Tech Diary

Hooks are one of the most underused features in Argo CD. They let you run Kubernetes jobs at specific stages of a deployment, turning GitOps from “apply YAML” into a full release workflow. After a few production scares last year, mainly schema migrations and feature flags racing each other, I doubled down on hooks. Here’s what actually delivered value. PreSync: stop bad releases early PreSync hooks run before Argo CD applies your manifests. I standardised a Job named db-guardrail that checks both connectivity and the database schema drift: ...

Everyone is talking about supply-chain attacks again, especially after the public campaigns that abused self-hosted and ephemeral runners in early 2025. The common thread: attackers weaponised pull requests to run malicious workflows, exfiltrate long-lived credentials, and ship tampered artifacts to registries. Here’s how I hardened my GitHub Actions estate without grinding the release train to a halt. What the current wave looks like The noisy incidents from the past quarter followed a familiar pattern: ...

In late 2025, not long after its release, I found a gap in OpenAI’s Browsing agent that turns a routine checkout flow into a foothold on the agent container. The weak link is the Take it from here feature. When the model hits a task it is not allowed to complete (for example “buy this iPhone on eBay” or “enter my credit card details”), ChatGPT pauses the automation and shows a button that lets the human finish the job. Clicking that button hands you the live Chrome session the agent was using, complete with the same filesystem permissions it relied on during the automated steps. ...