Career
✍️ Hand-written
From Eggdrop to AI Agents: It's Not Actually That New
AI agents, MCP, tool calling feel brand new — but to anyone who ran an Eggdrop bot on IRC, it's familiar. The real shift wasn't tech, but access to knowledge.
#automation
48 posts found.
Career
CI/CD for Side Projects: 3 Pragmatic Design Choices
I explain how I set up CI/CD processes in my side projects using pragmatic approaches and the challenges I encountered during these processes.
Life
Secret Rotation Automation: The Operational Cost of Security
I analyze the operational overhead of secret key rotation and the cost-effectiveness of automation. Real-world scenarios and trade-offs.
Life
CI/CD Strategies: The Cost of Over-Complexity for Indie Hackers
How I approach CI/CD as an indie hacker, the impact of unnecessary complexity on time and cost, and simple, effective solutions. My journey...
Career
✍️ Hand-written
A Self-Running Content System: An Indie Hacker's Experience
Problems I hit, lessons I learned, and the small tweaks behind my AI-driven content pipeline. From VPS to GitHub Actions, real field experience.
Career
✍️ Hand-written
An Old Engineer's Notebook: The Automation Nightmare
In a world where we keep pushing the limits of automation, what is the cost of losing the human factor? Technology and the future from an old engineer's…
Tutorials
IaC Drift Management: Unexpected Infrastructure Discrepancies and
IaC Drift Management prevents your infrastructure from deviating from your code. Learn the causes, risks, and strategies for detecting and correcting drift.
Technology
✍️ Hand-written
Docker Ate 56 GB of Disk in a Day: Building a Cleanup Automation
Disk hit 100% on my VPS and my blog couldn't publish for 5 hours. Docker build cache 33 GB, unused images 23 GB. Pruning + a systemd timer is the permanent fix.
Technology
Feature Flags and Configuration Governance: Parameter Store and Audit
Treating configuration like a product: feature flags, parameter store, schema, approval flow, audit log, and rollback discipline.
Technology
The Terraform Plan Mystery: Automation That Deletes the Wrong Resource
Take a deep look at Terraform plan's surprise resource deletions and the strategies for protecting your automation pipelines from these kinds of failures.
Technology
Secure B2B File Flow with an Object Storage Dropzone
An approach to building secure B2B file exchange using an object storage dropzone, short-lived access, and audit trails — instead of an SFTP bottleneck.
Technology
Certificate Expiry Nightmare: The Hidden Traps of Auto-Renewal
Explore the hidden traps and possible failure modes inside the auto-renewal process of certificates that are vital to digital security. Don't let your security…
Tutorials
Service Discovery with Consul: Health Checks and the DNS Interface
A guide to building an operable service discovery layer with Consul through health-driven service registration and the DNS interface.
Technology
Self-Hosted CI Runner Security: Isolation, OIDC and Secrets
A practical model that lowers supply-chain risk on self-hosted CI runners with isolation, network boundaries and OIDC-based short-lived authorization.
Tutorials
Golden Image Pipeline with Packer: CIS Baseline and Patch Strategy
A golden image approach that hardens and tests the server image at build-time, accelerating patch, drift and emergency CVE workflows.
Tutorials
✍️ Hand-written
Self-Healing Services with systemd Watchdog
Reduce 'stuck but not dead' failures with systemd WatchdogSec + notify: unit configuration, restart policy, and alarm integration.
Tutorials
Terraform CI Guardrails: Plan/Apply, Drift, and Policy Check
Balancing safety and speed in IaC: a guide to managing prod changes through plan/apply separation, drift detection, policy-as-code, and approval flows.
Technology
Firewall Rulebase Cleanup: Waves with Hitcount and Shadow Rules
Pull your firewall rule set out of the 'don't touch it, it'll explode' state with hitcount, log evidence, ownership, and a wave-based approach to safely…
Tutorials
Server Inventory and Security Signals with FleetDM + osquery
Turn 'what's on which server?' into a living inventory; a guide for scaling osquery queries with FleetDM into operational and security signal.
Tutorials
SLO-Driven Load Testing with k6: Capacity Baselines and Release Gates
A practical approach that turns load testing from a peak-RPS race into an SLO-driven (latency/error) capacity baseline and a CI release gate.
Tutorials
A Maintenance-Wave Runbook for Firmware Upgrades on Enterprise…
A runbook that turns firmware upgrade work into a repeatable maintenance rhythm with inventory, ring/wave approach, validation metrics, and a rollback…
Tutorials
GitOps Secrets Management with SOPS + age
A practical SOPS + age setup and operational discipline for keeping encrypted secrets in Git and decrypting them safely inside CI/CD and the cluster.
