Last month I watched a teammate debug an auth bug by pasting a production JWT into the first “base64 decode online” result on Google. The token was a live bearer credential — valid for another 50 minutes, signed for our payments service. He pasted it into a text box on… Read more →
Security, DevOps & Trading Tech — Practical Guides
-
The SpaceX 424B Prospectus Is Free on SEC EDGAR — Here’s What It Says and How to Pull It
The day SpaceX priced its IPO, half the finance Twitter accounts I follow linked to a paywalled news story. The other half linked to a screenshot of a screenshot. Almost nobody linked to the one document that actually mattered: the SpaceX 424B prospectus sitting on SEC EDGAR, free, with every… Read more →
-
AirPods Max 2 Just Dropped to $399 on Amazon — Apple’s Flagship Headphones Have Never Been This Cheap
Prime Day 2026 just served up the deal a lot of us have been waiting for since March. Apple’s over-ear flagship, the AirPods Max 2, has dropped to $399 on Amazon — $150 off the $549 launch price, and the lowest this headphone has ever been. If you sat out… Read more →
-
HouseStockWatcher Is Dead — Here’s How to Pull the Latest House Trades Yourself
If you typed “housestockwatcher latest trades june 2026” into Google this week and landed on a dead page, you’re not imagining things. The old HouseStockWatcher S3 bucket that half the internet built scrapers against now returns a flat 403 AccessDenied. I checked this morning: $ curl -sI "https://house-stock-watcher-data.s3-us-west-2.amazonaws.com/data/all_transactions.json" HTTP/1.1 403 Forbidden <Error><Code>AccessDenied</Code>… That endpoint… Read more →
-
Why the Web Crypto API Won’t Compute MD5 (and How HashForge Does It in Your Browser)
Last week I needed an MD5 checksum to verify a file against a vendor’s published manifest. Old habit kicked in: open devtools, reach for the Web Crypto API, type one line. It failed on the spot: await crypto.subtle.digest('MD5', new TextEncoder().encode('abc')) // DOMException: Algorithm: Unrecognized name MD5 No MD5. Not deprecated-with-a-warning — just absent,… Read more →
-
How a Secure Password Generator Actually Works (and Why Math.random() Fails)
Last week I was reviewing a small auth service and found this one-liner generating reset tokens: const token = Array.from({length: 16}, () => CHARS[Math.floor(Math.random() * CHARS.length)] ).join(''); It runs. It produces things like xK9$mLp2@nQ7vR4w. It also happens to be a real security bug. That exact pattern is the one I deliberately avoided… Read more →
-
Reverse-Engineering SEC EDGAR’s Full-Text Search API (efts.sec.gov)
The official SEC EDGAR full-text search box at efts.sec.gov is great if you’re a human clicking around. It’s useless if you want to pull 200 filings that mention “going concern” into a script. So I opened the network tab, watched what the search page actually calls, and rebuilt the request… Read more →
-
How EXIF GPS Data Is Stored in a JPEG — A Byte-Level Teardown
Last week I wanted to prove a point to a friend who insisted his vacation photos were “fine to post.” So I opened one of his JPEGs in a hex editor, scrolled about 40 bytes in, and read his hotel’s GPS coordinates straight off the screen — no tools, no… Read more →
-
I Built a $20 Wi-Fi Desk Stock Ticker with an ESP32-C6 (No Soldering, No Code)
I kept a browser tab open just to glance at three stock tickers during the day. That tab cost me focus every single time I checked it, because a browser tab is never just a browser tab — it is a doorway to email, Slack, and forty other things. So… Read more →
-
Free Number Base Converter Online — Binary, Hex, Octal, Decimal
Convert numbers between binary, octal, decimal, and hexadecimal instantly with this free online base converter. Type a value in any field and the others update in real time — essential for programmers, students, and anyone working with low-level data. Runs entirely in your browser. How to Use This Base Converter Type a… Read more →