KevHQ

Howya.

I’m Kev. A software + DevOps engineer, traveler, Bitcoiner, and builder of fast, secure, low-maintenance things.

This site is an unapologetic home for my passions: projects, writing, adventures and whatever else fits.

Read the blog Winging it on Wheels

What’s here

About: who I am in 60 seconds.
Writing: essays, notes, thoughts and ideas.
Projects: tools and code I’ve shipped (WIP).
Adventures: trips, tours, and misadventures.
Now: what I’m focused on today.
Colophon: performance, security, and design details.
Contact: say hi or work together.

Latest posts

CVE-2026-4437: glibc accepts forged hostnames from the wrong DNS section

A missing loop decrement in glibc's getanswer_ptr lets a malicious DNS server slip a forged PTR record into the additional section. glibc accepts it as the real answer. Affects every Linux system since glibc 2.37.

Apr 05, 2026

Schema.org mistakes that Google's validator won't catch

I found a structured data bug on my site that passed every validator. The property existed in schema.org, the JSON was valid, but it was on the wrong type. Nothing caught it. So I built a CLI that does.

Apr 05, 2026

CVE-2026-33306: bcrypt on JRuby is broken at cost=31

I found my first CVE. A signed integer overflow in bcrypt-ruby's Java backend causes cost=31 to skip all 2 billion key-strengthening rounds. The hash looks valid but protects nothing.

Mar 22, 2026