Security
May 31, 2026
Product Thinking
54 min readProduct Thinking (2): Security Engineering — Defense Without Paranoia
How I learned to build security into the system itself — pre-commit hooks, atomic guards, two-layer firewalls, and the art of automated defense.
May 3, 2026
Alibaba Cloud Full Stack
58 min readAlibaba Cloud Full Stack (6): RAM, KMS, and Cloud Security
Lock down your cloud: RAM users, groups, roles, and policies. STS for temporary credentials. KMS for encryption. ActionTrail for audit logging. Build a secure multi-team access model with least privilege.
Apr 24, 2026
Claude Code Hands-On
42 min readClaude Code Hands-On (7): Ten Hooks I Actually Use, with the Code
Picking ten hooks out of the 100 in the reference repo and walking through each: what it does, the actual JS, the settings.json wire-up, and where it bites. PreToolUse for safety, PostToolUse for hygiene, the boring ones …
Mar 16, 2026
Terraform Agents
30 min readTerraform for AI Agents (3): A Reusable VPC and Security Baseline
The first reusable module — a three-zone VPC with public/private subnets, NAT egress, security groups layered by tier, and KMS keys per data domain. The same code shows up in every agent stack I've shipped, parameterised …
Jun 22, 2023
Docker and Containers
28 min readDocker and Containers (7): Security — Running Containers Without Giving Away the Keys
Containers provide isolation, not security. Default Docker configurations run processes as root with full capabilities. This article shows how to lock containers down for production.