Culture is not revealed by behaviour under control, but by motive under autonomy. Highly controlled environments mask intent and allow organisations to promote leaders whose inner compass has never been tested. When controls are later removed at seniority, behaviour shocks leadership and risk materialises. Durable outcomes, whether in fraud prevention, customer trust, or leadership quality, only occur when actions are … Continue reading “The Power of Motives: Why Culture Is Revealed When Control Is Released”
1. The Question That Exposes Everything Walk into any large organisation and ask a deceptively simple question: “What does everyone do?” Not what are your job titles, not what does your org chart say, but what do people actually do all day. The silence that follows is never accidental. This blog is a reframing of Pournelle’s Iron Law of Bureaucracy, … Continue reading “Managing Organisational Bloat: What Does Everyone Do?”
If you look back over time at all once great companies, you will see that eventually simplicity gave way to scale. What are some of the risks that drive this? This is where many great banks lose their edge. But is this really a shared destiny for all banks, or did the leadership simply fail to lead? It is a … Continue reading “Is Banking Complexity a Shared Destiny or Is It a Leadership Failure?”
1. The Organisation That Optimised for Distrust I once worked in a company with spectacularly low trust. Everything took ages (like years), quality was inconsistent (at best),costs were extraordinary and there was almost no common understanding of why things were so bad. Clients were charged a small fortune for products that competitors could deliver at a fraction of the price. … Continue reading “Why Low Trust Organisations Confuse Control with Delivery”
Why do Companies Get Stability So Wrong? Most companies do not fail because they cannot innovate. They fail because they misjudge stability. Some organisations under invest. They chase features, growth, and deadlines while stability quietly drains away. Outages feel sudden. Incidents feel unfair. Leadership asks how this happened “out of nowhere”. Other organisations over invest. They build process on process, … Continue reading “Stability : The Water of Life for Engineering”
I have started writing production code again. Not prototypes. Not proofs of concept. Real systems. Real risk. Real consequences. At Capitec, a very small group of engineers is now tackling something that would historically have demanded hundreds of people: large scale rewrites of core internet banking capabilities. This is not happening because budgets magically increased or timelines became generous. It … Continue reading “The New Engineering Equation: Why AI Is Tipping the Table Back to the Builders”
Why More Information Doesn’t Mean More Understanding We’ve all heard the mantra: data is the new oil. It’s become the rallying cry of digital transformation programmes, investor pitches, and boardroom strategy sessions. But here’s what nobody mentions when they trot out that tired metaphor: oil stinks. It’s toxic. It’s extraordinarily difficult to extract. It requires massive infrastructure, specialised expertise, and … Continue reading “The Famine of Wisdom in the Age of Data Gluttony”
1. Technology Is an Infinite Game and That Is the Point Technology has no finish line. There is no end state, no final architecture, no moment where you can stand back and declare victory and go home. It is an infinite game made up of a long sequence of hard fought battles, each one draining, each one expensive, each one … Continue reading “The Frustration of the Infinite Game”
Modern networks are far more complex than the simple point to point paths of the early internet. Equal Cost Multi Path (ECMP) routing, carrier grade NAT, and load balancing mean that packets from your machine to a destination might traverse entirely different network paths depending on flow hashing algorithms. Traditional traceroute tools simply cannot handle this complexity, often producing misleading … Continue reading “Dublin Traceroute on macOS: A Complete Installation and Usage Guide”
Ever wondered how to adjust the time window before your Mac demands a password again after using Touch ID? Here’s how to configure these settings from the terminal. Screen Lock Password Delay The most common scenario is controlling how long after your screen locks before a password is required. This setting determines whether Touch ID alone can unlock your Mac … Continue reading “Controlling Touch ID and Password Timeout on macOS”
Figure 1: Traditional DR Exercise vs Real World Outage Disaster recovery is one of the most comforting practices in enterprise technology and one of the least honest. Organisations spend significant time and money designing DR strategies, running carefully choreographed exercises, producing polished post exercise reports, and reassuring themselves that they are prepared for major outages. The problem is not intent. … Continue reading “Disaster Recovery Theater: Why Most DR Exercises Achieve Almost Nothing”
When something is “slow” on a network, opinions arrive before evidence. Storage teams blame the network, network teams blame the application, and application teams blame “the cloud”.☁️ iperf3 cuts through that noise by giving you hard, repeatable, protocol-level facts about throughput, latency behavior, and packet loss. This post explains what iperf3 actually measures, how it works, how to install it, … Continue reading “iperf3: The Engineer’s Swiss Army Knife for Network Performance Testing”
The in memory data store landscape fractured in March 2024 when Redis Inc abandoned its BSD 3-clause licence in favour of the dual RSALv2/SSPLv1 model. The community response was swift and surgical: Valkey emerged as a Linux Foundation backed fork, supported by AWS, Google Cloud, Oracle, Alibaba, Tencent, and Ericsson. Eighteen months later, both projects have diverged significantly, and the … Continue reading “Redis vs Valkey: A Deep Dive for Enterprise Architects”
PostgreSQL 18: A Grown-Up Release for Serious Workloads Introduction Every few years PostgreSQL delivers a release that does not just add features, but quietly shifts what the database is capable of at scale. PostgreSQL 18 is one of those releases. This is not a flashy new syntax everywhere upgrade. Instead, Postgres 18 focuses on long-standing pain points that operators, performance … Continue reading “PostgreSQL 18 A Grown Up Release for Serious Workloads”
