Explores the 'Normalization of Deviance' concept in AI safety, warning against complacency with LLM vulnerabilities like prompt injection.
Fixing YouTube embed error 153 by adjusting Django's Referrer-Policy header from same-origin to strict-origin-when-cross-origin.
Explains the security risks of community-developed MCP servers and how to centrally manage and secure them using an MCP Gateway.
A guide to configuring Content-Security-Policy (CSP) headers in a local 11ty development environment for faster testing.
A developer refactors an outdated JavaScript performance snippet to improve security and adhere to modern web best practices.
A tutorial on building a custom, session-based authentication system in JavaScript and TypeScript, covering secure password handling and session management.
Explains why eBPF observability tools, designed for low overhead, are not suitable for security monitoring due to evasion risks.
An overview of Django's built-in session management system, explaining its security features and how to configure them for robust user data protection.
An overview of core cryptography concepts and their implementation in Python, based on a presentation by Andrew Sillers.
Announcing django-denied, a Django package that enforces authorization by denying all views by default for enhanced security.
A blogger shares their 2022 goals for writing, media production, and software development, focusing on accountability and personal growth.
Using Python's pytm framework to threat model the security flaws in the fictional systems of Jurassic Park.
Critique of npm audit's flaws, arguing its default rollout was rushed and harmful to front-end development workflows.
A detailed analysis of a blackmail email scam demanding a $2000 Bitcoin payment to prevent the release of compromising material.
Explains the purpose of React's $$typeof property, a security feature using Symbols to prevent XSS attacks in React elements.
A guide to building a dedicated homelab server for running development VMs, covering the benefits of isolation and hardware selection.
A blogger clarifies that Skype's unencrypted local database is not a security vulnerability, as it's protected by system-level access controls.
A blog post explaining the Heartbleed OpenSSL vulnerability and providing Python scripts to test websites for it.
Upcoming improvements to Dabblet, including JavaScript support, cross-browser compatibility, security enhancements, and Prism integration.
Exploring the idea of automatic login via notification emails, discussing the tradeoffs between usability and security.
