Forem: Temuri Takalandze

How a $12 Temu Doorbell Lets Anyone on the Internet Ring Your Bell

Temuri Takalandze — Wed, 06 May 2026 06:56:34 +0000

I picked up a no-name smart doorbell from Temu, the kind that sells for $12 and ships under a dozen rebrands. I wanted to know if the security was as cheap as the hardware. It was worse.

The device talks to a backend run by Guangzhou Qiangui IoT (Naxclow brand). Every API request carries a "signature" that looks like authentication. It is not. The signing secret is a hardcoded alphanumeric string baked into every firmware image. Pull it out once and you can forge requests for any of these doorbells, anywhere.

From there, two signed requests reassign ownership of any doorbell to an attacker. The victim's app silently drops the device while it stays online. One more request returns the doorbell's relay password in plaintext, and that password never rotates, not even after a factory reset. With the password, you can impersonate the doorbell during a live call and stream attacker-chosen video to the homeowner.

The full writeup walks through the firmware extraction, the API reverse engineering, and the live-call hijack proof of concept. There is also a short list of things cheap-IoT vendors keep getting wrong, and a few pointers for owners who want to keep using the device safely (short version: VLAN your IoT).

Originally published on https://www.abgeo.dev/blog/anyone-can-ring-your-doorbell/.

Nginx Ingress Is Archived: Gateway API, Alternatives, and How to Actually Migrate

Temuri Takalandze — Wed, 25 Mar 2026 16:55:15 +0000

The nginx ingress controller that we all relied on for years is now officially retired. The repo is archived and nothing new is coming out of it.

I wrote a detailed post breaking down your options:

Gateway API migration (with workarounds for charts that don't support it yet, including a wrapper chart pattern)
Dual-support controllers for gradual migration
Drop-in ingress controller replacements

Covers Envoy Gateway, Traefik, Cilium, Istio, Kong, HAProxy, and Contour with pros/cons and real YAML examples.

Full post on my blog 👉 https://www.abgeo.dev/blog/nginx-ingress-retirement/

Trivy GitHub Actions Compromised: Full Malware Payload Analysis

Temuri Takalandze — Fri, 20 Mar 2026 14:13:42 +0000

Yesterday, aquasecurity/trivy-action got compromised again. Attackers force-pushed 75 out of 76 version tags to inject a full credential stealer that scrapes runner memory, harvests secrets across 17 categories, and exfiltrates everything encrypted to a typosquatted domain.

I pulled the malicious payload apart and documented every step, from process discovery to AES+RSA encrypted exfiltration.

Full write-up here: https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/

Git Sparse Checkout: Clone a Single File or Directory

Temuri Takalandze — Sat, 19 Apr 2025 09:14:55 +0000

Ever needed to clone a Git repository, but only partially?

Maybe you just want a single file or a specific directory, not the entire codebase.

Cloning the whole repo can be overkill, especially if it’s large or you’re running something in automation. That’s where Git’s sparse checkout comes in handy. It lets you pull only the parts you actually need, saving time, bandwidth, and disk space.

Here’s how to do it:

✅ Perfect for:

Automations that only need a single script or config
Pulling just one project or service from a monorepo
Saving time when you don’t need the full repo

No need to clone the whole haystack when you only want the needle 🧵

Give it a shot the next time you need just a piece of a repo.

🚨 Common Programming Pitfalls & How to Avoid Them 🚨

Temuri Takalandze — Fri, 28 Feb 2025 09:23:50 +0000

Even experienced developers fall into traps! Here are some common programming pitfalls and how to dodge them:

💥 Not Handling Edge Cases – Always consider unexpected inputs, empty lists, and extreme values. Test thoroughly!

🔄 Infinite Loops – A missing exit condition can break everything. Double-check loop conditions and use timeouts when needed.

🧹 Ignoring Memory Leaks – Be mindful of object references, especially in long-running applications. Use profiling tools to monitor memory usage.

📦 Hardcoding Values – Avoid magic numbers and hardcoded credentials. Use config files or environment variables instead.

🛑 Skipping Error Handling – Ignoring exceptions can lead to crashes. Always handle errors gracefully with proper logging.

🔄 Copy-Pasting Code – Repetitive code is a maintenance nightmare. DRY (Don’t Repeat Yourself) and use functions or modules.

