Hard problems made legible
It’s always something.
Our aim is to help you see it coming.
It’s hard to think when
you’re trying not to sink.
System failures at scale rarely come from a lack of expertise. They come from misalignment between disciplines, and time horizons that outrun the incentives of the people inside the system.
What we do
Short, focused engagements for decision-makers facing something consequential and genuinely unusual, where the normal channels are too narrow, too slow, or too political to help. Technical, organisational, regulatory, or some uncomfortable mix of all three.
Hacker-literate, policy-aware work for decisions that must hold up over years, not quarters.
Executive and board briefings, facilitation, fractional advisory, standards coordination, and standing monthly engagements for leaders who need a second brain outside their reporting chain — decision-ready clarity in days or weeks, not months.
Learn more about the practice →A worked example: the 2036–2038 rollover
One illustration of the kind of problem this practice exists for — a long-horizon, cross-sector risk that sits across the seam between engineering, regulation, and procurement, where no single discipline owns it. A family of timing failures built quietly into infrastructure over decades, surfacing on fixed, known dates:
7 Feb 2036
NTP 32-bit counter rollover
19 Jan 2038
Signed 32-bit
time_t rollover — Unix epoch
It’s the kind of problem this practice is built to go deep on: co-editor of the ITU-T Technical Paper coordinating the international response — agreed at Study Group 17 in Geneva this June — and co-chair of the FIRST Time Security SIG. NIS2, CRA, and DORA are beginning to frame timing as a regulated systemic risk, while embedded device lifecycles keep outrunning the policy horizon.
The Epochalypse Project FAQ gives a concise orientation, and the RATP/Alstom case — examined in depth by Epsiloon (n°57) — shows what the exposure looks like in practice. Read the investigation →
XSTP.epoch, the ITU-T Technical Paper itself, develops the cross-sector coordination framework for the cluster; Revision 1 was agreed at the SG17 plenary (Geneva, 1–10 June 2026). Substantive reviewer engagement is welcome before Revision 2. Read the background →
Commons
Open frameworks, released under CC BY
The work that belongs to everyone — released for use, adaptation, and reuse without asking.
Civic texts for people doing the work: The Hippocratic Oath of the Cybersecurity Practitioner, The Friend Protocol, a small set of principles for the hard conversations serious work depends on, and Knights Chess, a chess variant for thinking about decision-making when the rules themselves are unstable.
Public interest work and standards for the field: XSTP.epoch (ITU-T Technical Paper on global coordination for the 2036–2038 cluster, agreed by SG17 in June 2026), the Meridian Protocol for durable web preservation, and the 2038-Class Risk Exposure Matrix workshop kit.
Ethics
That work carries responsibility.
We do not offer certainty. We offer clearer tradeoffs.
A short statement of the terms on which Proper Tools takes on work — and the practitioner’s oath beneath, offered to the community under CC BY.
Field Notes
Occasional essays on infrastructure risk, long-horizon failure modes, and the gap between how systems are governed and how they actually fail. Written to remain useful long after the moment that prompted them.