Using n8n to create a future email delivery workflow.

Consciously building a bias for action.

I vibe-coded a slot machine to generate project ideas.

I built a drag-and-drop web-based editor for ZAP Automation Framework plans.

Practicing curiosity to stay sane

My reflections on free software and how it has shaped my life in the past 10 years.

An overview of the things I did to setup a Kubernetes cluster at home with old laptops.

How to get Kubernetes Pod metadata for processes on Linux nodes in Kubernetes clusters

An overview of my plain-text accounting workflow.

Stop using Docker build arguments for your secrets!

I wrote a tampermonkey script which adds a review checklist to GitHub PRs.

I share why and how I set up my new microblog that's accessible at til.ricekot.com.

Using Tailscale and a Firefox PAC file to selectively proxy websites that are blocked by the firewall on my college network.

Exploring ZAP Extender scripts - a powerful and underappreciated way to customize OWASP ZAP's behavior.

My solutions to some exercises from the book "Structure and Interpretation of Computer Programs".

Why I think it is important to understand how your tools work.

A guide to testing your APIs for the Spring4Shell vulnerability using Levo.ai, featured on their blog.

Slides and resources from my ZAPCon 2022 presentation are now available.

A guide to detecting the Log4Shell vulnerability using OWASP ZAP, featured on the official ZAP blog.

My Experience as an SDE Intern at Astra Security

A walkthrough of out-of-band application security testing with OWASP ZAP, featured on the official ZAP blog.

Design choices behind the ZAP OAST add-on: file structure for extensibility, GUI design, and moving the callback extension into OAST.

Introducing the OAST add-on for OWASP ZAP, bringing out-of-band security testing capabilities like blind SQLi detection to the proxy.

Detailed solutions to SICP exercises 1.11-1.15, including a deep dive into the order of growth of the count-change procedure.

Setting up a Jekyll blog so themes can be swapped by changing a Git branch, using submodules and GitHub Actions for automation.

Notes and solutions to the first 10 SICP exercises, covering evaluation order, recursion vs. iteration, and tail recursion in Scheme.

Study notes on forces in slender structures: shear force and bending moment diagrams, distributed loading, and singularity functions.

Wrestling with nihilism and meaning through Frankl, Harari, and Cal Newport, and arriving at a personal reason to keep going.

First-place writeup from CTE TechWeekend CTF 2020, covering reverse engineering with Ghidra, .pyc decompilation, and JSON injection.

Notes on the fundamentals of topological spaces: definitions, open sets, discrete and indiscrete topologies, with proofs for co-finite and co-countable topologies.

Announcement of the GraphQL add-on for OWASP ZAP, featured on the official ZAP blog.

Adding full type support, multiple query strategies, and request methods to the ZAP GraphQL query generator.

Building a recursive GraphQL query generator for OWASP ZAP as part of Google Summer of Code 2020, from pseudocode to working Java.

Tackling a tricky proof about preimages of generated sigma-algebras, with a useful StackExchange trick for working with generated collections.

Proving that preimage collections form sigma-algebras, working through exercises 111X(c) and 111X(d) from Fremlin's Measure Theory.

Proving set identities and showing that all intervals are Borel sets, with a neat Archimedean property argument.

Understanding Borel sets by first building up the concepts of generated sigma-algebras and open sets.

Notes on sigma-algebras, countable sets, and measure spaces from Fremlin's Measure Theory series.

Solving Shamir's secret sharing and elliptic curve point doubling to wrap up the cryptography assignment series.

Working through El Gamal digital signatures and applying Hadamard gates to a 2-qubit quantum system.

Tackling Rabin decryption and digital signatures using the Chinese Remainder Theorem and extended Euclidean algorithm.

Solving RSA decryption and digital signature problems step by step, from factoring n to computing modular inverses.

Working through CBC-MAC and Diffie-Hellman key exchange problems by looking up each concept as needed.

Solving a calculus of variations problem from scratch, documenting every search and stumble along the way.

Week 2 of GSoC: building import dialogs for the ZAP GraphQL add-on and mapping out GraphQL data types.

How a love for taking things apart led me to open source and my Google Summer of Code project with OWASP ZAP.

A personal account of giving up my smartphone and social media, and learning to be patient again.

Step-by-step notes on implementing gradient descent for linear regression in PyTorch, with code and visualizations.

Questions and resources I collected while trying to understand gradient descent, autograd, and backpropagation.

Training a ResNet34 model on the MNIST dataset to classify handwritten digits using fastai.

Training a deep learning image classifier to distinguish anime from cartoons using fastai and ResNet34.

Discovering and exploiting a brute-forceable password reset flaw on a website using a Python script.

Implementing the Sieve of Eratosthenes in C++ to generate primes, with a walkthrough of why the algorithm works.

Building a binary search-powered number guessing game in C++ and reflecting on the beauty of simple algorithms.