Building the web since 2000
Practical writing on PHP, MySQL, Linux, WordPress, security and the weird corners of the web — by one engineer who's been shipping them for over two decades.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
Four reliable ways to change a WordPress password: admin dashboard, WP-CLI, directly in the database with the correct phpass or bcrypt hash, and the lost-password email reset.
A practical DNS health check covers nameservers, A and AAAA records, MX, SPF, DKIM, DMARC, and CAA. Here is the full checklist, what each record actually tells you, and how to verify all of them in one pass.
The five Claude Code tools that change frontend design work: impeccable skill, Figma MCP, claude-in-chrome MCP for visual QA, banana skill for AI image generation, and shadcn/ui MCP.
The five Claude Code tools that change how SEO and content teams work: seo-content skill, seo-technical skill, Firecrawl MCP, Exa MCP, and the filesystem MCP for direct CMS access.
The five Model Context Protocol servers worth installing today: filesystem, GitHub, Postgres, claude-in-chrome (browser), and Sentry. With install commands, the tools they expose, and the security model.
Five Claude Code skills that turn it from a chat tool into a development environment: impeccable for UI design, playwright-cli for browser automation, gsd for project planning, seo-content, and banana for image generation.
Four reliable ways to change a WordPress password: admin dashboard, WP-CLI, directly in the database with the correct phpass or bcrypt hash, and the lost-password email reset.
Learn how to detect and remove the dangerous gsyndication.com malware from your WordPress site. Step-by-step guide for cleaning malicious code and preventing reinfection in 2025.
Wire ElasticPress to WP_Query so WordPress queries hit Elasticsearch (or OpenSearch) instead of MySQL. Covers installation, indexable post types, ep_integrate, the wp-cli index command, faceted search with aggregations, and when ES actually beats MySQL FULLTEXT.
How to send HTML emails from WordPress with wp_mail and the wp_mail_content_type filter. Covers SMTP setup, deliverability with SPF, DKIM, and DMARC, and modern transactional providers like SendGrid, Postmark, and Resend.
Practitioner reference for Elasticsearch 9.x: index and document operations, Query DSL, aggregations, vector / kNN search, ESQL, cluster management, version compatibility notes, and the gotchas that bite first-time operators.
MySQL cheat sheet covering CLI commands, database and table operations, joins, indexes, backups, user management, and transactions, with version notes for 5.7, 8.0, and 8.4.
MySQL 8.4 is the new LTS branch through April 2032. The 8.0 to 8.4 upgrade is much smaller than 5.7 to 8.0, but removed options and the new authentication_policy variable still bite. Full procedure with rollback.
MySQL 5.7 has been past its EOL since October 2023. Here is the migration to 8.0: prerequisites, dry-run with mysqlcheck, in-place upgrade, the authentication-plugin change that breaks old clients, and rollback if it goes sideways.
Install VirtualBox Guest Additions on Ubuntu 22.04, 24.04, and 26.04 LTS guests for shared clipboard, drag and drop, shared folders, and dynamic display resolution. Covers VirtualBox 7.0 and 7.1, both install methods, and the Apple Silicon UTM alternative.
Use jpegoptim to losslessly or lossy-compress JPEGs from the command line, in bulk, and inside CI pipelines. Includes the install path on macOS/Linux/Windows, mozjpeg / squoosh-cli / sharp comparisons, and the parallel xargs pattern for tens of thousands of images.
Batch compress each folder in a parent directory into its own ZIP, tar.gz, or 7z archive on Linux, macOS, and Windows. Covers the for-loop one-liners, encryption, symlink handling, and the BSD vs Info-ZIP differences.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
Grow a Google Cloud persistent disk on a live VM in three commands. Resize the disk in GCP, expand the partition with growpart, then stretch the filesystem with resize2fs or xfs_growfs. No detach, no reboot.
Connect to a GCP VM using plain OpenSSH, no gcloud required. Add a public key to instance metadata, fetch the external IP, and ssh in like any normal Linux box. Plus OS Login, IAP, and a Windows PuTTY path.
Create a GCP persistent disk, attach it to a running VM, format it, mount it, and survive reboots with a UUID-based fstab entry. Console, gcloud, and Terraform walkthroughs.
Every reliable way to update Node.js on Linux, macOS, and Windows. Covers nvm, fnm, Volta, n, the nodejs.org installer, apt/brew/winget, Docker, GitHub Actions, per-project pinning, and the rebuild-native-modules step everyone forgets.
Every modern way to force a page to the top on browser refresh: window.scrollTo, the scrollRestoration API, React Router ScrollRestoration, Next.js Link scroll prop, and the events that fire on unload. Plus the hydration race that breaks naive implementations.
