Posts on {IT}

STATUS.md: a shared file for multi-agent work

Mon, 25 May 2026 19:19:04 +0000

When I work on a bigger task – a new feature, a Terraform change, a small PoC – I usually run it across multiple agents at once. Claude Code in one window for the code, a Cowork session in another for planning and content, sometimes Desktop Claude in a third.

The split works well until I switch between them and have to type some flavour of “where are we?” so the agent can guess. Each one has its own TODO list. None of them can see the others’. And so I end up as the human message bus, with the context windows filling up with status updates instead of actual work.

How I spent a weekend reinventing a 50-cent chip

Sat, 25 Apr 2026 14:21:17 +0000

An optocoupler is a part I’d seen in schematics for a while and quietly skipped over. There’s an LED pointed at a photo-sensitive transistor with a dashed line between them. The dashed line is the entire point: the two halves of the part are not electrically connected.

The signal crosses as light, over a few hundred microns of darkness – and I wanted to see it work! So I built one on a breadboard before reaching for an actual 4N35 chip.

DIY Bluetooth Kobo page-turner remote with ESP32 and Lilka

Fri, 23 Jan 2026 17:20:24 +0000

Page-turn clickers are a real category: Kobo even sells an official remote so you can turn pages without poking the screen all the time. The official remote was out of stock when I thought of getting one, and the price was a bit on the higher end. So I thought of an interesting alternative: emulate the same thing with an ESP32 module, but with no hacks on the reader itself.

A minimal LLM Ops stack with tracing and model costs

Wed, 14 Jan 2026 12:30:35 +0000

Many “LLM app” demos stop the moment the model produces a decent-looking answer. However, when the app becomes more real, you get extra questions:

What context did the model actually see?
Did retrieval find anything useful. Or nothing at all?
What did this request cost? How do you compare it to another request?
Did a “small prompt tweak” quietly break refund handling?

In an attempt to make those questions easier to answer, I built a tiny FastAPI “customer support reply drafter” app and integrated it with Langfuse. The goal was to have a workflow where every request leaves a trail you can inspect, and where changes are measurable.

RAG: A (mostly) no-buzzword explanation

Wed, 19 Nov 2025 18:41:45 +0000

LLMs, like the ones behind ChatGPT or Gemini, have two big weaknesses:

Their knowledge is frozen at training time (“knowledge cutoff”)
They can “hallucinate” or confidently make things up

Retrieval-Augmented Generation (RAG) is a pattern that fixes both problems by giving an LLM access to the right data at answer time. Instead of asking the model to “remember everything”, RAG lets it look things up first, then answer.

Core idea

RAG = search for relevant documents → feed them into the LLM → have the LLM respond using (also) those documents.

Unikernels, without the marketing

Wed, 15 Oct 2025 05:12:00 +0000

TL;DR

A unikernel is your app compiled together with only the OS pieces it really needs, producing a tiny binary that boots inside a microVM (e.g., Firecracker/KVM).

Result: fast starts, small footprint, and stronger isolation than containers, at the cost of trickier tooling and ops around it.

When I saw Prisma put “serverless” and “no cold starts” in the same breath for Prisma Postgres, my Lambda scars tingled 😄

When speed becomes strategy 💨

Mon, 13 Oct 2025 19:21:12 +0000

Startups thrive on speed and hustle. But when everything feels urgent, how can you tell what actually matters?

In many founder-led companies, management ends up being more reactive than intentional. There’s little in the way of a product roadmap, structured hiring plan, or resource allocation. The focus shifts to whatever’s on fire today.

Hands-on leadership keeps momentum high − but often at the cost of clarity. Teams start juggling ad-hoc requests, switching tasks mid-sprint as priorities shift faster than plans can keep up.

Solving the Openfire Lab Blue team challenge

Sun, 24 Aug 2025 11:34:34 +0000

Today we’re reviewing a vulnerability in Openfire. It is a self-hosted alternative to Slack/Teams: you run it on your own infrastructure, control the data, and extend it with plugins.

As a cybersecurity analyst, you are tasked with investigating a data breach targeting your organization’s Openfire messaging server.

Attackers have exploited a vulnerability in the server, compromising sensitive communications and potentially exposing critical data.

Your task is to analyze the provided network capture files using Wireshark. Identify evidence of the exploitation, trace the attacker’s actions, and uncover indicators of compromise.

