Long-form writing on security, Kubernetes, platform engineering, and the operational realities of keeping production systems alive.
Two small CLIs and a pair of Claude skills push image, video, and research work onto a homelab GPU. Frontier intelligence stays for the part of the job that actually needs it.
Read article →A small FTP daemon collects scanner traffic, a watcher turns new IPs into bounded PentAGI flows, and a local Qwen3-Coder model on an RTX 5090 handles the routine investigation work.
Read article →For 93 minutes, npm install @bitwarden/cli was the breach. The fix is not a faster IOC feed; it is lifecycle-script control, release-age gating, internal registries, and CI egress that fails closed.
Read article →A new open-source MCP server that wraps Bitwarden Secrets Manager, so Claude (or Hermes, or whoever's driving your homelab this week) gets a controlled, audited path to read and write secrets — without you teaching it how to eval shell strings.
Read article →How a single Python script and an LLM endpoint can turn your Kubernetes cluster logs into actionable security intelligence. Point it at any Loki instance. No SIEM subscriptions, no per-GB ingestion fees.
Read article →The undocumented bot name, the silent failures, and the three working approaches for requesting Copilot code reviews from CI/CD pipelines and agentic workflows.
Read article →Yesterday's PyPI compromise of LiteLLM harvested every credential it could find on disk. Here's how ephemeral filesystem secrets via the Kubernetes Secrets Store CSI Driver reduce the blast radius of exactly this class of attack.
Read article →