Forem: Zayan Mohamed

I Built a Terminal-Based WiFi & LAN Security Scanner in Go (NOVA)

Zayan Mohamed — Sun, 01 Mar 2026 06:34:47 +0000

The Terminal Needs More Security Tools 🛡️

If you spend most of your day in the terminal (shoutout to my fellow Neovim and Zsh users), switching to a heavy GUI just to check your network's security posture feels like a context switch you shouldn't have to make.

When you want to know what devices are lurking on your local subnet, or if your nearby WiFi networks are leaking data via outdated encryption, the standard approach usually involves running raw nmap commands and parsing through walls of text.

I wanted something faster, more visual, and entirely keyboard-driven. I wanted a tool that didn't just dump data, but actually analyzed it and gave me a risk score.

So, I built NOVA (Network Observation & Vulnerability Analyzer).

What is NOVA? 🌌

NOVA is a purely defensive security assessment tool written in Go. It wraps powerful underlying system utilities (nmap and nmcli) in a beautiful, interactive Terminal User Interface (TUI).

Instead of parsing terminal vomit, NOVA gives you an organized dashboard to understand your environment.

Core Capabilities:

📡 WiFi Analysis: Instantly list nearby access points. NOVA detects their encryption types (Open, WEP, WPA, WPA2, WPA3) and flags weak or broken configurations.
🔍 Fuzzy Filtering: Live search by SSID/BSSID and cycle through security filters with a single keystroke.
🖥️ LAN Host Discovery: Performs a ping-sweep of your subnet to enumerate active hosts, complete with MAC addresses and vendor lookups.
🚨 Risk Scoring & Tagging: This is the best part. NOVA scans common ports and assigns a weighted 0–100 security score. If it finds a dangerous open port (like an exposed Telnet, SMB, or MongoDB instance), it color-codes the finding from Info to Critical.

The Tech Stack 🛠️

Building CLI tools in Go is a fantastic experience, especially when you bring in the right libraries.

The Engine: Go 1.24+. Fast, statically typed, and perfect for compiling single binaries.
The UI: Bubble Tea & Lip Gloss. If you haven't used Charm's libraries for Go TUIs yet, you are missing out. They make building interactive terminal apps feel like writing a modern frontend component.
The Muscle: NOVA relies on nmap for the heavy lifting in host discovery and port scanning, and nmcli (NetworkManager) for grabbing raw wireless data on Linux.

A Crucial Note on Ethics ⚖️

Because I’m releasing this into the wild, I have to state the obvious: With great power comes great responsibility.

NOVA is a defensive tool. It is designed to help you secure your own home lab or company network. Scanning networks without authorization is illegal. To enforce this mindset, NOVA actually boots up with a strict legal consent screen that you must explicitly acknowledge before any packets are sent.

Keep it legal, keep it ethical.

Try It Out & Break It 🔨

NOVA is completely open-source, and I'd love for the community to test it, critique the code, and suggest new features.

If you are on Linux or macOS (note: WiFi scanning is currently Linux-only, but LAN scanning works on both!), you can grab the pre-built binaries from the repo.

🔗 GitHub Repo: github.com/Zayan-Mohamed/nova
📖 Full Docs: zayan-mohamed.github.io/nova

I’m currently looking for feedback on the Risk Scoring algorithm and how to better present the vulnerability data.

Drop a ⭐ if you find it useful, and let me know in the comments what your go-to network scanning workflow looks like right now!

Why Everyone Is Talking About Claude Code (And Why Open Source is Sleeping on the Sidelines)

Zayan Mohamed — Sun, 01 Feb 2026 18:23:28 +0000

If you’ve been on Twitter (X) or LinkedIn this week, you’ve seen it. The "Claude Code" hype train has left the station, and it is moving fast.

Developers are posting screenshots of Anthropic’s new CLI tool fixing bugs in seconds, refactoring legacy codebases, and generally acting like the senior engineer we all wish we had paired with us. It feels magical. It feels polished.

But in the middle of this noise, I have to ask a question that’s been nagging me:
Where is the hype for Open Source Coding Agents?

