Building the write proxy for Pocket ID’s HA secondary node exposed three cascading failures — a dropped cookie, mismatched JWT signing keys, and a WebAuthn registration edge …
How I designed a cross-site replication system for Pocket ID using ECIES encryption to safely sync user and OIDC config over plain HTTP.
TLS bump in Squid shows you the SNI hostname of every outbound connection. In a world of supply chain attacks and container CVEs, that’s not enough. This is how I extended my …
Connecting PocketID to ADFS as an external claims provider sounds straightforward until MSIS5007 appears and every assumption turns out to be wrong. This is the full account of …
ADFS supports OIDC for downstream apps but only speaks SAML 2.0 for incoming federation. PocketID only speaks OIDC. So we extended PocketID’s Go backend with a SAML IdP …
Not every AI project needs a business case. Here’s how I wired up a local AI assistant to help me play a cozy video game — using OpenWebUI, a MediaWiki MCP server, and a …
A personal news pipeline assembled with Claude — from RSS feeds to a spoken-word podcast, all on a machine under the desk.
How the introduction of SSH Certificates into an environment reduces risk and increases visability into SSH use.
Very commonly within the Reliability Engineering community, we talk about Service Level Objectives (SLO’s), but rarely do we talk about the underpinning indicators that tell us …