KevHQ

Howya.

I’m Kev. A software + DevOps engineer, traveler, Bitcoiner, and builder of fast, secure, low-maintenance things.

This site is an unapologetic home for my passions: projects, writing, adventures and whatever else fits.

Read the blog Winging it on Wheels

What’s here

About: who I am in 60 seconds.
Writing: essays, notes, thoughts and ideas.
Projects: tools and code I’ve shipped (WIP).
Adventures: trips, tours, and misadventures.
Now: what I’m focused on today.
Colophon: performance, security, and design details.
Contact: say hi or work together.

Latest posts

Schema.org mistakes that Google's validator won't catch

I found a structured data bug on my site that passed every validator. The property existed in schema.org, the JSON was valid, but it was on the wrong type. Nothing caught it. So I built a CLI that does.

Apr 05, 2026

CVE-2026-33306: bcrypt on JRuby is broken at cost=31

I found my first CVE. A signed integer overflow in bcrypt-ruby's Java backend causes cost=31 to skip all 2 billion key-strengthening rounds. The hash looks valid but protects nothing.

Mar 22, 2026

In Defense of Tulip Bubbles

The tulip bubble is used as a cautionary tale about speculation. But almost 400 years later, the Netherlands still dominates the global flower trade. Maybe bubbles are features, not bugs.

Dec 29, 2025