Real time mobile chat represents one of the most demanding challenges in distributed systems architecture. Unlike web applications where connections are relatively stable, mobile clients constantly transition between networks, experience variable latency, and must conserve battery while maintaining instant message delivery. This post examines the architectural decisions behind building mobile chat at massive scale, the problems each technology solves, and … Continue reading “Scaling Mobile Chat to Millions: Architecture Decisions for Apache Pekko, SSE, and Java 25”
1. Introduction Organisations like to believe they reward outcomes. In reality, they reward visibility. This is the essence of the Last Mile Fallacy: the mistaken belief that the final visible step in a chain of work is where most of the value was created. We tip the waiter rather than the chef, praise the presenter rather than the people who … Continue reading “The Last Mile Fallacy”
Running WordPress on ARM-based Graviton instances delivers up to 40% better price-performance compared to x86 equivalents. This guide provides production-ready scripts to deploy an optimised WordPress stack in minutes, plus everything you need to migrate your existing site. Why Graviton for WordPress? Graviton3 processors deliver: The t4g.small instance (2 vCPU, 2GB RAM) at ~$12/month handles most WordPress sites comfortably. For … Continue reading “Create / Migrate WordPress to AWS Graviton: Maximum Performance, Minimum Cost”
The Problem: macOS Will Delete Your Local Files If you try to disable iCloud Drive syncing for your Desktop and Documents folders using the macOS System Settings interface, you’ll encounter this alarming warning: If you continue, items will be removed from the Desktop and the Documents folder on this Mac and will remain available in iCloud Drive. New items added … Continue reading “MacOSX: How to Disable iCloud Desktop Sync Without Losing Your Files”
There’s a peculiar asymmetry in how humans handle their own incompetence. It reveals itself most starkly when you compare two scenarios: a cancer patient undergoing chemotherapy, and a project manager pushing delivery dates on a complex technology initiative. Both involve life altering stakes. Both require deep expertise the decision maker doesn’t possess. Yet in one case, we defer completely. In … Continue reading “Incompetence Asymmetry: Deference, Delusion, and Delivery Failures”
1. Backups Should Be Boring (and That Is the Point) Backups are boring. They should be boring. A backup system that generates excitement is usually signalling failure. The only time backups become interesting is when they are missing, and that interest level is lethal. Emergency bridges. Frozen change windows. Executive escalation. Media briefings. Regulatory apology letters. Engineers being asked questions … Continue reading “Why Rubrik’s Architecture Matters: When Restore, Not Backup, Is the Product”
In September 2025, Matt Raine sat before the US Senate Judiciary Subcommittee on Crime and Counterterrorism and read aloud from his son’s ChatGPT logs. Adam Raine was sixteen when he died. His father described how the chatbot had become Adam’s closest confidant, how it had discussed suicide methods with him, how it had discouraged him from telling his parents about … Continue reading “Artificial Intelligence: When Helpful Becomes Harmful: Engineering AI Systems That Know When to Stop”
AI is a powerful accelerator when problems are well defined and bounded, but in complex greenfield systems vague intent hardens into architecture and creates long term risk that no amount of automation can undo. 1. What Vibe Coding Really Is Vibe coding is the practice of describing intent in natural language and allowing AI to infer structure, logic, and implementation … Continue reading “Vibe Coding: AI Can Write Code But It Cannot Own the Consequences”
Darwinian Architecture Philosophy How Domain Isolation Creates Evolutionary Pressure for Better Software After two decades building trading platforms and banking systems, I’ve watched the same pattern repeat itself countless times. A production incident occurs. The war room fills. And then the finger pointing begins. “It’s the database team’s problem.” “No, it’s that batch job from payments.” “Actually, I think it’s … Continue reading “Darwinian Architecture Philosophy: How Domain Isolation Creates Evolutionary Pressure for Better Software”
Most organisations don’t fail because they lack intelligence, capital, or ambition. They fail because leadership becomes arrogant, distant, and insulated from reality. What Is Humility? Humility is the quality of having a modest view of one’s own importance. It is an accurate assessment of one’s strengths and limitations, combined with an openness to learning and an awareness that others may … Continue reading “Corporate Humility Is a Survival Trait”
A Complete Guide to Archiving, Restoring, and Querying Large Table Partitions When dealing with multi-terabyte tables in Aurora PostgreSQL, keeping historical partitions online becomes increasingly expensive and operationally burdensome. This guide presents a complete solution for archiving partitions to S3 in Iceberg/Parquet format, restoring them when needed, and querying archived data directly via a Spring Boot API without database restoration. … Continue reading “Aurora PostgreSQL: Archiving and Restoring Partitions from Large Tables to Iceberg and Parquet on S3”
I wanted to write about the trends we can see playing out, both in South Africa and globally with respect to: Large Retailers, Mobile Networks, Banking, Insurance and Technology. These thoughts are my own and I am often wrong, so dont get too excited if you dont agree with me 🙂 South Africa is experiencing a banking paradox. On one … Continue reading “Banking in South Africa: Abundance, Pressure, and the Coming Consolidation”
1. Introduction Java 25 introduces a significant enhancement to application startup performance through the AOT (Ahead of Time) cache feature, part of JEP 483. This capability allows the JVM to cache the results of class loading, bytecode parsing, verification, and method compilation, dramatically reducing startup times for subsequent application runs. For enterprise applications, particularly those built with frameworks like Spring, … Continue reading “Java 25 AOT Cache: A Deep Dive into Ahead of Time Compilation and Training”
