Thoughts on cybersecurity, open source, SDR, and technology experiments.
Middleware is the unsung hero of every Express app โ it logs, validates, authenticates, and handles errors before your route handler even wakes up. Here's how to use it without shooting yourself in the foot.
JWTs are everywhere โ and so are the catastrophic mistakes developers make with them. From the infamous 'alg: none' attack to leaking secrets in localStorage, here's what's actually going wrong in your auth layer.
Liveness, readiness, and startup probes are the unsung heroes of Kubernetes reliability โ and also the source of some truly spectacular 3 AM incidents. Here's how to stop your cluster from killing healthy pods and serving traffic to broken ones.
Your Docker images are the size of a small planet, and you're shipping your build tools, dev dependencies, and maybe even your lunch to production. Multi-stage builds are the diet plan your containers desperately need.
JWTs are everywhere, misunderstood by most, and broken in production more often than you'd like to know. Let's fix your auth before someone else does it for you.
Your Node.js app starts fine but turns into a RAM goblin after 48 hours. Memory leaks are sneaky, silent, and surprisingly easy to introduce โ here's how to find and fix them before your ops team hunts you down.
Your Docker image is the size of a small country's GDP in bytes. Multi-stage builds are the diet plan it never knew it needed โ and your CI pipeline will thank you.
JWTs are everywhere โ and so are the critical mistakes developers make with them. Algorithm confusion attacks, leaked secrets, and 'none' algorithm exploits have burned real companies. Here's how to use JWTs without shooting yourself in the foot.
Your API is an all-you-can-eat buffet and bots are filling their plates 10,000 times per minute. Here's how to be the bouncer your Express app desperately needs.
You shipped a breaking change and now every mobile app from 2022 is on fire. Let's talk about API versioning strategies so you never have that 3am call again.
The classic excuse that haunts every engineering team. Your laptop runs the app flawlessly; production explodes on deploy. Docker Compose is the cure โ if you wire it up correctly. Let's build a local environment so tight that 'it works on my machine' becomes a flex, not an apology.
You're using Math.random() to generate password reset tokens? A hacker can predict your 'random' numbers and own every account on your platform. Here's why crypto-insecure randomness is a silent killer โ and how to fix it in 5 minutes.