Brussels · Hard problems made legible
Some risks don’t announce themselves.
Until they do.
Infrastructure failures at scale rarely come from a lack of expertise. They come from misalignment between disciplines, across time horizons that don’t fit quarterly planning cycles.
It’s hard to think when you’re trying not to sink. Proper Tools exists to help you think earlier.
Hacker-literate, policy-aware work for decisions that must hold up over years, not quarters.
Short, focused engagements for leaders facing problems that don’t fit the usual categories.
See how the practice works →The problem on the calendar
Some failure modes build quietly for decades and surface abruptly: embedded timing dependencies, rollover events, cross-sector coupling. They rarely appear in quarterly dashboards — until they become someone else’s emergency.
7 Feb 2036
NTP 32-bit counter rollover
19 Jan 2038
Signed 32-bit
time_t rollover — Unix epoch
Now
The coordination window is open.
It will not stay open.
These are not surprising events. They are not new discoveries.
They are dates on a calendar, and the calendar is not negotiable.
NIS2, CRA, and DORA are beginning to frame timing as a regulated systemic risk. Legacy NTP dependencies and unexamined clock assumptions persist across critical infrastructure. The gap between embedded device lifecycles and policy horizons keeps growing.
The Epochalypse Project FAQ offers a concise orientation. The RATP/Alstom case, examined in depth by Epsiloon (n°57), illustrates what operational exposure looks like in practice. Read the investigation →
What we do
Executive briefings, facilitation, fractional advisory, standards coordination, and short engagements on unusual problems — for organizations navigating complex decisions and long-lived risk.
Learn more about the practice →Commons
Open frameworks, released under CC BY
The work that belongs to everyone — released for use, adaptation, and reuse without asking.
Civic texts for people doing the work: The Hippocratic Oath of the Cybersecurity Practitioner, On Constraints — a sonnet for the maintainers, and The Friend Protocol, a small set of principles for the hard conversations serious work depends on.
Technical frameworks for the field: the Meridian Protocol for durable web preservation, and the 2038-Class Risk Exposure Matrix workshop kit.
Working proofs in open circulation: On the Undecidability of Instruction Boundaries (why prompt injection is not a bug), and The Gödel–Chaitin Modeling Boundary (why there's no digital twin for causality). Co-authors and reviewers welcome.
Ethics
That work carries responsibility.
We do not offer certainty. We offer clearer tradeoffs.
A short statement of the terms on which Proper Tools takes on work — and the practitioner’s oath beneath, offered to the community under CC BY.
Field Notes
Occasional essays on infrastructure risk, long-horizon failure modes, and the gap between how systems are governed and how they actually fail. Written to remain useful long after the moment that prompted them.