Blog

Thoughts on cybersecurity, web development, and learning

Dec 20, 2025 · security
The Terminology Problem Causing Security Teams Real Risks
Jailbreaks target the model's safety training; prompt injection hijacks application trust boundaries. Conflating them leads to defenses that miss your actual threat surface.
Aug 12, 2025 · security
What Makes Indirect Prompt Injections Attacks Succeed
Anatomy of an Indirect Prompt Injection
Aug 26, 2024 · tutorials
Sane Python Debugging in VSCode
A path towards a more reasonable dev experience
Aug 13, 2024 · development
Mastering Stream Detection: Using MutationObserver to Track LLM Responses in Real-Time
A vanilla JavaScript solution for detecting when streaming responses from Large Language Models have completed
Nov 6, 2023 · tutorials
Design Priniciples for Developers
Aug 30, 2023 · documentation
Dealing with Direct Upload Attachments in Tests
The process of directly uploading an attachment means that you are attaching a blob using the blob's `signed_id`. Read on to see how to access a blob's signed_id before the blob is attached to your ActiveRecord model instance in an RSpec suite.