Have you ever wondered how experienced programmers find bugs in someone else’s code just by looking at it? They look for patterns. They know that if user data goes straight into an SQL query — that’s bad. If a password is compared with a plain == instead of a secure function — that’s a risk.
But a person can’t review 100,000 lines of code without missing something. This is where SAST (Static Application Security Testing) comes in.
Read moreImagine this scenario: you’ve been working on a cool project all night. By 4 a.m. everything is ready, you do a final git push and go to sleep with a clear conscience. In the morning you find your AWS balance is zero and a miner is running on your servers. What happened? It turns out you left a line in one of the files: AWS_ACCESS_KEY_ID = "AKIA...".
This is a classic mistake thousands of developers have made. In this article we’ll look at why “just deleting the password” won’t help and how to set up automatic protection that will physically prevent you from making the mistake.
Read moreWrite a Dockerfile simply: FROM node, COPY ., CMD run. It works, and for local tests this is often enough. But when such an image reaches CI/CD or, God forbid, production, problems begin: builds take forever, the image weighs gigabytes, and the security team grabs their heads.
The difference between “it works” and “it works correctly” is huge. Let’s go through four levels of optimization that separate a hobbyist hack from a reliable engineering solution.
Read moreIf you do self-hosting, run a home lab, or manage a small VPS, you’re probably familiar with Portainer. It’s the de-facto standard: a powerful, all-encompassing “Swiss Army knife” for Docker.
But let’s be honest: sometimes the Swiss Army knife is too heavy when you just need to peel an apple.
Recently I discovered Dockge — a tool from the same developer as the popular Uptime Kuma. It made me completely rethink how I manage containers. In this article I’ll explain why Dockge can be the perfect replacement for Portainer in many scenarios.
Read moreOver the last ten years the web application deployment industry has evolved from FTP scripts and rsync to highly complex orchestration systems.
Today developers and small teams increasingly face a difficult choice:
Kamal offers a third way: the convenience of modern cloud services — on your own server.
Read moreIn a world where data volume grows faster than GPU prices, the question “Where to store files?” becomes critical. Google Drive and iCloud are convenient but expensive and not unlimited. External hard drives are unreliable. Ready-made solutions from Synology or QNAP are good, but hit the wallet.
Enter TrueNAS. It’s an operating system that turns a regular computer into a powerful enterprise-grade network-attached storage (NAS).
Let’s figure out why TrueNAS is so popular, what challenges you’ll face, and whether this system is right for you.
Read moreIf your business works with users from Russia, the question of where personal data is stored concerns you directly. Phones, names, email addresses, form submissions, employee data — all of this falls under strict localization requirements.
Many companies have lived for years in a “gray area”: data seemed to be stored both in Russia and abroad, and responsibility was blurred. But as of July 1, 2025 the rules changed so much that many common technical schemes are now considered a direct violation of the law.
Read moreMoving to the cloud or changing providers is always open-heart surgery. An engineer has to solve a lot of issues: how to move terabytes of data with minimal downtime? How to convert the schema? How to set up CDC (Change Data Capture) so as not to lose a single transaction during the switch?
Each major cloud provider has its own answer. Approaches are radically different: some provide just a “pipe” for data, some — a full ETL combine, some make migration serverless and as trouble-free as possible.
Read moreYou deployed a new feature. Everything works perfectly on your local machine, and you’re happy with the result.
Then a message appears: “Nothing works for me.” You open the server logs — they’re empty. It turns out the error happened on the client side, from a user with an old browser version or unusual settings. And you might never have known about it.
This happens to almost everyone who deploys projects to production. It happened to me too, until I set up a tool that lets me see errors almost instantly — even if it’s the middle of the night and the problem occurred for a single user on the other side of the world.
Read more“Lighthouse shows 100/100, but users complain about lag” — a familiar pain?
Synthetic tests (Lighthouse, WebPageTest) are great for development.
But the real user is sitting:
These are exactly the scenarios captured by CrUX — the Chrome User Experience Report.
And CrUX Vis is a convenient and free visualizer of that data, launched in 2024.
