Posts
All the articles I've posted.
-
Alpine vs. Distroless: Choosing Your Minimalist Base
Alpine gives you a shell and apk; Distroless gives you nothing but the app. Compare attack surface, image size, and multi-stage build complexity.
4 min read -
Cloudflare WAF: Free Tier Firewall Rules
Cloudflare's free tier WAF is more powerful than most people use. Here's how to actually configure it — rules, rate limits, and all.
7 min read -
Distroless: How to Build Slim, Secure Containers
Distroless images contain only your app and its runtime — no shell, no package manager, no attack surface. Here's how to build them.
5 min read -
Certificate Pinning: The Nuclear Option for TLS Security (Use With Caution)
Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.
8 min read -
.gitignore Entries Every Project Actually Needs
Stop leaking secrets, dependencies, and OS garbage into git. Here are the .gitignore patterns that save you from disaster.
4 min read -
Multi-Stage Docker Builds: Stop Shipping Your node_modules to Production
Learn multi-stage Docker builds to slash image sizes by 90%. Practical before/after examples for Node.js, Python, and Go with real size comparisons.
14 min read -
Cloudflare DNS: Beyond Pointing Records
Stop using your registrar's janky DNS panel. Here's how Cloudflare DNS actually works — proxying, DNSSEC, dynamic DNS, and email records that don't break.
8 min read -
LiteLLM & vLLM: One API to Rule All Your Models
Stop juggling 17 different LLM SDKs. LiteLLM and vLLM give you a unified OpenAI-compatible API for every model — local or cloud, fast and production-ready.
7 min read -
System Prompts: The LLM Feature Most People Ignore
System prompts are your secret weapon. How they work, why they matter more than you think, and 5 patterns that actually change model behavior.
4 min read -
Systemd Socket Activation: Start Services Only When Someone Actually Knocks
Learn systemd socket activation to start services on-demand, save RAM, and cut boot time. Includes .socket unit files, real examples, and testing with systemd-socket-activate.
7 min read -
make for Project Automation (It's Not Just for C Code)
Forget bash scripts scattered across your repo. make is a simple task runner that's been around for 50 years and works everywhere.
5 min read -
Vault vs Infisical: Secrets Management for Teams Who've Learned the Hard Way
HashiCorp Vault vs Infisical compared: secrets management for DevOps teams, Docker Compose setup, SDK examples, and when complexity is worth it.
9 min read
