This technical post walks through the design and implementation of Secure Playground: a local web app that simulates prompt-injection attacks against large language models and demonstrates simple defenses. Provide a minimal, reproducible environment to test payloads and defensive strategies. Make it easy to add new providers and run mutation-based red-team experiments. Offer a leaderboard and scor
I built a React form library 2 years ago. It got almost zero usage. Recently, I revisited the idea and realized the problem wasn’t the code — it was the approach. Most form libraries are powerful, but they come with complexity: too much setup too much wiring too much abstraction So I rebuilt it from scratch with one goal: Make forms stupidly simple. Every time I build a form in React, I repeat the
If you are a frontend developer and you are using TypeScript, you have probably asked yourself: "Should I use type or interface?" At first they look exactly same. They both help you define how you want an object to look so your code doesn't crash. But as your React or Next.js project gets bigger, those small differences start to matter, performance and clean coding. At their core, both tools act a
Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor 1. Objective To identify and exploit a known vulnerability in an FTP service running on a vulnerable target machine using industry-standard reconnaissance and exploitation techniques. 2. Lab Environment Component Description Attacker Machine Kali Linux Target Machine Metasploitable2 Network Type Host-only / NAT
This is Part 1 of a two-part series. Part 2 (coming soon): Connecting to spoke clusters from a controller using multicluster-runtime, driven by ClusterProfile. The Cluster Inventory API (multicluster.x-k8s.io) is driven by SIG-Multicluster and centered on the ClusterProfile resource. It only delivers value when something produces those ClusterProfiles. That something is a cluster manager. Today, t
When developers travel, we usually prepare the obvious things. Laptop charger. But there is one dependency that is easy to underestimate until it breaks: mobile internet. A trip to China makes this especially obvious. Not because China is hard to travel in, but because so many basic interactions are mobile-first: navigation, translation, ride-hailing, hotel communication, ticket confirmations, pay
In March 2024, Google replaced First Input Delay with Interaction to Next Paint as an official Core Web Vital. FID is gone. INP is what matters now — and most React apps that were passing before are failing under the new standard without anyone realizing it. FID measured how long the browser took to respond to the very first user interaction on a page. Click a button, FID measures the delay before
A defaced website is a curious problem. It's loud — anyone visiting the page can see something is wrong. But it's also quiet from a server's perspective: HTTP returns 200, your uptime monitor is happy, your TLS cert hasn't moved, and the CMS logs show a "successful" content update from a legitimate-looking session. The signal is on the rendered page, not in the metrics. I run a site at hi3ris.blue