I spent months using Claude wrong. Not wrong in a way that produced bad results — I was getting answers, writing drafts, summarizing documents. It worked. But I was using it like a search engine: open a session, ask something, close it. Every conversation started from zero. Every session began with five minutes of re-explaining…
Every time I open Claude, it starts with a blank slate. No memory of who I am. No idea what I’m working on. No knowledge of decisions I’ve already made, tools I use, or how I like to communicate. So I re-explain. It guesses. I correct it. By the time we’re actually working, five minutes…
// The API Key Problem Nobody Saw Coming For over a decade, Google told developers that API keys weren’t secrets. Embed them in your JavaScript. Paste them into your HTML. Ship them in your client-side code. Firebase’s own security checklist had a green checkmark next to “API keys for Firebase services are not secret.” Google…
I’ve sat in that chair. Not Dario Amodei’s specifically — mine had worse lumbar support and the coffee was from a Keurig — but the same chair. The one where you’re the security person trying to explain to a room full of excited stakeholders why we need to slow down. Why the thing they want…
— Information Security — April 2026 Here’s a pattern I’ve been watching emerge as AI-assisted content creation takes off across the security industry: well-intentioned professionals embedding fingerprints of their real organizations into the templates, tutorials, and open-source repos they share. It’s not carelessness. It’s efficiency. AI lets you generate pages of content in minutes, building…
Will Larson’s An Elegant Puzzle has a chapter on presenting to leadership that changed how I think about structured communication. A 7-step framework for making recommendations that actually land. Clear, repeatable, effective. Problem is, frameworks you don’t use are just bookmarks. So I did what any self-respecting terminal dweller would do: I turned it into…
Every blog post you publish about privacy, security, or self-hosting? Your own site is probably undermining it while your readers read it. I’m not talking about malware or breaches. I’m talking about the quiet stuff — the third-party requests that fire on every single pageview, sending your visitors’ IP addresses to companies they never consented…
My pinball leaderboard kiosk sits in a bar three hours away. I can’t drive over and reboot it. I can’t ask the bar owner to SSH in and restart a service. If that screen goes dark during league night, nobody’s fixing it until I make a six-hour round trip. So I engineered it to never…
Go to myactivity.google.com. Right now. I’ll wait. Scroll through that list. Every search you’ve made. Every question you were too embarrassed to ask a friend. Every 2 AM medical symptom panic. Every job listing you clicked while still employed. Every weird hobby you explored for a week and abandoned. That’s not a search history. That’s…
Every server in my homelab backs itself up automatically, ships copies to a dedicated backup server, and pushes a weekly snapshot to Google Drive — all while I sleep. If my house burns down tomorrow, I lose nothing. This isn’t enterprise gear. It’s Duplicati, some n8n workflows, and a backup server built from spare parts….