Thoughts on authentication, developer tools, and building secure applications.
Why brute-force counterexample search collapses in large combinatorial spaces, and which techniques (SAT solvers, simulated annealing, learned policies) actually work.
A practical guide to detecting, scrubbing, and preventing leaked AWS keys in Git repos — using gitleaks, git-filter-repo, OIDC, and pre-commit hooks.
A practical guide to detecting leaked credentials before they hit GitHub, scrubbing them from git history when they do, and preventing the next leak.
Patched CVEs can silently regress after OS upgrades or incomplete fixes. Here's how to fingerprint, test, and monitor critical patches so you actually know.
Relative timestamps like '2 hours ago' have been quietly breaking across the web. Here's the root cause and a step-by-step fix using Intl.RelativeTimeFormat.
Comparing Gemini 3.5 Flash, Claude Haiku 4.5, and GPT-4o mini with migration code and honest tradeoffs from production use.
SKIP: Not a developer-focused topic
LLM streaming responses cutting off after 60 seconds? The culprit is rarely the model — it's the proxy chain. Here's the root cause and a working fix.
Why 4-bit 27B models still OOM on 24GB cards, and the quant + KV cache + backend settings that actually let them fit.
Your auto-generated TypeScript SDK is full of `any` types? The fix isn't the generator — it's your OpenAPI spec. Here's how to tighten it up.
Why reading proof-of-concept exploit repos like v12-security/pocs makes you a better backend developer — and how to do it safely.
An honest comparison of Docker and Podman after migrating three projects, plus what you probably shouldn't containerize yourself.
How to stop AI bot spam PRs in your GitHub repo using git's author metadata, pre-receive hooks, and PR workflow checks.
