Your Workflow Log Is Not a Vault
The tj-actions compromise turned build logs into a credential buffet, which is a hell of a way to learn what 'pin your dependencies' actually means.
#devops
5 transmissions tagged #devops
The Security Scanner That Tried to Steal Your Secrets
Trivy got popped, then KICS got popped, and the lesson is that version tags are not a security boundary.
Immutable Infrastructure, Without the Religion
Immutable systems reduce deployment drift and blast radius, but they work best when paired with pragmatic escape hatches.
Immutable Is Cheaper Than Heroics
The Knight Capital outage is still the clearest argument for immutable infrastructure.
urandom.io Migration
Converted the site to Astro. Fixed Tailwind. Broke things. Fixed them again. The eternal cycle of deployment.