LLM Security Automation Isnβt a Drop-In Scanner Yet π
An LLM Security Scanning and Review is a strong assist but a weeak gate. Why a `/security-review` slash command or agent harness is not a drop-in repl [...]
Liran Tal's Blog
Posts
All About Jest, Timers, and Mocks π
How to use Jest fake timers, advance time safely in tests, and pair timer control with mocks and spies without flaky or misleading assertions. [...]
How to Build a Coding Agent Benchmark with Claude's Agent SDK π
A step-by-step walkthrough of building a benchmarking framework for AI coding agents using the Claude Agent SDK, including architecture decisions, sco [...]
Agentic Growthhacking Tactics with Bots and AI π
Examples of agentic growthhacking tactics using bots and AI, as well as strategies for sourcing user pain points on social media platforms. [...]
Tools for Self-Published Authors π
If you're starting out as a new author, you're going to need all the help you can get. I curated a list of tools that can help you get started with p [...]
PreβSigned URL Upload Architecture (Cloudflare R2 + Hono Workers) π
The following is a reference implementation and architecture for secure direct browser uploads to Cloudflare R2 using pre-signed URLs generated by a H [...]
Building Cloudflare R2 Pre-signed URL Uploads with Hono: A Complete Implementation Guide π
A comprehensive guide to implementing secure file uploads using Cloudflare R2 and Hono, including common pitfalls and best practices [...]
A RESTful HTTP Mental Model to Understand MCP π
For those familiar with RESTful HTTP architecture, would it make sense to describe the Model Context Protocol (MCP) in a similar way? [...]
A Proposed Evaluation Framework for MCP Server Security π
How do you securely integrate a new MCP Server into Cursor or other agentic workflows? what security practices do you consider to evaluate the risks? [...]
Evaluation Framework for MCP Security Threats and Risks π
How to evaluate and categorize security threats and risks associated with Model Code Protocol (MCP) in light of recent security incidents. [...]
The Cursor Agentic Jira MCP Attack Explained with Toxic Flow Analysis π
A breakdown of the Cursor + Jira MCP 0-Click attack, how it was exploited, and why developers are at the center of it all. Understanding MCPs, Toxic F [...]
The Uprising of Model Context Protocol (MCP) Security Research π
The Model Context Protocol (MCP) is gaining traction in the AI community, and with its rise comes a wave of security research. This article explores t [...]
Agent Rules is the Missing Link in AI-Powered Development π
How agent-rules open source project is helping create consistent and deterministic security in AI coding assistants. [...]
Automating DevRel Conference CFP Evaluation with AI Agents: A Complete Guide with the Mastra AI Framework π
Ever wanted to automate the process of evaluating hundreds of conference Call for Papers (CFP) submissions? Here's how I built an AI-powered CFP evalu [...]
Agentic Marketing: The Future of AI-Driven Marketing Strategies π
Agentic marketing is going to be the next marketing transformation that product marketers and growth teams need to embrace to stay ahead of the curve. [...]
Getting Started with CLI Arguments in Node.js π
Learn how to enhance your Node.js CLI applications using the built-in `util.parseArgs` API. This guide covers dual-mode operations, input validation, [...]
Poetic Tales of Vulnerable MCP Servers: Command Injection in AI Coding Assistants π
Model Content Protocol (MCP) servers can be a security nightmare if not handled properly. This post explores a real-world command injection vulnerabil [...]
Secure Your MCP Servers with Environment Variable Risk Assessment π
Learn how to enhance the security of your MCP server configurations by using the latest `ls-mcp` tool to detect and categorize credential risks in env [...]
Solving an ASCII Maze with a Neural Network in JavaScript π
A step-by-step guide to training a neural network to solve an ASCII maze using JavaScript and brain.js. [...]
Automate Package Health Checks with Snyk Advisor and Qodo Agents π
The Qodo AI team has introduced the Package Health Reviewer, a new feature in their agents repository that automates the health assessment of third-pa [...]
Computer Vision in Python Building Detection and Object Annotation with Ultralytics YOLO and Supervision π
A practical guide to building a simple computer vision project in Python using Ultralytics YOLO for object detection and Supervision for annotation. [...]
What do AI-first DevTool Companies Look Like and how DevRel Practices Change? π
If you're in Developer Relations and you haven't yet adapted your practices to the post-GPT era, you might be missing out on the next big thing in dev [...]
Securely Loading Credentials for Google Cloud Storage in Node.js π
A guide on securely loading Google Cloud Storage credentials in Node.js applications using various methods. [...]
A Proposed MCP Server Security Evaluation Framework π
With great MCP power comes great MCP responsibility and you should be prepared to evaluate the security of your MCP server implementation and MCP adop [...]
