Blog
37 posts on security, infrastructure, and building things
2026
2026.04.02 The Axios npm Attack: What Happened, How to Check, and What to Do North Korean actors backdoored the Axios npm package on March 31. Here's the full attack chain, how to check if you're affected, and exactly what to do about it.
→ 2026.04.01 OpenClaw v2026.3.31: Six Breaking Changes, a Real Task System, and a Security Hardening Spree OpenClaw v2026.3.31 is the biggest release in weeks. Six breaking changes, a unified task control plane, MCP over HTTP, and an aggressive security pass that touches auth, exec, sandboxing, and node trust. Here's what matters for a real deployment.
→ 2026.04.01 Claude Code's Source Leak Was Embarrassing. The Real Story Is What It Revealed Anthropic's Claude Code source leak exposed far more than implementation details. It exposed roadmap, trust assumptions, and how brittle npm security has become.
→ 2026.03.30 Claude Mythos: What We Actually Know (and What We Don't) Anthropic's most powerful model leaked through a misconfigured CMS. Here's what the verified reporting says, what the speculation says, and why the cybersecurity angle matters more than the hype.
→ 2026.03.28 updated I Migrated Our Entire Infrastructure from Hyper-V to Proxmox. Here's Everything I Learned. Domain controllers, file servers, network monitoring, imaging, WiFi controllers. All of it moved from Microsoft to open source. No downtime. No data loss. Here's the complete playbook.
→ 2026.03.28 I Got Tired of Clicking Through Threat Intel Dashboards, So I Gave MISP a Direct Agent Interface Most threat intel workflows still force you through too many screens for one simple IOC question. I built misp-mcp so an agent can ask MISP directly, with tighter tool surfaces, better visibility, and shipping-grade test coverage.
→ 2026.03.28 Replacing SCCM with FOG Project How I replaced SCCM with FOG Project for 72 lab workstations, fought Debian Trixie installer bugs, fixed PXE boot on newer hardware, and built a repeatable Windows 11 imaging pipeline.
→ 2026.03.27 OpenClaw v2026.3.24: Better Tool Visibility, Cleaner Restarts, and Fewer Dumb Failure Modes OpenClaw v2026.3.24 is not a flashy release. It is an operational one. Better OpenAI compatibility, container-aware CLI commands, smarter Discord thread behavior, and fixes that actually matter when your stack is live.
→ 2026.03.23 I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part. What I learned building MCP servers for Wazuh, Suricata, Zeek, TheHive, MISP, and more. The real challenge was not the protocol.
→ 2026.03.23 OpenClaw v2026.3.22: What Broke, What's New, and What to Actually Use Breaking down the biggest OpenClaw release of 2026 so far. Browser relay is gone, plugin SDK changed, and there are genuinely useful new features buried in the changelog.
→ 2026.03.23 How I Tightened OpenClaw Memory So Long Sessions Stop Falling Apart A practical look at the memory architecture I use in OpenClaw, what was already working, where it was weak, and the config changes that made long sessions much more reliable.
→ 2026.03.22 updated A Fiber Cut at 2 PM Taught Me Why I Needed to Build Watchtower A fiber cut at 2 PM exposed gaps in our network monitoring. So I built Watchtower, a real-time NOC dashboard integrating LibreNMS, InfluxDB, and FastAPI.
→ 2026.03.22 updated OpenClaw Multi-Model Setup: Stop Burning Money on the Wrong Model How to orchestrate Opus, Codex, Haiku, and budget cloud models in one OpenClaw setup. Use the right model for each task and cut your costs without cutting quality.
→ 2026.03.21 Stop Running Your AI Agent in a Single Chat Thread Why single-thread messengers like Telegram and Signal are holding back your OpenClaw setup, and how Discord's channel model fixes context contamination, cron confusion, and project sprawl.
→ 2026.03.20 Build Log: Code Search How I built a local-first semantic code search API using FastAPI, SQLite, and Ollama embeddings to make retrieval fast, free, and private.
→ 2026.03.14 OpenClaw v2026.3.13: Browser Profiles, Security Hardening, and the Ollama Fix You've Been Waiting For Breaking down the March 13 release. Chrome DevTools MCP attach mode, built-in browser profiles, 10+ security fixes, and why the Ollama reasoning leak fix matters more than you think.
→ 2026.03.14 What Shipped This Week: Hardening the Stack and Expanding the Writing Surface A weekly recap covering portfolio security fixes, local routing upgrades, cron repairs, API hardening, agent infrastructure work, and new writing distribution channels.
→ 2026.03.08 OpenClaw v2026.3.7: Context Engines, Persistent Bindings, and a Slimmer Docker Image Breaking down OpenClaw's latest release. Pluggable context management, ACP bindings that survive restarts, multi-stage Docker builds, and the fixes that matter for production setups.
