Posts on Ilya Rusalowski Hub

validgo-gen: OpenAPI → Go Validation Done Right

Sat, 06 Jun 2026 00:00:00 +0000

My colleague Yury built validgo-gen — an OpenAPI 3.0 → Go generator that finally distinguishes missing fields from explicit nulls from zero values. Two-layer validation, chi integration, idiomatic output.

ykvault: Stop Storing API Tokens as Plaintext

Sat, 06 Jun 2026 00:00:00 +0000

Are you still keeping API tokens in ~/.secrets? Any app you install can read them. ykvault encrypts every secret with a YubiKey challenge-response key — each get/set requires a physical touch, and the encrypted files are useless without your key.

I was afraid of agents yolo-mode for half a year

Sun, 10 May 2026 00:00:00 +0000

Why I built agent-landlock — a small Go wrapper that uses Linux Landlock LSM to give coding agents YOLO mode without letting them escape the project directory.

Hardware-backed SSH keys end to end: YubiKey, PIV, software alternatives, and where SSH CAs fit in

Sat, 09 May 2026 00:00:00 +0000

A working guide to using a YubiKey for SSH on a real Linux fleet — the four knobs (resident, touch, PIN, agent), a four-mode policy for root and Ansible, software-only alternatives, and where SSH CAs fit in.

SSH Tunnel Magic: Your SSH Already Is Tailscale

Fri, 24 Apr 2026 00:00:00 +0000

SSH punching for everyone who only knows ssh user@host — how -D replaces a corporate VPN, -R replaces a mesh VPN for NAT’d boxes, and -L forwards Unix sockets. 3 flags, 3 bonuses, 1 man page.

180 Breaches a Second: How Software Broke Its Promise, and the Radical Fix Hiding in Plain Sight

Fri, 03 Apr 2026 00:00:00 +0000

180 accounts are breached every second — and most of it comes down to reused passwords and missing MFA. A look at the software quality collapse behind the headlines, and why the fix is the same infrastructure-level move HTTPS once made: passkeys, on-device DLP, and capability-scoped AI agents.

When TLS 1.3 Silently Dies Inside Your Android Proxy

Fri, 20 Mar 2026 00:00:00 +0000

A post-mortem of intermittent HTTPS failures across a mobile proxy fleet: TLS 1.3 handshakes silently dying on memory-starved Android devices — large multi-packet handshake messages, inflated by post-quantum key shares, stressing proxy buffers under memory pressure.

Systemd Unreclaimable Kernel Memory Leak

Thu, 19 Feb 2026 00:00:00 +0000

How a frequently-restarting systemd unit with Type=exec leaked unreclaimable kernel slab memory (~60 MB/day) on Ubuntu hosts via a cgroup memory-accounting bug — and why only a full host reboot could free it.

Another Ubuntu Bug With a Stopgap Fix: apt-get update Hangs for Hours

Fri, 13 Feb 2026 00:00:00 +0000

apt-get update randomly hangs for hours on Ubuntu 24.04 LTS — known since 22.04, still not fixed. Worst part: it silently blocks unattended-upgrades, so your servers stop receiving security updates. The ‘fix’ is a cron job that kills stuck apt processes.

10G at Home: $15 M.2 Expander Turns an Old HP Mini Into a 10GbE Test Rig

Tue, 16 Dec 2025 00:00:00 +0000

My ISP started upselling 10gbit XGS-PON — but how to test it without buying a 10G-capable machine? A $15 noname M.2 → PCIe expander + AQC107 NIC on an old HP G2 mini did the job. Plus the pcie_aspm=off gotcha.