Apr 12, 2026 · 10 min read
Lazy SRE's guide to secure systems, part 2: the actions you didn't pin
Hardening GitHub Actions for small teams. SHA pinning, OIDC, cooldowns, and the trigger Future You at 3am should not touch.
Page 2 of 3
Apr 12, 2026 · 10 min read
Hardening GitHub Actions for small teams. SHA pinning, OIDC, cooldowns, and the trigger Future You at 3am should not touch.
Apr 5, 2026 · 9 min read
Startup-grade defense against npm supply-chain attacks, for Future You at 3am. Chainjacking, postinstall scripts, smallest install, most leverage.
Feb 7, 2026 · 14 min read
Self-hosted SimpleLogin with Docker, Postfix, and Brevo for $3/month. The TLS gotcha that ate two hours of my Sunday, written down so you skip it.
Dec 31, 2025 · 3 min read
Tried booking a flight. Got blocked. Turns out Akamai thinks my 21 security extensions make me look like a hacker. They're not wrong.
Nov 19, 2025 · 7 min read
500 GB of logs, 7 days, same hardware. VictoriaLogs vs Loki: 94% lower query latencies, 37% smaller storage, half the CPU and RAM.
Oct 24, 2025 · 3 min read
Netlify suspended five free-tier sites of mine one Tuesday night. The 15-minute migration to Dokploy on a €3/month VPS that bought everything back.
Oct 14, 2025 · 8 min read
Deployed a TLS fingerprinting rule that seemed reasonable. Blocked every Chrome 119 user on Windows. The incident report was not fun to write.
Jan 12, 2025 · 2 min read
What I rewatch when the day's debugging is done: That 70's Show, Arrested Development, HIMYM, and the detective canon from Holmes to Poirot.
Dec 20, 2024 · 6 min read
After two years of running both GitHub Actions and GitLab CI across 50 microservices, here is which one I'd reach for and when.
Dec 18, 2024 · 7 min read
A practical guide to setting up Prometheus and Grafana for production monitoring. No theory, just battle-tested configurations that work.