Every Bootstrap media query breakpoint with exact pixel value, Sass/LESS mixins, container max-widths, and CSS-only equivalents. Covers Bootstrap 5.3 (xxl, CSS variables), Bootstrap 4 (deprecated mixins), and Bootstrap 3.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
Hashcat benchmark numbers for the NVIDIA GeForce GTX 1080 Ti across 152 hash modes, with a modern context: how the 1080 Ti compares to the RTX 3090, 4090, and 5090, and when it's still worth using in 2026.
A step-by-step methodology for finding and removing malware from a compromised WordPress site, written by a Security+ certified engineer who's been cleaning sites since the early WordPress 2.x era. Covers every attack vector: file backdoors, database injections, .htaccess hijacks, wp-config tampering, and recurring reinfection. Originally written in 2016, updated regularly as new patterns emerge.
WPScan v3.8+ usage reference for WordPress security audits: install on Linux/macOS, API token setup, the command patterns that matter (enumerate users, vulnerable plugins, brute force), JSON output, and how WPScan compares to Wordfence, Sucuri, and WPSec.
NVIDIA GTX 1070 Ti Ethereum Mining review: Hashrate, overclocking settings, and power efficiency analyzed for miners.
How to install the Gearman PHP extension on Ubuntu 22.04 and 24.04 LTS for PHP 8.2, 8.3, and 8.4. Two install paths (apt and PECL), php.ini wiring, gearmand service setup, a working client/worker test, and when Gearman still makes sense vs Redis, RabbitMQ, and SQS.
Increase the PHP memory_limit via php.ini, .htaccess, ini_set(), the -d CLI flag, PHP-FPM pool config, or wp-config.php. Covers the modern PHP 8 defaults, the OPcache caveat, and the Composer/PHPUnit/WordPress out-of-memory patterns.
Drop empty, null, or false values from a PHP array with array_filter and the right callback. Includes the '0 gets removed' gotcha, the array_values re-index pattern, multidimensional cleanup, and a performance comparison.
Regex word boundaries (\b and \B) match positions between word and non-word characters with zero width. The full reference with engine differences, Unicode handling, lookaround alternatives, and worked examples for whole-word replace, search highlighting, and log parsing.
Regex anchors are unique tokens that assert positions within a string without matching characters. Discover their role in pattern matching across languages.
Regex Cheat Sheet including regex symbols, ranges, grouping, assertions, syntax tables, examples, matches, and compatibility tables. Definitive Regular Expressions Quick Reference!
Match a hex color code with regex. 3-digit, 6-digit, and 8-digit (alpha) forms. JavaScript / Python / PHP examples, engine notes, common mistakes, a stripped-hash variant.
50 of Steven Wright''s funniest one-liners that combine wit, humor, and deep thought. A perfect read for fans of clever comedy.
"And That's When The Fight Started" - 50 hilarious wife jokes that perfectly capture the humor in married life. Get ready for some good-natured fun!
Khaby Lame became the world's most-followed TikTok creator without ever uttering a sentence. The man who beat the internet without saying a word, explained: who he is, where he is from, what the hand gesture means, and twenty reasons it worked.
My password showed up in a known breach database at 2 a.m. Here is what happened next, the small casualty I did not see coming, and what to do when yours appears too.
My experience meeting WordPress co-founder Matt Mullenweg at WordCamp Europe 2024 in Torino, Italy. A journey filled with inspiration, connections, and memorable moments.
The five Claude Code tools that change frontend design work: impeccable skill, Figma MCP, claude-in-chrome MCP for visual QA, banana skill for AI image generation, and shadcn/ui MCP.
The five Claude Code tools that change how SEO and content teams work: seo-content skill, seo-technical skill, Firecrawl MCP, Exa MCP, and the filesystem MCP for direct CMS access.
The five Model Context Protocol servers worth installing today: filesystem, GitHub, Postgres, claude-in-chrome (browser), and Sentry. With install commands, the tools they expose, and the security model.
Five Claude Code skills that turn it from a chat tool into a development environment: impeccable for UI design, playwright-cli for browser automation, gsd for project planning, seo-content, and banana for image generation.
A practical DNS health check covers nameservers, A and AAAA records, MX, SPF, DKIM, DMARC, and CAA. Here is the full checklist, what each record actually tells you, and how to verify all of them in one pass.
Practitioner reference for Elasticsearch 9.x: index and document operations, Query DSL, aggregations, vector / kNN search, ESQL, cluster management, version compatibility notes, and the gotchas that bite first-time operators.
MySQL cheat sheet covering CLI commands, database and table operations, joins, indexes, backups, user management, and transactions, with version notes for 5.7, 8.0, and 8.4.
Regex Cheat Sheet including regex symbols, ranges, grouping, assertions, syntax tables, examples, matches, and compatibility tables. Definitive Regular Expressions Quick Reference!
A scannable curl reference: GET, POST, PUT, DELETE; JSON and form bodies; basic, bearer, and digest auth; redirects, retries, timeouts; --resolve overrides, SOCKS proxies; with PowerShell Invoke-WebRequest equivalents.
