Blog
Welcome to the Blog.
Why Constraints Matter
2026-02-10
Give a programmer unlimited resources and they’ll build a mess. Give them 640 KB and they’ll build something elegant.
Constraints force creativity. The demoscene proved that artistic expression thrives under extreme limitations. The same principle applies to web design: this site uses no JavaScript, and the CSS-only approach has led to solutions I would never have considered otherwise. ... continue
Restoring an AT 286
2026-02-01
I found a Commodore PC 30-III (286 @ 12 MHz) at a flea market. The power supply was dead, the CMOS battery had leaked, and the hard drive made sounds like a coffee grinder.
After recapping the PSU, neutralizing the battery acid with vinegar, and replacing the MFM drive with a XTIDE + CF card adapter, the machine booted into DOS 3.31. The CGA output on a period-correct monitor is a shade of green that no modern display can reproduce. ... continue
RISC-V on a 10-Cent Chip
2026-01-30
The WCH CH32V003 costs less than a stamp and runs a 32-bit RISC-V core at 48 MHz. It has 2 KB of RAM, 16 KB of flash, and a surprisingly complete peripheral set: USART, SPI, I²C, ADC, timers.
We set up the open-source MounRiver toolchain, flash a UART echo program over the single-wire debug interface, and measure current consumption in sleep mode: 8 µA. For battery-powered sensors, this chip is hard to beat. ... continue
Nmap Beyond the Basics
2026-01-08
Everyone knows nmap -sV target. But Nmap’s scripting engine (NSE) turns a
port scanner into a full reconnaissance framework.
We look at three scripts that changed how I approach engagements:
http-enum for directory brute-forcing, ssl-heartbleed for quick Heartbleed
checks, and smb-vuln-ms17-010 for EternalBlue detection. Combining these
with --script-args and custom output formats (XML piped into xsltproc)
creates repeatable, auditable scan reports. ... continue
Format String Attacks Demystified
2025-12-14
Format string vulnerabilities happen when user-controlled input ends up as the
first argument to printf(). Instead of printing text, the attacker reads or
writes arbitrary memory.
We demonstrate reading the stack with %08x specifiers, then escalate to an
arbitrary write using %n. The write-what-where primitive turns a seemingly
harmless logging call into full code execution. ... continue