Random News
Time for a status blog post I guess. You see, I have about six blog posts started but they weren’t interesting enough or complete enough to expand into a full blog post. So instead of struggling to stretch out each one into six too-long or incomplete posts I’m combining a few here. The topics are all varied, hence the “random’ title.
AI Code Generation
I’ve experimented with AI to generate code, but as a security professional I simply cannot accept the code as generated. I have to check it for flaws. I enjoying coding, but am more of a casual coder than an expert one so I tend to pick over my code looking for flaws in everything from formatting the actual code layout to secure coding practices. I wanted to improve things, and quickly discovered that AI could help, it was far from perfect. I tried multiple LLMs including ChatGPT and Gemini, but found the best raw results came from Anthropic’s Claude. Claude could not only speak several coding languages quite well, but when prompted correctly could actually code fairly secure. Considering that Claude was also the most knowledgeable about CI/CD, understood GitLab with its pipelines, OpenBAO for secret storage, and security in those areas, I really began to start diving deeper with it.
There is a technique called “multi-shot prompting”, where you ask an LLM the same thing but in different threads or chats and simply pick the best one. My technique involves something similar but I limit it. Here it is:
I write some code based upon something I want in a particular language.
I ask Claude for some code that accomplishes the same thing I just wrote.
Instead of comparing my code to Claude’s code, I open up a new chat with Claude and feed in the code that Claude generated in the other chat, asking to make the code as secure as possible.
Only then do I compare the two and just take the best from both.
While this technique hasn’t drastically improved the speed of my coding, it has certainly improved the readability, the effectiveness, and the security of it.
Solar Update
I’ve documented my green energy journey, and covered everything from solar panels to house batteries to my EV and even elements of my smart home. In a fairly recent series of posts I had expressed a need for better monitoring and how I solved it. Of course this initially uncovered some flaws in micro-inverters which led to an upgrade with my local provider Kosmos Solar. This took place last September. At the same time I was traveling more (more trips to visit my now one year old granddaughter who lives nearby) so I was charging my EV more. I wanted more solar power. As I had to remove an old tree that was dying and literally falling apart, this freed up some real estate for a few more panels on the roof of my shop in the backyard. So I contacted Kosmos Solar in October, less than a month after I had the work done. But after being ghosted by them, I discovered that they apparently went out of business.
After attempting my own research looking for new vendor (unsuccessfully) I went to Energy Sage to try to find someone. Four vendors responded, but only one seemed to actually read what I was asking for (all the others simply quoted me prices for replacing half or all of my existing panels) so I am still moving forward. I am hoping to have them engaged before the end of the year as the new administration is likely to implement tariffs that would increase the costs as well as kill the federal tax credit. Here’s to hoping for an update blog in January with good news about the project.
Quantum Cryptography
Related to the AI coding stuff, I’ve embarked on a project to write a securely-coded quantum-safe encryption tool based off of the latest NIST-approved quantum safe algorithms. The project will be an end-to-end experience. I plan on having everything from the code, fully documented build process, and even plan on documenting my distribution process. This was also started in October, but between life and work and simply juggling multiple things it is going slower than I anticipated. I am amplifying the entire thing via the AI techniques I’ve referenced above, so stay tuned.
Conclusion
That’s it. That’s why the blog has been quiet as the projects I planned on talking about were either too short to warrant a full blog or too incomplete to post about. More to come though, as other goofy stuff will be out soon.