1. Introduction The Enterprise Service Bus (ESB) once promised to be the silver bullet for enterprise integration. Organizations invested millions in platforms like MuleSoft, IBM Integration Bus, Oracle Service Bus, and TIBCO BusinessWorks, believing they would solve all their integration challenges. Today, these same organizations are discovering that their ESB has become their biggest architectural liability. The rise of Apache … Continue reading “The Death of the Enterprise Service Bus: Why Kafka and Microservices Are Winning”
The Model Context Protocol (MCP) represents a fundamental shift in how we integrate Large Language Models (LLMs) with external data sources and tools. As enterprises increasingly adopt AI powered applications, understanding MCP’s architecture, operational characteristics, and practical implementation becomes critical for technical leaders building production systems. 1. What is Model Context Protocol? Model Context Protocol is an open standard developed … Continue reading “Model Context Protocol: A Comprehensive Guide for Enterprise Implementation”
Executive Summary CVE-2024-3094 represents one of the most sophisticated supply chain attacks in recent history. Discovered in March 2024, this vulnerability embedded a backdoor into XZ Utils versions 5.6.0 and 5.6.1, allowing attackers to compromise SSH authentication on Linux systems. With a CVSS score of 10.0 (Critical), this attack demonstrates the extreme risks inherent in open source supply chains and … Continue reading “Understanding and Detecting CVE-2024-3094: The React2Shell SSH Backdoor”
1. Introduction Understanding and testing your server’s maximum concurrent stream configuration is critical for both performance tuning and security hardening against HTTP/2 attacks. This guide provides comprehensive tools and techniques to test the SETTINGS_MAX_CONCURRENT_STREAMS parameter on your web servers. This article complements our previous guide on Testing Your Website for HTTP/2 Rapid Reset Vulnerabilities from a macOS. While that article … Continue reading “Testing Maximum HTTP/2 Concurrent Streams for Your Website”
Introduction In August 2023, a critical zero day vulnerability in the HTTP/2 protocol was disclosed that affected virtually every HTTP/2 capable web server and proxy. Known as HTTP/2 Rapid Reset (CVE 2023 44487), this vulnerability enabled attackers to launch devastating Distributed Denial of Service (DDoS) attacks with minimal resources. Google reported mitigating the largest DDoS attack ever recorded at the … Continue reading “Testing Your Website for HTTP/2 Rapid Reset Vulnerabilities from a macOS”
1. Size Was Once Mistaken for Stability For most of modern banking history, stability was assumed to increase with size. The thinking was the bigger you are, the more you should care, the more resources you can apply to problems. Larger banks had more capital, more infrastructure, and more people. In a pre-cloud world, this assumption appeared reasonable. In practice, … Continue reading “Why Bigger Banks Were Historically More Fragile and Why Architecture Determines Resilience”
1. Introduction In networking, OSPF (Open Shortest Path First) is a routing protocol that ensures traffic flows along the shortest and lowest cost path through a network. It does not care about hierarchy, seniority, or intent. It routes based on capability, cost, and reliability. Modern engineering organisations behave in exactly the same way, whether they realise it or not. Workloads … Continue reading “Comparing OSPF to Human Workload Resolution”
1. Introduction Java’s concurrency model has undergone a revolutionary transformation with the introduction of Virtual Threads in Java 19 (as a preview feature) and their stabilization in Java 21. With Java 25, virtual threads have reached new levels of maturity by addressing critical pinning issues that previously limited their effectiveness. This article explores the evolution of threading models in Java, … Continue reading “A Deep Dive into Java 25 Virtual Threads: From Thread Per Request to Lightweight Concurrency”
1. Introduction Garbage collection has long been both a blessing and a curse in Java development. While automatic memory management frees developers from manual allocation and deallocation, traditional garbage collectors introduced unpredictable stop the world pauses that could severely impact application responsiveness. For latency sensitive applications such as high frequency trading systems, real time analytics, and interactive services, these pauses … Continue reading “Deep Dive: Pauseless Garbage Collection in Java 25”
1. Introduction This guide walks you through setting up Memgraph with Claude Desktop on your laptop to analyze relationships between mule accounts in banking systems. By the end of this tutorial, you’ll have a working setup where Claude can query and visualize banking transaction patterns to identify potential mule account networks. Why Graph Databases for Fraud Detection? Traditional relational databases … Continue reading “MacOs: Getting Started with Memgraph, Memgraph MCP and Claude Desktop by Analyzing test banking data for Mule Accounts”
Introduction NMAP (Network Mapper) is one of the most powerful and versatile network scanning tools available for security professionals, system administrators, and ethical hackers. When combined with Claude through the Model Context Protocol (MCP), it becomes an even more powerful tool, allowing you to leverage AI to intelligently analyze scan results, suggest scanning strategies, and interpret complex network data. In … Continue reading “MacOs: Deep Dive into NMAP using Claude Desktop with an NMAP MCP”
Prepared statements are one of PostgreSQL’s most powerful features for query optimization. By parsing and planning queries once, then reusing those plans for subsequent executions, they can dramatically improve performance. But this optimization comes with a hidden danger: sometimes caching the same plan for every execution can lead to catastrophic memory exhaustion and performance degradation. In this deep dive, we’ll … Continue reading “Deep Dive into PostgreSQL Prepared Statements: When Plan Caching Goes Wrong leading to Memory Exhaustion”