DevRel Engagement and GTM Tactics on X / Twitter π
Ok so how do DevRel practitioners optimize for engagement on X (Twitter) when they post new products, announcements and other stories? I also baked so [...]
Plan, Don't Execute: Agentic Workflows in Zero Trust Environments π
How zero-trust environments can leverage AI agents and agentic workflows without compromising security and trust. [...]
Traits of AI-native Products for Optimized AI Agentic Workflows π
With agentic workflows like Claude Code executing commands, applications, debugging and self-healing, how do you optimize your application for it to b [...]
5 Pillars of Augmented Agentic Software Development π
Explore the 5 pillars of Augmented Agentic Software Development to enhance your AI coding workflows. Learn how to leverage agent system instructions, [...]
Themes to Unlock Agentic Development for Software Engineers π
Agentic coding assistants in the forms of IDE extensions are becoming increasingly popular among developers but they're likely just a milestone in the [...]
If You're an MCP Company You're NGMI π
Model Context Protocol (MCP) is a great protocol but if your company is built around it as the core product, you're not gonna make it. Here's why. [...]
Auto fine-tuning Agentic Workflow with Qodo CLI π
Running agentic AI workflows with the Qodo Command CLI is a powerful way to automate tasks but what's even cooler is that you can also automate the wh [...]
Automating OpenSSF Scorecard Security issues with Qodo CLI Agentic Workflow π
Getting a security report for security vulnerabilities and misconfiguration issues of your GitHub project is a good start but can we leverage AI to al [...]
How to setup TV Sleep Timer with Home Assistant Automation π
Learn how to set up a TV sleep timer using Home Assistant automation, Helpers, and Automations to manage your TV's power state easily. [...]
How to setup Shabbat candle time announcement with Home Assistant Automation π
Fun and useful automation for Shabbat observant families to announce the candle lighting time using Home Assistant. [...]
CORS, SameSite and CSRF: The 3 Dimensions of Cookie based Authentication π
Demystifying the 3 dimensions of cookie-based authentication: CORS, SameSite, and CSRF. [...]
Gamifying the Future of Skill Development: From Open-Source Security to LLM Prompt Injection π
Gamified learning is a great way to engage developers and teach them new skills. I share my experience building a game to teach developers about open- [...]
DevRel Failures? Maybe Your Marketing and Product Strategies Are Outdated π
You're probably facing some DevRel failures or marketing failures. Maybe your product and marketing strategies are actually outdated and causing custo [...]
Dependency-free Command-Line Apps powered by Node.js core modules π
Learn how to build powerful command-line apps without a single third-party dependency using Node.js core modules. [...]
Getting started with Neural Networks in JavaScript π
Practical and hands-on guide to getting started with Neural Networks in JavaScript using the Brain.js library to build a simple neural network to pred [...]
How I use GenAI to Speed Up Demo Apps in My DevRel Role π
Developer Advocates and Engineers can leverage Generative AI to speed up their work and make them more productive. Here's a practical example from my [...]
What is an LLMs.txt File? π
Building with Large Language Models (LLMs) requires context and metadata. The `llms.txt` file format is a simple text file that provides LLMs with rel [...]
The CJS module system, globals and other hardships with maintainable code in Node.js π
What are some common anti patterns and signs of tight coupling in a Node.js codebase and the challenges they present? Let's unfold some messy code and [...]
How to Read and Parse PDFs with PDF.js and Create PDFs with PDF Lib in Node.js π
If you're building LLM and AI-powered chatbots like me you might need to read and parse PDFs or create PDFs in Node.js. Here's how to do it with PDF.j [...]
TypeScript in 2025 with ESM and CJS npm publishing is still a mess π
How do you handle TypeScript, dual ESM and CJS publishing, and the JavaScript toolchain in 2025? Here's a brief overview of the current state of the e [...]
Home Assistant YouTube DNS Blocking with AdGuard and Lovelace Buttons Setup π
How to set up Home Assistant YouTube DNS blocking with AdGuard and Lovelace buttons for a more action friendly interface. [...]
Customizing Astro Starlight Sidebar for Gated Content with Authentication π
Learn how I got the Starlight documentation framework in Astro to create a gated content website with authentication for my Bun Security course [...]
How to Setup Google Cloud Project and Store Images in Google Cloud π
Step-by-step tutorial on configuring a Google Cloud project and storing images in Google Cloud Storage. [...]
Thinking Fast and Slow in Application Security π
Imagine if we applied behavioral economics principles to application security methodologies and practices, what would be able to unlock? System1 and S [...]
Component auto import in Astro framework π
Can Astro automatically import components in markdown files? Yes, it can! Here's how to do it thanks to Chris Swithinbank and his Astro Auto Import pa [...]
Using Promise.withResolvers in Node.js Tests π
This article explores the use of `Promise.withResolvers` in Node.js tests, providing examples and refactoring techniques to handle nested tests and si [...]
