Blog

A Freebox OS security research diary: two privately reported vulnerabilities self-scored at CVSS 3.1 8.5 and 8.7, one still-under-investigation bug that got me closer than expected to root, and the rediscovery of a decade-old easter egg.

A deep technical write-up of Mogador, the local scraping and data-processing system that has processed more than thirteen million files and currently indexes more than nine million documents.

How a curiosity-driven reverse engineering project turned into a full server emulator, a mountain of tooling, and eventually an AI that could test the game for me.

A KPI query started killing ClickHouse after a harmless WHERE clause. It turned out to be a NULL type pointer created by unordered_map operator[] during partial evaluation of join filters.

A grounded look at my home stack: three machines, a single public entrypoint, and the operational choices behind owning core services.

A disciplined 2026 DCA strategy across BTC, ETH, SOL, DOT, and ADA, with catalysts, staking economics, and risk management.

A ClickHouse backfill that surfaced a slow embedding worker, and the inference optimizations that made it behave like a GPU service (microbatching, TensorRT, caches, and the next bottleneck).

An org-wide, push-triggered secrets scanner: webhook → Lambda → TruffleHog → hash-only findings → Slack + read-only dashboard.

How I turned 4M scraped comments into a style-controlled comment generator.

I spend a lot of time auditing codebases I don’t understand. This is the tool I built so I could stop pretending I did.

How I built my own IP Scanner after tracking down someone that randomly connected to a Minecraft server using Shodan