Security writeups, tool internals, and practical guides.https://swatto.co.uk/https://swatto.co.uk/articles/parsing-every-log-format-logsleuth/https://swatto.co.uk/articles/parsing-every-log-format-logsleuth/Writing a log viewer that supports Veeam, IIS, SQL Server, Kubernetes, syslog, and a dozen others means solving the timestamp problem fourteen different ways. Here's how LogSleuth does it.Tue, 05 May 2026 00:00:00 GMThttps://swatto.co.uk/articles/reading-the-mft-directly-disksleuth/https://swatto.co.uk/articles/reading-the-mft-directly-disksleuth/Scanning a million-file NTFS volume in seconds requires bypassing the directory tree entirely. Here's how DiskSleuth reads the Master File Table directly and what that buys you.Fri, 01 May 2026 00:00:00 GMThttps://swatto.co.uk/articles/replacing-event-viewer-in-rust/https://swatto.co.uk/articles/replacing-event-viewer-in-rust/Windows Event Viewer hangs for seconds on a log with 100k entries. The API underneath is fast. The gap is entirely the UI. Here's a walk through building a responsive replacement — plus the wevtutil tricks that make the built-in tool almost usable if you're stuck with it.Sat, 18 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/secure-wipe-theatre-on-ssds/https://swatto.co.uk/articles/secure-wipe-theatre-on-ssds/Gutmann's 35-pass overwrite was designed for 1996-era magnetic storage. On a modern SSD it's pointless at best and harmful at worst. Here's what actually works, why, and a decision tree for choosing.Sat, 18 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/whats-holding-this-file-windows-locks/https://swatto.co.uk/articles/whats-holding-this-file-windows-locks/Every Windows admin has fought the 'file in use' dialog. I've built two tools that solve the same problem in wildly different ways — one in Rust with egui, one in pure C with no runtime — and the comparison is more interesting than either tool alone.Sat, 18 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/building-secure-file-encryption/https://swatto.co.uk/articles/building-secure-file-encryption/A deep dive into the cryptographic choices behind SwatCrypt — why XChaCha20 over AES-GCM, how Argon2id key derivation works, and the pitfalls I avoided.Fri, 10 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/tauri-vs-electron-2026/https://swatto.co.uk/articles/tauri-vs-electron-2026/I've shipped production apps with both frameworks. Here's an honest comparison of Tauri 2.0 and Electron from a solo developer's perspective.Fri, 10 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/self-hosting-with-wazuh-and-crowdsec/https://swatto.co.uk/articles/self-hosting-with-wazuh-and-crowdsec/How I monitor and protect my self-hosted infrastructure using Wazuh for SIEM and CrowdSec for crowd-sourced threat intelligence.Fri, 10 Apr 2026 00:00:00 GMThttps://swatto.co.uk/articles/why-rust-for-desktop-tools/https://swatto.co.uk/articles/why-rust-for-desktop-tools/After years of building desktop apps in C# and TypeScript, I switched to Rust. Here's what convinced me and what I learned along the way.Fri, 10 Apr 2026 00:00:00 GMT