Writing

Field notes, essays, and build logs on AI-native work. Have a topic in mind? Challenge me to write it.

[S.01]§ Posts
may 13
2026

Glasshouse: Audit Any Website for GDPR Violations in 90 Seconds (and File a DPA Complaint in Two More)

Open-sourcing the privacy auditor I used to scan 10 popular websites (all 10 failed) — plus the DPA complaint builder that turns a scan into a ready-to-file dossier.

#privacy#gdpr#open-source#privacy-tools#eprivacy#compliance#fingerprinting#dark-patterns
26 min read
may 10
2026

Self-Contained HTML Artifacts: A Portfolio Pattern That Doesn't Rot

Eight self-contained HTML artifacts. A meta-tag protocol. 93 lines of TypeScript. The static-portfolio pattern that aged better than any framework I've shipped.

#engineering#html#nextjs#portfolio#static-site
7 min read
may 4
2026

Pre-Consent Tracking in 2026: How It Works, Why Regulators Are Cracking Down, and How to Build a Site That Actually Waits

I scanned 10 popular consumer sites and timed what happens in the first few hundred milliseconds of each page load. Every single one fired non-essential trackers before the consent banner appeared. Why "we use Consent Mode v2" is not a defense, what the law actually says, and what a site that genuinely waits for consent looks like in code.

#privacy#gdpr#eprivacy#pre-consent#tracking#consent#web-development#cmp
23 min read
apr 24
2026

Cookie Banner Dark Patterns in 2026: How They Work, Why Regulators Are Cracking Down, and How to Build Symmetric Consent

I scanned 10 popular consumer sites for dark patterns. All 10 failed at least one EDPB criterion; half had a reject path that did not actually delete tracking cookies. The CSS, the GDPR violations, and what symmetric consent costs.

#privacy#gdpr#dark-patterns#consent#cookie-banners#ux#web-development#eprivacy
20 min read
apr 20
2026

Browser Fingerprinting in 2026: How It Works, Why Regulators Are Cracking Down, and How to Defend Against It

The tracking method that survives when cookies die. A technical guide to canvas, WebGL, AudioContext, and WebGPU fingerprinting — what GDPR and ePrivacy actually say, and what defenses hold up.

#privacy#gdpr#fingerprinting#web-tracking#eprivacy#security
15 min read
apr 12
2026

I Built an AI That Audits Websites for Privacy. Here's What It Found.

A data engineer who builds tracking infrastructure by day built an AI that audits everyone else's. 10 major websites scanned. Average score: 4.9 out of 10.

#privacy#gdpr#ai#web-audit#cookies#series
4 min read
mar 12
2026

Building an AI Community Jukebox Overnight (and What Broke by Morning)

A backend engineer gets $50 in AI music credits and 12 hours to build a community jukebox. An honest account of vibe coding, human judgment, and the bet on crowd-funding.

#ai#minimax#nextjs#supabase#vibe-coding#community
17 min read
mar 6
2026

Always Evolving

How to build on today's best without getting trapped by yesterday's patterns.

#frontier#practice#learning#adaptation
8 min read
mar 6
2026

Systems, Not Scripts

Why composable multi-agent architectures beat one-shot prompts — and how to think in workflows instead of instructions.

#multi-agent#orchestration#architecture#workflows
7 min read
mar 6
2026

Delegate & Verify

Why the loop matters more than the prompt — and how to build workflows you can actually trust.

#workflow#human-in-the-loop#agents#trust
7 min read
mar 6
2026

Specialized Agents

Why every task deserves the right model — and why one-size-fits-all is already dead.

#agents#llm#architecture#cost-optimization
6 min read
mar 6
2026

The Stack Behind This Blog

A walkthrough of the blog engine — and a living test of every MDX feature it supports.

#meta#engineering#mdx#supabase
6 min read