https://jasondillingham.dev/ Long-form notes on Go, infrastructure, security, the homelab, and whatever else I'm thinking about. en-us Mon, 01 Jun 2026 15:47:40 +0000 md2post (Go) — https://jasondillingham.dev https://jasondillingham.dev/blog/k8s-three-things-i-got-wrong.html https://jasondillingham.dev/blog/k8s-three-things-i-got-wrong.html Mon, 01 Jun 2026 00:00:00 +0000 I held off on Kubernetes for years. The case against it sounded right. After standing up a two-node k3s cluster, most of what I'd believed turned out to be wrong. kubernetes homelab infrastructure learning https://jasondillingham.dev/offline/weapons.html https://jasondillingham.dev/offline/weapons.html Mon, 01 Jun 2026 00:00:00 +0000 A horror movie that wouldn't let me guess the ending. Seventeen kids from one classroom walk out their front doors at the same minute, and the movie makes you earn every answer. movies horror https://jasondillingham.dev/offline/the-housemaid.html https://jasondillingham.dev/offline/the-housemaid.html Mon, 01 Jun 2026 00:00:00 +0000 A thriller that felt less like a movie and more like an episode of a true-crime podcast, the kind where an ordinary situation slowly turns into something you can't look away from. Solid, not special. movies thriller https://jasondillingham.dev/offline/sinners.html https://jasondillingham.dev/offline/sinners.html Mon, 01 Jun 2026 00:00:00 +0000 I walked into Sinners knowing nothing except that I like Michael B. Jordan. I thought I was getting a Deep South period drama. I was half right, and the other half I never saw coming. movies horror https://jasondillingham.dev/offline/cold-storage.html https://jasondillingham.dev/offline/cold-storage.html Mon, 01 Jun 2026 00:00:00 +0000 A minimum-wage night-shift nobody ends up the only thing standing between a hungry organism and the rest of us. It's silly, it's gross, and it knows exactly what it is. Not for everyone, and that's fine. movies horror https://jasondillingham.dev/offline/above-the-rim.html https://jasondillingham.dev/offline/above-the-rim.html Mon, 01 Jun 2026 00:00:00 +0000 I was too young for this one when it came out and too checked-out when I caught it as a teenager. Coming back to it as an adult, the story I never actually absorbed turns out to hold up. movies 90s https://jasondillingham.dev/offline/predator-badlands.html https://jasondillingham.dev/offline/predator-badlands.html Mon, 01 Jun 2026 00:00:00 +0000 For once the Predator isn't the thing in the dark hunting you. You're riding along with him, a young outcast on a planet where everything wants you dead. As a lifelong Alien and Predator guy, I had a blast, and I'm telling you that up front so you can grade my grade. movies scifi https://jasondillingham.dev/offline/anaconda.html https://jasondillingham.dev/offline/anaconda.html Mon, 01 Jun 2026 00:00:00 +0000 Two best friends hit a midlife crisis and decide to remake their favorite movie in the Amazon. It's dumb on purpose and it knows it. Set your expectations right and it's a good time. movies comedy https://jasondillingham.dev/blog/distributed-go2rtc.html https://jasondillingham.dev/blog/distributed-go2rtc.html Sat, 30 May 2026 00:00:00 +0000 I had a camera streaming server in one office and a VPN to every branch. The cameras at the central office worked fine. The remote ones stalled. The fix wasn't faster code — it was moving the streaming server to the edge. streaming go networking https://jasondillingham.dev/blog/unifi-switch-cameras-homekit.html https://jasondillingham.dev/blog/unifi-switch-cameras-homekit.html Tue, 26 May 2026 00:00:00 +0000 A weekend of stacking infrastructure problems — a UniFi switch that wouldn't adopt, four cameras that lost their network, and a doorbell that needed three separate fixes before it would ring an iPhone. The fights, the gotchas, and the SOCKET.IO trick that saved an hour. homelab network homekit https://jasondillingham.dev/blog/1password-connect-sdk-pr-104.html https://jasondillingham.dev/blog/1password-connect-sdk-pr-104.html Fri, 22 May 2026 00:00:00 +0000 A case-sensitive struct-tag match in 1Password's Go SDK was dropping fields silently. The fix was a one-line swap. The interesting part was how I found the four mirror sites I would have missed reading top-to-bottom. go ai audit https://jasondillingham.dev/blog/docker-security-audit.html https://jasondillingham.dev/blog/docker-security-audit.html Fri, 22 May 2026 00:00:00 +0000 Two years of "I'll add this one service" produced a Docker host with secrets in plaintext, services with no auth, root-owned containers, and a Docker socket mounted read-write. I audited it. This is what I found, what scared me, and how to triage your own. security docker homelab https://jasondillingham.dev/blog/shipping-bosun-with-bosun.html https://jasondillingham.dev/blog/shipping-bosun-with-bosun.html Mon, 18 May 2026 00:00:00 +0000 Using bosun to ship bosun — three buckets of pre-launch work, ten parallel agent lanes, one command to flip it public. ai mcp go ops https://jasondillingham.dev/blog/authentik-vs-keycloak.html https://jasondillingham.dev/blog/authentik-vs-keycloak.html Mon, 18 May 2026 00:00:00 +0000 Three SSO options, a homelab that had outgrown "I'll remember" as a security model, and why the established enterprise choice was the wrong one for me. The architecture, the gotcha that every self-hosted SSO setup hits, and what OIDC looks like when the protocol is standardized but the implementations aren't. homelab auth sso https://jasondillingham.dev/blog/ollama-mcp.html https://jasondillingham.dev/blog/ollama-mcp.html Wed, 13 May 2026 00:00:00 +0000 I built a small Go MCP server that lets Claude manage and call the Ollama instances I run at home. Sixteen tools across model management, inference, fleet introspection, and benchmarking. ai mcp go homelab https://jasondillingham.dev/blog/audit-methodology.html https://jasondillingham.dev/blog/audit-methodology.html Wed, 06 May 2026 00:00:00 +0000 Ten hardening patterns that emerged from auditing three Go MCP servers in a row, plus the test-the-contract discipline that came with them. The patterns are portable; the test discipline is the actual lesson. Closes with the same patterns applied to a bug in someone else's SDK. security audit go mcp https://jasondillingham.dev/blog/architect-mcp.html https://jasondillingham.dev/blog/architect-mcp.html Sun, 03 May 2026 00:00:00 +0000 An MCP server that generates opinionated website design blueprints. Section-by-section CSS specs, palette, typography, layout DNA — handed to a code-generation step downstream. Built around one belief — that the prompt is the actual product. ai mcp go design https://jasondillingham.dev/offline/mario-galaxy-movie.html https://jasondillingham.dev/offline/mario-galaxy-movie.html Fri, 01 May 2026 00:00:00 +0000 Took my daughter to see the Mario Galaxy movie. Critics aren't wrong — they're just not the audience. movies family nintendo https://jasondillingham.dev/blog/dispatch-ap-workflow-outlook-categories.html https://jasondillingham.dev/blog/dispatch-ap-workflow-outlook-categories.html Thu, 30 Apr 2026 00:00:00 +0000 Vendors solve 90% of AP automation. The remaining 10% — the integration glue between Outlook, the ERP, and the team's actual workflow — is the part that has to be built per-company. This is how I built it, and the architectural choice that made everything else cheap. go ai ops https://jasondillingham.dev/blog/phishguard.html https://jasondillingham.dev/blog/phishguard.html Wed, 22 Apr 2026 00:00:00 +0000 How I built an in-house anti-phishing classifier using Go, embeddings, and a healthy fear of false negatives. security go https://jasondillingham.dev/blog/homelab-status-mcp.html https://jasondillingham.dev/blog/homelab-status-mcp.html Fri, 17 Apr 2026 00:00:00 +0000 I built an MCP server that gives Claude read-only observability over my homelab. The interesting part isn't the tool — it's the security model. Three guardrails so an LLM can answer questions about infrastructure without being able to break it. security mcp homelab go https://jasondillingham.dev/blog/dispatch-dev-session-code-review.html https://jasondillingham.dev/blog/dispatch-dev-session-code-review.html Sun, 12 Apr 2026 00:00:00 +0000 One development session on Dispatch — a hybrid classifier that bypasses the LLM for 60% of mail, a 1,231-message backfill, a four-bucket queue refactor, and an AI code review where two of eight findings turned out to be wrong in instructive ways. go ai ops https://jasondillingham.dev/blog/vlan-segmentation.html https://jasondillingham.dev/blog/vlan-segmentation.html Sun, 15 Mar 2026 00:00:00 +0000 Five tiers of trust, off-the-shelf hardware, and the firewall rules that actually matter. How I segmented a flat home network without spending enterprise money — and the design decisions that survived contact with reality. homelab network security https://jasondillingham.dev/blog/onboarding-automation.html https://jasondillingham.dev/blog/onboarding-automation.html Thu, 05 Mar 2026 00:00:00 +0000 The onboarding side of the same problem the offboarding MCP solves — but with a different shape. A single-screen Go web app that transactionally creates accounts across our directory, mail platform, and ERP, hands the new hire a printed welcome sheet, and refuses to leave half-broken state behind. The architecture, the four-table SQL insert that took two weeks to get right, and the directory password encoding gotcha that ate a Saturday. go ops automation https://jasondillingham.dev/blog/offboarding-mcp.html https://jasondillingham.dev/blog/offboarding-mcp.html Fri, 20 Feb 2026 00:00:00 +0000 An MCP server in Go that orchestrates offboarding across our directory, mail platform, ERP, file storage, forms platform, and helpdesk. Architecture, the dependencies that bit me, and what the first real production run cost. mcp go ops https://jasondillingham.dev/blog/vault-secrets-management.html https://jasondillingham.dev/blog/vault-secrets-management.html Sun, 15 Feb 2026 00:00:00 +0000 A security audit flagged credentials-in-plaintext as the highest-severity finding in my homelab. This is what I did about it, what broke on the first deploy, and what changes when secrets become something you request instead of something you store. security secrets homelab