🧐 Why Talos Caught My Eye I’ve been spending a lot of time lately at work looking at minimal container images and OS layers — mostly through WizOS and Chainguard’s work. It was through coincidence ...

After a few years away, I’ve started rebuilding my homelab again — this time with a focus on simplicity, efficiency, and silence. My new foundation is the MeLE N100 mini PC, a fanless, ultra-low-po...

Recently I became aware of Starship, which is supposed to be a cross shell prompt. Given that I usually change between BASH on linux and ZSH on macOS I thought this could be a good option. I am / w...

I wasn’t planning on attending Edge Case 2025 this year, but someone from the industry reached out to me on LinkedIn and suggested it might be worth a look. Since it was nearby, I decided to give i...

Apple recently announced Memory Integrity Enforcement, a new protection on Apple Silicon (M3, A17 and newer) that builds on ARM’s Memory Tagging Extension (MTE) and their joint evolution, Enhanced ...

Cloudflare WAF (Part 2): Terraform rulesets In Part 1 I created some basic Cloudflare WAF rules using the dashboard. It was a good way to test quickly, but for a real project I want repeatable, ve...

Wiz Kubernetes LAN Party – Challenge Write-Up I spent some time working through the K8s LAN Party CTF challenges. They were tricky but really fun, and each one tested a different piece of Kubernet...

Troubleshooting Datadog APM Injection with Wiz Policies: What I Learned About Admission Controllers & AI Today a colleague brought me an issue: Wiz was blocking Pods in one of our Kubernetes c...

Cloudflare WAF (Part 1): Setting Up a Lab with Workers and Custom Rules I’ve been meaning to get some hands-on experience with Cloudflare’s Web Application Firewall (WAF). Since I already had a sp...

When Scripts Leak Secrets: API Credentials on macOS Endpoints One of the lesser-discussed security risks in endpoint management is the exposure of API credentials in scripts. I’ve run into this is...