http://peti.to/Recent content on Ben PetitoHugo -- gohugo.ioenFri, 12 Jun 2026 09:00:00 +1030http://peti.to/posts/my-first-public-talk/Fri, 12 Jun 2026 09:00:00 +1030http://peti.to/posts/my-first-public-talk/<p>I gave my first public talk a few weeks ago. Then I spent four days proving my own point — not on the AI, on the slides.</p> <p>It was at the Adelaide Azure User Group. Thanks to Simon Cook from Encode Talent for the introduction and nudge to speak, and to Sam Fernando for running it. I dragged my coworker Simeon from Biz Hub along for the ride.</p> <p>The talk was about practical AI implementation in enterprise environments. The central theme was simple: the AI model is usually the easy part. Everything around it is where the real work happens.</p>http://peti.to/posts/mfa-2-digit-vs-6-digit/Wed, 15 Apr 2026 09:00:00 +1030http://peti.to/posts/mfa-2-digit-vs-6-digit/<p>I had an interesting chat with a co-worker a couple of weeks ago about Microsoft&rsquo;s move to use a 2-digit MFA prompt instead of the traditional 6-digit time-based code. At first glance, that sounds like a downgrade; fewer digits must mean weaker security, right? But the truth is, the mechanism behind it is very different.</p> <h2 id="email-codes-and-magic-links">Email codes and &ldquo;magic links&rdquo;</h2> <p>Many applications send a one-time code or magic link to your email. While convenient, this is only as secure as your email account. If an attacker already has access to your inbox, they can trivially intercept those links and reset your password.</p>http://peti.to/posts/apis-dont-fail-loudly-enough/Fri, 10 Apr 2026 09:00:00 +1030http://peti.to/posts/apis-dont-fail-loudly-enough/<p>When enterprise integrations fail, they rarely fail cleanly.</p> <p>We inherited a system syncing financial data between a property development platform and our database. On paper, it &ldquo;worked&rdquo;. In reality, it was quietly dropping records and skipping certain transaction types.</p> <p>This is the worst kind of failure: no outage, no alert, just silent data loss over time.</p> <p>The bigger problem: there was no architecture or process documentation explaining how the sync worked — or was supposed to work.</p>http://peti.to/posts/ai-audit-summaries/Tue, 13 May 2025 09:00:00 +0930http://peti.to/posts/ai-audit-summaries/<p>A couple of months ago, I met with a client to explore how AI might help streamline some of their internal processes. Their application contains nearly two decades of audit history, yet despite the volume of data, it wasn&rsquo;t being actively used.</p> <p>Last week, they reached out with a specific request: could we generate a summary of the past three years of audits so that auditors could quickly understand recurring issues and common themes when preparing for an upcoming audit?</p>