This technical post walks through the design and implementation of Secure Playground: a local web app that simulates prompt-injection attacks against large language models and demonstrates simple defenses. Provide a minimal, reproducible environment to test payloads and defensive strategies. Make it easy to add new providers and run mutation-based red-team experiments. Offer a leaderboard and scor
Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor 1. Objective To identify and exploit a known vulnerability in an FTP service running on a vulnerable target machine using industry-standard reconnaissance and exploitation techniques. 2. Lab Environment Component Description Attacker Machine Kali Linux Target Machine Metasploitable2 Network Type Host-only / NAT
This is Part 1 of a two-part series. Part 2 (coming soon): Connecting to spoke clusters from a controller using multicluster-runtime, driven by ClusterProfile. The Cluster Inventory API (multicluster.x-k8s.io) is driven by SIG-Multicluster and centered on the ClusterProfile resource. It only delivers value when something produces those ClusterProfiles. That something is a cluster manager. Today, t
At the beginning of this series, the problem seemed simple. There were a lot of rocks in the yard. Some were small. Some were large. A few were firmly in what I’ve been calling Engine Block Class. The original idea was straightforward: catalog them, maybe sell a few, and build a small system around the process. Along the way, the project grew. What We Built Across the previous posts, the Backyard
When developers travel, we usually prepare the obvious things. Laptop charger. But there is one dependency that is easy to underestimate until it breaks: mobile internet. A trip to China makes this especially obvious. Not because China is hard to travel in, but because so many basic interactions are mobile-first: navigation, translation, ride-hailing, hotel communication, ticket confirmations, pay
I Built Watchup — An African Alternative to Sentry for Monitoring Services Most developers don’t realize their app is down until users complain. By then, the damage is already done. That’s the problem I wanted to solve when I built Watchup. 👉 https://watchup.site If you're running any backend, API, or production service, you’ve probably faced this: Your API goes down — you don’t notice Errors
We've been there. JSON Schema gets hard to write as soon as your payload is non-trivial. Conditional logic, cross-field rules, business invariants, and at some point we stop writing contracts at all. We go code-first, generate the schema from annotations, and end up with 200 lines very few understand, and error messages referencing paths like #/properties/items/allOf/0/then/Then that map to nothin
On March 31, 2025, Stripe shipped the Basil API version. Among other changes, it removed three fields from the Subscription object that a lot of production code was reading: current_period_start — moved to subscription items current_period_end — moved to subscription items billing_thresholds — removed entirely (later reintroduced — more on this) If you upgraded your account's default API versi