https://blacklight.sh/blog Musings on engineering, cybersecurity and AI. en-us kmistele@protonmail.com (Kyle Mistele) kmistele@protonmail.com (Kyle Mistele) Thu, 28 Aug 2025 00:00:00 GMT https://blacklight.sh/blog/rag-is-about-retrieval https://blacklight.sh/blog/rag-is-about-retrieval RAG isn't about vector databases and embeddings, or any specific architecture. It's about retrieving relevant context well. Thu, 28 Aug 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) llmsaipromptingagentscontext-engineeringprompt-engineeringrag https://blacklight.sh/blog/building-kydenticon-github-style-identicons https://blacklight.sh/blog/building-kydenticon-github-style-identicons Deep dive into creating a zero-dependency TypeScript library for generating beautiful, deterministic identicons with PNG and SVG support, built with modern tooling. Sun, 20 Jul 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) typescriptopen-sourceidenticonsnpmbunnext.js https://blacklight.sh/blog/prompting-wrong-xml-json https://blacklight.sh/blog/prompting-wrong-xml-json Exploring the syntactic and semantic differences between XML and JSON and why the former provides a more robust structure for complex LLM prompts Thu, 10 Jul 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) llmsaipromptingagentscontext-engineeringprompt-engineering https://blacklight.sh/blog/mcp-deep-dive-great-broken-dangerous https://blacklight.sh/blog/mcp-deep-dive-great-broken-dangerous I've spent months in the trenches building with MCP. This is my report from the front lines: a deep dive into MCP's powerful vision, frustrating reality, and critical security flaws. Wed, 09 Jul 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) AIagentsMCPauthoauthinternals https://blacklight.sh/blog/thoughts-on-mcp https://blacklight.sh/blog/thoughts-on-mcp Everybody's talking about MCP, but what's all the hype for? In this post I dig into what about MCP has everyone so excited. Thu, 03 Jul 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) AIagentsMCPauth https://blacklight.sh/blog/building-opensearch-deep-research-agent https://blacklight.sh/blog/building-opensearch-deep-research-agent Building AI Agents is hard! In this post I walk through the process of building OpenSearch, my open-source deep research agent, from scratch. I'll go over system design, my stack, and what I learned about building agents. Tue, 01 Jul 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) AIopen-sourceagentssearchretrievalcontext-engineeringprompt-engineering https://blacklight.sh/blog/vibe-coding-a-mac-app https://blacklight.sh/blog/vibe-coding-a-mac-app I decided to "Vibe Code" a port monitor app that lives in my Mac's menu bar, and I learned lots of lessons along the way like "How to debug corrupted system caches" and "How to boot a M3 Macbook Pro into safe mode". Featuring hot takes on vibe coding. Mon, 23 Jun 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) aiopen-sourcesoftware-engineering https://blacklight.sh/blog/secure-reliable-oauth-integrations https://blacklight.sh/blog/secure-reliable-oauth-integrations Building OAuth integrations is quite complicated and can be migraine-inducing - specifics vary between implementations, and security is easy to get wrong. In this article, I walk through what you need to make sure you're thinking about. Wed, 18 Jun 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) OAuthcybersecuritycryptopgraphySaaS https://blacklight.sh/blog/talking-about-a2a-and-mcp https://blacklight.sh/blog/talking-about-a2a-and-mcp A podcast with the Naptha AI team about Google's new A2A protocol for inter-agent communication, and how it fits into the agent protocol stack with MCP Sun, 01 Jun 2025 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) AIagentsMCPA2Aprotocols https://blacklight.sh/blog/open-source-vllm-tool-calling https://blacklight.sh/blog/open-source-vllm-tool-calling This is a transcription of a talk I gave at vLLM's office hours after landing vLLM's first-of-its-kind tool calling implementation that allows using OpenAI-compatible tools and tool streaming with opens-source models. Wed, 30 Oct 2024 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) AIvLLMopen-sourceagentsLLMsinference https://blacklight.sh/blog/beginners-guide-edr-evasion https://blacklight.sh/blog/beginners-guide-edr-evasion A beginner's guide to bypassing EDR systems using APC queue injection and direct system calls. Sat, 25 Sep 2021 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) cybersecuritymalwareevasionwindowsoperating systemsinternals https://blacklight.sh/blog/extracting-stored-wifi-credentials https://blacklight.sh/blog/extracting-stored-wifi-credentials Credential re-use is rampant, and every post-exploitation action that gets you credentials for potential lateral movement is a win in my book. Learn how to grab stored enterprise wifi credentials from compromised machines. Mon, 28 Jun 2021 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) cybersecuritynetworkingwindowscryptographypasswordspost-exploitation https://blacklight.sh/blog/extracting-browser-passwords https://blacklight.sh/blog/extracting-browser-passwords Learn how to extract saved browser passwords from compromised hosts for fun and profit - your new favorite post-exploitation technique! Thu, 24 Jun 2021 00:00:00 GMT kmistele@protonmail.com (Kyle Mistele) cybersecuritypasswordspost-exploitation