Tag: security

Use su with a specific shell to switch users without the default login shell — useful when /etc/passwd points to something unexpected.

You committed .env.production once. Your database credentials are in git forever. Here's how to use dotenv without shooting yourself.

Claude Code found a Linux vulnerability hidden for 23 years. You can use the same AI code auditing approach to find bugs in your own projects before attackers do.

Stop letting Docker Hub throttle your CI/CD. Run Harbor for RBAC, Trivy scanning, image replication, and a real UI — on infrastructure you control.

TLS 1.3 explained without the PhD: faster handshakes, better ciphers, and how to actually configure Nginx and Caddy to use it.

Cloudflare's free tier WAF is more powerful than most people use. Here's how to actually configure it — rules, rate limits, and all.

Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.

Stop leaking secrets, dependencies, and OS garbage into git. Here are the .gitignore patterns that save you from disaster.

HashiCorp Vault vs Infisical compared: secrets management for DevOps teams, Docker Compose setup, SDK examples, and when complexity is worth it.

FOSS licenses explained for developers and self-hosters: MIT vs GPL vs AGPL vs Apache 2.0, copyleft vs permissive, and what recent license changes mean for you.

Mutual TLS (mTLS) explained for mortals: how both sides authenticate, setting up step-ca for internal PKI, generating client certs, and configuring nginx with mTLS.

Hide your SSH port from scanners with port knocking. It's not a replacement for security, but it's a valid defense-in-depth tactic.