Proper Tools
Hard Problems Made Legible
Independent advisory practice on systemic infrastructure risk and long-horizon failure modes.

Are you working with Proper Tools yet?

If you are, it’s probably because you’re dealing with complex, long-lived risks that don’t fit neatly into one discipline.

Hacker-literate, policy-aware: our work sits at the boundary of engineering, governance, security, history, and economic reality. Most failures at this scale don't come from a lack of expertise — they come from misalignment between disciplines. We help close that gap.

Based in Brussels. Founded by Trey Darley. Reach out.

Why Proper Tools exists

Some infrastructure risks build slowly and fail abruptly: embedded timing dependencies, rollover events, cross-sector coupling. The Epochalypse Project FAQ offers a concise introduction for those unfamiliar with the 2036/2038 class of constraints.

These are quiet failure modes that rarely appear in quarterly dashboards — until they surface as crises. Proper Tools exists to make these risks legible early enough to change outcomes.

Proper Tools is not about appearances or rhetoric, but about work that holds up over time.

The 2038-class timestamp rollover and related infrastructure risks were examined in depth by Epsiloon (n°57), including the RATP/Alstom case. Read the investigation →

What we do

Executive briefings, facilitation, fractional advisory, standards coordination, and research partnerships — for organizations navigating complex decisions and long-lived risk. Learn more →

For structured internal discussions, the 2038-Class Risk Exposure Matrix workshop kit is available. CC BY 4.0, Commercial Reuse Encouraged, 60 minutes, designed for mixed technical + leadership rooms

I'm currently forming a small, vetted review group to beta test a CC-BY 30-minute executive briefing workshop (deck + facilitation plan). If you operate in leadership briefing environments and can help pressure-test the framing, reach out and tell me what role you're in.

Signals we're watching

  • Coordination gaps on 2038-class rollover across standards bodies and regulators — including through the FIRST Time Security SIG.
  • Legacy NTP dependencies and unexamined clock assumptions in critical infrastructure.
  • NIS2, CRA, and DORA beginning to frame timing as a regulated systemic risk.
  • The widening gap between embedded device lifecycles and cyber-policy horizons.