Supercharging Your Vue.js 3 App with TanStack Query: A Practical Refactoring Guide π
Learn how to supercharge your Vue.js 3 app with TanStack Query. Discover efficient data fetching, caching, and state management in this practical refa [...]
Zero Dependency JavaScript is the Future? π
The rise of zero dependency JavaScript with packages like `neotraverse` and the controversy around the `axobject-query` package demonstrate the differ [...]
How to run a local LLM for inference with an offline-first approach π
How about we try a different approach to ChatGPT, Google Gemini or Anthropic's Claude? Learn how to run a local LLM model for inference so you can acc [...]
GenAI Predictions and The Future of LLMs as local-first offline Small Language Models (SLMs) π
Current adoption craze for GenAI tools like ChatGPT bring hidden costs in the form of privacy, security, data leakage, latency and availability. The f [...]
Installing Playwright on Heroku for Programmatic Node.js Browser Automation π
Getting Playwright to work on Heroku wasn't smooth sailing. It looked for browser dependencies that weren't installed by default and not in the locati [...]
Poor Express Authentication Patterns in Node.js and How to Avoid Them π
Tired of seeing poor authentication patterns in Node.js applications and Express code examples? Here's a guide on how to avoid them and what to do ins [...]
How to block LAN clients from accessing YouTube and other media with AdGuard and Home Assistant π
Learn how to block specific LAN client IPs from accessing YouTube and other media sites using AdGuard add-on and Home Assistant. [...]
HTTP webhooks on Firebase Functions and Fastify: A Practical Case Study with Lemon Squeezy π
A break-down of how to set up Fastify to work on serverless Firebase Functions and access the request's rawBody to validate incoming HTTP webhooks req [...]
How To Get Social Media Previews Right on Astro blog with OpenGraph Meta Tags π
You have an Astro blog? Now it's time to unlock the social sharing magic! Learn to wield OpenGraph meta tags configuration, crafting eye-catching prev [...]
Best Practices for Bootstrapping a Node.js Application Configuration π
Follow these best practices to bootstrap a Node.js application configuration in a robust and maintainable way using env-schema. [...]
How I Deployed Tailscale VPN to Securely Access Home Assistant Remotely π
Often smart home automation enthusiasts want to access their Home Assistant instance remotely. This can be done by exposing the Home Assistant instanc [...]
Environment variables and configuration anti patterns in Node.js applications π
Every Node.js application needs configuration management, but there are many ways to do it. You might have heard about `.env` files, and packages like [...]
Vue.js Patterns: Using Vue.js 3 Composition API for Reactive Parent to Child Communication π
Vue.js revolves around a reactivity system, which is unlike React. In this article, we will explore how to use the Vue.js 3 Composition API to create [...]
Generating presentation titles using OpenAI background jobs with Node.js, Express and Trigger.dev π
Do you ever struggle to come up with creative presentation titles? Let's build that while learning how to use Generative AI, Express and Trigger.dev w [...]
How to Process Scheduled Queue Jobs in Node.js with BullMQ and Redis on Heroku π
Process long-running tasks in Node.js with background jobs. Learn how to use BullMQ and Redis on Heroku to create a scalable and reliable background j [...]
Configuration Decoded: Lesser-Known Tips for Working with env-schema in Node.js π
Level up your Node.js apps with env-schema! Manage configurations effortlessly and learn useful practices for building for configuration management. [...]
Introducing Changesets: Simplify Project Versioning with Semantic Releases π
A comprehensive guide to adopting Changesets for semantic versioning and publishing packages in monorepos and non-monorepo projects. [...]
Deploying a Fastify & Vue 3 Static Site to Heroku π
How to deploy a Vue 3 static site to Heroku with a Fastify Node.js backend server to serve the static files. [...]
Avoid Fastify's reply.raw and reply.hijack Despite Being A Powerful HTTP Streams Tool π
How to harness the power of streams in Fastify web applications without resorting to raw HTTP replies via reply.raw and reply.hijack(). [...]
Disclosing a local file inclusion vulnerability in xmlhttprequest library π
I found a Local File Inclusion (LFI) security vulnerability in xmlhttprequest library but it's still unfixed. [...]
Disclosing uncontrolled resource consumption in xmlhttprequest library π
proof-of-concept showing a denial of service vulnerability in a Node.js web server if it uses the xmlhttprequest library to make outgoing HTTP request [...]
How to apply custom admonition styles to AsciiDoc π
Customizing AsciiDoc can be challenging at times, especially when it comes to admonitions. In this article, I'll show you how to apply custom admoniti [...]
How to write your book with AsciiDoc π
If you are looking for a way to write your book in a format that is easy to read and write, and that can be easily converted to other formats such as [...]
