I’ve reviewed a lot of auth code over the years. The single most common mistake? Treating OAuth and JWT as the same thing, or worse, picking one when you needed the other. They solve different problems, and confusing them leads to real vulnerabilities. Here’s what each actually does, when to pick… Read more →
Security, DevOps & Trading Tech — Practical Guides
-
PassForge: Building a Password Workstation Beyond One Slider
I was setting up a new server last week and needed twelve unique passwords for different services. I opened three tabs — LastPass’s generator, Bitwarden’s generator, and 1Password’s online tool. Every single one gave me a barebones interface: one slider for length, a few checkboxes, and a single output. Copy,… Read more →
-
YubiKey SSH Authentication: Stop Trusting Key Files on Disk
I stopped using SSH passwords three years ago. Switched to ed25519 keys, felt pretty good about it. Then my laptop got stolen from a coffee shop — lid open, session unlocked. My private key was sitting right there in ~/.ssh/, passphrase cached in the agent. That’s when I bought my first… Read more →
-
Browser Fingerprinting: Identify You Without Cookies
Last month I was debugging a tracking issue for a client and realized something uncomfortable: even after clearing all cookies and using a fresh incognito window, a third-party analytics script was still identifying the same user session. No cookies, no localStorage, no URL parameters. Just JavaScript reading properties that every… Read more →
-
Privacy-Focused Diff Checker: No Text Upload Required
I spent last weekend comparing two config files — a 400-line nginx setup where I’d made changes across multiple servers. I opened Diffchecker.com, pasted both files, and immediately ran into the same frustrations I’ve had for years: the page uploaded my text to their server (privacy issue for config files),… Read more →
-
Citrix NetScaler CVE-2026-3055 Exploited: What to Do Now
Last Wednesday I woke up to three Slack messages from different clients, all asking the same thing: “Is our NetScaler safe?” A new Citrix vulnerability had dropped — CVE-2026-3055 — and by Saturday, CISA had already added it to the Known Exploited Vulnerabilities catalog. That’s a 7-day turnaround from disclosure… Read more →
-
Git Worktrees: The Feature That Killed My Stash Habit
Last Tuesday I was deep in a refactor — 40 files touched, tests half-green — when Slack lit up: “Production’s returning 500s, can you look at main?” My old workflow: git stash, switch branches, forget what I stashed, lose 20 minutes reconstructing state. My current workflow: git worktree add ../hotfix… Read more →
-
TrueNAS Setup Guide: Enterprise Security for Your Homelab
Last month I rebuilt my TrueNAS server from scratch after a drive failure. What started as a simple disk replacement turned into a full security audit — and I realized my homelab storage had been running with basically no access controls, no encryption, and SSH root login enabled. Not great. Here’s… Read more →
-
UPS Battery Backup: Sizing, Setup & NUT on TrueNAS
Last month my TrueNAS server rebooted mid-scrub during a power flicker that lasted maybe half a second. Nothing dramatic — the lights barely dimmed — but the ZFS pool came back with a degraded vdev and I spent two hours rebuilding. That’s when I finally stopped procrastinating and bought a… Read more →
-
Insider Trading Detector with Python & Free SEC Data
Last month I noticed something odd. Three directors at a mid-cap biotech quietly bought shares within a five-day window — all open-market purchases, no option exercises. The stock was down 30% from its high. Two weeks later, they announced a partnership with Pfizer and the stock popped 40%. I didn’t catch… Read more →