Building the web since 2000
Practical writing on PHP, MySQL, Linux, WordPress, security and the weird corners of the web — by one engineer who's been shipping them for over two decades.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
Four reliable ways to change a WordPress password: admin dashboard, WP-CLI, directly in the database with the correct phpass or bcrypt hash, and the lost-password email reset.
A practical DNS health check covers nameservers, A and AAAA records, MX, SPF, DKIM, DMARC, and CAA. Here is the full checklist, what each record actually tells you, and how to verify all of them in one pass.
The five Claude Code tools that change frontend design work: impeccable skill, Figma MCP, claude-in-chrome MCP for visual QA, banana skill for AI image generation, and shadcn/ui MCP.
The five Claude Code tools that change how SEO and content teams work: seo-content skill, seo-technical skill, Firecrawl MCP, Exa MCP, and the filesystem MCP for direct CMS access.
The five Model Context Protocol servers worth installing today: filesystem, GitHub, Postgres, claude-in-chrome (browser), and Sentry. With install commands, the tools they expose, and the security model.
Five Claude Code skills that turn it from a chat tool into a development environment: impeccable for UI design, playwright-cli for browser automation, gsd for project planning, seo-content, and banana for image generation.
Four reliable ways to change a WordPress password: admin dashboard, WP-CLI, directly in the database with the correct phpass or bcrypt hash, and the lost-password email reset.
Learn how to detect and remove the dangerous gsyndication.com malware from your WordPress site. Step-by-step guide for cleaning malicious code and preventing reinfection in 2025.
Visitors to your WordPress site see a fake 'Cloudflare verification' page telling them to paste a command into Windows Run or Terminal. That's ClickFix, the social-engineering campaign that first appeared in early 2024 and exploded across compromised WordPress sites by autumn. What it does, where the injection lives in your site, and how to clean it without missing the persistence.
The backup plugin running inside WordPress is the same WordPress the attacker just compromised. A 3-2-1 backup strategy with restic or borg, stored outside the trust boundary, and verified by monthly test restores. Configuration, retention, and the exact restore sequence after a compromise.
Practitioner reference for Elasticsearch 9.x: index and document operations, Query DSL, aggregations, vector / kNN search, ESQL, cluster management, version compatibility notes, and the gotchas that bite first-time operators.
MySQL cheat sheet covering CLI commands, database and table operations, joins, indexes, backups, user management, and transactions, with version notes for 5.7, 8.0, and 8.4.
MySQL 8.4 is the new LTS branch through April 2032. The 8.0 to 8.4 upgrade is much smaller than 5.7 to 8.0, but removed options and the new authentication_policy variable still bite. Full procedure with rollback.
MySQL 5.7 has been past its EOL since October 2023. Here is the migration to 8.0: prerequisites, dry-run with mysqlcheck, in-place upgrade, the authentication-plugin change that breaks old clients, and rollback if it goes sideways.
macOS ships BSD find; Linux ships GNU find. The two share a name and most of an interface, but -printf, -regextype, and the stat format strings diverge hard enough to break scripts shipped between platforms. The full divergence list, the portable subset that works on both, and how to get GNU find on a Mac.
The grep -o 'pattern' file | sort | uniq -c | sort -rn pipeline is the classic log-analysis one-liner. Why sort must come before uniq, how each stage works, worked examples for top IPs and status codes, the awk one-pass alternative for huge files, and the BSD vs GNU notes.
find walks the live filesystem every time it runs: always current, sometimes slow. locate queries a prebuilt database: instant, but stale until the next updatedb. This breaks down the locate family (mlocate, plocate, slocate), the macOS situation, and exactly when to reach for each one.
grep filters lines, awk extracts fields. The classic pipe is grep 'pattern' file | awk '{print $2}'. This covers awk field basics ($1, $NF), custom separators with -F, multi-column output, the cases grep -o and cut cover on their own, and the fact that awk's own pattern match makes the grep half optional.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
macOS ships BSD find; Linux ships GNU find. The two share a name and most of an interface, but -printf, -regextype, and the stat format strings diverge hard enough to break scripts shipped between platforms. The full divergence list, the portable subset that works on both, and how to get GNU find on a Mac.
The grep -o 'pattern' file | sort | uniq -c | sort -rn pipeline is the classic log-analysis one-liner. Why sort must come before uniq, how each stage works, worked examples for top IPs and status codes, the awk one-pass alternative for huge files, and the BSD vs GNU notes.
find walks the live filesystem every time it runs: always current, sometimes slow. locate queries a prebuilt database: instant, but stale until the next updatedb. This breaks down the locate family (mlocate, plocate, slocate), the macOS situation, and exactly when to reach for each one.
Every reliable way to update Node.js on Linux, macOS, and Windows. Covers nvm, fnm, Volta, n, the nodejs.org installer, apt/brew/winget, Docker, GitHub Actions, per-project pinning, and the rebuild-native-modules step everyone forgets.
Every modern way to force a page to the top on browser refresh: window.scrollTo, the scrollRestoration API, React Router ScrollRestoration, Next.js Link scroll prop, and the events that fire on unload. Plus the hydration race that breaks naive implementations.
