Loading
Things I've learned, broken, and figured out.
A deep dive into Bun — the modern JavaScript runtime built for speed, simplicity, and full-stack development.
I've built projects with all three. Here's what actually matters when choosing between them, from someone who cares about security.
Root containers, mounted sockets, exposed debug ports. I've made most of these mistakes — here's what I do now.
Env vars aren't secure — they're just less insecure than hardcoding. The distinction matters more than most developers realize.
The scary stuff — zero-day exploits, APTs — accounts for a tiny fraction of actual breaches.
Passwords were always a terrible idea we just got used to. Here's why passkeys are the first real replacement that actually works.
Why LLM-generated code is a security risk — and how to mitigate it.
We blindly trust packages from strangers on the internet. Here's why that's terrifying and what to do about it.