Russell Howe

It’s 2018 and your coworker just sent you a 400 line pull request. You get a cup of coffee and sit down to review it. It’s beautiful. Elegant micro-refactors. Crispy method names. You catch a few things, but that’s ok. It’s part of the dance. They didn’t consider extensibility on part of their API. Here’s a comment buddy. They respond in an hour saying they think we should do one piece differently than your comment. Hey let’s jump into a room and figure it out. We can’t just agree to disagree, this code is too important. The PR merges and goes to prod. You feel a shared sense of ownership and accomplishment. That night you go to sleep and dream of that code. You can still see the shapes of it on the backs of your eyelids, your IDE syntax highlighting sparking neurons in your reptile brain. You go to work the next day ready to go. You understand the system. N is your foundation. Time to build n+1.

‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine. To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement. That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product. Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release. On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly. Defenders should: - Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers - Restrict DNS traffic to trusted resolvers where possible - Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity - Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete

A Microsoft Incident Response investigation found a coordinated intrusion that used a compromised third-party IT provider and legitimate management tools to maintain long-term access and conduct credential theft.

Marco Rubio says the goal of the war in Iran is now to restore it "back to the way it was" before Trump started the war in Iran

Stick a fork in it. DNSSEC is done. The largest Internet DNS provider doesn't "temporarily disable" core Internet security functionality. Cloudflare agrees with me: DNSSEC isn't that.