Microsoft releases a hands-on Sovereign Cloud MicroHack workshop for engineers to learn and implement technical controls for sovereign cloud architectures.
A developer's experience switching from 1Password to Apple Passwords, comparing features, performance, and ecosystem integration.
A technical guide on implementing Two-Factor Authentication (2FA) using TOTP and QR codes in ASP.NET Core for enhanced security.
A developer documents using Claude Code to audit and clean up overly permissive command permissions in a local settings file for better security.
A guide to building a tool for redacting sensitive data like tokens and keys from Java Flight Recorder (JFR) and error log files.
A guide to implementing Conditional Access policies for securing Azure Virtual Desktop, covering architecture, policy configuration, and best practices.
The article compares AI agent security to early e-commerce, arguing we need a multi-layered security stack (supply chain, prompt defense, sandboxing) to make agents trustworthy.
A technical guide on verifying X.509 certificate ownership for Azure IoT Device Provisioning Service using proof-of-possession.
Explains how to link privileged accounts to user identities in Microsoft Defender for Identity to improve security visibility and incident response.
.NET 10 introduces built-in Post-Quantum Cryptography (PQC) APIs, enabling developers to adopt quantum-resistant algorithms for future security.
Anthropic invests $1.5 million in the Python Software Foundation to support Python ecosystem security and core development.
Anthropic invests $1.5 million in the Python Software Foundation to support Python ecosystem security and core development.
.NET 10 on macOS now automatically uses TLS 1.3 for HTTPS connections, improving security and performance without code changes.
A guide to using Microsoft Entra Access Reviews for governance and regular auditing of user and guest access permissions.
A developer recounts debugging a PostgreSQL container stability issue that turned out to be a hidden security vulnerability, sharing lessons learned.
A developer's 2025 review: transitioning to a DevRel role at Pomerium, diving into security and AI agents via MCP, and giving numerous tech conference talks.
Author details how Substack's content filter blocked a newsletter containing a SQL injection exploit example, citing a 'Network error'.
Microsoft adds a new 'Microsoft 365 Support Engineer' role to Entra, but warns it's not for general use and is likely for internal or partner support.
Explores a novel, anonymous web login system using secret keys instead of email or social logins, highlighting its trade-offs.
A developer details a frustrating bug in GitHub's 2FA system that prevents removing SMS authentication without adding an authenticator app first.
