Costs and benefits of running golvulncheck automatically as part of CI.

Health checks suitable for status pages that show down when the application is down.

Rehashing opportunistically on login is fine, but leaves a long tail of weaker password hashes. Here’s one weird trick to get rid of them.

A busy week of retiring our old IAM solution, increasing hash iterations on PBKDF2, then dumping the algorithm completely.

A test helper in Go to avoid long, unsightly assertion lists.