We have incredible open-source tools like for an example Aider, OpenHands (formerly OpenDevin), Continue, and the broader "OpenCode" ecosystem. They have been doing agentic coding for months. Yet, Claude Code drops, and suddenly it’s like the concept of an AI agent in your terminal was invented yesterday.

Why? Is it just marketing? Or is there something deeper broken in the way we talk about Open Source AI?

Let’s break it down.

The "Apple" Effect: UX vs. Raw Power 🍎

Here is the hard truth: Claude Code just works.
You install it. You run claude. It asks to authenticate. You are done.
Now, compare that to setting up an open-source agent environment.

"Pull the Docker container."
"Set up your OPENAI_API_KEY... wait, no, now you need a GROQ_API_KEY for speed."
"Oh, the sandbox crashed? Just restart the daemon."
"Configure the config.toml to exclude your .env file so you don't leak secrets."

Open-source tools (let's call them "OpenCode" for short) often feel like Linux in 1999. They are infinitely powerful, customizable, and free (mostly)—but you have to be a mechanic to drive the car.
Claude Code feels like a MacBook.

You open the lid, and it does the thing. Anthropic realized that developers, despite loving to tinker, hate tinkering with their tools when they have a deadline. They just want the bug fixed.

The "Thinking" Advantage 🧠

The secret sauce of the current hype isn't just the CLI tool; it's the model behind it: Claude 4.5 Sonnet.

Anthropic didn't just release a tool; they released a model with "extended thinking" capabilities and wrapped a tool around it perfectly. When you run Claude Code, the agent isn't just auto-completing; it is:

Reading your file structure.
Thinking (literally spending tokens to plan).
Executing terminal commands (running tests, ls, git).
Self-correcting when it messes up.

Open-source tools can do this. Tools like Aider are actually phenomenal at it. But they are often model-agnostic. They have to work with GPT-4o, DeepSeek, Llama 3, and Claude.

Because Claude Code is vertically integrated (The Model + The Tool + The UI are all one company), the friction is zero. The "thinking" tokens are optimized exactly for the agent's behavior. Open source is trying to fit a generic engine into a custom chassis.

The Branding Problem: "OpenCode" isn't a Name

If I tell you "Use Claude Code," you know exactly what to download.
If I tell you "Use Open Source AI Coding," what do you download?

Do you use Aider? (Great for CLI power users)
Do you use Continue? (Great for VS Code integration)
Do you use OpenHands? (Great for full autonomous tasks) The open-source community is fragmented. We have 50 different "Devin Killers" on GitHub with 2,000 stars each. It dilutes the hype. There is no single "champion" for the open-source side that rivals the marketing machine of Anthropic or OpenAI.

Why We Should Still Care About OpenCode 🛡️

Okay, I’ve bashed the open ecosystem enough. Here is why the hype should swing back.
The Lock-in Trap.
Claude Code is amazing, but it is a walled garden. You are sending your codebase to Anthropic. You are paying Anthropic's pricing per token. If they change the API, you are stuck.

The Cost Factor.

Open-source tools let you plug in DeepSeek-V3 or Llama 3. You can run local coding agents for a fraction of the cost (or free, if you have the GPU). Claude Code is premium software at a premium price.
Privacy.

For many companies, sending proprietary code to a cloud LLM is a non-starter. OpenCode agents that can run locally (using Ollama or vLLM) are the only option for banks, healthcare, and defense.

The Verdict
Everyone is talking about Claude Code because it solved the friction problem. It made AI coding feel like a teammate rather than a science project.

But don't sleep on the open alternatives. While everyone is distracted by the shiny new toy, the open-source community is building the infrastructure that will eventually give us that same power privately, cheaply, and without the corporate lock-in.

I’m curious:
Are you team Convenience (Claude Code/Cursor) or team Control (Aider/Open Source)?

Drop a comment below, I genuinely want to know if I'm the only one feeling the FOMO. 👇
If you enjoyed this breakdown, give it a ❤️ and follow for more honest takes on the AI dev stack.

Why I Spent 4 Months Building a "Map" for the Model Context Protocol (MCP)

Zayan Mohamed — Wed, 28 Jan 2026 18:24:45 +0000

Imagine this: It’s 2 AM. You just found a cool new tool that promises to let your AI read your local database, search the web, and even manage your calendar. You’re excited.

