Security
My own Ghost blog has open signup, so I went looking for a CAPTCHA. Ghost built one and ripped it out. Then Cloudflare Turnstile started reading every visitor's GPU.
Security
The world is most influential executives suddenly subscribed to my niche tech blog. None of them had heard of me. A field guide to newsletter bombing, the magic link that clicks itself, and why your blog is the ammunition, not the target.
Security
Three supply-chain compromises in eight days self-propagated through SLSA-attested pipelines. The custodians signed the malware themselves.
microsoft
Locked out of your Microsoft account as the sole admin? Join me on a 2-week odyssey through Microsoft's Kafkaesque support system. Learn the secret backdoors, magic words, and creative workarounds I discovered to finally recover my account. A survival guide born from corporate bureaucracy hell.
ghost
Woke up to suspicious AWS bot traffic hitting my Ghost API endpoints. Spent 5 minutes convinced I was hacked before realizing I'm just an idiot who never read the docs. Turns out Ghost's Content API key is supposed to be public. Who knew? (Everyone except me, apparently.)
TLS
The CA/Browser Forum just approved shrinking TLS certificates to 47 days by 2029. We'll soon pay the same price for commercial certs that expire faster than a DHCP lease. Time to embrace automation - those 'annoying' 90-day Let's Encrypt certificates suddenly look like visionaries.
homelab
Transform your homelab with a custom validated domain using Nginx Proxy Manager, Cloudflare, and wildcard SSL. Access services through clean, secure URLs instead of IP addresses and ports.