NotMint: Building a Self-Hosted Finance Dashboard with Bank-Grade Security
When Mint shut down, I built NotMint -- a self-hosted finance dashboard with SimpleFIN, passkey auth, AES-256-GCM encryption, and zero-trust networking.
Read more
Farewell to the Blog - The Site Is Shutting Down
After publishing here for months, I'm moving my writing to X. Here's why and where to find me going forward. I've been writing on this blog for a long time. Long enough that the posts span different eras of how I thought about security,
Oil Refinery Explosions 2026: The Global Infrastructure Campaign Nobody Is Talking About
Ten refineries destroyed in 21 days across four continents. All reported as unrelated accidents. Here is what the pattern reveals and what you can actually do about it.
Why 'Check the URL' Is Broken Advice: Homograph Attacks in 2026
Homograph attacks have been known for two decades, yet they still fool even security-conscious users. The problem isn't awareness. It's that checking URLs visually exploits a fundamental mismatch between how computers see characters and how humans see them.
The Economics of Ransomware: Why Paying Ransoms Often Costs More Than Recovery
What if the ransom you negotiate today funds the attack that takes your business offline tomorrow? That's the paradox at the heart of ransomware economics. When organizations face an active incident, the pressure to pay feels overwhelming. Executives see the ransom demand, do the math, and conclude that