Solving the ShadowCitadel Lab Blue team challenge 🫆

Sun, 10 Aug 2025 19:33:14 +0000

Today, we dive into a host-based forensics investigation − a curious case of a breach inside the enterprise environment of a company called TechSynergy:

A leading tech firm, TechSynergy, has detected an anomaly after an employee engaged with an unexpected email attachment. This triggered a series of covert operations within the network, including unusual account activity and system alterations.

Security alerts indicate potential access to sensitive infrastructure, with suspicious outbound traffic raising red flags. The incident response team fears a sophisticated attack may be underway, threatening critical data.

How to prevent token misuse in LLM integrations

Tue, 22 Jul 2025 19:46:56 +0000

LLMs are powerful. And expensive. Every token counts, and if you’re building something that uses an LLM API (Claude, OpenAI, Gemini or PaLM, Mistral, etc.), malicious users can abuse it to burn through your credits. This is especially true for apps that take user input and feed it to the model.

The trick is that an attacker doesn’t have to hack your servers. Not even SQL-inject it. They just have to convince the LLM to do something it shouldn’t by crafting a proper prompt. So, actually, it does look a bit like an SQL injection, but for AI prompts.

Solving the XLMRat Blue team challenge

Sat, 28 Jun 2025 13:46:59 +0000

Today we’re looking at the XLMRat malware. It is a remote access trojan (hence the RAT part) built to be small, sneaky, and stupidly persistent. It typically rides in via phishing or social engineering, often disguised as something mundane, like a JPG or TXT file. It targets Windows systems and speaks fluent PowerShell.

It’s popular among low-effort attackers looking for ready-made tools that still pack a punch. Especially in campaigns targeting individuals or small orgs where endpoint hygiene is weak. There’s a block with more information at the end of this post ⬇️

A pint with Jimothy: on fear, ego, and hiring smarter

Thu, 12 Jun 2025 14:27:01 +0000

☕️ We started with coffee, like most chats do. Black for me, cappuccino for Jimothy (he actually prefers Jim, or James). Corner terrace, Singelgracht. One of those confusing Amsterdam afternoons where the sky can’t decide – sunlight breaks through the clouds, then ducks back behind them. Just long enough to let a few leaves blow across the wet stone.

Jim’s good at what he does. Senior technical manager at a mid-sized SaaS company. Knows the systems, understands the roadmap, has decent rapport with his engineers. But somewhere between the first sip and the second, he leans in and says quietly:

Billion-dollar brains: the real cost of AI

Mon, 26 May 2025 19:31:59 +0000

AI-assisted coding feels like magic. You type what you want, and out comes working code. (well, maybe after a few hours of setup – but still)

Like all magic, though, it has a cost. And right now, that cost is mostly hidden – even as the invoices show up every month. What makes it work is a stack of expensive infrastructure: thousands of GPUs, power-hungry data centers, and cloud contracts worth billions.

Solving the BlueSky Ransomware Blue team challenge

Sun, 18 May 2025 16:35:26 +0000

Today we’re looking at the BlueSky ransomware, a strain of malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. First detected in June 2022, it shares similarities with other notorious ransomware families like Conti and Babuk.

BlueSky spreads through methods such as phishing emails, malicious links, and network protocols like SMB (port 445 TCP). Once inside a system, it uses advanced evasion techniques, such as hiding threads from debuggers, to avoid detection. It targets both files and processes, encrypting files with RSA encryption and adding the .bluesky extension to them while maintaining operational stability by avoiding critical system processes.

When Slack starts to feel like a DDoS attack

Wed, 07 May 2025 16:53:49 +0000

In software engineering, we often rely on “exponential back-off” when retrying failed network requests – a technique where each subsequent attempt is spaced out further in time to avoid overloading the system. Oddly enough, I’ve found myself applying a similar concept to human communication.

As an Engineering lead, I’m frequently on the receiving end of an unrelenting stream of requests:

A Slack ping about a pressing issue
A pull request to review
A CV from a recruiter
Another CV for a completely different role
A message from customer support about an urgent user complaint
An escalation from the Security team
A calendar invite
A last-moment meeting reschedule
A quick question (this one’s my favorite)

All of this happens while I’m trying to carve out focused time to work on broader goals: improving team processes, ensuring teams have clear direction, and writing progress reports or strategic documentation. Even with AI-assisted tools, writing takes time – because effective communication requires tailoring the message to its audience. Tone matters. Clarity matters. Accuracy matters.

