Authorization Is the Hardest Problem in Security
Authentication proves identity. Authorization determines action boundaries, and that complexity grows faster than most systems do.
Read Article
BLOG
Thoughts on technology, recipes, music and creative processes. A mix of tutorials, opinions and analyses.
Featured Posts
Rate Limiting Is Not a Counter. It Is a Real-Time Governance System.
Rate limiting looks like arithmetic in tutorials, but in production it allocates scarce capacity, encodes fairness assumptions, and shapes client behavior under stress.
RAG Didn’t Solve AI. It Made AI a Systems Engineering Problem.
RAG became the default way to ground LLMs on enterprise data, but that did not solve AI reliability. It exposed a harder reality: retrieval is infrastructure, and the real work is systems design, governance, and evaluation.
Shadow AI: The Systems You Don't Know Are Already Running
Shadow AI is not primarily a compliance failure. It is what happens when capability arrives before permission, and when demand outruns an organization's ability to govern what is already being used.
Creative Recovery Days: What to Do When You Can't Produce Without Losing Momentum
Some low-output days are not failures. They are recovery days. The difference between drift and compounding is whether you know how to protect your creative system when capacity drops.
Categories
Recent Posts
Compliance Is Not Security
Compliance frameworks improve auditability and baseline control discipline, but they do not guarantee resilient security behavior in live systems.
Read Article
Every System Is a Trust Graph
Security architecture can be modeled as a trust graph of principals, resources, and delegated permissions. Incidents often follow graph paths teams never mapped.
Read Article
The Evolution of Coding Part 4: The Next Operating Model (2026 and Beyond)
The future of coding is not human versus AI. It is a systems design problem: assigning cognitive labor to humans and machines with explicit accountability boundaries.
Read Article
The Evolution of Coding Part 5: The Agent Layer (Tools, Tradeoffs, and Real Usage)
A practical guide to coding agents and copilots, including OpenClaw, Codex, and Claude Code: where they deliver leverage, where they fail, and how to integrate them safely.
Read Article
Identity Replaced the Network
Modern security architecture uses identity as the core trust primitive across users, devices, workloads, and services.
Read Article
Latent Image Recurrence: Why AI Image Generators Keep Producing the Same Picture
When diffusion models keep returning the same composition after prompt edits, they are usually not repeating an image. They are converging toward the same high-probability basin in latent space.
Read Article
Microservices Require Identity
Network segmentation cannot secure modern microservices by itself. Service-to-service trust needs explicit identity, mTLS, and policy-aware authorization.
Read Article
The Quantum Security Transition Is Not About Quantum Computers
The critical quantum security risk starts before practical quantum computers arrive, because long-lived encrypted data is being collected now while global cryptographic migration remains slow and operationally complex.
Read Article