Security and systems
Security, infrastructure, homelab operations, feature flags, and the system-design details that keep real products from falling over.
Security and infra writing from the angle I care about most: fewer footguns, better defaults, clearer operating models.
Start with controllable risk, then follow the line into scanners, defaults, and home infra.
Read first
- Feature Flags for Security: Decouple Deployment from Risk3 min
Security teams conflate deployment with activation. Feature flags split them apart, turning security from a gate into a dial.
- How I Built a Security Scanner That Actually Finds Bugs3 min
Combining Semgrep, CodeQL, SonarQube, and Snyk gets you 44.7% vulnerability detection. Semantic SAST combines Tree-sitter with LLM reasoning to do better.
- From Consumer NUC to Production-Grade Homelab: My Journey with Proxmox and Infrastructure as Code3 min
How I transformed two ASUS NUC 15 Pro+ machines into an enterprise-grade homelab using Proxmox, Terraform, Ansible, and 100% Infrastructure as Code
- Your Security Team Cannot Keep Up With AI2 min
Security review cycles designed for deterministic software are blocking AI adoption. The teams that survive will automate guardrails instead of...
Everything else
- The Homelab That Replaced My Cloud Bill3 min
I spent $2,000 on hardware that now handles workloads that would cost $500/month on AWS. The cloud is a tax on people who cannot be bothered to learn...
- The Integration Tax: What Nobody Tells You About Building Modern Software2 min
Every integration you add is a long-term commitment you're not budgeting for. The technical implementation is the easy part.
- The Abstraction Trap: When Clean Code Goes Wrong2 min
The most insidious form of technical debt does not come from rushed code or tight deadlines - it comes from overly clever abstractions built too early.
- Tech Debt Velocity: Measuring the True Cost of Shortcuts2 min
The most expensive software I've ever written was code I wrote 'quickly.' Not because it was complex, but because I wrote it with the intention of...
- The Complexity We Take for Granted3 min
We live in a world of invisible complexity. Every mundane moment is powered by an intricate dance of systems, protocols, and human ingenuity that we...
- The Security Tool Comparison Problem2 min
Every security tool comparison site is funded by the vendors being evaluated. This creates a specific, structural problem for security teams making...
- When Vibe Coding Goes Wrong: Security Lessons from Granola1 min
When Vibe Coding Goes Wrong: Security Lessons from Granola: Vibe coding is having a moment. And honestly.
- Building for Humans AND Machines: The Dual-Audience Problem3 min
Every web design decision now must serve two audiences: humans who browse visually and AI agents that consume data programmatically. The architectural...