The E-Signature Audit Trail Is Theater
The e-signature industry has conflated legally valid with cryptographically provable for 25 years. Courts are beginning to notice the difference, and so should you....
Your AI Doesn't Deserve Your Trust Yet
How to architect AI trust with deterministic guardrails: Pydantic validators, Redis kill switches, and OAuth scopes. A four-level framework from building financial AI....
The Quantum Computing Threat to Crypto Is Overblown
Quantum computing won't break cryptocurrency for 15-30 years. Meanwhile, social engineering, bridge exploits, and insider threats stole $3.4 billion in 2025....
The Browser Is Your Best Security Sandbox
Modern browsers run untrusted code from millions of sources daily and contain threats successfully. Browser-based applications inherit security properties that native apps can't match....
Watching a Friend Get Hacked in 1987: The Security Lesson That Stuck
A BBS sysop friend got hacked through social engineering in 1987. Watching it happen taught me that the most dangerous vulnerabilities aren't in code - they're in assumptions about trust....
Most Security Breaches Don't Matter
The security industry profits from fear. Most breaches have minimal impact while companies overspend on exotic threats....
My Web Crawler Crashed a Server at Los Alamos
How a homemade web crawler in 1993 crashed a Los Alamos server, the birth of robots.txt, and why AI companies are breaking the web etiquette that held for 30 years....
I Solved Spam in the 90s (Nobody Cared)
In the 1990s, I built RUM (Real User Mail) - a challenge-response system to fight spam. It worked. I never released it. Years later, the industry reinvented it....
The ASR Privacy Paradox
ASR systems need training data. Training data contains sensitive audio. How federated learning solves the conflict between ML requirements and privacy laws....