A command-injection vulnerability was found in Windows PowerShell's `Invoke-WebRequest` cmdlet. When fetching a web page, embedded scripts could be executed.
A summary of how to verify impact and the mitigation steps for the CVSS 10.0 React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478), plus additional DoS and source code exposure issues.
A plan to build an internal help desk RAG system using a Mac mini M4 Pro and Dify. Highlights what's new in Dify circa 2025 and tips for running local LLMs.
Introducing a Mac mini M4 Pro to build an in-house RAG system. A plan for setting up a LoRA training environment during downtime while waiting for specs to be finalized.
From browser OCR and server-side OCR to cloud APIs and AI — a roundup of what I learned trying to implement Japanese OCR on the web, including the limits of each approach.
Astro's `<style>` tags compile to scoped CSS, but that scope does not apply to DOM elements created dynamically in JavaScript. Here is how to work around it.
Tried to implement morphological analysis in the browser — Sudachi was too heavy, kuromoji.js had a bug. Eventually solved it with a fork and a custom loader.
A story about dates going haywire in an AI-generated PHP script, plus a breakdown of timezone pitfalls in each layer — server, PHP, MySQL, and JavaScript.