Celebrating Community: My Journey to Receiving the GitHub Stars 2023 Award π
Reflecting on the spirit of the GitHub Stars award and capturing the essence of the journey towards the recognition and open source community engageme [...]
Open Source activism with ReadyCodePush π
Reflecting on ReadyCodePush, the first open source activism program I ran in 2022 and how it welcomed underrepresented groups and students into open s [...]
How to add client-side search with PageFind to your Astro blog static website π
PageFind client-side search for Astro is simple but if you want to add search capabilities to a personal blog then you might think of Algolia first. H [...]
Advanced usage patterns for taking page element screenshots with Playwright π
In this post, I will show you some advanced usage patterns for working with Playwright in order to take a screenshot of a specific element and modify [...]
Enhance your command line with Warp π
How can we harness AI and crowd-sourced workflows into our day to day interactions with the command-line? [...]
Content creators web resources π
Being an active content creator, whether this is writing, video, or any other form of content requires a good deal of time and effort. Here are some t [...]
Are you also validating a JavaScript URL using RegEx? π
What do you think of the following JavaScript URL validation function code? Are you accidentally adding security issues while doing so? [...]
Resources for Public Speaking and Conference CFP application π
How do you find events to attend or speak at? I often get asked that and in this article I'll share the resources I use for CFP application and public [...]
Open Source From Heaven, Modules From Hell π
How do you find events to attend or speak at? I often get asked that and in this article I'll share the resources I use for CFP application and public [...]
Innovating Open Source by building on the giants of others π
We often find ourselves creating a new libraries, tools, and some times frameworks and bigger projects. When you end up releasing those⦠[...]
The Dawn of Linux π
Linux is all over the place. Seriously. [...]
This is Open Source too: Contributing Documentation π
So what does Open Source software mean in real life? I promise no fancy philosophies and day-long lectures by Richard Stallman about open⦠[...]
Docker setup for MEAN.JS JavaScript Development π
Let me tell you how quickly you can get up and running with developing on the MEAN.JS JavaScript stack. [...]
You too can contribute to AngularJS π
What if I told you that you can contribute to AngularJS? [...]
I contributed to Dockerβs official repository but why did I send them a picture of an Elephant?! π
Without having any formal experience with Docker in the past I was able to help the Docker project and contribute to the official⦠[...]
Worst ping time delays around the world? π
Have you ever wondered what is the worst time delay ping from 2 cities around the world? [...]
InfoSec β I can easily guess your Node.js server! Want to bet? π
With the hope of raising awareness on information security topics, and the openness of the web I would like to take one step further to⦠[...]
Andrew Milner Shaped My Childhood π
Andrew Milner shaped my childhood. Google that name, I bet you a beer youβve no idea who this guy is, and apparently Google isnβt helpfulβ¦ [...]
Most decisions in life are reversible π
You might be the conservative character, the shy person, or possibly the one taking less risks when it comes to making decisions all⦠[...]
My managerβs probably best team building concept is Diversity π
My managerβs probably best team building concept is Diversity. Why? read on and get some insight on building your next team to accomplishβ¦ [...]
VeriGreen β lightweight, server side solution for verification of git commits π
Meet VeriGreen, an open source project to help you with merge commits [...]
Screenshots from old school UNIX, Linux and open source major developers π
How did old school unix days of the pre-Internet looked like? let's get a glimpse [...]
The Drupal Rap song β Everyday Iβm Drupalin' π
Get your groove on with a cool Drupal song! Meet the Drupal Rap song β Everyday I'm Drupalin' [...]
Prevent clickjacking on Drupal and other Apache web applications π
Updating Apache server configuration to use mod_headers to prevent clickjacking security issues [...]
Apache Obfuscation by disabling trace and server tokens π
Preventative measures to mitigate leaking the server software running [...]
Drupal Performance Tip β be humble on hook_init() π
This entry is part 5 of 5 in the series Drupal Performance Tips [...]
Drupal Performance Tips: know your database π
speed performance and how to Drupal optimize for better results and server response time. [...]
Drupal Performance Tip β 'Iβm too young to die' β indexes and SQLs π
This entry is part 1 of 2 in the series Drupal Performance Tips [...]
Drupal Performance Tip β removing unused modules π
This entry is part 2 of 2 in the series Drupal Performance Tips [...]
'Oh you lazy cron!' β learning on Drupal cron issues π
Debugging issues with Drupal's cron scheduler [...]
Migrate Drupal 7 to WordPress 3.9 β The Kickoff π
This entry is part 1 of 2 in the series Drupal 7 to Wordpress 3.9 Migration [...]
Migrate Drupal 7 to WordPress 3.9 β The Conclusion π
This entry is part 2 of 2 in the series Drupal 7 to Wordpress 3.9 Migration [...]
