Skip to content

Blog entries

I Built a Local LLM Benchmark Harness, and It Mostly Started as an Argument With My GPU

For a while now I have had the same nagging question that I suspect a lot of people in security and IT have been quietly circling. Which local model is actually good enough for the work I do, and what does "good enough" even mean once you stop hand waving? Not the leaderboard scores, not the demos where someone asks a model to write a haiku about Kubernetes, but the actual workloads. Reading a log. Spotting a brute force that turns into a successful login. Writing an incident report without quietly inventing a threat actor that never existed.

Do We Build More Secure Things When AI Helps Build Them?

AI helps us build secure things vs AI gives them better tools

There is a question circling the industry right now, and it is one worth sitting with rather than answering too quickly: does AI in the development pipeline actually make the things we ship more secure, or does it mostly just give the bad actors a better toolkit?

The honest answer is probably both. Which is not a satisfying thing to say, but it happens to be true.

When did I stop being 26 and unstoppable?

I do not remember exactly when it changed because things like this never happen all at once and maybe that is why it becomes so difficult to notice while it is happening, because one year becomes another and life keeps moving and work keeps demanding things from you and suddenly you wake up one morning with medication beside the coffee machine and realize that somewhere along the way your body stopped quietly cooperating with the life you built around stress, bad sleep, too much sitting still and the constant idea that you would eventually take care of yourself later when there was more time.

When the Security Scanner Becomes the Weapon: The Trivy Compromise of March 2026

I have spent the past week trying to piece together what actually happened with Trivy. Reading advisories, cross-referencing timelines, digging through GitHub issues and incident discussions, trying to separate confirmed facts from speculation. The more I read, the less comfortable I got. Not because the details were unclear, but because they were clear, and the implications kept getting worse.

The tool you run to find vulnerabilities in your container images was the one stealing your cloud credentials. That is what happened on March 19, 2026, when Aqua Security's Trivy scanner and its GitHub Actions integration were compromised in one of the more targeted supply chain attacks I have seen against the DevSecOps ecosystem.

If you have been running aquasecurity/trivy-action in a CI/CD pipeline over the past few months, read this carefully.

Vibe coding feels like having ADHD and 20 minions

There is a moment, somewhere around the third hour, when you realize you have mass-produced an entire ecosystem and you are no longer sure what half of it does.

It started with a small thing. A script, maybe. A helper tool. Something you could describe in two sentences. And then the machine responded, and it was good, and your brain lit up like a pinball machine. So you asked for more. And more. And suddenly you are not building one thing anymore, you are conducting an orchestra of twenty invisible workers who are all extremely eager to please and not one of them will ever tell you to slow down.

  • in Thoughts
  • 2 min read

A Cybersecure Christmas

The servers hum softly this cold Christmas night, while alerts blink like stars in a dashboard of light. A consultant leans back, takes a sip of his tea, and hopes every control maps to NIST, ISO, NIS2-cleanly.

Was it really better before, or why us old geeks think so

Those of us who have been in IT for a while often say it was better before. Not because we miss floppy disks or Windows 3.1, but because we see a fundamental difference in how knowledge was built and used. We had to learn the basics in a way that created deep understanding. That kind of understanding risks being lost in a time when AI, automation, and abstraction allow people to jump straight to the result.

When You Choose to "Snälltolka", You're Deciding What Deserves Your Energy

Most conflicts start in the space between what someone did and what we think they meant. Our brains fill blanks with worst-case motives. That reflex kept our ancestors alive. Today it drains us.

"Snälltolka" breaks that loop. It's a Swedish word that means interpreting someone's actions generously. Not blind trust. Not naivety. Just choosing not to build hostile narratives without evidence.

When love makes you wonder about the weight it carries

I was writing about how good we have it. A simple reflection. Nothing more. Then the thought turned inward and landed somewhere I didn’t expect. I started questioning whether the love I give my kids also makes life harder for them. Not because love is wrong. Not because I doubt it. But because their path will never look like the one I grew up imagining.