Author

Ops Development & AI Practice

DevSecOps engineer sharing experiences and insights on AI, Web3, and Claude code development. Aims to help solve technical challenges, improve development efficiency, and grow through community interaction. Feel free to comment and discuss.

555

Articles

Likes

Views

Comments

Latest from Ops Development & AI Practice

100 recent articles max

Ops Development & AI Practice

Sep 6, 2025 · Information Security

Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model

The article redefines security by introducing the concept of endogenous security, explaining its origins, biological analogy, core characteristics, and how it synergizes with DevSecOps to embed self‑protecting, adaptive immunity directly into software and infrastructure rather than relying on external defenses.

DevSecOpsEndogenous SecurityInformation Security

0 likes · 8 min read

Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model

Ops Development & AI Practice

Sep 4, 2025 · Industry Insights

SonarQube vs Codacy: Which Code Quality Tool Fits Your Team?

This article compares SonarQube and Codacy, examining their histories, core features, security capabilities, deployment models, and ideal use‑cases, to help teams decide which static analysis solution aligns best with their workflow, technology stack, and compliance requirements.

CI/CDCodacySonarQube

0 likes · 8 min read

SonarQube vs Codacy: Which Code Quality Tool Fits Your Team?

Ops Development & AI Practice

Sep 4, 2025 · Information Security

Mapping Vulnerabilities: From CVE IDs to NVD, GitHub Advisory & Vendor Notices

This article explains how CVE identifiers serve as a universal naming system for vulnerabilities and compares the roles of NVD, GitHub Advisory Database, and vendor security advisories, showing how to combine these sources into a layered intelligence network for effective risk assessment and remediation.

CVEGitHub AdvisoryInformation Security

0 likes · 8 min read

Mapping Vulnerabilities: From CVE IDs to NVD, GitHub Advisory & Vendor Notices

Ops Development & AI Practice

Sep 4, 2025 · Industry Insights

Building a Multi‑Dimensional Code Quality & Security Framework: 5 Essential Pillars

In today’s fast‑paced software landscape, a comprehensive, automated code quality and security system built around SAST, SCA, IaC scanning, secrets detection, and automated code review is essential for preventing defects, data breaches, and costly downtime across the entire development lifecycle.

SASTSCAautomated code review

0 likes · 8 min read

Building a Multi‑Dimensional Code Quality & Security Framework: 5 Essential Pillars

Ops Development & AI Practice

Sep 3, 2025 · Information Security

How to Build an Open‑Source DLP System with Osquery, Wazuh, Zeek, and ELK

This guide explains how to assemble a cost‑effective, highly customizable data loss prevention platform using open‑source tools for endpoint monitoring, network traffic inspection, centralized analysis, and data discovery, while highlighting the required integration steps and the trade‑offs compared with commercial solutions.

DLPELKdata protection

0 likes · 8 min read

How to Build an Open‑Source DLP System with Osquery, Wazuh, Zeek, and ELK

Ops Development & AI Practice

Sep 2, 2025 · Information Security

How XSS Bypasses Browser Sandboxes and What You Can Do About It

Even though modern browsers enforce sandboxing and many frameworks add XSS defenses, a successful cross‑site scripting attack can still break through server and browser protections, allowing attackers to hijack sessions, steal data, scan internal networks, exploit browser bugs, or run cryptojacking scripts.

Browser SecurityCSPCryptojacking

0 likes · 9 min read

How XSS Bypasses Browser Sandboxes and What You Can Do About It

Ops Development & AI Practice

Sep 2, 2025 · Information Security

How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets

The article reveals how a seemingly harmless XSS flaw in an internal development platform can be weaponized to steal high‑privilege credentials, pivot across internal services, and ultimately breach production systems, urging teams to treat development environments as critical security frontiers.

Application SecurityDevOps SecurityInfrastructure

0 likes · 9 min read

How a Tiny XSS Bug in Dev Environments Can Compromise Production Secrets

Ops Development & AI Practice

Aug 30, 2025 · Industry Insights

When Governments and Protesters Play the Game of Chicken: Strategies Beyond the Standoff

The article uses the classic Game of Chicken model to dissect government‑protester confrontations, outlines possible outcomes, and proposes trust‑building, credible commitment, and institutional mediation as ways to move beyond destructive brinkmanship toward sustainable governance.

Game TheoryGovernmentNegotiation

0 likes · 9 min read

When Governments and Protesters Play the Game of Chicken: Strategies Beyond the Standoff

Ops Development & AI Practice

Aug 30, 2025 · Cloud Native

Unlocking Karpenter NodePool: Fine‑Grained Autoscaling for Kubernetes

This article explains how Karpenter's NodePool CRD replaces traditional provisioners, details its core configuration fields, illustrates the autoscaling workflow from a pending pod to a ready node, and shows how to achieve cost‑effective, on‑demand resource provisioning in Kubernetes clusters.

AWSKarpenterKubernetes

0 likes · 9 min read

Unlocking Karpenter NodePool: Fine‑Grained Autoscaling for Kubernetes

Ops Development & AI Practice

Aug 30, 2025 · Cloud Native

How to Enable Dynamic DNS in Nginx on Kubernetes to Avoid Service Outages

By configuring Nginx’s resolver and resolve directives to query the cluster DNS and using fully‑qualified service names, you can make Nginx re‑resolve backend Pod IPs dynamically, preventing 502 errors when Pods restart or scale in a Kubernetes environment.

Dynamic DNSIngressKubernetes

0 likes · 7 min read

How to Enable Dynamic DNS in Nginx on Kubernetes to Avoid Service Outages