Blog

A critical look at Anthropic’s Claude Mythos announcement, Project Glasswing, and the evidence behind claims that the model is too dangerous to release.

Lovable's reported access control failure is bad enough on its own. What matters just as much is the response. Deny first, reframe second, then blame someone else. That pattern is becoming far too familiar across AI vendors, and it is doing real damage to trust.

Security researchers at Ox Security have reported an architectural flaw in Anthropic's Model Context Protocol (MCP) that could place up to 200,000 servers at risk. The issue centres on STDIO-based server creation, which in practice can allow arbitrary operating-system commands to execute before an error is returned. Anthropic has classified the behaviour as expected, leaving developers responsible for input sanitisation and deployment hardening.

I have a RISC OS machine and a blog I actually want to write for. These two facts are not obviously compatible. The story of how I ended up with 7000 lines of Python that edits Markdown, serves HTTP, and mirrors the whole site as a Gopher capsule.

Web 3.0 failed because it tried to decentralise an internet that had already committed itself to platforms, app stores, managed identities, and vendor lock-in. Artificial Intelligence does not resist that trajectory. It completes it. Instead of asking users to take more control, it offers to mediate more of the network on their behalf, turning search into synthesis, browsing into prompting, and the open web into a resource increasingly filtered through a handful of powerful intermediaries.

CISA has added CVE-2009-0238, a 17-year-old Microsoft Excel remote code execution flaw, to its Known Exploited Vulnerabilities catalogue after fresh in-the-wild abuse. The bug is a reminder that legacy Office software, forgotten viewers, and neglected compatibility packs remain a genuine security risk long after most people assume they have faded away.

An MIT-led study suggests heavy reliance on ChatGPT for essay writing may reduce memory retention, neural engagement, and independent thinking, while search-based research preserves more active cognitive effort. The findings frame habitual AI use as a form of cognitive debt: convenient in the moment, but potentially corrosive to learning and autonomy over time.

Web 3.0 promised decentralisation, user ownership, and protocol-driven freedom, but arrived in an internet already dominated by app stores, cloud platforms, and vendor lock-in. This piece argues that the real trajectory of the web has not been towards openness, but towards fragmented ecosystems that trap users, weaken interoperability, and steadily replace the system-agnostic internet many once took for granted.

Quad9 is a free public recursive DNS service that adds a practical layer of protection by blocking known malicious domains, validating DNSSEC, and supporting encrypted DNS. This guide explains what Quad9 is, which IP addresses and hostnames matter, how to configure it on Android, iOS, and Linux, and how to verify that your device is actually using it.

McGraw Hill has appeared on a ransomware leak site after a Salesforce-linked misconfiguration allegedly exposed 13.5 million records. The incident shows how a supposedly limited data exposure can become a very public problem once attackers get hold of it.