Career
Managing Operational Debt with a Toil Budget
A toil budget approach for sustainable operations: measuring repetitive manual work, making it visible, and protecting time for improvement.
Tutorials
A Pre-Validation Pipeline for Network Changes with Batfish
A practical Batfish flow that validates routing/ACL changes before they reach production via 'snapshot + question set,' catching human error early.
Tutorials
Designing Maintenance Waves for Kubernetes Node OS Patching
Roll out node patches in maintenance waves rather than all-at-once: drain, PDB, parallelism, and a safe rollback path.
Tutorials
Network Drift with NetBox + Nornir: An Approval-Driven Remediation…
Detect configuration drift, approve fixes through Git, and apply them under control: source of truth → report → PR → rollout.
Tutorials
Short-Lived SSH Certificates with an OpenSSH CA
An OpenSSH CA-based approach to set up auditable, time-bound SSH access in place of shared bastion accounts and long-lived keys.
Tutorials
Operational Runbook for JWKS Key Rotation
A runbook to triage the 401 wave (kid mismatch/JWKS cache) that occurs during JWT key rotation, and to set up safe overlap/caching strategy.
Technology
Maintenance Wave Architecture for Patch Orchestration on…
An architectural decision frame for rolling out patches across large platform fleets in controlled waves rather than in a single pass.
Tutorials
Sensitive-Data Masking Pipeline for Logs with Vector and VRL
A practical Vector and VRL based approach for cleaning sensitive fields out of a centralised log stream before they reach the destination.
Technology
Test Data Masking Factory for ERP Infrastructures
A repeatable masking pipeline for ERP test environments that preserves realistic data behavior, keeps security intact, and is reproducible.
Technology
A Digital Twin Layer for Policy Drift in Enterprise Networks
A digital twin approach for seeing drift in firewall, routing, and segmentation rules without touching production.
Technology
Service Impact Analysis with a Dependency Graph on Enterprise…
An approach that turns architectural dependencies from a static diagram into readable impact analysis available before changes.
Tutorials
Designing an Enterprise Management Network Overlay with Headscale
A Headscale-based management network overlay guide for providing controlled access to scattered servers and management endpoints.
Tutorials
Continuous Vulnerability Validation on Internal Assets with Nuclei
A practical Nuclei approach for scanning internal network services with low noise and tying validated findings to your operations workflow.
Tutorials
Tail Sampling Design in the OpenTelemetry Collector
A guide that explains how to set up tail sampling to lower cost on high-volume trace data while preserving the critical flows.
Tutorials
Short-Lived Certificate Automation for Internal Services with step-ca
A guide that explains a step-ca based short-lived TLS certificate generation flow for cutting long-lived certificate burden between internal services.
Tutorials
A Telemetry Filtering Layer with the OpenTelemetry Collector
A guide describing how to set up filtering and routing on the OpenTelemetry Collector to reduce unnecessary volume in metric, log, and trace flows.
Technology
An Idempotent Retry Corridor in ERP Integrations
A retry corridor that prevents repeated calls from producing data inconsistencies and improves resilience in ERP integrations.
Technology
Certificate Lifecycle Architecture on Enterprise Platforms
An architectural approach that turns TLS certificates from a file-renewal chore into a first-class enterprise platform component.
Tutorials
Just-in-Time Access to the Management Network with WireGuard
A practical WireGuard-based approach to building short-lived, auditable management access instead of permanent VPN accounts.
Technology
Batch-Window-Free Workflow Architecture in ERP Infrastructures
An architectural approach that converts ERP processes tied to nightly batch windows into event-driven and observable flows.
Tutorials
A Centralised Log Collection Pipeline with Vector
A practical Vector-based setup approach for collecting and routing application, syslog, and infrastructure logs through a single stream.
Tutorials
Agent Consolidation with Grafana Alloy
A Grafana Alloy based approach for unifying the chaos of node exporter, log agent, and telemetry collector into a single pipeline.
Tutorials
IPAM and Inventory Automation with NetBox
A NetBox approach for moving the network address plan and data center inventory out of ticket spreadsheets and into an automation-friendly model.
Technology
Golden Path Design in Enterprise Platforms
An architectural framework for the golden path approach so platform teams can deliver speed and standardization together.
Tutorials
A Server Hardening Baseline with Ansible
A guide to making your Linux server security baseline repeatable and auditable with Ansible.
Tutorials
Privileged Access with Short-Lived Certificates
A guide to managing privileged access safely by using short-lived certificates instead of permanent SSH keys.