My musings on technology, science, math, and more

  • Running an AI Agent in a Home Lab: Security First

    An AI agent with access to your shell, your GitHub account, your filesystem — it’s dangerous if you’re not deliberate about it. Here’s how I containerized Hermes Agent in my home lab, with a focus on blast-radius containment from the start.

    Read more

  • LDAP in Containers

    Most of the time, connecting to LDAP is pretty straightforward and is just a matter of applying the right configuration to your application. Or maybe it isn’t even something you need to think about; it could be abstracted away behind an API call. This wasn’t…

    Read more

  • Read-only Docker Containers

    There are lots of good reasons for and articles recommending running Docker containers read-only, but what I have a difficult time finding are descriptions of how to do this for many popular images. Some software needs to write to a few important and predictable locations.…

    Read more

  • Distributing CLI Tools via Docker

    Throughout my career, I’ve seen a couple recurring patterns related to the tools I write: I write a lot of small CLI tools and I like to share them with my coworkers (and whenever possible, the rest of the world). This has led to several…

    Read more