Landlock supports multiple nested sandboxes, so when an operation with filesystem path is attempted, it has to check it against up to 16 nested policies. The way it currently does that is by…

I just tried to use the new CLI tool for Obsidian for the first time. To set it up, enabling a toggle switch in the “General” section of the settings should suffice. But if Obsidian is…

I was one of the very first advocates for AWS back when it was brand new - SQS, S3, EC2 SimpleDB - it was a lot smaller back then. In fact I organised the very first AWS event in Melbourne when the…

The Musk v. Altman trial drops bombshells, Meta quietly buries Llama for a proprietary model, and a severe Linux threat is actively targeting your CI/CD pipelines.

Dino Dai Zovi made an argument recently that I want to build on. “If you agree that AI will help attackers discover and exploit vulnerabilities 10-100x more easily, then your excess attack…

Also: VCF 9.1 prefers private cloud for AI, the McGroc analyst trap, and the bank that lost the pope’s account. From: The undertow - Astrid Related to your interests VMware Cloud Foundation 9.1…

Application code is stateless. You can tear down a container and spin up a new one in milliseconds without losing data. Databases are stateful. When you deploy new application logic that requires a…

Peter Joseph Williams, the former L3 Trenchant executive recently convicted of stealing zero-day exploits from his employer and selling them to a Russian broker, has been ordered to pay $10 million…

A point: SG1. Z point: FR5. Term: 3 Years. Routing: Avoids Marseille and clocks 140 ms RTD.

The cybersecurity industry's reliance on gated PDFs and MQL-driven content is actively destroying future pipeline by making the best content invisible to AI engines. Here's the case for a fundamental…

Insurance companies don’t like aluminum electrical wiring. It’s not technically the wires that are the problem, but the connectors used to join the wires. Because aluminum is soft, the wires come…

A week ago the Copy Fail vulnerability came out, and Hyunwoo Kim immediately realized that the fixes were insufficient, sharing a patch the same day. In doing this he followed standard procedure for…

How we moved a Kubernetes-hosted product from a development setup to a platform with controlled delivery, policy checks, observability, and tested recovery.

Want to get my easy to follow Tech Tips in your email? Sign up for my daily Rick’s Tech Tips Newsletter! As you probably know by now, the scammers of the world are always coming up with new ways to…

kremlin:in 1995 knowing someone’s IP address was indeed exploitable, you could very easily find out their ISP, call them, and allege anything you want and they would disconnect you while they…

In the post MikroTik: setting up WireGuard and connecting Linux peers I described how to set up MikroTik as a VPN Hub and connect a peer running on Debian Linux. Setup on Arch Linux is mostly the…

Kafka is a good thing.

A new Linux zero-day called Dirty Frag gives any local user full root access on every major Linux distribution, and right now no distribution has a patched kernel available. The researcher planned to…

I was reading the post of Mikael Nystrom, who regularly consults and assists with businesses and deployment. One of his comments caught my eye — the boring but important stuff. He offers up a…

I genuinely did not see this coming. Cloudflare has been building one of the more coherent AI developer platforms out there–Workers AI, AI Gateway, Vectorize, their edge inference stack–all sitting…

Nine times out of ten, when an engineering team starts complaining about “slow database performance,” the database itself is perfectly fine. The real culprit is almost always hiding…

You really have to wonder why nobody is reporting the news as it is. Neither Anthropic’s blog post nor SpaceXAI’s mentions anything about data isolation, customer-managed keys, or an…

Another day, another Linux exploit. It’s been hard to keep track over the last few months. Vulnerabilities are inevitable, but they do highlight my concerns again regarding monocultures. Any…

As I was migrating my online backups to Restic, I was concurrently building a system that would allow me to use Restic to complete full-disk backups to external USB drives, thus replacing my use of…

In the spring of 2017, Jeff Tantsura , the IETF Routing Area chair , delivered a short “ Introduction to Segment Routing ” webinar. In mid-April 2026, we had ~100 people at ITNOG 10 attending the…

Closing the Gap Between Data, Insight, and Action. Palantir, Databricks, Snowflake, and now Microsoft Fabric are often compared as if they solve the same problem. They don’t. Most organisations…

Switching from an Intel iMac to Apple Silicon felt like a hardware upgrade. It turned out to be an architecture story, and that story is now reshaping the cloud.

In the DevOps engineer’s toolkit, few commands are as revered—or as misunderstood—as awk and sed.

Carol Leonning and Ken Dilanian report for MS NOW. Excerpt: FBI Director Kash Patel ordered the polygraphing of more than two dozen former and current members of his security detail, as well as other…

Can IPv6 play a role in resisting internet censorship? Background Earlier this week a user on the Fediverse noticed that a website titled “w-social.eu,” recently went offline. Looking…

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today,…

I just got back from DevOpsDays Austin, and it’s always great to go out and talk with a wide array of folks from the tech community to see what’s up. The takeaways were interesting.…

 An armed uncrewed surface vessel (USV), almost certainly a Ukrainian example, has been discovered with its motor running, in a sea cave on the Greek…

A CLI and MCP server that aggregates trust signals about open-source code, projects, and the people behind them — so humans and LLM coding agents can decide, on evidence, whether to adopt a…

A semi-personal note on how security, privacy, and self-hosting change when your life is no longer designed for one user.

Enterprises run on AI agents. So do the attackers. What does it mean to build, secure, and operate AI systems when both sides - defenders and attackers - are automated? Jonathan Jaffe, CISO at…

Something has changed for me at the bench in the last few weeks, and I want to write it down before it stops feeling new. I have spent the last decade building or using diagnostic tools that put a…

Incidents are boring. Most of what you actually do during an incident is wait: for some other team to investigate, or for a deploy to finish, or for the result of some change to become apparent, or…

How my server started as a book library with Calibre and Kavita, then grew into a full media homelab with Jellyfin, Arr automation, a reverse proxy, and operations tooling — one folder per service,…

Remote Code Execution Vulnerability in Fooocus Fooocus is the third-most popular open-source AI image generation WebUI on GitHub with 48k stars. By exposing it to the internet, you allow attackers to…

YOLO is a terrible strategy for validating production changes. How many times have you seen it? Your platform is running smoothly. No alerts, no issues. Then suddenly, something breaks. After digging…

Yeah, sure, we all put our files/lectures/exams on this central server that we have no control over, and then they do this to us: For those who don’t know, Canvas is the courseware many schools…

(One of my summaries of the 2026 one-day PyGrunn conference in Groningen, NL). When automating in a big company with many systems, you often end up with spaghetti: many systems connecting to a lot of…

Chris Iorfida, CBC News: A Canadian is fighting back in U.S. federal court over what he says is an attempt by the Department of Homeland Security, through Google, to seek “vast swaths of…

Fatal error: Uncaught Exception: DateTimeZone::__construct(): Unknown or bad timezone (Europe/Berlin) in /var/www/html/domain.com/public_html/wp-includes/script-loader.php:414 Stack trace: #0…

The Instructure-owned learning management platform, Canvas, is now onl... Continue reading →

Intel ships per-sensor calibration data in proprietary AIQB binaries alongside their Windows camera drivers. Here is how to parse them to generate libcamera Simple IPA tuning files with accurate CCMs…

May 7, 2026 But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of…

Over the past few weeks, I’ve received a serious flood of similar email messages that claim to be from well-known businesses like Harbor Freight, CVS, Kroger, Marriot, Costco, FedEx, Walmart, and…