Webroll

A curated list of awesome blog posts, papers, and resources by others on the web. This page is inspired by the concept of a blogroll. For now, I'll mainly focus on sharing cool stuff I've come across. Sorted by most recent reads at the top, per section. I'll try to better organise all this later.

Prose and Posts

• Competence as Tragedy by crowprose dev misc, thoughtpiece
• The First Few Milliseconds of an HTTPS Connection by Moserware web networking dev performance
• Reverse Engineering TicketMaster's Rotating Barcodes (SafeTix) by conduition writeup hacking reverse
• boehs.org/llms.txt misc amusing, counter-instructions for LLMs, based on the llms.txt standard
• Pwning Millions of Smart Weighing Machines with API and Hardware Hacking by spaceraccoon hacking writeup networking, web and Bluetooth hardware hacking; the dude has a lot of cool writeups in general
• Belgium is unsafe for CVD by Floor Terra infosec cvd misc amusing, some insights and nuances in CVD (Coordinated Vulnerability Disclosure)
• CVE / NVD doesn’t work for open source and supply chain security by Mark Curphey infosec misc cvd, highlights multiple issues with CVE/NVD in the open source ecosystem
• Multiple Critical Vulnerabilities in Strapi Versions <=4.7.1 by ghostcamm web hacking writeup
• A virtual DOM in 200 lines of JavaScript by Marcelo Lazaroni dev web
• Exploring Mimikatz - Part 1 - WDigest by xpn hacking windows writeup, in-depth dig into one of mimikatz's many modules
• How I hacked medium : The Rise Of Race Conditions by YouGotItComing hacking cvd web writeup, interesting intro to race conditions and some bug bounty drama
• On Hacking by Richard Stallman hacking misc, history and origins of the term "hacking"
• Evolution of Trust by Nicky Case learning misc, interactive game on prisoner's dilemma, community, and trust

Drama Delirium Detention Centre

Fun dev/infosec drama worth sharing. I share these not to ridicule, but because there's always something to learn from these interactions. And some of these are here simply for amusement.

• AI Agent writes ad hominem blog post after having PR rejected - GitHub Issue, an interesting interaction and situation
• .NET CVE-2025-55315 - GitHub Issue, drama around a 9.9-score request smuggling CVE
• notepad++ CVE-2025-56383 - GitHub Issue, drama around risk and local vectors of a Notepad++ "CVE"
• Dev rejects CVE severity, makes his GitHub repo read-only - BleepingComputer
• I am new to GitHub and I have lots to say - reddit
• dnsmasq v VulDB - seclists, dnsmasq risk and CVD drama
• Death by a thousand slops by Daniel Stenberg, AI slop vuln reports on the curl project
• How one programmer broke the internet by deleting a tiny piece of code - quartz, leftpad npm supply chain drama

References and Resources

Useful articles and resources, not necessarily from the indieweb.

• How AI Impacts Skill Formation by Judy Hanwen Shen and Alex Tamkin learning ai, whitepaper, also provides some insights on how to best use AI
• Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS by datadog securitylabs hacking cloud writeup, comprehensive reference for escalation scenarios in AWS EKS
• Windows Internals Resources windows learning, collection of useful resources on the guts of Windows
• How, and why, a journalist tricked news outlets into thinking chocolate makes you thin (paywalled) by The Washington Post misc, news article on a sting operation exposing bad journalism; IMO the science communication and infosecurity industry faces similar issues (sometimes)
• Orange Cyberdefense AD Attack Path Mindmaps windows ad learning