may 15, 202614 min readFeatured
Seven visual tools, one diagram
Excalidraw is fast, but everything I make in it looks the same. Seven tools that promise visuals with attitude, one diagram, three I'd keep.
I tinker with infrastructure and write about what broke. The good stuff is at the top; the rest is in the archive.
Excalidraw is fast, but everything I make in it looks the same. Seven tools that promise visuals with attitude, one diagram, three I'd keep.
Ivanti made everyone re-read their VPN architecture in January 2024. Tailscale, Cloudflare Tunnel, and WireGuard in one afternoon.
Your company's MDM dropped managed-settings.json and the network team wedged Claude through an AI gateway. Here's how each leash works.
Snowflake taught everyone what happens when an infostealer runs on a contractor's personal Mac. The laptop is the perimeter.
Four DNS records that close the entire phishing impersonation class. SPF, DKIM, DMARC, CAA, two monitors, one afternoon.
Identity, network, default creds, attestation, audit logs — the controls that close most of the gap Parts 1 and 2 left.
Hardening GitHub Actions for small teams. SHA pinning, OIDC, cooldowns, and the trigger Future You at 3am should not touch.
Startup-grade defense against npm supply-chain attacks, for Future You at 3am. Chainjacking, postinstall scripts, smallest install, most leverage.
Self-hosted SimpleLogin with Docker, Postfix, and Brevo for $3/month. The TLS gotcha that ate two hours of my Sunday, written down so you skip it.
Tried booking a flight. Got blocked. VPN didn't help. IP was clean. Turns out Akamai thinks my 21 security extensions make me look like a hacker. They're…
500 GB of logs, 7 days, same hardware. VictoriaLogs vs Loki: 94% lower query latencies, 37% smaller storage, half the CPU and RAM.
Netlify suspended five free-tier sites of mine one Tuesday night. The 15-minute migration to Dokploy on a €3/month VPS that bought everything back.
Deployed a TLS fingerprinting rule that seemed reasonable. Blocked every Chrome 119 user on Windows. The incident report was not fun to write.
What I rewatch when the day's debugging is done — That 70's Show, Arrested Development, HIMYM, and the detective canon from Holmes to Poirot.
After two years of running both GitHub Actions and GitLab CI across 50 microservices, here is which one I'd reach for and when.
A practical guide to setting up Prometheus and Grafana for production monitoring. No theory, just battle-tested configurations that work.
Hard-learned lessons from debugging Kubernetes issues at 3 AM. These tricks will save you hours of frustration.
Your containers are probably insecure. Here's how I learned to harden Docker containers the hard way, and the security mistakes that almost cost us.
Our AWS bill hit $50k/month. Here's exactly how we reduced it to $20k without sacrificing performance or reliability.
Learning Terraform the hard way. Here are the mistakes that cost me sleep, money, and a bit of my sanity.