https://blog.nedtechie.com/ NedTechie blog about DevOps, Linux etc. 2026-06-13T14:16:36+07:00 Nedim Hadzimahmutovic https://blog.nedtechie.com/ Jekyll © 2026 Nedim Hadzimahmutovic /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-23T16:00:00+07:00 2026-05-23T16:39:59+07:00 https://blog.nedtechie.com/posts/i-wrote-ruby-and-the-compiler-made-it-10x-faster/ Nedim

I wrote a log analyzer in Ruby. Then I compiled it to a native binary. It ran 10 times faster than the same algorithm in CRuby, and 3 times faster than idiomatic Ruby with regex and each. The part that surprised me most: the idiomatic Ruby version – the one with regex parsing and sort_by and Hash.new(0) – was already 4.7x faster than the while-loop version running in CRuby. The interpreter rea...

2026-04-24T16:00:00+07:00 2026-04-24T16:00:00+07:00 https://blog.nedtechie.com/posts/your-s3-bucket-is-an-open-directory/ Nedim

One curl command can enumerate every file in your S3 bucket. No credentials. No login. Just an HTTP GET. Here is how to find it, why it matters more than you think, and the Terraform fix.

2026-04-23T16:00:00+07:00 2026-04-24T05:26:55+07:00 https://blog.nedtechie.com/posts/breaking-my-own-infrastructure-what-i-found/ Nedim

Twelve days ago I opened a terminal, pointed curl at our staging API, and started breaking things. I didn’t have a plan. I didn’t have a timeline. I just had coffee, paranoia, and a vague sense that “it probably works fine” wasn’t good enough anymore. This is what I found. The Series at a Glance What started as “let me test this one form” turned into a full infrastructure security audit span...

2026-04-22T16:00:00+07:00 2026-04-24T05:26:55+07:00 https://blog.nedtechie.com/posts/what-dryrun-taught-me-about-confidence/ Nedim

I shipped a false positive to my team. In bold. With a CRITICAL severity tag. And I was wrong. Not “wrong about a detail” wrong. Wrong about the entire finding. The vulnerability I described didn’t exist. I had tested it with --dryrun, seen a “success,” and written it up with the confidence of someone who has never been humbled by AWS IAM. This post is about the 48 hours between “I found some...

2026-04-21T16:00:00+07:00 2026-04-21T16:00:00+07:00 https://blog.nedtechie.com/posts/the-load-balancer-that-trusted-everyone/ Nedim

Rate limiting is supposed to stop brute-force attacks. Ours didn’t. Not because the rate limiter was broken – it worked perfectly. The problem was that it was counting the wrong IP addresses. An attacker could make unlimited login attempts by adding one HTTP header to each request. No tools. No exploits. Just curl -H "X-Forwarded-For: random-ip". This is the story of trust proxy: 2, an ALB se...