Solving the DanaBot Blue team challenge

Sun, 04 May 2025 19:54:58 +0000

In this blog post, we’ll walk through a Blue Team lab challenge hosted by CyberDefenders, specifically investigating a breach scenario involving DanaBot malware.

The SOC team has detected suspicious activity in the network traffic, revealing that a machine has been compromised. Sensitive company information has been stolen. Your task is to use Network Capture (PCAP) files and Threat Intelligence to investigate the incident and determine how the breach occurred.

The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/danabot.

AI for Engineering managers: adapt now or trail behind

Sat, 19 Apr 2025 15:43:11 +0000

Remember when a five‑digit Stack Overflow score was a flex?

Today that, and a vintage 2022 playbook will buy you precisely zero leverage.

Yesterday’s job, tomorrow’s irrelevance

Many Engineering managers still run on three rituals:

Status ✨astrology✨ or endless forecasting of ticket constellations. Hours massaging burndown charts, Jira dashboards, stand‑up forecasts – cargo‑cult evidence that the sprint is “on track”.
Stakeholder ~~appeasement~~ management: slide decks, project reviews, “quick syncs” to keep exec egos fed and legal teams comfy.
People babysitting – counting story points, asking to update Jira, tolerance checks for burnout, sniffing out AI-powered overemployment. By the way, did you know of r/overemployed?

However, none of those moves the product faster. Meanwhile, AI agents are quietly doing code reviews, generating boilerplate, even writing RFCs. The org chart hasn’t noticed – yet.

Impostor syndrome: kicking self-doubt to the curb

Sun, 23 Mar 2025 04:51:00 +0000

In a previous post, I looked at managing time effectively as an Engineering manager, drawing from Aviv Ben-Yosef’s insightful book, The Tech Executive Operating System.

Today, let’s explore another valuable lesson from this book: how to recognize and handle impostor syndrome in the moments when it affects us most.

We’re all familiar with IS − the nagging self-doubt that makes us feel undeserving of our achievements. Less than. The pervasive worry that others will “find out” we aren’t as competent as we seem.

The unboring NIST SP 800-190

Tue, 18 Mar 2025 05:14:00 +0000

When most of us hear “NIST guidelines”, our first reaction might be “another boring PDF I’ll never open again”.

My first encounter with NIST Special Publication 800-190 happened when I was studying for the GIAC GCSA exam, which is focused on DevSecOps and container security. The SP 800-190 is refreshingly different. It isn’t just another checkbox compliance document – it genuinely provides practical, actionable steps to enhance container security posture.

A convenient homelab SSH jumphost (without the drama)

Sat, 08 Mar 2025 06:44:00 +0000

Managing a homelab is all fun and games until you’re knee-deep in IP addresses, SSH keys, and trying to remember if this server was the one with Kubernetes or the one you broke last Tuesday.

SSH-ing into multiple machines gets messy fast – unless you love memorizing IPs and usernames like some sort of 2000s hacker movie character.

I didn’t 🤷‍♂️

So, I set out to build an SSH jumphost that keeps a list of all servers and lets me connect to any of them by simply picking a friendly name from a menu. No more mental gymnastics – let me show you how I did it.

Too many tabs open? Why real multitasking is hard

Tue, 04 Mar 2025 02:42:00 +0000

I recently attempted to write a blog post exploring how our human memory is limited and how easily things slip between the cracks when life gets overwhelming.

The original draft was around 2,300 words – painstakingly researched, peppered with references to scientific studies, and teetering into “academic essay” territory. It ended up so dense and dry that it felt more like a term paper than a friendly blog post.

So, after wrestling with it for a week, I did the unthinkable: trashed all of it and decided to start fresh!

Proxmox firewall layers in simple terms

Sun, 19 Jan 2025 06:56:00 +0000

Proxmox VE is a phenomenal open-source virtualization platform that many of us (myself included) absolutely love. It’s powered by a strong community, and the fact that we can use it for free in our home labs or even in small production environments is a huge blessing.

In my early days with Proxmox, I struggled a bit with its firewall configuration. Then I took some time to learn how it’s laid out, and the entire system started to make sense.

Before you lead: honest questions for aspiring managers

Mon, 13 Jan 2025 04:33:00 +0000

So you’ve spent years honing your craft as an individual contributor (IC), and now you’re considering a transition to a leadership position. The appeal is obvious: greater influence, more responsibility, and a unique chance to shape your organization’s trajectory. However, stepping into a lead role comes with challenges that aren’t always highlighted in the job description.

