I spent last weekend comparing two config files — a 400-line nginx setup where I’d made changes across multiple servers. I opened Diffchecker.com, pasted both files, and immediately ran into the same frustrations I’ve had for years: the page uploaded my text to their server (privacy issue for config files),… Read more →
Security, DevOps & Trading Tech — Practical Guides
-
CVE-2025-53521: F5 BIG-IP APM RCE — CISA Deadline 3/30
I triaged this CVE for my own perimeter the moment it hit the KEV catalog. If you’re running F5 BIG-IP with APM, here’s what you need to know and do—fast. CVE-2025-53521 dropped into CISA’s Known Exploited Vulnerabilities catalog on March 27, and the remediation deadline is March 30. If you’re running… Read more →
-
CVE-2026-3055: Citrix NetScaler Token Theft — Patch Now
Last Wednesday I woke 🔧 From my experience: After CitrixBleed, I started running automated config diffs against known-good baselines on a daily cron. It’s a 10-line bash script that’s caught unauthorized changes twice. Don’t wait for the next CVE to build that habit. up to three Slack messages from different clients,… Read more →
-
Git Worktrees: The Feature That Killed My Stash Habit
Git stashing is a crutch that breaks the moment you have more than one context switch per hour. Worktrees solve the actual problem: multiple working directories from a single repo, each on its own branch, each with its own uncommitted state—no stash juggling required. Git worktrees have been around since Git… Read more →
-
Mastering Kubernetes Security: Network Policies &
Network policies are the single most impactful security control you can add to a Kubernetes cluster — and most clusters I audit don’t have a single one. After implementing network segmentation across enterprise clusters with hundreds of namespaces, I’ve developed a repeatable approach that works. Here’s the playbook I use. Introduction… Read more →
-
UPS Battery Backup: Sizing, Setup & NUT on TrueNAS
A half-second power flicker during a ZFS scrub can corrupt your pool metadata if the write cache isn’t battery-backed. UPS battery backup isn’t optional for a NAS—it’s infrastructure. Sizing it correctly and wiring it into TrueNAS via NUT turns a catastrophic risk into a graceful shutdown. If you’re running a homelab… Read more →
-
Insider Trading Detector with Python & Free SEC Data
Three directors at a mid-cap biotech quietly buying shares within a five-day window—right before a Phase 3 readout—is the kind of signal that hides in SEC filings until someone builds a script to surface it. Python plus the SEC EDGAR API makes insider trading pattern detection accessible to anyone willing… Read more →
-
Track Pre-IPO Valuations: SpaceX, OpenAI & More
SpaceX is being valued at $2 trillion by the market. OpenAI at $1.3 trillion. Anthropic at over $500 billion. But none of these companies are publicly traded. There’s no ticker symbol, no earnings call, no 10-K filing. So how do we know what the market thinks they’re worth? The answer lies… Read more →
-
RegexLab: Free Offline Regex Tester With 5 Modes Regex101 Doesn’t Have
Pasting production log data into Regex101 means your server paths, IPs, and request payloads are now on someone else’s infrastructure. A fully offline regex tester that runs in your browser eliminates that risk—and can do things Regex101 can’t, like multi-file batch matching and replacement previews. That’s the moment I decided to… Read more →
-
Docker Compose vs Kubernetes: Secure Homelab Choices
Moving a homelab from Docker Compose to Kubernetes is a rite of passage that breaks half your services and teaches you why orchestration complexity exists. The real question isn’t which is better—it’s where the security and operational tradeoffs actually fall for a home environment. The real question: how big is your… Read more →