Every Bootstrap media query breakpoint with exact pixel value, Sass/LESS mixins, container max-widths, and CSS-only equivalents. Covers Bootstrap 5.3 (xxl, CSS variables), Bootstrap 4 (deprecated mixins), and Bootstrap 3.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
Visitors to your WordPress site see a fake 'Cloudflare verification' page telling them to paste a command into Windows Run or Terminal. That's ClickFix, the social-engineering campaign that first appeared in early 2024 and exploded across compromised WordPress sites by autumn. What it does, where the injection lives in your site, and how to clean it without missing the persistence.
The backup plugin running inside WordPress is the same WordPress the attacker just compromised. A 3-2-1 backup strategy with restic or borg, stored outside the trust boundary, and verified by monthly test restores. Configuration, retention, and the exact restore sequence after a compromise.
Wordfence, Sucuri, and every in-WordPress security plugin can be disabled by malware running with the same privileges. The fix is monitoring at a layer the attacker can't touch: AIDE, maldet, or a custom cron-driven script running as root. With working configurations for each.
NVIDIA GTX 1070 Ti Ethereum Mining review: Hashrate, overclocking settings, and power efficiency analyzed for miners.
How to install the Gearman PHP extension on Ubuntu 22.04 and 24.04 LTS for PHP 8.2, 8.3, and 8.4. Two install paths (apt and PECL), php.ini wiring, gearmand service setup, a working client/worker test, and when Gearman still makes sense vs Redis, RabbitMQ, and SQS.
Increase the PHP memory_limit via php.ini, .htaccess, ini_set(), the -d CLI flag, PHP-FPM pool config, or wp-config.php. Covers the modern PHP 8 defaults, the OPcache caveat, and the Composer/PHPUnit/WordPress out-of-memory patterns.
Drop empty, null, or false values from a PHP array with array_filter and the right callback. Includes the '0 gets removed' gotcha, the array_values re-index pattern, multidimensional cleanup, and a performance comparison.
The five online regex testers I actually use, ranked: Regex101, RegExr, RegexPlanet, Debuggex, and Rubular. What each is good at, where each falls short, and which flavor each one supports.
Regex word boundaries (\b and \B) match positions between word and non-word characters with zero width. The full reference with engine differences, Unicode handling, lookaround alternatives, and worked examples for whole-word replace, search highlighting, and log parsing.
Regex anchors are unique tokens that assert positions within a string without matching characters. Discover their role in pattern matching across languages.
Regex Cheat Sheet including regex symbols, ranges, grouping, assertions, syntax tables, examples, matches, and compatibility tables. Definitive Regular Expressions Quick Reference!
50 of Steven Wright''s funniest one-liners that combine wit, humor, and deep thought. A perfect read for fans of clever comedy.
"And That's When The Fight Started" - 50 hilarious wife jokes that perfectly capture the humor in married life. Get ready for some good-natured fun!
Khaby Lame became the world's most-followed TikTok creator without ever uttering a sentence. The man who beat the internet without saying a word, explained: who he is, where he is from, what the hand gesture means, and twenty reasons it worked.
My password showed up in a known breach database at 2 a.m. Here is what happened next, the small casualty I did not see coming, and what to do when yours appears too.
My experience meeting WordPress co-founder Matt Mullenweg at WordCamp Europe 2024 in Torino, Italy. A journey filled with inspiration, connections, and memorable moments.
The five Claude Code tools that change frontend design work: impeccable skill, Figma MCP, claude-in-chrome MCP for visual QA, banana skill for AI image generation, and shadcn/ui MCP.
The five Claude Code tools that change how SEO and content teams work: seo-content skill, seo-technical skill, Firecrawl MCP, Exa MCP, and the filesystem MCP for direct CMS access.
The five Model Context Protocol servers worth installing today: filesystem, GitHub, Postgres, claude-in-chrome (browser), and Sentry. With install commands, the tools they expose, and the security model.
Five Claude Code skills that turn it from a chat tool into a development environment: impeccable for UI design, playwright-cli for browser automation, gsd for project planning, seo-content, and banana for image generation.
A practical DNS health check covers nameservers, A and AAAA records, MX, SPF, DKIM, DMARC, and CAA. Here is the full checklist, what each record actually tells you, and how to verify all of them in one pass.
Practitioner reference for Elasticsearch 9.x: index and document operations, Query DSL, aggregations, vector / kNN search, ESQL, cluster management, version compatibility notes, and the gotchas that bite first-time operators.
MySQL cheat sheet covering CLI commands, database and table operations, joins, indexes, backups, user management, and transactions, with version notes for 5.7, 8.0, and 8.4.
Regex Cheat Sheet including regex symbols, ranges, grouping, assertions, syntax tables, examples, matches, and compatibility tables. Definitive Regular Expressions Quick Reference!
A scannable curl reference: GET, POST, PUT, DELETE; JSON and form bodies; basic, bearer, and digest auth; redirects, retries, timeouts; --resolve overrides, SOCKS proxies; with PowerShell Invoke-WebRequest equivalents.