One of the most significant hurdles is the shift in mindset that this move demands. Instead of focusing your energy on perfecting technical solutions or improving your own output, you’ll need to foster team dynamics, resolve interpersonal issues, and guide others to success.

Managing time as an Engineering manager

Tue, 24 Dec 2024 05:14:00 +0000

Every Engineering manager knows the feeling: you wake up already juggling a thousand thoughts, your calendar is a battlefield, and Slack notifications seem endless. It’s a chaotic yet rewarding role, one where the pressure to deliver is only rivaled by the satisfaction of seeing your team succeed.

In 2024, my days as an Engineering manager (EM) were a constant balancing act. I want to share what those days looked like, the challenges I faced, and how I’ve since discovered a helpful framework for managing time better in Aviv Ben-Yosef’s “The Tech Executive Operating System” book.

Passkeys – the future of secure authentication

Mon, 02 Dec 2024 13:44:25 +0000

As a long-term fan of Yubikeys, I quickly got curious about this relatively new concept called “passkeys”. Big companies like Apple, Amazon, and Mastercard are nudging their users to adopt passkeys and use them instead of passwords. The “instead of passwords” part really got me curious!

Since forever, passwords have been a part of our online lives for as long as we can remember. But let’s be honest: most of us have a love-hate relationship with them. They’re either too easy to guess or so complex that we forget them entirely. Yes, even if it’s just one master password to a password vault like Bitwarden or LastPass.

Say “yes” to SBOMs!

Fri, 22 Nov 2024 14:11:03 +0000

Picture this: your software application is running smoothly in production, serving thousands of users. Then, you hear about a new critical vulnerability affecting open-source libraries, and panic sets in. Is your application exposed? If so, which part is at risk? Without a clear map of your software’s components, answering these questions can feel like searching for a needle in a haystack.

This is where a Software bill of materials, or SBOM, becomes invaluable. An SBOM is like a recipe list for your software, cataloging every ingredient − libraries, dependencies, and components making up your application. Just as food labels provide transparency (‑ish) about what you’re consuming, an SBOM ensures full visibility into what’s inside your apps.

Getting it right: security awareness program on a budget

Mon, 22 Jul 2024 10:39:43 +0000

Introducing a Security Awareness program is becoming increasingly important for organizations as the cybersecurity landscape changes rapidly. This undertaking becomes even more challenging if the security team is new to the organization and operates on a limited budget.

In this blog post, I share my experience implementing a security awareness program enriched by extensive research and insights from consulting with industry experts. This guide is designed to be highly practical to help you build and execute an effective program without breaking the bank.

Is my business secure? First look at the SAMM framework

Tue, 09 Apr 2024 04:15:00 +0000

Security is becoming more important for businesses operating in an increasingly complex landscape of cyber threats and data breaches. Small businesses often don’t have the advanced security measures and resources that larger enterprises possess, making them particularly vulnerable targets for cyberattacks.

A breach can result in significant financial losses, reputational damage, and legal liabilities, which can be catastrophic for small businesses. Therefore, investing in adequate security measures is essential, and in this post, we will look at the SAMM framework that allows us to take control of the situation.

Short review: “Search in Plain Sight”

Wed, 20 Mar 2024 18:05:11 +0000

Priceless find

Someone posted a recommendation for this book on one of the LeadDev Slack channels. I always considered recruiters partners rather than merely a “resource”, so I became interested in the book as a way to learn more about that world. It promised to show recruitment from within, and then I discovered that it is written for candidates. It doesn’t get better than this!

The book is “Search in Plain Sight: Demystifying Executive Search” by Somer Hackley.

Solving the WebStrike Blue Team Challenge

Sun, 17 Dec 2023 21:12:03 +0000

The challenge

In the intricate world of cybersecurity, every attack leaves behind digital footprints waiting to be deciphered. In this post, we embark on a brief journey to unravel a cyber threat, dissecting each element that reveals an attacker’s origin, tactics, and motives. Let’s dive in.

The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/webstrike/.

Note: This post is not sponsored by or affiliated with CyberDefenders.

