T34ch Tech

T34ch Tech https://t34ch.tech Articles on technology, security, and the craft of building systems that last. en-us Thu, 28 May 2026 08:25:27 +0000 Physical Identifier Standards: GS1, ISO 15459, VIN https://t34ch.tech/articles/physical-identifier-standards/ What every long-lived object tracking system can learn from automotive and logistics. Thu, 28 May 2026 08:25:27 +0000 https://t34ch.tech/articles/physical-identifier-standards/#20260528 How to Build Standard Operating Procedures in Chaos https://t34ch.tech/articles/sop-in-chaos/ Most SOPs are written after the crisis, filed in a wiki nobody reads, and forgotten until the next crisis. https://t34ch.tech/articles/sop-in-chaos/ Incident Response Fundamentals https://t34ch.tech/articles/incident-response-fundamentals/ The IR lifecycle, triage discipline, evidence handling, containment decisions, and communication under pressure. https://t34ch.tech/articles/incident-response-fundamentals/ Dwell Time as a Security Metric https://t34ch.tech/articles/dwell-time-security-metric/ Most response programs treat mean time to detect as a success metric. It is not. https://t34ch.tech/articles/dwell-time-security-metric/ Using Language Models for Threat Intelligence Triage at Scale https://t34ch.tech/articles/llm-threat-intel-triage/ Zero-shot classification against MITRE ATT&CK without a training corpus. https://t34ch.tech/articles/llm-threat-intel-triage/ SPAKE2 in Practice: Key Exchange for Low-Trust Peer Channels https://t34ch.tech/articles/spake2-key-exchange/ A working implementation walkthrough with notes on entropy sourcing and nonce discipline. https://t34ch.tech/articles/spake2-key-exchange/ GeoDNS Without the Drama: Lessons from a Four-Node Mesh https://t34ch.tech/articles/geodns-four-node-mesh/ Why we replaced LUA-based GeoDNS records with plain round-robin and a BGP overlay. https://t34ch.tech/articles/geodns-four-node-mesh/ mTLS + WebAuthn + DPoP: A Layered Authentication Stack https://t34ch.tech/articles/mtls-webauthn-dpop/ Three complementary protocols and why none of them are sufficient alone. https://t34ch.tech/articles/mtls-webauthn-dpop/ Sound as Cognitive Signal: Designing Alert Vocabularies https://t34ch.tech/articles/alert-sound-design/ Additive synthesis, FM synthesis, and the psychoacoustics of urgency. https://t34ch.tech/articles/alert-sound-design/ One-Time Pad Key Material: Substrate Selection Under Constraint https://t34ch.tech/articles/otp-key-material/ Nitrocellulose, silk, and mulberry paper. Physical key material for hand ciphers. https://t34ch.tech/articles/otp-key-material/ The Case Against Security Theater in Enterprise IR Programs https://t34ch.tech/articles/security-theater-ir/ Compliance checkboxes, performative playbooks, and organizational dysfunction. https://t34ch.tech/articles/security-theater-ir/ Append-Only Audit Logs as a Security Primitive https://t34ch.tech/articles/append-only-audit-logs/ Why immutable logging is the foundation of trust in any system that matters. https://t34ch.tech/articles/append-only-audit-logs/ Federated Store-and-Forward: Estafette Protocol Design https://t34ch.tech/articles/estafette-protocol-design/ A message relay protocol for environments where direct connectivity cannot be assumed. https://t34ch.tech/articles/estafette-protocol-design/ Content-Addressed Storage from First Principles https://t34ch.tech/articles/content-addressed-storage/ When the address of data is derived from the data itself, powerful properties emerge. https://t34ch.tech/articles/content-addressed-storage/ Threat Hunting with ML and NLP https://t34ch.tech/articles/threat-hunting-ml-nlp/ Apply language models and zero-shot classifiers to security telemetry. https://t34ch.tech/articles/threat-hunting-ml-nlp/ Building Security Programs That Last https://t34ch.tech/articles/building-security-programs/ Not frameworks -- outcomes. Metrics, stakeholders, hiring, and organizational patterns. https://t34ch.tech/articles/building-security-programs/