A comprehensive overview of a robust testing framework for web development, detailing various testing types and tools to ensure code quality and user experience.
About:
Mike Cardwell's Tech Blog focuses on security, privacy, and technology.
Website:
Incoming Links:
Subscribe to RSS:
The blog post discusses the creation and implications of a Gzip bomb, a compressed file that expands significantly upon decompression. It details how to create a 10MB Gzip file that expands to 10GB and explores how various email c...
Lavabit's email service has critical security flaws, allowing unencrypted authentication, which undermines its claim to be a secure platform compared to competitors like Gmail and Outlook.
The blog post analyzes a React component's performance issue with fixed headers and suggests optimizations, including the use of IntersectionObserver for better efficiency.
A transition to a Go-based website enhances performance and security while simplifying content management through innovative techniques like SVG sprites and caching methods.
5.9ParseMail
2026-02-22 • technology open source privacy email spark mail
ParseMail is a privacy-focused tool that allows users to analyze raw email content and extract detailed information without relying on third-party services.
The post discusses a significant privacy flaw in Evolution Mail's 'Load Remote Content' feature, which fails to prevent DNS requests from being made when HTML emails contain specific tags. This allows senders to track whether emai...
Critical privacy flaws in Evolution Mail allow email senders to track users' IP addresses, with the project failing to address these issues responsibly.
The blog post discusses critical privacy issues related to Evolution Mail, highlighting a bug in DNS prefetching that allows email senders to track users' IP addresses. The author criticizes the Evolution Mail Project for their in...
The post explains how to use mosh and screen to create persistent SSH sessions that can survive network changes, laptop sleep, and reboots. It provides installation commands and a custom SSH command ('sshx') for easier access. The...
Mandatory DNSSEC validation by Certificate Authorities is now in effect, requiring them to verify the validity of DNSSEC-enabled domains for certificate issuance.
5Monitoring Expiry of GPG Keys
2017-07-28 • shell scripting security cron job openpgp
A Perl script helps monitor PGP key expirations, alerting users when keys are close to expiring based on specified parameters.
0Blocking Russian IPs
2025-03-06 • web development nginx debian geolocation
The text explains how to block requests from Russian IPs on websites behind Nginx on Debian 12. It provides a step-by-step guide on how to do it and suggests a tool to test the website from different IPs.
0Sending Email Using Curl
2024-12-07 •
The author wanted to send an email after pushing a new docker image using a Gitlab runner. They found out that curl can be used to send an email and it's pretty trivial. They used an authenticated SMTP server and environment varia...
0Skiff.com Email's Various Privacy Failures
2023-08-27 •
The author came across Skiff.com, a privacy-first end-to-end encrypted email service, and found several privacy failures. The author tested the webmail, OSX, Windows, and iOS clients and discovered various bugs, including a leak i...
0Self Building and Executing Dockerfiles
2021-11-10 •
The author discusses a trick to make programs available on systems by using Dockerfiles. They provide an example of a valid Dockerfile and compare it to a shell script alternative.
0Sandbox Rust Development with Rust Analyzer
2020-10-25 •
The author created a python script called saferrust for sandboxing Rust development using Docker. They are starting a new project and trying out the language server rust-analyzer. They had to create a wrapper script and set the pa...
0Manage Firewall from Dockerised NodeJS
2020-10-17 •
The text explains how to manage a firewall from a NodeJS application using Docker. It details the process of creating a custom Docker image, setting up host mode networking, and passing the NET_ADMIN capability. It also discusses ...
0Nginx Restic Backend
2019-10-04 •
The author discusses using Restic for backing up hosts and configuring Nginx vhosts to work with Restic's REST API. They explain the challenges and solutions in making Nginx compatible with the Restic REST API, and the performance...
0Twitter to RSS with Google Cloud Function
2018-12-24 •
The author noticed that Twitter to RSS stopped working and created funcTwitter, a NodeJS application that gates Twitter to RSS and can be deployed as a Google Cloud Function. The function can be used for free for personal use and ...
0GPG Agent Forwarding
2017-10-03 •
The text discusses the use of GPG Agent Forwarding in Debian Stretch, involving systemd and the creation of sockets in /run/user/$UID/gnupg/. It explains how to forward the gpg-agent to a remote server and the necessary configurat...
0Keybase Browser Extension Insecure
2017-08-05 •
The Keybase browser extension for Firefox and Chrome is insecure, allowing websites to read messages you type and send chat messages from you to other Keybase users. The extension does not provide any security measures and is not ...
0Email Authentication Failure
2017-07-28 •
The author discusses email authentication issues that caused delivery failure of an email he sent. He uses SPF records, DKIM signatures, and DMARC policy to authenticate his emails. The failure was caused by a mailing list server ...