I run ArgoCD on my TrueNAS homelab for all container deployments. Every service I self-host — Gitea, Immich, monitoring stacks, even this blog’s CI pipeline — gets deployed through ArgoCD syncing from Git repos on my local Gitea instance. I’ve also deployed Flux for clients who wanted something lighter. After… Read more →
Security, DevOps & Trading Tech — Practical Guides
-
OAuth vs JWT: Choosing the Right Tool for Developers
I’ve implemented both OAuth and JWT in production systems across my career—from enterprise SSO rollouts to lightweight API auth for side projects. The single most common mistake I see? Treating OAuth and JWT as the same thing, or worse, picking one when you needed the other. They solve different problems,… Read more →
-
PassForge: Building a Password Workstation Beyond One Slider
I was setting up a new server last week and needed twelve unique passwords for different services. I opened three tabs — LastPass’s generator, Bitwarden’s generator, and 1Password’s online tool. Every single one gave me a barebones interface: one slider for length, a few checkboxes, and a single output. Copy,… Read more →
-
Enterprise Security at Home: Wazuh & Suricata Setup
I run Wazuh and Suricata on my home network. Yes, enterprise SIEM and IDS for a homelab—it’s overkill by any reasonable measure. But after catching an IoT camera phoning home to servers in three different countries, I stopped second-guessing the investment. Here’s why I do it and how you can… Read more →
-
YubiKey SSH Authentication: Stop Trusting Key Files on Disk
I stopped using SSH passwords three years ago. Switched to ed25519 keys, felt pretty good about it. Then my laptop got stolen from a coffee shop — lid open, session unlocked. My private key was sitting right there in ~/.ssh/, passphrase cached in the agent. That’s when I bought my first… Read more →
-
Master Docker Container Security: Best Practices for 2026
Your staging environment is a dream. Every container spins up flawlessly, logs are clean, and your app hums along like a well-oiled machine. Then comes production. Suddenly, your containers are spewing errors faster than you can say “debug,” secrets are leaking like a sieve, and you’re frantically Googling “Docker security… Read more →
-
Pre-IPO API: SEC Filings, SPACs & Lockup Data
I built the Pre-IPO Intelligence API because I needed this data for my own trading systems and couldn’t find it in one place. If you’re building fintech applications, trading bots, or investment research tools, you know the pain: pre-IPO data is fragmented across dozens of SEC filing pages, paywalled databases,… Read more →
-
Browser Fingerprinting: Identify You Without Cookies
Browser fingerprinting can identify you across sessions, devices, and even VPNs—without a single cookie. Your canvas rendering, WebGL driver strings, font list, and audio processing characteristics create a signature so unique that clearing your browser data does almost nothing to reset it. Browser fingerprinting isn’t new, but most developers I talk… Read more →
-
Privacy-Focused Diff Checker: No Text Upload Required
I spent last weekend comparing two config files — a 400-line nginx setup where I’d made changes across multiple servers. I opened Diffchecker.com, pasted both files, and immediately ran into the same frustrations I’ve had for years: the page uploaded my text to their server (privacy issue for config files),… Read more →
-
CVE-2025-53521: F5 BIG-IP APM RCE — CISA Deadline 3/30
I triaged this CVE for my own perimeter the moment it hit the KEV catalog. If you’re running F5 BIG-IP with APM, here’s what you need to know and do—fast. CVE-2025-53521 dropped into CISA’s Known Exploited Vulnerabilities catalog on March 27, and the remediation deadline is March 30. If you’re running… Read more →