MEAN.io v0.4 released β this is how you stay relevant π
Getting started with MEAN.io JavaScript & Node.js framework by keeping up with the git branch of development [...]
daloRADIUS 7th Anniversary β 2014 Wrap-up π
Celebrating 7 years of daloRADIUS project and it's success in the RADIUS networking and WiFi hotspots industry [...]
Drupal Performance Tuning for Better Database Utilization β Introduction π
This entry is part 1 of 1 in the series Drupal Performance Tuning for Better Database Utilization [...]
MEAN.io Session Cookie parameters π
How to configure the session cookie parameters in MEAN.io [...]
daloRADIUS Import Users β fix password type π
A bug fix for importing users into daloRADIUS with a different password type than the default Cleartext-Password [...]
Vagrant networking to enable Internet accessible machine setup π
Example of how to setup vagrant networking to enable Internet accessible machine setup with a Vagrantfile [...]
daloRADIUS bug fix for refill traffic or time π
An open source contribution from Ezequiel Villarreal to fix a bug in daloRADIUS's accounting interface [...]
Reviewing book β Learning Pentesting for Android Devices π
Getting started with penetration testing for Android devices [...]
Drupal 6 β Subscription notifications arenβt going out? π
How to fix Drupal 6 subscription notifications not sent to users via email [...]
Advanced Poll 6.x versions β XSS Vulnerability π
Disclosing a Cross-site Scripting vulnerability in the Advanced Poll module for Drupal. [...]
Drupal Database Log to Syslog π
How to disable the Drupal Database Log and enable Syslog instead [...]
Media in Drupal 7 β presenting it in Drupal Camp Israel 2013 π
One of my first public speaking engagements was at Drupal Camp 2013 [...]
Drupal 8 module development #4 β creating a settings file π
This is the 4th of several on-going blog post series which aim to educate on the process of porting modules to Drupal 8 with real life examples by por [...]
Drupal 8 module development #3 β adding a settings page β revision π
Another post in the series of Drupal 8 module development articles. This time we'll add a settings page to our module. [...]
Drupal 8 module development #3 β adding a settings page π
You need a module configuration page for your new Drupal 8 module and here is how to build one using GlobalredirectSettingsForm [...]
Drupal 8 module development #2 β adding basic routing π
If you are coming from Drupal 7 you'll need to figure out how to use globalredirect_menu() and hook_menu() in Drupal 8 to handle page routing [...]
Drupal 8 module development #1 β kickoff π
This is the first of several on-going blog post series which aim to educate on the process of porting modules to Drupal 8 with real life examples by p [...]
Enabling slideshows in Drupal by converting PPT and PDFs π
Using Gearman as a job server to run background scripts that convert media payload like PowerPoint and PDF files into Slideshows hosted on a Drupal si [...]
Drupal 8 development β finding API changes through Drupalβs Change Records π
Changesets are helpful to understand Drupal 8 init hook API [...]
OG Content Access in Drupal π
About authorization in Drupal with a module to control access to content based on OG membership [...]
OG Analytics β an answer for a D6 organic groups environment π
About OG Analytics, a module to provide analytics for organic groups [...]
Writing βDrupal 7 Media π
Some awesome news: my book, titled βDrupal 7 Mediaβ, was released by Packt Publishing on July 2013. [...]
More Munin monitoring β track apache web server health π
Using mod_status plugin for apache and munin to track apache health [...]
Book review: Instant Munin Plugin Starter π
Reviewing a book about Munin as a monitoring pluing for Nagios [...]
Monitoring Drupal with Munin π
How to monitor a Drupal website with Munin plugin for Nagios [...]
Drupal's 7 Radioactivity patch gets commited π
Sending a commit to fix issues with Drupal module [...]
Drupal and how to disable notifications for programmatic node updates π
Programatically working updates on Drupal nodes with node_save() hook [...]
Drupal 7 Rules book which I worked on has been published recently π
Reviewing a new Drupal 7 book with Packt Publishing [...]
daloRADIUS VM update β missing php-mail-mime extension π
Fixing PHP blank page on daloRADIUS [...]
About daloRADIUS - January 2013 update π
Get your WiFi the Hotspots it deserves! [...]
Attachment Links module for Drupal fixes for in-browser downloads π
The Attachment Links module provides permanent links to files attached to a node. A single, easy-to-remember URL can be used to retrieve the preferred [...]
Implementing user-specific, role-based access control per node type, per group. (Part 3) π
Understanding Drupal's node access system and how to hook into it to implement [...]
Implementing user-specific, role-based access control per node type, per group. (Part 4) π
Understanding Drupal's node access system and how to hook into it to implement [...]
Implementing user-specific, role-based access control per node type, per group. (Part 2) π
Understanding Drupal's node access system and how to hook into it to implement [...]
Implementing user-specific, role-based access control per node type, per group. (Part 1) π
Understanding Drupal's node access system and how to hook into it to implement [...]