1. What Are Stablecoins? Stablecoins are a type of cryptocurrency designed to maintain a stable value by pegging themselves to a reserve asset, typically a fiat currency like the US dollar. Unlike volatile cryptocurrencies such as Bitcoin or Ethereum, which can experience dramatic price swings, stablecoins aim to provide the benefits of digital currency without the price volatility. The most … Continue reading “Stablecoins: A Comprehensive Guide”
Modern sites often block plain curl. Using a real browser engine (Chromium via Playwright) gives you true browser behavior: real TLS/HTTP2 stack, cookies, redirects, and JavaScript execution if needed. This post mirrors the functionality of the original browser_curl.sh wrapper but implemented with Playwright. It also includes an optional Selenium mini-variant at the end. What this tool does Note: Advanced bot … Continue reading “Building an advanced Browser Curl Script with Playwright and Selenium for load testing websites”
Modern websites deploy bot defenses that can block plain curl or naive scripts. In many cases, adding the right browser-like headers, HTTP/2, cookie persistence, and compression gets you past basic filters without needing a full browser. This post walks through a small shell utility, browser_curl.sh, that wraps curl with realistic browser behavior. It also supports “fire-and-forget” async requests and a –count flag to … Continue reading “Building a Browser Curl Wrapper for Reliable HTTP Requests and Load Testing”
1. Executive Summary Amazon Aurora DSQL represents AWS’s ambitious entry into the distributed SQL database market, announced at re:Invent 2024. It’s a serverless, distributed SQL database featuring active active high availability and PostgreSQL compatibility. While the service offers impressive architectural innovations including 99.99% single region and 99.999% multi region availability, but it comes with significant limitations that developers must carefully … Continue reading “Amazon Aurora DSQL: A Deep Dive into Performance and Limitations”
When managing large PostgreSQL tables with frequent updates, vacuum operations become critical for maintaining database health and performance. In this comprehensive guide, we’ll explore vacuum optimization techniques, dive deep into the pg_repack extension, and provide hands-on examples you can run in your own environment. 1. Understanding the Problem PostgreSQL uses Multi-Version Concurrency Control (MVCC) to handle concurrent transactions. When rows … Continue reading “Deep Dive into PostgreSQL Aurora Vacuum Optimizations for Large Tables”
The script below monitors LDAP operations on a Domain Controller and logs detailed information about queries that exceed specified thresholds for execution time, CPU usage, or results returned. It helps identify problematic LDAP queries that may be impacting domain controller performance. Parameter: ThresholdSeconds Minimum query duration in seconds to log (default: 5) Parameter: LogPath Path where log files will be … Continue reading “Windows Domain Controller: Monitor and Log LDAP operations/queries use of resources”
When you deploy applications behind a Network Load Balancer (NLB) in AWS, you usually expect perfect traffic distribution, fast, fair, and stateless.But what if your backend holds stateful sessions, like in-memory login sessions, caching, or WebSocket connections and you need a given client to keep hitting the same target every time? That’s where NLB sticky sessions (also called connection stickiness … Continue reading “Deep Dive: AWS NLB Sticky Sessions (stickiness) Setup, Behavior, and Hidden Pitfalls”
Below is a fairly comprehensive passive penetration testing script with vulnerability scanning, API testing, and detailed reporting. Features Installation Required Dependencies Optional Dependencies Usage Basic Syntax Options Examples: Network Configuration Default Interface: en0 (bypasses Zscaler) To change the interface, edit line 24: The script automatically falls back to default routing if the interface is unavailable. Debug Mode Debug mode is enabled by default and … Continue reading “Macbook: Enhanced Domain Vulnerability Scanner”
If you’re like me, the idea of doing anything twice will make you break out in a cold shiver. For my Claude desktop, I often need network pcap (packet capture) to unpack something that I am doing. So the script below installs wireshark, and then the wireshark mcp and then configures Claude to use it. Then I got it to … Continue reading “Macbook: Setup wireshark packet capture MCP for Antropic Claude Desktop”
If you’re trying to figure out whats draining your macbook, even when the lid is closed – then try the script below (call with “sudo ./battery_drain_analyzer.sh”): If you see windowServer as your top consumer then consider the following: Finer grained optimisations: To optimise the power when the lid is closed, below are some options:
⚠️ LEGAL DISCLAIMER AND TERMS OF USE **READ THIS CAREFULLY BEFORE PROCEEDING** Legal Requirements: **AUTHORIZATION REQUIRED**: You MUST have explicit written permission from the system owner before running any of these tests **ILLEGAL WITHOUT PERMISSION**: Unauthorized network scanning, port scanning, or DoS testing is illegal in most jurisdictions **YOUR RESPONSIBILITY**: You are solely responsible for ensuring compliance with all applicable … Continue reading “MacOS Penetration Testing Guide Using hping3”
A SYN flood test using hping3 that allows you to specify the number of SYN packets to send and scales horizontally with a specific number of processes can be created using a Bash script with the xargs command. This approach allows you to distribute the workload across multiple processes for better performance. The Script This script uses hping3 to perform … Continue reading “Testing your sites SYN flood resistance using hping3 in parallel”
If you want to quickly health check your website, then the following script is a simple NMAP script that scans your site for common issues and formats the results in a nice report style. Here’s a comprehensive guide on how to fix each type of directory permission issue that the above script might find (for apache):
If you have tier 1 services that are dependant on a few DNS records, then you may want a simple batch job to monitor these dns records for changes or deletion. The script below contains an example list of DNS entries (replace these records for the ones you want to monitor).
