Latest Posts

Most personal projects and homelab services don’t need to be public, but they do need to be reachable. I want to access my dev tools, internal dashboards, and side projects from anywhere, on any of my own devices, without opening ports, exposing IPs, or worrying about who might stumble across them on the internet.

This post walks through how I built an everywhere-accessible but publicly invisible ingress engine using Tailscale, Docker, Caddy, and DNS rewrites. The result is a private, domain-based setup that behaves like a small cloud. It has HTTPS, clean hostnames, and reverse proxying, but is only accessible to me, lives on my own machine, and never touches the public internet.

I wanted a Docker setup for my Eleventy resume project that also generates a PDF using Puppeteer. I assumed this would be straightforward. It wasn’t.

Here’s the real path, from zero to working, with the errors along the way and what each one actually meant.

I wanted first-party analytics on my blog without handing traffic data to a SaaS vendor. Umami checked every box: open source, self-hostable, and friendly to privacy. I already keep a small VPS online 24/7, so dedicating a slice of that machine to Umami felt like a perfect fit.

Analytics turned into a blind spot once I shut off the usual trackers. I needed something:

I’ve had the Umami + Ansible post in my head for ages, but it touched three different repositories and a whole bunch of code snippets. Totally doable, but undeniably tedious — which is why it kept slipping down the backlog. You can read the finished article here: Private Analytics With Umami, Docker Compose, and Ansible.

The idea that finally nudged it forward was simple: why not let GPT (Codex) do the heavy lifting while I steer?

Catch up on the three rapid releases that reshape Subspace Builder with a tag hub, refreshed navigation, and a data-driven projects page.

I want tmux to feel like one cohesive environment that never goes away. When I am docked at my desk, I spread iTerm across multiple Mission Control desktops and keep a different project on each space, with some other tools I need for that specific project. Later, when I grab my MacBook Air or open Blink on my iPhone or iPad, I want those exact same panes, command histories, and scrollback.

Plain tmux attach gets close, but the shared "current window" breaks the illusion. When I switch to another window in my main terminal, all other tmux clients jump to the same window and interrupts whatever flow I was in. I wanted tmux to be stateful and multi-focus.

If you’ve ever wanted your phone to double as a full-fledged development studio (complete with SSH, live previews, and your entire workflow at your fingertips) then this story is for you. It’s about how a small experiment with Tailscale turned into a complete rewire of how I build, code, and stay connected. From private dev environments to bathtub coding sessions (yes, really), here’s how it all came together.

Every section in this story layers on the next, building toward the “I can’t believe my phone is a full dev studio” moment at the end—so if you can, read it through. The payoff is worth it.

Rust is one of the most thoughtfully designed languages of our time — but setting it up on macOS can feel oddly opaque. The standard advice is to run a one-liner like curl https://sh.rustup.rs | sh, which works beautifully but hides a lot of what’s happening behind the scenes. For developers who are more security-conscious or just prefer to know what’s being installed and where, this default approach can feel like a black box.

This post explores the different ways to install and manage Rust on macOS — from the convenience of Homebrew to the flexibility of rustup, and the transparency of manual or containerized setups. The goal is simple: give you control and understanding without sacrificing practicality.

For the longest time, sharing code from GitHub meant screenshotting or pasting raw snippets into Markdown. Both options felt brittle—screenshots hide the text from RSS readers, while copy-pastes drift out of sync the minute the upstream file changes. I wanted the readability of Emgithub, the SEO of server-side rendering, and zero third-party JavaScript.

That mix finally landed this week: a {% github %} shortcode that fetches code at build time, highlights it, numbers each line, and offers a copy button. All it needs is the GitHub blob URL and an optional style flag for light or dark chrome.

Recently, a few hours after setting up Umami with Docker and Nginx on my VPS, I stumbled into a misconfiguration that left the admin dashboard exposed to the public web. Thankfully, there was no immediate danger. Since right after creating Umami's docker instance, I have updated the admin username and password immediately, and locked it down before anything bad could happen. Still, it was a stressful reminder that small mistakes in deployment can have big consequences.

Here’s the story of what happened and what I learned along the way.