Restricting Drupalβs upload module to N attachments π
Assign a per-content type permission to limit the number of attachments per node on Drupal 6 [...]
Maintaining states between form submit and node hooks in Drupal 6 π
Insights about Drupal's use of node_save() functions and how the hook_nodeapi() uses a different context than the form submit handler [...]
daloRADIUS VM update π
Necessary updates for the daloRADIUS VM related to configuration file permissions [...]
Alter WYSIWYG settings in Drupal π
Altering WYSIWYG settings to make image URLs absolute so that they are also accessible via Email clients. [...]
Drupal Commons menu items adjustments π
Using hook_menu_alter() to adjust menu items in Drupal Commons [...]
Views MySQL OrderBy β Drupal module π
A simple Drupal module that provides a Views MySQL OrderBy plugin [...]
Gearman β offloading Drupal tasks to a job server π
Integrating Gearman with Drupal as a background job server for cloud-native and event-driven performance [...]
Drupal Performance Tip β 'Iβm too young to die' β know your DB engines π
MyISAM or InnoDB? know how to choose database engines [...]
The maintainer's CI workflows recipe for a peaceful open source life π
My GitHub Actions hackathon application entry is about all the small things that would contribute to a better maintainer life. [...]
Angular vs React: the security risk of indirect dependencies π
This is a blog mirror of Snykβs State of JavaScript frameworks security report 2019. [...]
Comparing React and Angular secure coding practices π
As a follow-up to Snykβs State of JavaScript frameworks security report 2019, this section of the report is about Angular and Reactβ¦ [...]
84% of all websites are impacted by jQuery XSS vulnerabilities π
This article is from Snykβs State of JavaScript frameworks security report 1. In this blog post weβll review security vulnerabilitiesβ¦ [...]
A Snyk peek into Node.js and npmβs state of open source security report 2019 π
In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the⦠[...]
My first time at JSConf Budapest, how was it? π
Sharing my thoughts and experience on attending JSConf Budapest for the first time [...]
npm security tips to keep you safe of malicious modules π
npm security tips to keep you safe of malicious modules [...]
6 stages of refactoring a jest test case π
what makes a test case good? how can we improve the developer friendliness when writing test code? [...]
npm passes the 1 millionth package milestone! What can we learn? π
June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages. [...]
Are you building Docker images? here's how to avoid leaking sensitive information into Docker images π
Sometimes, when building an application inside a Docker image, you need secrets such as an SSH private key to pull code from a private repository but [...]
Why you should use COPY instead of ADD when building Docker images π
Docker provides two commands for copying files from the host to the Docker image when building it: `COPY` and `ADD`. which one should you use? [...]
How to securely build Docker images for Node.js π
When a Dockerfile doesn't specify a USER directive, what's the worst that can happen? [...]
Did you hear about the malicious backdoor discovered in the popular bootstrap-sass Ruby gem? π
a malicious version of a Ruby gem used in a Rails application leads to remote code execution on vulnerable servers [...]
A Comprehensive Guide to Contract Testing APIs in a Service Oriented Architecture π
It is likely you experienced the painful situation of deploying to production only to find out that an API service you integrate with has⦠[...]
Assess your npm project health and call the doctor! π
npm project health assessment [...]
So you think you're just gonna `npm install`? Think again π
installing dependencies is not the same for development as it is for continuous integration systems, in this post I share why. [...]
How to avoid leaking secrets to the npm registry π
10 awesome npm security tips to keep you safe! [...]
The State ofβββJSHeroesβββ2019 π
The JSHeroes conference will take place this year in April and bring in people from all over the world to connect with new and old friends⦠[...]
Node.js Security WGβββJanuary 2019 π
In an effort to better promote and increase engagement in the Node.js Security WG we would like to share highlights more often, ideally⦠[...]
A Snykβs Post-Mortem of the Malicious event-stream npm package backdoor π
Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the⦠[...]
Fighting npm typosquatting attacks and naming rules for npm modules π
I guess naming is a hard task in general, and for the npm registry, the naming rules have evolved from what they were to begin with, much⦠[...]
Demystifying Jest Async Testing Patterns π
There are several traps that are easy to fall to when it comes to async testing. Moreover, there are several methods of achieving the same⦠[...]
Malicious Modules β what you need to know when installing npm packages π
What if someone was able to directly publish a new vulnerable React version? [...]
What would you focus on when hiring engineering vp for a team of 10? π
Let's assume you are tasked with hiring a VP Engineering for a relatively small team, say 10 engineers, which is on a growth trend as the company gets [...]
Reasons to Love Jest: The Developer Experience π
Oh yes. The Developer Experience with Jest is transforming the act of writing tests from a chore to hell of a fun time, promise! π€ [...]
Reasons to Love Jest: The Test Framework π
We had Tape, Mocha, Ava, and now Jest. Letβs see what this is all about! [...]
