Lessons learned, problems and solutions
Hands-on report of an authorized web pentest on a private BitTorrent tracker: Nuxt.js SSR + Node.js behind Cloudflare WAF. 3 findings (CORS, unbounded chat history, NUXT_DATA), Playwright trick for WebSockets, and what Cloudflare doesn't protect against.
Step-by-step guide to testing paid ads on a dev blog with €10: targeting recruiters and the Go/PHP community, writing ads that don't scare off Redditors, measuring ROI. Google Ads vs Reddit Ads.
A specialized CLAUDE.md file to guide Claude Code on responsive mobile and CSS design. Ready to copy into your project.
Text alignment, 44px touch targets, input font-size, safe areas, mobile-first media queries — concrete CSS rules for consistent and usable mobile rendering.
I built ShareBox: self-hosted file sharing in PHP 8.1 with no framework, SQLite, and FFmpeg for adaptive video streaming. The technical choices and what it taught me about the zero-dependency philosophy.
SFTP capped at 800 KB/s on a Gbit link. CUBIC, default ring buffers, misconfigured socket buffers — five kernel and daemon tweaks that bring throughput from 800 KB/s to several MB/s.
Implementing an append-only event store in Go with PostgreSQL: es_events table, subscriptions for projectors, replay from any point. No need for EventStoreDB.
How to make two aggregates cooperate without knowing each other. Cross-aggregate event handlers, saga idempotency, partial failure handling.
The Handle(ctx, state, cmd) (Events, error) signature makes handlers testable without mocks, without DB, without Docker. The secret: zero side effects.
How to structure a CQRS aggregate in Go: value struct, Transition() returning a new state, mandatory Clone() for collections. The shared slice trap.