A LinkedIn recruiter pitched me a remote "Software Engineer at a DEX" project this week. Reasonable comp range, tech stack squarely in my wheelhouse. After a couple of friendly exchanges, she asked me to "review the codebase before the technical interview" and sent me a GitHub repo link plus a Calendly invite for the call. The repo was malware. It didn't get me, but it's something developers shoul
In the fast-paced world of continuous integration and deployment (CI/CD), managing sensitive information like API keys, tokens, and credentials—collectively known as secrets—is not just a best practice; it's a critical foundation for security and efficiency. GitHub Actions provides a robust framework for automating workflows, but a common friction point for many development teams, particularly tho
The Challenge of Scalable Secrets Management in GitHub Actions For development teams scaling beyond a handful of repositories, managing environment-specific variables and secrets in GitHub Actions can quickly become a significant bottleneck. The manual duplication of configurations across multiple repos, especially when dealing with distinct environments like development, staging, and production
TL;DR: I built ChessDada — a free multiplayer chess platform inspired by old Yahoo Chess. No signup, no download, just instant browser-based chess. Built with Node.js, Socket.IO, and chess.js. Modern chess sites are bloated. Chess.com forces you through signup. Lichess defaults to account creation. The "5-second click and play" experience that made Yahoo Chess legendary in the 2000s is essentially
The EU's Digital Product Passport (DPP) requirement is moving from regulatory text to technical reality. Under the Ecodesign for Sustainable Products Regulation (ESPR), products sold in the EU must carry a DPP—a machine-readable identifier linking to standardized lifecycle data. For developers and compliance teams, 2026 marks the year where pilot programs transition to real deployments. Here's wha
TL;DR: I built a P2P file transfer tool that runs entirely in the browser. No install, no server relay, no account. Here's what I learned about WebRTC data channels, resumable transfers, and the browser storage mess along the way. Most file transfer tools follow the same pattern: upload to a server, get a link, the recipient downloads from that server. Your file sits on someone else's infrastructu
Yesterday, my Jenkins pipeline could install dependencies and build the frontend. But there was a missing piece: Docker. Without it, I couldn't package my applications into containers — the whole point of this challenge! Today, I fixed that. I configured Jenkins to build Docker images for both my backend and frontend, turning my CI pipeline into a complete build system. The pipeline could: Pull co
Live: https://nulkratos-core.web.app GitHub: https://github.com/nulkratos/nulkratos-core Every "private" messenger I found had the same tradeoffs: Signal → needs your phone number. That's an identity anchor. Telegram → not E2E by default. Server-side messages. WhatsApp → Meta. Enough said. Matrix/Element → self-host complexity, still needs an account. Briar → great, but mobile-only and requires i