This is (hopefully) a short blog that will give you back a small piece of your life… In technology, we rightly spend hours pouring over failure in order that we might understand it and therefore fix it and avoid it in the future. This seems a reasonable approach, learn from your mistakes, understand failure, plan your remediation etc etc. But … Continue reading “Technology Culture: The Sinking Car Syndrome”
Finding issues in SQL Server is not alway that easy. It can be NUMA issues, it can be DBCC settings, it can even be the CU (eg CU19). A friend sent me a very useful query a few years ago that really helped me fault find these issues. It was written by Glenn Berry, but I lost the query. Luckily … Continue reading “Ms Sql Server 2019 Diagnostic Query”
The Amazon EC2 console allows you to delete up to 50 Amazon Elastic Block Store (Amazon EBS) snapshots at once. To delete more than 50 snapshots, use the AWS Command Line Interface (AWS CLI) or the AWS SDK. To see all the snapshots that you own in a specific region, run the following. Note, replace af-south-1 with your region: Note: … Continue reading “AWS: Use the AWS CLI to delete snapshots from your account”
Most companies will have a fair amount of SQL databases and its likely that most of those databases are performing sub-optimally due to missing indexes. We can debate (for a long time) the pros and cons of indexes, but the undeniable reality is that having missing indexes on large tables create a lot of issues in production environments (including, slowness, … Continue reading “Sql Server: Query to View a list of missing indexes from your Sql Server database”
You can absolutely get the following from the AWS help pages; but this is the lazy way to get everything you need for a simple single account setup. Run the two commands below to drop the package on your Mac. Then check the versions you have installed: Next you need to setup your environment. Note: This is NOT the recommended … Continue reading “AWS: Install and configure the AWS CLI on a Macbook”
Below is a quick (am busy) outline on how to automatically stop and start your EC2 instances. Step 1: Tag your resources In order to decide which instances stop and start you first need to add an auto-start-stop: Yes tag to all the instances you want to be affected by the start / stop functions. Note: You can use “Resource Groups and … Continue reading “AWS: Automatically Stop and Start your EC2 Services”
I have seen many organisations restructure their technology teams over and over, but whichever model they opt for – they never seem to be able to get the desired results with respect to speed, resilience and quality. For this reason organisations will tend to oscillate from centralised teams, which are organised around skills and reuse, to federated teams that are … Continue reading “How to Optimise your Technology Teams Structure to improve flow”
Once you start using a zero trust network, the first causality is normally the Ping command. The gping (Graphical Ping) command line displays a color coded realtime graph of continuous pings to a specified host and it supports specifying alternate interfaces/gateways. First lets find which interface to use. The “arp -a” command is used to display the ARP cache on a … Continue reading “Macbook OSX: Using gping over a Zero Trust Network Client (like Zscaler)”
If you have multiple connections on your device (and maybe you have a zero trust client installed); how do you find out which network interface on your device will be used to route the traffic? Below is a route get request for googles DNS service: If you have multiple interfaces enabled, then the first item in the Service Order will … Continue reading “Mac OSX : Tracing which network interface will be used to route traffic to an IP/DNS address”
If you have just changed ISPs or moved house and your internet suddenly starts misbehaving the likelihood is your Maximum Transmission Unit (MTU) is set too high for your ISP. The default internet facing MTU is 1500 bytes, BUT depending on your setup, this often needs to be set much lower. Step 1: First check your current MTU across all … Continue reading “Finding and Setting the Maximum Transmission Unit (MTU) on a Windows Machine”
If you have just changed ISPs or moved house and your internet suddenly starts misbehaving the likelihood is your Maximum Transmission Unit (MTU) is set too high for your ISP. The default internet facing MTU is 1500 bytes, BUT depending on your setup, this often needs to be set much lower. Step 1: First check your current MTU. As you … Continue reading “Finding and Setting the Maximum Transmission Unit (MTU) on Mac/OSX”
I frequently forget this command shortcut, so this post is simply because I am lazy. To clear your history in iTerm press Command + K. Control + L only clears the screen, so as soon as you run the next command you will see the scroll back again. If you want to view your command history (for terminal) type:
There are three basic ways to secure email, these are: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting & Conformance (DMARC) definitions. Lets quickly discuss these before we talk about how to check if they have been setup: SPF helps prevent spoofing by verifying the sender’s IP address SPF (Sender Policy Framework) is a DNS record … Continue reading “Macbook: Check a DNS (web site) to see if basic email security has been setup (SPF, DKIM and DMARC)”
1. Find a list of IP addresses linked to a domain To find the IP address for a particular domain, simply pass the target domain name as an argument after the host command. For a comprehensive lookup using the verbose mode, use -a or -v flag option. The -a option is used to find all Domain records and Zone information. You can also notice … Continue reading “Macbook: Querying DNS using the Host Command”
Nikto is becoming one of my favourite tools. I like it because of its wide ranging use cases and its simplicity. So whats an example use case for Nikto? When I am bored right now and so I am going to hunt around my local network and see what I can find… Now lets pop across to nmap to get … Continue reading “Hacking: Using a Macbook and Nikto to Scan your Local Network”
If you see the error “The capture session could not be initiated on the device “en0″ (You don’t have permission to capture on that device)” when trying to start a pcap on wireshare you can try installing ChmodBPF; but I suspect you will need to follow the steps below:
When you open terminal you will see that it defaults the information that you see on the prompt, which can use up quite a bit of the screen real estate. Customize the zsh Prompt in Terminal Typically, the default zsh prompt carries information like the username, machine name, and location starting in the user’s home directory. These details are stored … Continue reading “Macbook: Changing prompt $ information in the mac terminal window”
This is a very short post to help anyone quickly setup vulnerability checking for a site they own (and have permission to scan). I like the vulners scripts as they cover a lot of basic ground quickly with one script.