But then, the "Config Nightmare" begins.

You’re staring at a claude_desktop_config.json file. The documentation is scattered. Is the argument an array or a string? Does this server need an API key? And most importantly—is it safe to give this server access to my entire file system?

As a Data Science undergraduate at SLIIT, I’ve spent the last few months obsessed with the Model Context Protocol (MCP). But the more I explored, the more I realized we were missing a "Map."

So, I decided to build one: mcp-registry.

The Beginning: From Data Science to AI Agents

A few months ago, while working on data preprocessing and ensemble learning assignments, I started experimenting with how AI could help me automate my workflow. I wanted my AI to do more than just write code; I wanted it to interact with my local environment—running security scans with tools like SecScan or managing my commits with GitWizard.

MCP was the missing link. It turned my AI from a "chatter" into a "doer." But every time I wanted to try a new server, I had to hunt down the repo, guess the environment variables, and pray it didn't break my config.

The Middle: Curating the Chaos

Over the last few months, my private "note-to-self" list started growing.

"This one is great for Google Search."
"This one is essential for Postgres."
"Watch out, this one needs full admin access."

I started treating this list like a Data Science project—categorizing servers by their capabilities, auditing their security profiles, and writing down standardized configuration snippets. I wanted a place where any developer could just copy, paste, and play.

The Result: The mcp-registry

I finally decided to open-source this list. It’s not just a "link list." It’s a discovery engine.

What’s inside?

📂 Categorized Servers: From Dev Tools to specialized Data Science and ML connectors.
🛡️ Security Profiles: I’ve audited each one so you know exactly what permissions (Network/File System) you’re granting.
📋 Copy-Paste Configs: Ready-to-use JSON blocks for Claude Desktop, Cursor, and Zed.

Why I’m doing this

I believe MCP is the future of how we work with AI. But for that future to happen, the tools need to be accessible. Whether you’re a student like me or a senior engineer, you shouldn't have to spend hours on a JSON file just to get a weather tool or a database connector working.

Check it out!

I’m still adding to it every day. If you’ve built a server or found one that changed your workflow, let’s add it to the map!

Repo Link:
Zayan-Mohamed / mcp-registry

A curated discovery engine for Model Context Protocol (MCP) servers: installation guides, security profiles and configuration snippets.
Essential MCP Server Registry

A curated discovery engine for Model Context Protocol (MCP) servers: installation guides, security profiles and configuration snippets.
Master List

Knowledge Retrieval
- Overview — Summary and recommendations for retrieval tools.
- Claude Desktop — Local-first connector for semantic search.
- Cursor — Streaming retrieval & developer UI.
Vector Stores
- Overview — Summary and guidance for vector databases.
- Pinecone — Managed vector DB.
- Qdrant — Open-source vector database for production.
- Milvus — Scalable vector store for large datasets.
- Weaviate — Schema-driven vector search engine.
- Chroma — Lightweight embedded vector DB.
- FAISS — Local similarity search library.
- Redis Stack — In-memory vector similarity with Redis Stack.
Data Stores
- Overview — Guidance for choosing a backing store.
- DuckDB (Local) — Local analytical DB for fast SQL queries.
- Postgres — Relational DB for metadata and schemas.
- CockroachDB — Distributed SQL for fault tolerance and geo.
- Supabase — Hosted Postgres +…
View on GitHub

I Built a TUI to Replace `git commit` (and it's written in Go)

Zayan Mohamed — Sat, 24 Jan 2026 20:01:43 +0000

We have all been there. You've been coding for three hours, you finally get the build to pass, and you just want to save your work. You type:

git commit -m "updates"

...and immediately regret it. Or maybe you're pair programming and need to add a Co-authored-by trailer, but you can never remember if the email goes in angle brackets or parentheses.

I built GitWizard (gitwiz) to solve this. It’s a secure, interactive CLI tool written in Go that replaces the standard git commit flow with a beautiful Terminal UI (TUI).

Why build another Git tool?

There are plenty of git helpers out there, but I wanted something that hit three specific criteria:

Security First: Many CLI wrappers are vulnerable to command injection. I wanted something that uses strict exec.Command handling without shell concatenation.
Native Feel: It needed to feel like a modern part of the terminal ecosystem, not a clunky script.
Context Aware: It should know who I've been coding with and what issues I'm working on.

