Tutorials Archives | Animated Creativity

The “boring” Mac development setup: just Homebrew + tmux + Neovim + iTerm2 + ssh, and why it ages well

April 26, 2026 by admin

MacBook displaying CSS code in a code editor — photo by negativespace on Pexels

Every year a new IDE arrives and developers spend a weekend learning it. New JetBrains release, new VS Code competitor, new AI-powered editor whose pricing model will pivot in 18 months. There’s an alternative: pick a stack of well-aged Unix …

The ‘fake plugin’ WordPress malware family: how to spot random-named directories in bulk

April 22, 2026 by admin

One of the most common WordPress malware patterns I’ve cleaned in the last two years isn’t a webshell or a credential stealer — it’s a “fake plugin” or “fake theme.” The attacker creates a directory in wp-content/plugins/ or wp-content/themes/ with …

The hard problem of sanitizing user-uploaded SVGs (and why most libraries get it wrong)

April 22, 2026 by admin

Close-up of HTML and CSS code on a computer screen — markup-parsing context for an SVG security article (photo: Pixabay / Pexels)

The Scratch team’s blog post on SVG sanitization (linked from Hacker News this week) is one of those technical write-ups that really should be required reading for anyone who lets users upload images to a web app. The author’s account …

Replacing find -exec with parallel: when -exec is fast enough and when xargs -P + -L starts winning

April 2, 2026 by

Parallel metal rails or bars in perspective — photo by uppsychic on Pexels

Every shell-scripting tutorial recommends find ... -exec cmd {} \; for “do this command on every matching file.” It’s the classic, obvious pattern. It’s also dramatically slower than the alternatives once your file count goes past a few hundred — …

Calibre as a personal e-book server: connecting Kindle and Kobo over USB and Wi-Fi (and why COPS matters)

March 27, 2026 by admin

You have an EPUB collection somewhere on your Mac — bought from various stores, downloaded from public domain sites, converted from PDFs, ripped from your own books with Calibre and a USB scanner. You want them on your Kindle (or …

Cron MAILTO that actually delivers: postfix relay through Mailgun without the mail bouncing

March 8, 2026 by

Smartphone showing the Gmail app inbox view — photo by Solen Feyissa on Pexels

The first time I set up a cron job with MAILTO=me@example.com, I assumed it would just work. It didn’t. The output ended up in /var/spool/mail/root, which I never checked, because my Oracle box couldn’t deliver outbound email — …

SSH ProxyJump: reach private servers through a bastion without copying keys to it

March 1, 2026 by admin

Close-up of fiber optic patch panel with yellow and white connectors plugging into blue ports — visual metaphor for ProxyJump tunneling traffic through one server to reach another (photo: Brett Sayles / Pexels)

You have a private server in a VPC that’s only reachable through a bastion host. The “obvious” way to SSH there is the wrong way: copy your private key onto the bastion, then SSH from bastion to the private box. …

iCloud Drive vs Syncthing vs rsync: picking the right sync mechanism for dev files across machines

February 28, 2026 by admin

You have a Mac for writing and design, a Linux laptop for coding, a NAS at home, and a remote VPS for production. The same dotfiles, the same notes, and the same in-progress repo need to be on at least …

Caddy’s auto-HTTPS for an internal homelab: setting up Caddy with DNS-01 against Cloudflare for a *.local domain

February 20, 2026 by admin

Coiled Ethernet cable on a teal background — photo by Markus Spiske on Pexels

You have a few internal services on your homelab — a Home Assistant box, a Plex server, a TrueNAS UI, an Uptime Kuma dashboard. They all live on 192.168.1.x with random ports. You want to give them clean URLs (…

PAM ordering on Ubuntu 22: pam_unix.so vs pam_sss.so vs pam_systemd.so and the order that breaks SSH if you flip it

February 20, 2026 by

Server room aisle with rows of dark server racks — photo by Brett Sayles on Pexels

I joined a new client’s box one morning to set up SSO via SSSD. By the afternoon, no one — including me, including root — could SSH in. The PAM stack had been rearranged subtly in /etc/pam.d/common-auth, and a …