The below script will give you basic information on a websites certificate: NMAP is provides a simple way to get a list of available ciphers from a host website / server. Additionally, nmap provides a strength rating of strong, weak, or unknown for each available cipher. First, download the ssl-enum-ciphers.nse nmap script (explanation here). Then from the same directory as the script, run … Continue reading “Mac OS X: View the details of a websites supported TLS certificates from terminal”
If you want to automatically renew your certs then the easiest way is to setup a cron just to call letsencrypt periodically. Below is an example cron job: First create the bash script to renew the certificate Now enter the script in the following format into nano: Now edit the crontab to run the renew script:
If you have ever tried to use jumbo packets, or trace a weird slowness on the network – one of the things that frequently comes up is packet fragmentation. This is basically where a source machine is sending bigger packets than can be consumed along its pathway to a destination machine. This means the packets will need to be split … Continue reading “Linux: Find the maximum packet size (MTU) between two hosts (using do not fragment flag)”
If you have ever tried to use jumbo packets, or trace a weird slowness on the network – one of the things that frequently comes up is packet fragmentation. This is basically where a source machine is sending bigger packets than can be consumed along its pathway to a destination machine. This means the packets will need to be split … Continue reading “Mac OS X: Find the maximum unfragmented packet size (MTU) to reach a host”
Imagine you have trauma and could figure out whats causing in under one minute. Obviously, the preference is an observability platform – but for my little wordpress site I don’t really have the budget. So I just use a few tools to isolate common issues. The idea behind this blog is to quickly isolate the fault by looking for errors … Continue reading “Linux: Diagnose your linux server in under a minute using standard (free) command line tools”
To retrieve a list of the SSL/TLS cipher suites a particular website offers you can either use sslscan or nmap alternatively you can just use nmap (note: i use “-e en0” to bypass zscaler): Another variant (including cert dates, again “-e en0” is used to bypass zscaler):
Web devs need to know the http headers their apps/webpages. This can be easily achieved using a browser plugin for Chrome or Firefox. But I prefer to use the command terminal, and curl makes this really easy.
DIG is an awesome command line utility to explore DNS. Below is a quick guide to get you started. Query Specific Name Server By default, if no name server is specified, dig will use the servers listed in /etc/resolv.conf file. To view the default server use: You can override the name server against which the query will be executed, use the @ (at) symbol followed by … Continue reading “Macbook: Exploring DNS using DIG (Domain Information Groper)”
Below is a dump of examples of doing pretty much the same thing differently. I mostly use netstat and lsof, coupled with some bash scripts. You can argue that this is overkill, but below is a simple bash function that you can paste into terminal and call it whenever you want to see which application/process IDs have open ports: Below … Continue reading “Macbook: Show which applications have ports open and to what IP address”
I think you’re a genius! You found this blog and your reading it – what more evidence do I need?! So why do you keep asking others to think for you? There is a harmful bias built into most technology projects that assumes “the customer knows best” and this is simply a lie. The customer will know what works and … Continue reading “Technologists: Please Stop asking for requirements 😎”
I always forget the syntax of SCP and so this is a short article with a simple example of how to SCP a file from your laptop to your EC2 instance and how to copy it back from EC2 to your laptop: Copying from Laptop to EC2 scp -i identity_file.pem source_file.extention username@public_ipv4_dns:/remote_path scp: Secure copy protocol-i: Identity filesource_file.extension: The file that you want … Continue reading “Macbook/Linux: Secure Copy from your local machine to an EC2 instance”
A lot of companies are moving to ZTNA (Zero Trust Network Architecture). This is generally a good thing, it helps cyber posture and it and makes life a lot easier as you no longer need to login to VPN tunnels to manage your cloud environment/s. But one of the few downsides of ZTNA is that (by definition) it cannot support … Continue reading “Macbook: Alternative to Ping (using TCP rather than ICMP)”
22 If you want to change the default mail client on your Mac then you can use a quick Python script to quickly change the default mail app. Copy/paste the following command into Terminal. Below I am setting Outlook to be the default mail client, but you can replace com.microsoft.Outlook with whatever application bundle identifier you use. Note: If you’re not sure … Continue reading “Macbook: Change the default Mail Client using Terminal/CLI (Command Line Interface)”
To view the list of nameservers your mac is using, simply open Terminal and paste the following: Alternatively, you can copy the DNS servers to clipboard directly from the command line (using pbcopy):
I am not going to tell you why you would need to flush your DNS cache (you will know if you need to). So, to flush DNS on a mac simply fire up Terminal and run the following sudo command:
I recently managed to explode my wordpress site (whilst trying to upgrade PHP). Anyway, luckily I had created an AMI a month ago – but I had written a few articles since then and so wanted to avoid rewriting them. So below is a method to create a backup of your wordpress mysql database to S3 and recover it onto … Continue reading “How to Backup your MySql database on a bitnami wordpress site”
If the fingerprint of your remote host changes you will see the following error message appear: There are many ways to fix this. The easiest of which is simply to delete your “known_hosts” file. This will mean you just need to accept new finger prints on all your SSH hosts. Yes, this is very lazy…
Culture is not revealed by behaviour under control, but by motive under autonomy. Highly controlled environments mask intent and allow organisations to promote leaders whose inner compass has never been tested. When controls are later removed at seniority, behaviour shocks leadership and risk materialises. Durable outcomes, whether in fraud prevention, customer trust, or leadership quality, only occur when actions are … Continue reading “The Power of Motives: Why Culture Is Revealed When Control Is Released”
1. The Question That Exposes Everything Walk into any large organisation and ask a deceptively simple question: “What does everyone do?” Not what are your job titles, not what does your org chart say, but what do people actually do all day. The silence that follows is never accidental. This blog is a reframing of Pournelle’s Iron Law of Bureaucracy, … Continue reading “Managing Organisational Bloat: What Does Everyone Do?”
Why do Companies Get Stability So Wrong? Most companies do not fail because they cannot innovate. They fail because they misjudge stability. Some organisations under invest. They chase features, growth, and deadlines while stability quietly drains away. Outages feel sudden. Incidents feel unfair. Leadership asks how this happened “out of nowhere”. Other organisations over invest. They build process on process, … Continue reading “Stability : The Water of Life for Engineering”
I have started writing production code again. Not prototypes. Not proofs of concept. Real systems. Real risk. Real consequences. At Capitec, a very small group of engineers is now tackling something that would historically have demanded hundreds of people: large scale rewrites of core internet banking capabilities. This is not happening because budgets magically increased or timelines became generous. It … Continue reading “The New Engineering Equation: Why AI Is Tipping the Table Back to the Builders”
Why More Information Doesn’t Mean More Understanding We’ve all heard the mantra: data is the new oil. It’s become the rallying cry of digital transformation programmes, investor pitches, and boardroom strategy sessions. But here’s what nobody mentions when they trot out that tired metaphor: oil stinks. It’s toxic. It’s extraordinarily difficult to extract. It requires massive infrastructure, specialised expertise, and … Continue reading “The Famine of Wisdom in the Age of Data Gluttony”
1. Technology Is an Infinite Game and That Is the Point Technology has no finish line. There is no end state, no final architecture, no moment where you can stand back and declare victory and go home. It is an infinite game made up of a long sequence of hard fought battles, each one draining, each one expensive, each one … Continue reading “The Frustration of the Infinite Game”
The in memory data store landscape fractured in March 2024 when Redis Inc abandoned its BSD 3-clause licence in favour of the dual RSALv2/SSPLv1 model. The community response was swift and surgical: Valkey emerged as a Linux Foundation backed fork, supported by AWS, Google Cloud, Oracle, Alibaba, Tencent, and Ericsson. Eighteen months later, both projects have diverged significantly, and the … Continue reading “Redis vs Valkey: A Deep Dive for Enterprise Architects”
PostgreSQL 18: A Grown-Up Release for Serious Workloads Introduction Every few years PostgreSQL delivers a release that does not just add features, but quietly shifts what the database is capable of at scale. PostgreSQL 18 is one of those releases. This is not a flashy new syntax everywhere upgrade. Instead, Postgres 18 focuses on long-standing pain points that operators, performance … Continue reading “PostgreSQL 18 A Grown Up Release for Serious Workloads”
Real time mobile chat represents one of the most demanding challenges in distributed systems architecture. Unlike web applications where connections are relatively stable, mobile clients constantly transition between networks, experience variable latency, and must conserve battery while maintaining instant message delivery. This post examines the architectural decisions behind building mobile chat at massive scale, the problems each technology solves, and … Continue reading “Scaling Mobile Chat to Millions: Architecture Decisions for Apache Pekko, SSE, and Java 25”
1. Introduction Organisations like to believe they reward outcomes. In reality, they reward visibility. This is the essence of the Last Mile Fallacy: the mistaken belief that the final visible step in a chain of work is where most of the value was created. We tip the waiter rather than the chef, praise the presenter rather than the people who … Continue reading “The Last Mile Fallacy”
There’s a peculiar asymmetry in how humans handle their own incompetence. It reveals itself most starkly when you compare two scenarios: a cancer patient undergoing chemotherapy, and a project manager pushing delivery dates on a complex technology initiative. Both involve life altering stakes. Both require deep expertise the decision maker doesn’t possess. Yet in one case, we defer completely. In … Continue reading “Incompetence Asymmetry: Deference, Delusion, and Delivery Failures”