What’s the worst pitfall you’ve encountered? Let’s discuss! 💬👇

🔓 Free Your Ports in One Command 🚀

Temuri Takalandze — Sat, 22 Feb 2025 10:51:23 +0000

😤 Ever struggled with stopping a process that’s hogging a port on Linux? Hunting down the process ID and killing it manually can be a hassle. Here’s a quick one-liner that does it all for you.

✨ Replace with the port number you want to free, and you’re good to go! Simple, effective, and saves time. 💻⚡

5 Tech Blogs Every Developer Should Follow 🚀

Temuri Takalandze — Sat, 22 Feb 2025 10:50:17 +0000

In the ever-evolving world of technology, staying up-to-date is essential for every developer. Keeping track of the latest tools, trends, and innovations not only boosts your skills but also keeps you ahead of the curve.

Here are 5 must-follow tech blogs from industry leaders:

Google Developers Blog – Updates on Android, APIs, and web dev.
AWS News Blog – Cloud innovations and best practices.
Engineering at Meta Blog – Insights on Meta’s engineering challenges.
Netflix TechBlog – Stories on streaming tech and scalability.
Microsoft Developer Blogs – Tools and frameworks like .NET and Azure.

Stay curious and keep learning! And don’t forget to check out abgeo.dev, where I also share interesting blogs and insights to fuel your developer journey 💻

Dynamic Environment Variables in Dockerized Next.js: A Flexible Multi-Environment Solution

Temuri Takalandze — Sat, 22 Feb 2025 10:48:59 +0000

If you’re using Next.js with Docker, you’ve probably encountered the challenge of environment variables being fixed at build time. In this blog post, I walk through a practical approach to handling dynamic environment variables using a Docker entrypoint script.

🔗 Read it here: https://www.abgeo.dev/blog/dynamic-environment-variables-dockerized-nextjs/

Let me know how you manage environment variables in your Next.js projects.

Partially Committing Changes in Git ✂️

Temuri Takalandze — Sat, 22 Feb 2025 10:47:09 +0000

When working on a project, sometimes you don’t want to commit all your changes at once. Git makes it easy to commit changes selectively using the git add -p command. This allows you to interactively pick which chunks of changes you want to stage and commit 🎯

First, you can use git add -p to stage only the changes you want. This will open your configured editor, where you can pick the changes to stage ✨

By committing only what matters, you keep your commit history clean and focused, making it easier to track your progress 🚀

Perfect for when you want to stay organized and avoid committing unnecessary changes! 😌

🔐 Secure Your Kubernetes Apps with Cert-Manager & Let’s Encrypt

Temuri Takalandze — Sat, 22 Feb 2025 10:45:43 +0000

Ensuring secure communication for your Kubernetes applications is crucial! In my latest blog post, I walk you through how to automate SSL certificate issuance and management in Kubernetes using cert-manager and Let’s Encrypt.

✅ Why cert-manager? Automates certificate provisioning & renewal
✅ Why Let’s Encrypt? Free, automated & widely trusted
✅ Demo setup: Securing a Kubernetes service with a real SSL certificate from Let’s Encrypt

If you’re running Kubernetes workloads and need secure, automated certificate management, this guide is for you!

📖 Read the full post: https://www.abgeo.dev/blog/secure-kubernetes-apps-with-cert-manager-and-lets-encrypt/

Ensuring Interface Implementation at Compile Time in Go 🛠️

Temuri Takalandze — Sat, 22 Feb 2025 10:43:52 +0000

In Go, we can’t implicitly implement interfaces like in some other languages. To ensure a type implements an interface, we explicitly check this by trying to cast the type to the interface. If the type doesn’t match, Go will give a compile-time error, and the code won’t compile 🚫

This compile-time check helps catch errors early, making sure your types conform to the expected interfaces. If Task doesn’t implement Executor properly, Go won’t compile the code, saving you from potential issues at runtime 👨‍💻

🚀 What is a Bash Fork Bomb?

Temuri Takalandze — Sat, 22 Feb 2025 10:42:24 +0000

A tiny but deadly command that can crash a Linux system in seconds! 🤯

This tiny Bash script is a fork bomb—a self-replicating function that keeps creating processes until the system collapses. It’s a great example of how recursion can go out of control!

💡 How to stay safe?
✅ Limit user processes with ulimit
✅ Restrict execution permissions
✅ Monitor system resource usage