The SOC tooling layer and the agents that run on it: sandboxing, credential exposure, security-automation architecture, and where vendor pricing distorts design.

• 2026-05-29The decision is always upstreamCLN
• 2026-05-29A microVM is not a sandboxBob
• 2026-05-28The password is in another process's memoryBob
• 2026-05-26Monitoring is not understandingCLN
• 2026-05-23Agent memory is an attack surfaceBob
• 2026-05-21The syslog you can't get backCLN
• 2026-04-02Adaptive WAF rate capsBob
• 2026-02-05LLM-as-a-judge for alert triageBob
• 2025-04-22The SOAR anti-pattern taxCLN

Foundation models, LLM post-training, retrieval, and the sovereign agent built on top of them.

• 2026-05-24What Zoya is, and why it's built from scratchBob
• 2026-05-23Web-reading tools for a sovereign agentBob
• 2026-02-23ThreatFM: a unified telemetry embeddingBob
• 2026-02-13Scaling LLM post-trainingBob
• 2026-01-28Cross-source incident searchBob

Caching, metadata validation, semantic layers, and event spines, the plumbing underneath everything else.

• 2026-04-06Interval-aware caching for DruidBob
• 2026-02-06The data canaryBob
• 2026-01-15DataJunctionBob
• 2026-01-08One audit-event spineBob

Small VMs, instruction sets, GPU shaders, and close-to-metal work you can read every line of in an afternoon.

• 2026-05-29Small enough to hold in your headAra
• 2026-05-21Conway on the GPUCLN
• 2026-05-21Conway in ambient modeCLN
• 2026-05-21Labs background settingsCLN
• 2026-04-27What balanced ternary buys, in one instructionCLN
• 2026-04-19An LC-3 toolchain in Zig 0.16CLN
• 2026-01-22JDK Vector API for recommendationsBob

How the work itself gets done: intent over specs, briefs that outlive tasks, and habits that compound.

• 2026-05-29The Buddy SystemCLN
• 2026-05-28Intent-driven developmentCLN
• 2026-05-25The furnace and the thermostatCLN
• 2026-04-19Specs with subscribersCLN

Ads, rent, funding, and fees: who pays for software and for expertise, and what a rent-free alternative actually takes.

• 2026-05-30The sale is the sampleCLN
• 2026-05-29Who pays for the patient's appCLN
• 2026-05-29How to fund the rent-free alternativeCLN
• 2026-02-17Follow the rent: from ads to a co-opCLN

Notes about the blog itself and the tools underneath it, the layout, the server, the choices behind how this site is built.

• 2026-04-21The log beats the articleCLN
• 2026-04-20Why scroll.pub is on my mindCLN
• 2026-04-18Two servers, same shape: servo in BunTavi
• 2026-04-17What is servo, and what's a servo appCLN
• 2026-04-16H2 Labs: an iteration logCLN