1. Backups Should Be Boring (and That Is the Point) Backups are boring. They should be boring. A backup system that generates excitement is usually signalling failure. The only time backups become interesting is when they are missing, and that interest level is lethal. Emergency bridges. Frozen change windows. Executive escalation. Media briefings. Regulatory apology letters. Engineers being asked questions … Continue reading “Why Rubrik’s Architecture Matters: When Restore, Not Backup, Is the Product”
In September 2025, Matt Raine sat before the US Senate Judiciary Subcommittee on Crime and Counterterrorism and read aloud from his son’s ChatGPT logs. Adam Raine was sixteen when he died. His father described how the chatbot had become Adam’s closest confidant, how it had discussed suicide methods with him, how it had discouraged him from telling his parents about … Continue reading “Artificial Intelligence: When Helpful Becomes Harmful: Engineering AI Systems That Know When to Stop”
AI is a powerful accelerator when problems are well defined and bounded, but in complex greenfield systems vague intent hardens into architecture and creates long term risk that no amount of automation can undo. 1. What Vibe Coding Really Is Vibe coding is the practice of describing intent in natural language and allowing AI to infer structure, logic, and implementation … Continue reading “Vibe Coding: AI Can Write Code But It Cannot Own the Consequences”
Darwinian Architecture Philosophy How Domain Isolation Creates Evolutionary Pressure for Better Software After two decades building trading platforms and banking systems, I’ve watched the same pattern repeat itself countless times. A production incident occurs. The war room fills. And then the finger pointing begins. “It’s the database team’s problem.” “No, it’s that batch job from payments.” “Actually, I think it’s … Continue reading “Darwinian Architecture Philosophy: How Domain Isolation Creates Evolutionary Pressure for Better Software”
This content is password protected.
Most organisations don’t fail because they lack intelligence, capital, or ambition. They fail because leadership becomes arrogant, distant, and insulated from reality. What Is Humility? Humility is the quality of having a modest view of one’s own importance. It is an accurate assessment of one’s strengths and limitations, combined with an openness to learning and an awareness that others may … Continue reading “Corporate Humility Is a Survival Trait”
A Complete Guide to Archiving, Restoring, and Querying Large Table Partitions When dealing with multi-terabyte tables in Aurora PostgreSQL, keeping historical partitions online becomes increasingly expensive and operationally burdensome. This guide presents a complete solution for archiving partitions to S3 in Iceberg/Parquet format, restoring them when needed, and querying archived data directly via a Spring Boot API without database restoration. … Continue reading “Aurora PostgreSQL: Archiving and Restoring Partitions from Large Tables to Iceberg and Parquet on S3”
I wanted to write about the trends we can see playing out, both in South Africa and globally with respect to: Large Retailers, Mobile Networks, Banking, Insurance and Technology. These thoughts are my own and I am often wrong, so dont get too excited if you dont agree with me 🙂 South Africa is experiencing a banking paradox. On one … Continue reading “Banking in South Africa: Abundance, Pressure, and the Coming Consolidation”
1. Introduction The Enterprise Service Bus (ESB) once promised to be the silver bullet for enterprise integration. Organizations invested millions in platforms like MuleSoft, IBM Integration Bus, Oracle Service Bus, and TIBCO BusinessWorks, believing they would solve all their integration challenges. Today, these same organizations are discovering that their ESB has become their biggest architectural liability. The rise of Apache … Continue reading “The Death of the Enterprise Service Bus: Why Kafka and Microservices Are Winning”
1. Size Was Once Mistaken for Stability For most of modern banking history, stability was assumed to increase with size. The thinking was the bigger you are, the more you should care, the more resources you can apply to problems. Larger banks had more capital, more infrastructure, and more people. In a pre-cloud world, this assumption appeared reasonable. In practice, … Continue reading “Why Bigger Banks Were Historically More Fragile and Why Architecture Determines Resilience”
1. Introduction Java’s concurrency model has undergone a revolutionary transformation with the introduction of Virtual Threads in Java 19 (as a preview feature) and their stabilization in Java 21. With Java 25, virtual threads have reached new levels of maturity by addressing critical pinning issues that previously limited their effectiveness. This article explores the evolution of threading models in Java, … Continue reading “A Deep Dive into Java 25 Virtual Threads: From Thread Per Request to Lightweight Concurrency”
1. Introduction Garbage collection has long been both a blessing and a curse in Java development. While automatic memory management frees developers from manual allocation and deallocation, traditional garbage collectors introduced unpredictable stop the world pauses that could severely impact application responsiveness. For latency sensitive applications such as high frequency trading systems, real time analytics, and interactive services, these pauses … Continue reading “Deep Dive: Pauseless Garbage Collection in Java 25”
