with marker refs, and survives the sharp edges of a signed, atomic protocol.

Every time you run a serverless function on AWS Lambda, execute a container on Google Cloud Run, or spin up a GitHub Actions workflow, your code runs on a physical machine shared with hundreds of…

Josh welcomes Jordi Boggiano the lead maintainer of Composer and Packagist to explain the truckload of security features they’ve recently added. Packagist is the PHP package registry, Composer…

One day your agent starts giving wrong answers. Nobody touched the code, nobody changed the prompt. Turns out the provider silently swapped the model version behind the same API. In a demo you just…

Cloudflare tunnels can be used for SSH, meaning you don't need any open incoming ports on your VPS.

MySQL offers three different approaches to extending the SQL capabilities with the default product you download and install. These are: User Defined Function (UDF) MySQL Manual MySQL Plugin MySQL…

How optimising CDN caching improved performance metrics for our microfrontend architecture

My first encounter with electronic warfare

Build a fast asset pipeline with a private S3 origin, CloudFront caching, custom DNS, and HTTPS certificates using AWS CDK.

Introduction Chain of trust has long served as a foundational security principle in computing systems. From secure boot architectures to software supply-chain[1] security, trust is established at a…

Around 2 years ago I started looking into how I could back up my laptop and my phone. I went with Restic and multiple backends for storage and I'm fairly happy with the result, even though I…

. [How to Write to SSDs](optimising-ssd-writes-for-dbms-cover...

import Detail from "../../components/Detail.astro"; While debugging [Bluetooth and Wi-Fi fighting over 2.4GHz](/posts/bluetooth-wifi-coexistence), I hit a confusing one: my router was happily…

I have a phone running a Snapcast client: it pulls synced audio over Wi-Fi and plays it out to a pair of Bluetooth headphones. It buffered constantly: a few seconds of audio, then a stall, then a…

After five years of leading Observability at Canonical, that journey is coming to an end.

1. Introduction During Digital Forensics and Incident Response (DFIR) investigations, we frequently observe Threat Actors (TAs) using various methods to harvest clear-text credentials on Linux…

Cracking simple XOR cipher with simulated annealing, part II

If you work with secret keys — signing keys, API tokens, anything that must not leak — you’ve probably written this happy little line and felt good about it: 1 secret.zeroize(); Wiped! Auditor happy,…

Why PANhunt exists When I started working in a payment processor, Dionach PANhunt project was already in use on many servers. It was not a tool I discovered later because I wanted to write something…

The Prompts Are Coming From Inside the House: Why Agentic AI Is Becoming the Ultimate Insider Threat Cybersecurity has always been defined by a simple assumption. The attacker exists somewhere…

Posted 21 June 2026 After getting OTA via Bluetooth to the onboard HC-05 going for the 2-wheel robot, I had an epiphany; For vision processing the 2-wheel robot uses an on-board Raspberry Pi5 with a…

It is well known that macOS Finder .DS_Store files should never be checked in to a repo, or leave the single machine for that matter. Fairly recently, I noticed that a lot of my iOS resource…

Everyone needs backups, we all know it in our bones, but you can also live your life without any backups.

As I noted ~6 months ago, GitHub has repositories distributing Trojan horse-style malware. A lot of repositories, actually.

Announcing the release of debvulns CLI, a standalone utility built on the debsecan-mcp core logic.

tl;dr ¶ Some of my sandboxed CLI agents aren’t in nixpkgs, so they ride along as flake inputs. They’re heavy, and were polluting the flake.lock of every machine that consumes the flake.…

Updated June 21st, 2026 64-bit package for PostgreSQL 19 http extension v1.7.1 release . For those folks on windows who want to do http gets and posts directly from your PostgreSQL server, we've made…

Most projects don't have a configuration system — they have a pile: a .env file, a Makefile, a CI workflow, and secrets in a fourth place, none of it validated and all of it slowly drifting apart.…

Donc depuis presque deux ans les enfants ont une machine à eux. Elle tourne sous Linux et je peux donc en prendre la main à distance. Cela m'évite de crier quand ils décident d'ignorer mes demandes…

pgAgent has been my go to scheduling solution for quite some time. Sadly in 6 months it will be completely retired and the pgAgent UI in pgAdmin will be gone. The main reasons I liked pgAgent were:…