→ 2026.03.07 Fixing the Blind Orchestrator: How sessions_send Replaced a Broken Multi-Agent Workflow My AI orchestrator couldn't see its own subagent's results. Auto-announce sent outputs to the wrong place, truncated them, and required manual intervention. Here's how one API call fixed everything.
→ 2026.03.07 When Codex Said I Burned a Month of Tokens in One Night I tried to use GPT 5.3 Codex to summarize 70,000 code chunks. It reported phantom token usage that didn't exist. Here's what actually happened and how Ollama cloud models saved the project.
→ 2026.03.03 OpenClaw v2026.3.2: The Features That Actually Matter Breaking down OpenClaw's latest release. PDF analysis, Ollama memory embeddings, MiniMax support, security hardening, and what it all means for your actual setup.
→ 2026.02.22 Coder Agent Model Evolution: Qwen → Haiku → Codex Three iterations of the OpenClaw coder subagent model, each solving one problem and revealing the next: local model quality issues, shared-provider concurrency failures, and final stability with provider separation.
→ 2026.02.22 Building a Local-First Enforcement Hook for OpenClaw (And the Coder Model That Kept Breaking) How I built a system prompt injection hook that forces my AI agent to check local APIs before burning cloud tokens, then iterated through three coder models to find one that actually works.
→ 2026.02.21 updated Playbook Forge: Because Nobody Reads the Binder at 2 AM Building an incident response playbook generator that creates NIST-aligned, role-specific runbooks. Because nobody reads the binder during an actual incident.
→ 2026.02.20 Rules Don't Work on AI Agents. Git Hooks Do. Why AGENTS.md instructions fail when AI agents can bypass them. How git pre-push hooks enforce real constraints on autonomous coding agents.
→ 2026.02.19 From 100K Token Messages to Semantic Search: How I Fixed My AI Agent's Memory The real story of building an AI agent memory system. From Kimi K2.5 blowing through tokens to local semantic search with Ollama. Every mistake, every fix.
→ 2026.02.16 updated APT44/Sandworm: The Most Dangerous Hacking Unit You've Never Heard Of Deep analysis of APT44 (Sandworm), Russia's most dangerous cyber unit. ATT&CK mapping, campaign timeline, and why they target critical infrastructure.
→ 2026.02.16 updated CyberBRIEF: Because Nobody Reads Page 8 Building an automated threat intelligence tool that delivers BLUF briefings with MITRE ATT&CK mapping, IOC extraction, and multi-source aggregation.
→ 2026.02.16 updated Intel Workbench: Fighting Your Own Brain with Structured Analysis Building a structured analysis tool for intelligence work. Analysis of Competing Hypotheses, evidence weighting, and fighting cognitive bias with software.
→ 2026.02.16 updated I'm a Lab Assistant. So I Built My Own SOC. How I designed and deployed a full open-source SOC with Wazuh, TheHive, Cortex, and MISP for a college network engineering lab.
→ 2026.02.16 updated SOC Showcase: What a Security Operations Center Actually Looks Like An interactive demo of what a Security Operations Center actually looks like. Alert triage, case management, threat intel correlation, and analyst workflows.
→ 2026.02.16 updated 3 Days, 18 Hours: What I Learned at NDG's Proxmox Workshop Three days at NDG's Proxmox workshop covering enterprise virtualization, NetLab integration, and what Proxmox means for academic lab infrastructure.
→ 2026.02.16 updated How I Migrated 6 Servers from VMware to Proxmox and Saved $343K Step-by-step migration of 6 production servers from VMware to Proxmox VE. Network bridge edge cases, storage conversion, and how we saved $343K in licensing.
→ 2026.02.16 updated America's Water Infrastructure Is Held Together by Default Passwords Research into US water and wastewater utility cybersecurity. Default passwords, exposed SCADA systems, and why critical infrastructure remains dangerously vulnerable.
→ 2026.02.13 OpenClaw Security Hardening: From Basic to Fortress Your AI agent has access to your email, calendar, and files. Here's how to lock it down properly, from baseline security to zero-trust architecture.
→ 2026.02.10 How to Set Up OpenClaw on Windows with WSL2 (The Real Guide) A complete, battle-tested guide to running OpenClaw on Windows via WSL2. Every gotcha, every fix, every thing the docs don't tell you.
→ 2026.02.09 I Killed Handoff Letters With a 274MB Embedding Model How I replaced manual AI session handoffs with local GPU-powered semantic search using Ollama and nomic-embed-text. Zero cloud calls, instant retrieval, no more copy-pasting context.
→