An illustrated guide to explain OAuth and OpenID Connect!

Browser Rendering's new /crawl endpoint lets you submit a starting URL and automatically discover, render, and return content from an entire website as HTML, Markdown, or structured JSON.

Technical Writing Courses for Engineers

Discover 10 design patterns from the Kubernetes Patterns book that will help you follow basic Kubernetes concepts and design Kubernetes-based applications.

With end-to-end integration into the SDLC, continuous security supports CI/CD to improve productivity, speed time-to-market and reduce risks.

Nobl9 has released an open specification for defining SLOs and, in addition, has defined a repeatable SLO methodology.

GitHub Actions has revolutionized how we automate workflows, especially in a DevOps-driven world.... Tagged with webdev, github, productivity, githubactions.

In this article, I will present some cool tools that can be used to test and ensure the quality of your Docker image. Tagged with testing, docker.

In an ideal world you wouldn't have to perform multiple steps for the rendering, but unfortunately we... Tagged with kubernetes, devops, tutorial, argocd.

I realised that many companies offer no-code platforms to their users for automating workflows. The... Tagged with webdev, programming, javascript, ai.

A security researcher found Anthropic's full CLI source code exposed through a source map file. 1,900 files. 512,000+ lines. Everything. Tagged with claudecode, security, typescript, ai.

Long-lost copies of Andy Warhol's Amiga art, produced at a 1985 event, resurfaced in July 2024. They shed light on an earlier discovery.

Diagram as Code

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

Personal blogs are back, should niche blogs be next? Might good old fashion niche blogs be the solution to rampant social media misinformation, AI slop, and more?

Compatibility:
Source: See Trivy website for details. Trivy is an all-in-one open source security scanner that can help you identify vulnerabilities and IaC misconfigurations, discover SBOMs, perform cloud scanni…

What is EKS-D Amazon EKS Distro (EKS-D) is a Kubernetes distribution based on and used by Amazon Elastic Kubernetes Service (Amazon EKS). It provides latest upstream updates as well as extended security patching support…