Bleeding Llama: When Local Ollama Leaks Memory Over the Network
CVE-2026-7482: crafted GGUF leaks heap via quantize—prompts, keys, neighbor chats. I explain Bleeding Llama and how I lock down Ollama. 🔐
Blog
Thoughts on engineering, AI, security, and the craft of building things.
Dirty Frag and the Copy-Fail Lineage: Why AI Will Find the Next One First
From Dirty COW to Dirty Frag — Linux keeps betting on no-COW fast paths and losing. Here's why AI variant analysis changes the timeline. 🔬
200+ Projects, 200K at Risk: The MCP RCE Crisis in Your AI Stack
OX-documented blast radius (150M+ downloads, 7K+ exposed servers, 200+ repos) and concrete defenses for MCP STDIO RCE — with cited sources.
CVE-2026-42208: Your AI Proxy's Auth Check Was the Backdoor
LiteLLM's API key verification had a pre-auth SQLi (CVSS 9.3). Six critical vulns in one month. Your AI proxy is now a high-value target.
GitHub Copilot's Pricing Rollercoaster: A Masterclass in Losing Developer Trust
GitHub changed Copilot pricing four times in April alone. Here's the full timeline, what it means, and why Cursor is laughing. 🎢
Dotfiles for macOS: From Terminal to Desktop Environment
Part 2: How AeroSpace, SketchyBar, Nushell infrastructure tooling, a custom Neovim IDE, and 80+ CLI tools turn macOS into a keyboard-driven engineering cockpit.
My Dotfiles Aren't Aesthetic. They're Operational.
How I use a disciplined dotfiles strategy to turn any new machine into a familiar, mistake-proof engineering environment in under an hour.
Chrome DevTools MCP: Giving Your AI Agent Eyes in the Browser
A professional walkthrough — from install to real-world use — of Chrome DevTools MCP across VS Code, Cursor, GitHub Copilot, Claude Code and Gemini CLI with npx chrome-devtools-mcp@latest and --autoConnect. JSON configs, the Chrome M144+ connection flow, Lighthouse and CORS debugging prompts, and a verification checklist.
Agent Security ≠ LLM Security: OWASP MCP Top 10 and Microsoft's Agent Governance Toolkit
MCP security fundamentally differs from traditional application security. With 30 CVEs filed in 60 days, organizations need a new security model. Learn how to protect agent deployments using OWASP MCP Top 10 and Microsoft's Agent Governance Toolkit.