Meet the Node.js Security Working Group π
In this post I would like to acquaint you with the work being done by the Node.js Security Working Group (WG) and how weβre improving theβ¦ [...]
How a RegEx can bring your Node.js service down π
The use of Regular Expressions (RegEx) is quite common among software engineers and DevOps or IT roles where they specify a string pattern⦠[...]
A suggested approach for your next project: RDD β README Driven Development π
Side projects are an amazing thing.We learn, experiment, and collaborate with the world through them. [...]
Setting the platform with your team β A Managerβs README π
A crucial part of being an engineering manager is on-boarding to a new team, or on-boarding others to yours. The important bits there is⦠[...]
Node.js β Integration Testing with Pact.js π
In a previous article we reviewed how Consumer-Driven Contracts (CDC) help with integration testing in an environment that is rich with⦠[...]
π 3 Valentineβs Poems for a Beloved & Secure Node.js App π
Dedicated to everyone whom are helpless romantics as I am, and hopelessly in-love with their Node.js apps. [...]
Terrified of NPM security? please donβt blindly follow the panic π
So you too panicked over security in the npm repository due to a recent blog post? [...]
Migrating a Mocha project to Jest Test Framework π
I like mocha just like the next guy, but sometimes itβs time to move on. Weβre talking about iced coffee, right? [...]
π¨ The long over-due commit of Open Source π
This is a story of patience in Open Source, where every bug, every Pull-Request gets attention. [...]
The long over-due commit of Open Source π
This is a story of patience in Open Source, where every bug, every Pull-Request gets attention. [...]
Scalable Integration Testing for Microservices Deployments π
Many jumped the gun on microservices, and they are ubiquitous today more than ever for implementing service oriented architectures⦠[...]
Wiring up Ava.js Integration Tests with Express, Gulp, but not Supertest. π
Gulp, the streaming build system for JavaScript source code probably doesnβt require an introduction, and most probably youβve configuredβ¦ [...]
3 Things You Didnβt Know About Yarn π
Everyone talk about Yarnβs speed and reliability but no one mentions any of the below nice-to-know facts about Yarn. [...]
Node.js Yarnβing for Local Packages π
This is not another praise for npm package management with Yarn but rather a concise recipe for working with locally developed packages. [...]
Hidden features of Gulp for integration tests with Ava.js. π
This is a bit of a follow-up to my previous post on Wiring up Ava.js Integration Tests with Express, Gulp, but not Supertest. [...]
The JavaScript Test Runners Evolution π
Like with everything else in the JavaScript ecosystem, test automation tools are also going through a high pursuit speed race and nobody is⦠[...]
The 1990s and 2600: The Hacker Quarterly π
Oh those magnificent days of the 1990s. [...]
When Startups Go Open Source and Merge Your Code π
This Open Source thing is the real deal. [...]
Keep on Babeling with ES6 π
In my previous post we did a crash course to Babel.js, letβs now dive deeper down the rabbit hole. [...]
Making $500 from Open Source Software π
By all means this is not a joke, nor a spam.You can really, truly, make $500 dollars if you are able to just find one security⦠[...]
Docker Hub Image in Warp Speed for Open Source Projects π
I recently announced on social media about my latest Docker utility β a Node.js shell UI to easily manage your docker containers. Itβs anβ¦ [...]
Primer to Babel.js π
Iβm sure youβre interested in ES6, supporting JSX, etc.So I worked out this intro so you can get up to speed really quick and really clearβ¦ [...]
No one cares about software licensing anymore π
Letβs talk about open software software engineers. [...]
Avoid The Node.js Security Storm π
Keeping your 3rd party project dependencies secured is such an important task that you canβt under-estimate. [...]
The Road to Node.js ES6 π
So youβre interested in writing up some ES6 on your server-side NodeJS project? awesome! youβre in the right place. [...]
A Year of Open Source (2016) π
We recently celebrated Rosh Hashana, which is the Jewish New Year, so obviously a lot of self examination which translate to us engineers⦠[...]
daloRADIUS new website and offering π
Updated invoice management and reporting [...]
New billing invoices improvements coming to daloRADIUS π
Updated invoice management and reporting [...]
daloRADIUS introduces further billing improvements with invoices and payments π
About changes coming to user_id and userbillinfo table for daloRADIUS and FreeRADIUS [...]
daloRADIUS heartbeat Dashboard π
Monitor daloRADIUS instances from routers, NAS, etc [...]
daloRADIUS operators handling change π
RBAC, ACLs, operators, groups, and other access control related changes in daloRADIUS [...]
daloRADIUS Users Portal changes π
Users portal login changes related to authentication [...]
daloRADIUS PDF Invoices π
Using dompdf to generate PDF invoices for daloRADIUS billing [...]
daloRADIUS New Batch Users Management π
Bulk user import and other management actions in daloRADIUS web UI [...]