The Tech Stack: Go + Charm

I chose Go for this project because I wanted a fast, static binary that could run anywhere without complex dependencies.

For the UI, I used the incredible libraries from Charm:

Bubble Tea: For the Elm-inspired TUI framework.
Huh: For the form inputs.

Using these libraries allowed me to create a "Wizard" that guides you through the commit process step-by-step, validating your input in real-time.

Features at a Glance

1. Interactive Context Wizard

Instead of remembering flags, gitwiz asks you for what matters. It enforces subject line length limits automatically so your git log stays readable.

2. Auto-Detect Co-Authors

This is my favorite feature. gitwiz scrapes your recent git history to find people you've collaborated with. When you reach the "Co-Authors" step, you get a selectable list of your actual teammates. No more copy-pasting names and emails.

3. Smart Issue Linking

If your branch is named feat/123-user-auth, the tool automatically suggests linking to Issue #123. It also scans your clipboard for potential references.

4. Security

As developers, we often blindly trust CLI tools. I designed gitwiz to be paranoid. It strips control characters to prevent terminal corruption and sanitizes all inputs to prevent argument injection.

How it works (The Architecture)

The architecture is kept simple to ensure maintainability:

internal/git: Handles all git operations safely. It wraps os/exec to ensure we never pass user input to a shell interpreter.
internal/tui: Contains the Bubble Tea models and Huh forms.
internal/logic: Handles the business logic of formatting trailers (like Fixes: #123) according to Git standards.

Give it a Try

If you have Go installed, you can grab it right now:

go install github.com/Zayan-Mohamed/gitwiz@latest

Or, if you prefer binaries, I have releases for Linux and macOS on the GitHub Releases page.

Once installed, just stage your files and run:

gitwiz

Contributing

This is an open-source project, and I'd love to see it grow. If you're looking to contribute to a Go project, I'm currently looking for help with:

Adding custom trailer configurations (e.g., Reviewed-by).
Improving the co-author scraping logic.

Check out the repo here:

Zayan-Mohamed / gitwiz

🧙 Interactive Git commit wizard with smart metadata trailers. Compose better commit messages with TUI-guided co-authors, issue references, and conventional commits. Built with Go + Charm.

GitWizard 🧙

A secure, user-friendly CLI tool that replaces git commit with an interactive commit context wizard.

📸 Screenshots

Click to see the GitWizard UI in action

Commit Subject Input

Commit Body (Optional)

Co-Authors Selection

Issue References

Fixes Issues

Final Commit Preview

✨ Features

Interactive TUI - Beautiful terminal UI powered by Charm's Huh
Co-Author Detection - Automatically scrapes recent contributors from git history
Smart Issue Linking - Extracts issue references from branch names
Clipboard Integration - Suggests references from clipboard
Security First - Built with command injection prevention
Git Trailer Support - Generates properly formatted trailers for GitHub/GitLab

📦 Installation

Using Go Install

go install github.com/Zayan-Mohamed/gitwiz@latest

Download Binary

Download the latest binary from releases:

# Linux
wget https://github.com/Zayan-Mohamed/gitwiz/releases/latest/download/gitwiz-linux-amd64.tar.gz
tar -xzf gitwiz-linux-amd64.tar.gz && chmod +x gitwiz-linux-amd64.tar.gz
sudo mv gitwiz-linux-amd64 /usr/local/bin/gitwiz

# macOS
wget https://github.com/Zayan-Mohamed/gitwiz/releases/latest/download/gitwiz-darwin-amd64.tar.gz
tar -xzf gitwiz-darwin-amd64.tar.gz && chmod +x gitwiz-darwin-amd64.tar.gz
sudo mv gitwiz-darwin-amd64 /usr/local/bin/gitwiz

# windows
wget https://github.com/Zayan-Mohamed/gitwiz/releases/latest/download/gitwiz-windows-amd64.zip

…

View on GitHub

Let me know what you think in the comments! Happy committing. 🧙‍♂️

From Zero Echo to Top 7: Why Consistency Wins

Zayan Mohamed — Wed, 21 Jan 2026 17:28:01 +0000

The Intention

I joined dev.to with a simple intention: to build real applications, design systems that actually work, and share what I was learning along the way.

