AuthonAuthon Blog

Authon Blog

Thoughts on authentication, developer tools, and building secure applications.

Why brute-force counterexample search fails (and what to do instead)
debugging

Why brute-force counterexample search fails (and what to do instead)

Why brute-force counterexample search collapses in large combinatorial spaces, and which techniques (SAT solvers, simulated annealing, learned policies) actually work.

algorithmspythonaiprogramming
How to Stop Accidentally Committing AWS Keys to GitHub
debugging

How to Stop Accidentally Committing AWS Keys to GitHub

A practical guide to detecting, scrubbing, and preventing leaked AWS keys in Git repos — using gitleaks, git-filter-repo, OIDC, and pre-commit hooks.

securitygitaws
How to Stop Leaking AWS Keys to GitHub (And What to Do When You Already Did)
debugging

How to Stop Leaking AWS Keys to GitHub (And What to Do When You Already Did)

A practical guide to detecting leaked credentials before they hit GitHub, scrubbing them from git history when they do, and preventing the next leak.

securitydevopsaws
When a patched CVE comes back: detecting silent driver regressions
debugging

When a patched CVE comes back: detecting silent driver regressions

Patched CVEs can silently regress after OS upgrades or incomplete fixes. Here's how to fingerprint, test, and monitor critical patches so you actually know.

securitywindowsdevops
Why 'x time ago' is broken everywhere and how to actually fix it
debugging

Why 'x time ago' is broken everywhere and how to actually fix it

Relative timestamps like '2 hours ago' have been quietly breaking across the web. Here's the root cause and a step-by-step fix using Intl.RelativeTimeFormat.

webdevjavascriptfrontend
Gemini 3.5 Flash vs Claude Haiku vs GPT-4o mini: Picking a Small Model
comparison

Gemini 3.5 Flash vs Claude Haiku vs GPT-4o mini: Picking a Small Model

Comparing Gemini 3.5 Flash, Claude Haiku 4.5, and GPT-4o mini with migration code and honest tradeoffs from production use.

aipythonwebdev
SKIP: Not a developer-focused topic
debugging

SKIP: Not a developer-focused topic

SKIP: Not a developer-focused topic

skip
Why your LLM SSE stream dies after 60 seconds (and how to actually fix it)
debugging

Why your LLM SSE stream dies after 60 seconds (and how to actually fix it)

LLM streaming responses cutting off after 60 seconds? The culprit is rarely the model — it's the proxy chain. Here's the root cause and a working fix.

webdevaidevops
Why your 27B model won't fit on 24GB VRAM (and how to actually fix it)
debugging

Why your 27B model won't fit on 24GB VRAM (and how to actually fix it)

Why 4-bit 27B models still OOM on 24GB cards, and the quant + KV cache + backend settings that actually let them fit.

llmmachinelearningperformance
Why your generated SDK is full of 'any' types — and how to fix it
debugging

Why your generated SDK is full of 'any' types — and how to fix it

Your auto-generated TypeScript SDK is full of `any` types? The fix isn't the generator — it's your OpenAPI spec. Here's how to tighten it up.

openapitypescriptapi
PoC Repos Are Underrated: Why Every Dev Should Read Exploit Code
tutorial

PoC Repos Are Underrated: Why Every Dev Should Read Exploit Code

Why reading proof-of-concept exploit repos like v12-security/pocs makes you a better backend developer — and how to do it safely.

securitywebdevdevops
Docker vs Podman: Migrating Three Projects, Honestly
comparison

Docker vs Podman: Migrating Three Projects, Honestly

An honest comparison of Docker and Podman after migrating three projects, plus what you probably shouldn't containerize yourself.

dockerpodmandevops
How to Block AI Bot Spam in Your GitHub Repo Using Git's Author Filters
debugging

How to Block AI Bot Spam in Your GitHub Repo Using Git's Author Filters

How to stop AI bot spam PRs in your GitHub repo using git's author metadata, pre-receive hooks, and PR workflow checks.

gitgithubdevops
Authon Blog -- Authentication, Security & Developer Tools