FreeRADIUS sample config files π
get your freeradius and raddb configuration files ready to go [...]
HuntGroups control from daloRADIUS π
open source contribution from Filippo Maria Del Prete adds HuntGroups control to daloRADIUS [...]
daloRADIUS new feature: Import CSV Users π
Auth-type based users import from CSV [...]
daloRADIUS new feature: accounting plans usage π
Track accounting plans usage for your users with daloRADIUS [...]
daloRADIUS new feature: Graphs include Megabytes/Gigabytes view π
Updates to graphs and charting in daloRADIUS [...]
daloRADIUS 0.9-8 π
A new release of daloRADIUS is out with many new features and bug fixes [...]
daloRADIUS new feature: PayPal Transactions Billing π
The new locations feature in daloRADIUS allows you to configure multiple databases for your radius server. [...]
daloRADIUS new feature: locations π
The new locations feature in daloRADIUS allows you to configure multiple databases for your radius server. [...]
daloRADIUS new feature: backups π
Building backups feature into daloRADIUS to allow backup/restore capability from the user interface. [...]
daloRADIUS new feature: import vendors π
Importing vendor data into daloRADIUS [...]
Interview with Liran Tal, author of daloRADIUS π
daloRADIUS is a web application written in PHP with the purpose to manage a RADIUS (Remote Authentication Dial In User Service) deployment, suited for [...]
Development in Open Source π
Open Source projects have gained in the past few years an entirely different reputation in the public's eye, in a good sense. [...]
Rene Descartes and Computer Science π
where do you think the idea of using variables in computer science came from? [...]
Jabberd2 Deployment π
Conferencing room for your Asterisk PBX [...]
Jabberd2 deployment notes π
Conferencing room for your Asterisk PBX [...]
Device drivers migration in Linux π
Moving from linux 2.4 to 2.6 by recompiling linux kernel device drivers [...]
How to tell if youβre a kernel geek? π
Moving from linux 2.4 to 2.6 by recompiling linux kernel device drivers [...]
daloRADIUS Logos π
Launching new logos for the daloRADIUS project [...]
A Day In a Life β Poem to a friend π
Memories and nostalgia [...]
OpenSER and FreeRADIUS integration π
Getting OpenSER to work with FreeRADIUS [...]
Development in Open Source π
projects of Open Source nature will continue to revolutionize the technology industry and take us further into new grounds of socialism with recogniti [...]
FreeSWITCH β A new revolution in VoIP? π
Next incumbent to Asterisk? Iβve stumbled upon FreeSWITCH [...]
Missing php5-pdo-sqlite on Ubuntu Dapper π
How to compile a Linux kernel module without needing to resort to a full Linux kernel compilation process [...]
Compiling single kernel module π
How to compile a Linux kernel module without needing to resort to a full Linux kernel compilation process [...]
Smashing OpenWRT Embedded for fun π
Fancy some Linux-based network equipment hacking? get in on this article about OpenWRT! [...]
HUD Manager module for FreePBX π
Add some FreePBX magic to your VoIP setup [...]
Hylafax + Iaxmodem on pure Asterisk/FreePBX (replacing (rt)fax) π
More juicy linux-based Asterisk telephony recipes for you [...]
Administration made easy for web hosting π
Get your sysadmin skills in the groove [...]
WiFi Support on Ubuntu Dapper π
Get your Wireless up and running on Ubuntu [...]
Linux Certifications or not? π
Certify my skills [...]
HUDLITE-SERVER on Debian π
how to get Hudlite telephony Linux system working [...]
Allegro Linux π
A new Linux distribution [...]
CoffeShops Billed VoIP Services π
Get your hands on some VoIP with Asterisk [...]
A Jewish Ninja? π
The intersection of Judaism and martial arts? [...]
Tinkerbel Linux- Paris Hiltonβs own distribution π
A hit Linux distribution from the very own Paris Hilton [...]
Streaming multicast videos with VLC and mini-sap server π
All about VideoLAN (VLC) and mini-sap server [...]
Poetry, episode 1 π
Liran Tal writes English poetry [...]
nessus3 install issue on ubuntu π
how to fix Nessus3 and its missing dependency [...]
Ubuntu Laptop Guide π
how to fix Nessus3 and its missing dependency [...]
MythEmail Plugin π
MythEmail plugin for the glorious MythTV all-around streamer and home media entertainment system [...]
Appleβs Trailers hand-out π
A useful PHP and Perl script to grab Apple trailers [...]
Open Source involvement π
A compilation update of Liran Tal's open source activities [...]
Practical VPns with l2tpns π
This document was compiled from the administrator's point of view, to explain what are VPNs, how they are deployed today and to detail the necessary s [...]