WARNING FOR FAKE PARKING FEE SMS THAT ASKS FOR CREDIT CARD DETAILS https://www.youtube.com/watch?v=j_CATqsshZ0

You’ve installed the latest transponder, the icons are moving on your screen, and you feel safe. But, there is a silent epidemic in the cruising community: The Stealth Yacht. Many... The post Why…

(The content of this chapter is kind of basics of what I've been doing for a long time now, so my notes will be skimpy) ORMs: maybe good, maybe bad They talk about the tradeoffs of using a JSON…

Last week, on April 23, 2026, Canonical released Ubuntu 26.04 LTS "Resolute Raccoon" . The interesting part is not GNOME 50 or the normal LTS cadence. It is that Ubuntu 26.04 moves more of the hard…

How a handful of American cybersecurity firms quietly became the world's unelected prosecutors, and why nobody's asking the right questions.

Sometimes I work with very old IT server infrastructure, but this should not be the topic of today. We focus on the client side today, where it happens from time to time that companies and people…

Here is an overview of content I published in April: Blog posts: Update: cut-bytes.py Version 0.0.18 SANS ISC Diary entries: A .WAV With A Payload

Well-regarded non-profit runs domestic intelligence agency; distributes intelligence product; achieves adoption in financial infrastructure; recruits agents and allies; intervenes against U.S.…

When you look at the Cloudflare Developer Platform, you will quickly start drawing parallels between what Cloudflare provides and what the hyperscalers (such as AWS and Azure) provide. Sure, there…

rqlite is a lightweight, user-friendly, open-source, distributed relational database. It’s written in Go, employs Raft for distributed consensus, and uses SQLite as its storage engine. rqlite v10.0…

I saw Greg Raiz’s local.vibe post on Hacker News. The problem is familiar: once you have enough local projects, remembering localhost:5173 vs localhost:3001 vs whatever the browser extension dev…

It is very common for a self-hosted mail server to be able to send mail but fail to receive it. Sending and receiving follow two completely different paths: sending relies on outbound SMTP, while…

I wanted to give OpenClaw its own mailbox in Microsoft 365 so it could read mail, send messages, and generally act like a useful automation agent without piggybacking on my personal account. The…

Built a Zero Trust device onboarding pipeline using MDM, a NAC proxy, and SCEP.

I used to write periodic homelab update posts but they’d go stale almost immediately. So instead, I’m just going to keep this page current. It’s the state of things as of the last…

I just published a Piper Voices TTS installer script, it turns a Linux machine into a local and offline voice generator for phone systems. It downloads the rhasspy/piper neural TTS binary and a set…

Difficulty medium Categories rev Description Bedrock Bank & Trust is the most secure financial institution in all of Bedrock! Their new stone-tablet vault app uses “pterodactyl-grade”…

Last year, I set up a 4G internet connection to replace an FTTC connection. Originally just a NR5103E with a 350GB Scancom SIM. I purchased a GL.Inet GL-MT6000 (Flint 2) and use the NR5103E in…

Some organisations’ most sensitive information is only ever discussed in person. Ironically, the equipment in meeting rooms, conference halls, and other physical locations is often among the…

Deterministic routing is one of the most effective ways distributed systems reduce consistency problems at scale. It is a foundational technique used by many modern databases, caches, and large-scale…

If you already know Kubernetes architecture, skip to section 3.

Major Local->Admin Linux Hack, The PAI 5.0 Release, Deep SF Analysis, More Supply Chain Hacks, The Perils of Not Hiring Juniors, and more...

The DragonFly site has a recently-updated page describing how DPorts is assembled and the process to contribute. It does need the criterion for when it’s ready to release – either a…

Last month (on 18th April 2026), I saw an alert for a strange route announcement: Prefix AS Path Origin ASN 117.120.58.0/23 262427 262761 263444 6453 3257 55836 9498 134863 134863 Background While…

I built a lyrics quiz app (NOPLP) by wiring a Telegram bot to a PostgreSQL database via PostgREST, setting up Docker networks in Portainer, and untangling a CORS mess in Cloudflare Tunnels. Read the…

This article presents an untested idea for countering audio evesdropping of a conversation between two people. The idea is to use a flexible plastic pipe that leads directly from the speaker's mouth…

Some things I’ve learned about playing games by running them on a big computer and using my TV as a client. Basically this is an optimized form of desktop screen sharing. The client TV is a…

It’s been too long since I wrote one of these. Four years, actually. The last time I sat down to write about CCDC was after Nationals 2022, and even then I was overdue. Life got in the way. The…

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks…

My view on stablecoins has always been this: they’re crypto, stripped of speculation.  Remove the trading, the moonshots, the get-rich-quick schemes, and what you’re left with is a…

Terraform already supports setting a module’s source argument to a git or Mercurial repository path, S3 path, and more. It even supports direct HTTP URLs, as long as you follow some guidelines.…

Supply chain attacks are surging. If you use pnpm, three settings can significantly reduce your exposure.

There is always a time when storage becomes a bit tight. Deleting caches is a good way to regain some, helped by the CACHEDIR.TAG standard and some shell-fu: ``` $ sudo locate CACHEDIR.TAG |…

To help address an “unprecedented” surge in power demand from AI, data centers, and industrial electrification, in October 2025, the Federal Energy Regulatory Commission (FERC) opened Docket…

Trigger warning: this is a report about how Debianism prefers abusers to those who consistently and compassionately helped victims of abuse.

BookStack v26.03.4 has been released. This is a security release to improve attachment related permission checks, and URL validation for webhooks.

File tracing misses runtime paths, Cloud Run changes the working directory, CloudFront eats routes, and OG images silently vanish — four failures that pass every local test.

BunkerWeb - the open-source Web Application Firewall (WAF) Fool attackers and protect your web services with BunkerWeb, the open-source and next-gen Web Application Firewall (WAF).…

A practical Tier-1 SOC cheat sheet for the first 15 minutes of triage, covering event IDs, ports, evidence collection, and escalation decisions.

It's always been useful to understand how work flows: handoffs, constraints, dependencies. When execution was slow, you had time to respond. At the speed of AI, that lag is gone. If you haven't built…

Pin VS Code extension versions in dev containers to prevent supply chain attacks. Treat extension updates like dependency upgrades -- deliberate and reviewed.

WSL2 is incredibly convenient. However, for my use case, where I’m running a Hyper-V host with separate VMs, one key struggle was GPU acceleration. What I ended up doing in the past was just…

Usually exploits like CopyFail tend to have PoCs or exploits that are architecture-specific. Not this one. Patches should be coming real soon now. Exploit tested using this deobfuscated version . %…

Every time your load balancer sends a request to the wrong GPU, that GPU recomputes a prefill it already computed somewhere else. The KV cache for that 4,000-token system prompt exists. It’s just…

A short guide to installing Autopsy correctly.

Why I built passport-privacy.meertens.dev — a no-tracking, no-cookies, fully client-side, open-source watermarking tool for photos of your passport and ID documents.

A summary of my dev.to post on Floci — a zero-auth, MIT-licensed AWS emulator that starts in 24ms and uses 13 MiB at idle.

Why I boot Linux from a USB-attached NVMe I run a small home server on a Mini-ITX desktop that I also use as my gaming machine on Windows. The motherboard, an ASRock B550M-ITX/ac, has a single PCIe…

Gotta make sure your apps don't have funny security holes. Pentest engineers might not be on the same page as software engineers, and that's normal, they speak different languages. Good news is as…

Add Orbital to two REST APIs and replace manual join code with a single TaxiQL query. Covers Taxi schemas, Docker Compose setup, and the .env step that isn't in the official docs.