Writing
Notes on security, data, and building for the long term.
A mix of long-form essays published here, and shorter field notes syndicated from farrosfr.com.
Long-form
Essays
May 22, 2026 · 7 min
Building for the long term when every dependency wants to break
Why I default to static-first architectures, small dependency trees, and a bias for boring tools, and what changes when you build a web product that has to survive five years of someone else's decisions.
web
Apr 8, 2026 · 9 min
Practical red-team notes: what offensive work taught me about defensive defaults
Field notes from running offensive security exercises on web applications I have also built, and the small defensive defaults that survive contact with a real attacker mindset.
security
Feb 14, 2026 · 8 min
Data engineering without a team: what one person can realistically own
An honest accounting of what a single data engineer can keep running well, what has to be deferred, and the smallest possible stack that survives a 90-day vacation.
data
Recent
Field notes from farrosfr.com
Jun 18, 2026
Install Playwright Globally for AI Agents
A practical guide to configuring Playwright and CloakBrowser globally. Essential setup for AI coding agents to perform browser automation instantly.
farrosfr.com
Jun 18, 2026
Comparing AI Agent Skills: Why I Prefer Caveman Over Ponytail Mode
A comparison of the Ponytail and Caveman custom skills for AI coding agents, and why Caveman mode wins for developer productivity.
farrosfr.com
Jun 18, 2026
VPS Auto-Deploy: CI/CD for Astro SSR and Rust
A step-by-step guide on configuring an automated git-driven CI/CD deployment pipeline on a VPS for Astro SSR and a Rust backend.
farrosfr.com
Jun 18, 2026
Dual-Path Rust Deployments: Git vs Direct Hotfix
A detailed guide comparing Git-based automation and manual direct binary hotfixes for deploying Rust web applications on a self-hosted server.
farrosfr.com
Jun 17, 2026
Detecting Malicious ML Models: Pickle Bytecode Analysis
Learn how Python's pickle deserialization works under the hood and build a custom bytecode scanner to detect malicious machine learning models.
farrosfr.com
Jun 17, 2026
Payload | study notes
Complete study notes for the Payload room. Learn to analyze malicious model payloads, trace logs, and perform incident response.
farrosfr.com
Jun 16, 2026
Securing the AI Supply Chain | study notes
study notes for Securing the AI Supply Chain room. Build SupplySecLab and learn to inspect models, audit dependencies, and govern LLM supply chains.
farrosfr.com
Jun 16, 2026
Supply Chain Attack Vectors | study notes
Complete study notes for Supply Chain Attack Vectors room. Learn how trusted ML components can be turned into attack vectors.
farrosfr.com
Jun 15, 2026
Safe Secrets Management | Developer & AI Guide
A practical guide to secure secrets management on Windows and Linux, featuring env variables, strict file permissions, and safety tips for AI vibe coding.
farrosfr.com