Planning with confidence: high-level estimates in software projects

Sun, 27 Aug 2023 16:55:26 +0000

It is not always easy or pleasant to talk about estimates. On the one hand, it’s a fun activity of trying to look far enough into the future. On the other hand, high-level estimates are often taken as a commitment. It gets shared with the bigger org, the sales organization (read customers), and ultimately with the company leadership.

High-level estimates in software engineering are preliminary projections of the time, effort, and resources required to complete a software project. These estimates provide a broad overview during the initial planning phase and help stakeholders understand the general scope and feasibility of the project before delving into detailed planning, commitments to customers, and execution. High-level estimates also guide decision-making and resource allocation, setting the foundation for the project’s direction and expectations.

Office space: flex desks vs. reserved spaces 🔥

Sun, 13 Aug 2023 11:27:00 +0000

The discussion

In the previous office of my current company, we had a flex desk policy. People would pick a spot to sit as they came to work (in hybrid WFH and in-office setup).

As we learned that an office move was coming up, there were discussions regarding the pros and cons of two approaches to office seating: flex desks and reserved spaces. Both are very different office space arrangements, each with its own set of advantages and disadvantages.

The delegation spectrum

Sun, 06 Aug 2023 16:50:46 +0000

The idea behind delegation is clear: to free up time to focus on other important work while offering your team opportunities for growth and development. It sounds simple, yet, it’s hard to do, and there’s no good (as in, always working) instruction manual to it.

In this blog post, I will not try to offer the manual but share some advice heavily inspired by a great book on career development called Rise by Patty Azzarello.

Crimediggers: solving the cyber challenge

Sun, 16 Apr 2023 15:37:09 +0000

Crimediggers is a promotional escape game brought out by the Dutch police. It’s a very high-quality, realistic challenge and generally aimed at recruiting digital specialists for the police’s cybercrime teams. Completing Crimediggers requires previous knowledge in the computer security domain.

In this post, I share my path of progressing through the challenges. Solutions to the individual objectives will not be included, where possible, to avoid taking the fun away from other participants. DM me if you need help with any of these, and I’ll be happy to assist. Let’s get started!

The engineering manager role explained

Mon, 26 Sep 2022 22:20:54 +0000

Explaining the engineering manager role is not a new subject. Nevertheless, the EM function is often defined differently depending on the company, its size, and even the market it operates. In this post, I offer my version of it, in an attempt to provide a new, valuable perspective.

Fun fact: this is the first piece on this blog featuring hand-drawn graphics ✏️

Who will find it useful

The information in this blog post will be helpful to people who collaborate with Engineering managers at work, willing to learn more about the role. For example, software engineering and recruitment professionals, SaaS sales experts, and individuals interested in becoming an EM.

Getting things done with to-do lists

Mon, 18 Jul 2022 03:23:00 +0000

Is this another piece on to-do lists? Yes and no: we will cover the topic of using a to-do list for work, however, from a highly practical standpoint.

Thinking about it, the human brain did not evolve to keep track of the jillion things we think about daily, but we still expect it to remember tasks from the three projects at work, home chores, social follow-ups, free time activities, and much more. And let’s not forget we want it all structured and prioritized.

Conflict resolution: practical guide for leaders

Mon, 26 Jul 2021 00:37:00 +0000

In this post, I will discuss conflict in the workplace, its importance for a healthy team, and a few approaches to handling it successfully. If you’d like to jump straight to the practical part, please scroll to “Conflict resolution strategy”.

Conflict management is probably not the most exciting element of a manager’s job. Still, it is a big part of it and can not be left “for later”. Conflict buildup is easy to sweep under the rug, yet here are some of the very evident consequences of doing that:

Make your new recruiter work for you 🧑‍💻

Sat, 15 May 2021 12:12:21 +0000

Your team is growing, and hiring has to scale proportionally. It’s a great moment to consider adding some power to the team by getting a recruitment professional on board. It is also worth remembering that the recruiter is the face of your company in the talent pool. Often, the recruiter will be the only person candidates will come in contact with.

These are all very valid reasons to make sure your new recruiter works for you and truly helps strengthen the team.

4 easy steps for better onboarding 🏄

Tue, 04 May 2021 21:39:37 +0000

Onboarding process is a defining moment in how well a new colleague starts their journey in your organisation. Onboarding can be time-consuming and a bit hectic, especially if hiring is happening at a fast pace. Not having an efficient process may also quickly cripple people’s schedules.

In my experience, the following practices can bring structure to the onboarding process and give new employees a refreshing, thorough, and professional welcome to their new position.