I wasn’t chasing views or "clout." I wanted to contribute, document my thinking, and invite others to test my ideas—sometimes even to roast them. My logic was simple: If something I built was weak, I wanted to hear it so I could make it stronger.

The "Ghost Town" Phase

For a long time, nothing happened.

I posted anyway. No reactions, no comments, no feedback. Just me showing up, writing code, documenting the process, and shipping.

It’s easy to feel discouraged during that phase. You wonder if you’re just shouting into the void. But here’s the thing I realized during the silence: the process itself was already paying off.

Why It Was Worth It

Even without the likes, the act of writing changed how I worked:

Forced Clarity: You can't explain a complex system if you don't fully understand it yourself. Writing exposed my knowledge gaps.
Accountability: Hitting "Publish" kept me shipping features instead of leaving them in "local dev hell."
Engineering Growth: Building in public slowly shaped how I think as an engineer. It made me more deliberate.

A Quiet Confirmation

Now, being named among the Top 7 Authors of the Week feels like a quiet confirmation that consistency matters, even when it looks like no one is watching.

This journey has been more fruitful than I expected—not just because of the recognition, but because it kept me moving forward when it would have been easier to stop.

Let's Discuss 💬

If you’re reading this, I’m curious:

Have you ever kept building or writing when there was zero response? What kept you going?

Let me know in the comments. 👇

Thank you to everyone who has read, reacted, or commented on my recent posts. It means a lot.

Stop Zipping Folders: How I Built a Zero-Trust Tunnel to Share Files Instantly (in Go)

Zayan Mohamed — Wed, 14 Jan 2026 20:13:13 +0000

The Problem with "Quickly" Sharing a Folder 😫

We’ve all been there. You need to send a directory of files—maybe logs, a build artifact, or some sensitive config files—to a colleague.

What are your options?

Zip it and Slack it: Now that zip file lives on Slack's servers forever.
Upload to Google Drive/Dropbox: Great, now you have to manage permissions, generate a link, and trust that they aren't scanning your files.
scp / rsync: Requires SSH access, keys, and knowing IP addresses. Not exactly "quick."
Magic Wormhole / Croc: Awesome tools, but they transfer file-by-file. You can't browse a remote directory.

I wanted something better. I wanted the ease of a cloud link with the security of a direct, encrypted SSH connection.

I wanted to type one command, get a secure code, and send it to a friend so they could browse my folder instantly—without ever uploading my data to a third-party server.

So, I built Orb.

Meet Orb: Zero-Trust, Terminal-First File Sharing 🛡️

Orb is a CLI utility written in Go that lets you share a local folder over the internet using an end-to-end encrypted tunnel.

It’s designed around a simple philosophy: The relay server should be blind. It just shovels encrypted bytes back and forth. It doesn't know who you are, what you're sharing, or what your passcode is.

The "Aha!" Moment 💡

The coolest part of Orb isn't just the encryption; it's the developer experience (DX).

When a receiver connects, they don't just get a dump of files. They get a full, interactive Terminal User Interface (TUI) file browser. They can navigate directories, view file metadata, and download only what they need.

It feels like SSH-ing into a machine, but without the hassle of user accounts or port forwarding.

How to Use It (In 30 Seconds) ⏱️

Orb is a single binary with no dependencies.

1. Share a Folder (Alice)

Alice wants to share her ~/documents/project-x folder.

$ orb share ~/documents/project-x --readonly

> Session ID: abc123def456
> Passcode:   correct-horse-battery-staple
> Relay:      https://relay.orb.sh
>
> Share these credentials securely.
> Waiting for connection...

2. Connect and Browse (Bob)

Bob gets the session ID and passcode from Alice via a secure channel (like Signal).

$ orb connect abc123def456

> Enter Passcode: ****************************

Boom. Bob's terminal transforms into a file browser showing the contents of Alice's folder. He can navigate around and press d to download files.

