📰 Dev.to · kt
39 articles · Updated every 3 hours · View all reads
All
Articles 72,187Blog Posts 101,126Tech Tutorials 17,558Research Papers 15,348News 12,922
⚡ AI Lessons
Dev.to · kt
3d ago
SPIFFE Compliance Deep Dive
If you run SPIRE, are you SPIFFE compliant? How far do you have to go with a custom implementation? I read the spiffe/spiffe spec end to end and pulled out the
Dev.to · kt
4d ago
AWS SigV4 and SigV4A Deep Dive
A four-step breakdown of AWS SigV4 with an 80-line Python implementation, the asymmetric SigV4A (ECDSA P-256) that Multi-Region Access Point forced into existen
Dev.to · kt
1w ago
Microsegmentation Deep Dive
Perimeter defense no longer stops ransomware spreading sideways. One article on why VLAN/Firewall hit a wall, the four implementation patterns (hypervisor / age
Dev.to · kt
1w ago
AWS IAM Roles Anywhere Hands-On
When you're outside EC2/Lambda (home laptop, on-prem server, Raspberry Pi, Kubernetes) and you don't want long-lived keys (AKIA...) sitting around, IAM Roles An
Dev.to · kt
⚡ AI Lesson
1w ago
AWS STS Deep Dive
I treated AssumeRole as a single API while writing the IAM piece. STS is actually 6 separate APIs (SAML / WebIdentity / Root / SessionToken / FederationToken),
Dev.to · kt
2w ago
WORM (Write Once Read Many) Deep Dive
A complete tour of WORM (Write Once Read Many) storage, from 1980s optical disc days to modern S3 Object Lock / Azure Immutable Blob / GCS Bucket Lock. Visualiz
Dev.to · kt
2w ago
AWS S3 Deep Dive
A hands-on, example-driven dissection of AWS S3: the object model visualized with diagrams, the 4 layers of access control (IAM/Bucket Policy/ACL/Block Public A
Dev.to · kt
2w ago
AWS IAM Deep Dive
A full breakdown of AWS IAM: principal types, the SigV4 signing math, the six policy kinds, the evaluation order (Deny beats Allow), and Identity Center, all vi
Dev.to · kt
2w ago
AWS Free Hands-On
A 30-minute end-to-end AWS hands-on that respects the new (post 2025-07-15) Free Plan rules and stays entirely inside the Always Free tier. Touches S3, Lambda,
Dev.to · kt
⚡ AI Lesson
2w ago
AWS Deep Dive: what it actually is, how regions and accounts fit together, and where auth lives
A first-principles tour of AWS for people who keep saying they "get it" but want to actually get it: the physical hierarchy of Regions and AZs, the logical hier
Dev.to · kt
3w ago
What 11 big tech companies actually do with AI in 2026
Google, Microsoft, Meta, Amazon, Anthropic, Stripe, Shopify, Salesforce, Netflix, Mercari, CyberAgent. Engineers have been saying 'AI boosts productivity' for y
Dev.to · kt
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking
A single line of "uses: tj-actions/changed-files@v44" burned 23,000 repositories. About a year later, 75 of 76 Trivy tags were rewritten the same way. Git tags
Dev.to · kt
1mo ago
I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
xz-utils, Shai-Hulud, tj-actions, LiteLLM, pgserve, SUNSPOT. They all get filed under 'supply chain attack', but the stage that broke and the defense that works
Dev.to · kt
1mo ago
SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
After SBOM and Cosign comes Provenance. Issue SLSA Build L3 provenance with slsa-github-generator and verify it with slsa-verifier, end to end on real machines.
Dev.to · kt
1mo ago
Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
Why did Docker Content Trust (Notary v1) fail, and how did the industry pivot to Sigstore and Notary v2? A timeline of container signing architecture, contraste
Dev.to · kt
1mo ago
SLSA Deep Dive: Securing the Supply Chain Using Verifiable Levels
A complete teardown of the SLSA specification. We dissect the threat model, Build and Source track requirements, Provenance structure, and the verification flow
Dev.to · kt
🔐 Cybersecurity
⚡ AI Lesson
1mo ago
Sigstore Deep Dive: Unmasking the Magic Behind Keyless Verification
A complete teardown of Fulcio, Rekor, and TUF powering `cosign sign`. Short-lived certificates, Merkle tree inclusion proofs, and trust bootstrapping—explained
Dev.to · kt
1mo ago
xDS Deep Dive: Dissecting the "Nervous System" of the Service Mesh
xDS is the dynamic configuration protocol powering Istio and Envoy. How on earth does it stream configurations to thousands of proxies without restarts? From AC
Dev.to · kt
1mo ago
Why Can We Use "Shorter" Keys?: Key Length vs Security Bits, the Real Story
Cryptographic strength is not about key length. It is about security bits. Why RSA-2048 is getting deprecated in 2030, how ECC achieves the same security with s
Dev.to · kt
1mo ago
RFC 7523 Deep Dive: JWT Profile
A deep dive into RFC 7523, the specification for using JWT for client authentication and authorization grants in OAuth 2.0. Uncovering the mechanics behind mode
Dev.to · kt
1mo ago
Why Do SSL/TLS Certificate Lifetimes Keep Getting Shorter?: Everything You Need to Know for the 47-Day Era
CA/Browser Forum SC-081 mandates a phased reduction of certificate validity to 47 days by 2029. This article dives deep into the structural flaws of revocation
Dev.to · kt
2mo ago
I Built an OPA Plugin That Turns It Into an AuthZEN-Compatible PDP
Building an OPA plugin that implements the AuthZEN Authorization API 1.0. How the OPA community discussion led to a plugin approach, and the design decisions be
Dev.to · kt
2mo ago
Google Zanzibar Deep Dive: Handling 2 Trillion ACLs in Under 10ms
A deep dive into the Google Zanzibar paper — covering Relation Tuples, the New Enemy problem, Zookies, the Leopard index, and system architecture. With notes on
Dev.to · kt
2mo ago
RBAC vs ABAC vs ReBAC: How to Choose and Implement Access Control Models
Starting with the RBAC role explosion problem, comparing it with ABAC and ReBAC, and exploring practical policy examples from products like Cedar, OpenFGA, and
DeepCamp AI