Search the garden
Find a note by title, idea, or bed; the list narrows as you type. No JavaScript? It's a full index of every note, right here.
The ADHD-HTB playbook: hacking the brain that hacks the box
Ten friction-bypassing study methods for grinding HackTheBox with an ADHD brain, plus the two of them I turned into real tools: a Swipe-to-Pwn Anki deck and an htb-operator shell.
Learning in public
The operating philosophy of this whole garden: publish the process, not just the conclusions.
Metacognition, Eileen Gu, and the Fear of Going Public
The thing elite performers and good thinkers share is not raw talent; it is metacognition, the skill of watching your own mind. Here is what it is, why putting yourself out there feels so irreversible, and why the spotlight effect means it matters less than you think.
You will never know enough, and that's the job
Imposter syndrome in security isn't a character flaw; it's an accurate readout of an unbounded field, misfiled as a personal deficiency. The fix is a traversal strategy, not more knowledge.
AI Slop and the Quiet Cost of Foraging
Maggie Appleton calls it jetspraying the web with AI slop. Here is why that cheap flood is so exhausting, told through Information Foraging Theory, and why your tiredness is a rational response, not a personal failing.
The Birthday Ambush: Why 23 Strangers Hide a Secret Match
In a room of just 23 people, it's better than even odds that two share a birthday. The Birthday Paradox, and why your brain is hopeless at counting pairs.
The Dead Internet and Your Pattern-Hungry Brain
That creeping sense that the internet is mostly bots talking to bots has a name. Here is why the feeling is partly real, partly a trick your own mind plays, and what apophenia and the illusory truth effect are doing to you while you scroll.
Explaining Without the Lecture
I got called a bad explainer, and I think I earned it. The fix isn't reading minds. It's the curse of knowledge, Grice's maxim of quantity, and treating an explanation like a game of catch instead of a monologue.
From Paladins to Rivals: Why Hero Shooters Are So Stupidly Fun
I started with Paladins, not Overwatch. A love letter to hero shooters like Marvel Rivals and Overwatch, and why their living game of rock-paper-scissors, with tanks, DPS, supports, and ultimates, is so stupidly fun.
The Invisible Scoreboard: How Do You Win at Being a Person?
Imagine an invisible scoreboard over your head: buy a friend a mango, +5; be cruel, −50. The catch is nobody handed you the rulebook. A tour of ethics: consequentialism, deontology, virtue ethics, and moral luck.
Not a Toaster: The Secret Superpower Called 'Why?'
A toaster never asks whether it should toast. Humans do, and that pause has a name. A tour of philosophy: first principles, the Socratic method, epistemology, and why the annoying 'Why?' game is a real superpower.
The Diamond Lock: Writing Notes a Future Robot Can't Read
Quantum computers will slice through today's internet locks like a laser through glass. Inside the race to build math even a future super-machine can't crack: public-key crypto, Shor's algorithm, and the diamond lock.
Tasting life twice
I've been a bad writer since primary school, all mimicry and dread. Then a line from Anaïs Nin reframed the whole thing, and I decided to write every day, in public, badly at first.
The Pseudo-Intellectual Fear
The terror of sounding smart instead of being smart, and accidentally becoming the very thing you dread. A look at processing fluency, the Dunning-Kruger trap, and why jargon is so easy to mistake for understanding.
Prompt injection is an untrusted-input problem wearing a new costume
We've spent thirty years learning to separate code from data. LLMs gleefully merge them again.
CTF field notes: the web category
A running log of web challenges: patterns that repeat, traps I fell into, and the meta-skill CTFs are secretly teaching.
The attacker's mindset is systems thinking
Attackers don't break rules; they discover that the rules compose differently than the designers believed.
Fuzzing is evolution with a weird fitness function
Bridging theoretical biology and systems security in a way that isn't just a superficial metaphor
Cloud IAM: measure blast radius, not policy count
The security of a cloud account isn't the sum of its policies; it's the reachability graph they create.
Threat-modeling this garden
Eating my own dog food: a security person's website should survive its own methodology.
Kelly criterion for bug hunting?
A half-formed hunch: allocating research time across targets is a bankroll problem, and Kelly might be the right lens.
Nothing matches that. Try a broader term, or browse the garden.