Under the Hood: The Nerdy Stuff 🤓

This is where I had the most fun. Building a truly secure, zero-trust system is a rabbit hole of cryptographic choices. Here is the stack that makes Orb sleep-at-night secure:

The Language: Go. Perfect for networking, concurrency, and cross-platform binaries.
The Protocol: We use the Noise Protocol Framework for the handshake. It’s the same tech powering WireGuard and WhatsApp. It provides mutual authentication and forward secrecy.
Key Derivation: The short passcode you see is hashed using Argon2id (the winner of the Password Hashing Competition) to generate the actual encryption keys. This makes brute-force attacks computationally expensive.
Transport Encryption: Once the handshake is complete, all data is encrypted with ChaCha20-Poly1305. It's fast, secure, and runs well on mobile devices.
The TUI: Built with the incredible Bubble Tea framework.

Security is Not an Add-on

We spent a lot of time thinking about attack vectors.

Path Traversal: A malicious client can't request ../../../../etc/passwd. Orb sanitizes all paths.
Symlink Attacks: Orb detects and blocks symlinks that point outside the shared directory.
Relay Compromise: Even if the relay server is hacked, the attacker only sees encrypted noise. They cannot decrypt your files.

Why Open Source? ❤️

I'm releasing Orb as open source because I believe security tools must be transparent. You shouldn't have to trust me; you should be able to audit the code yourself.

This is just the beginning. I have a big roadmap, including:

[ ] FUSE support (mount a remote Orb folder as a local drive)
[ ] Web-based client (decrypt in the browser via WebAssembly)
[ ] Decentralized relays (p2p)

Try It Out! (And Roast My Code) 🔥

I’m looking for feedback, security audits, and feature requests.

Go grab a binary from the Releases page.
Try sharing a folder with a friend (or yourself on another machine).
Check out the code on GitHub.

Zayan-Mohamed / orb

Orb is a secure, terminal-first utility that allows you to share a local folder across the internet using end-to-end encryption. No accounts, no cloud storage, no port forwarding required.

Orb — Zero-Trust Folder Tunneling Tool

Orb is a secure, terminal-first utility that allows you to share a local folder across the internet using end-to-end encryption. No accounts, no cloud storage, no port forwarding required.

Demo

Sharing a Folder

Share a folder with a single command - encrypted end-to-end

Browsing Shared Files

Interactive TUI browser for secure file access

Features

Zero-Trust Architecture: The relay server never sees plaintext data
Strong Cryptography: Argon2id for key derivation, Noise Protocol for handshake, ChaCha20-Poly1305 for transport encryption
Cross-Platform: Works on Linux, macOS, and Windows
NAT-Safe: All connections are outbound, works behind firewalls
TUI File Browser: Interactive terminal interface for browsing and downloading files
No Long-Term Secrets: Sessions expire automatically
Secure by Design: Path sanitization, symlink protection, replay protection

Quick Start

Install

# Download the binary for your platform
curl -L https://github.com/Zayan-Mohamed/orb/releases/latest/download/orb-$(uname -s)-$(

…

View on GitHub

If you think this is a cool idea, please leave a star ⭐ on the repo! It helps more developers find the project.

What's your current workflow for sharing sensitive folders? Let's discuss in the comments!👇

Job Board Scraping: API Endpoints & Cheat Sheet

Zayan Mohamed — Sat, 10 Jan 2026 08:24:40 +0000

I found a Python script that aggregates jobs without needing complex authentication. Here are the endpoints.

1. LinkedIn (The "Guest" API Trick)

You don't need OAuth if you use the "Guest" endpoint, but you must use a real User-Agent header.

URL: https://www.linkedin.com/jobs-guest/jobs/api/seeMoreJobPostings/search
Method: GET
Critical Headers:
- User-Agent: Mozilla/5.0 ... Chrome/120.0... (Use a real browser string)
- Upgrade-Insecure-Requests: 1
Parameters:
- keywords: (e.g., "software engineer")
- location: (e.g., "Remote")
- start: Pagination offset (0, 25, 50...)
- f_TP: 1 (Crucial: filters for "Last 24 hours" to avoid dead links)

2. Remotive (Public API)

Clean JSON response, no scraping html needed.

URL: https://remotive.com/api/remote-jobs
Params: category=software-dev, limit=10

3. Arbeitnow

Returns a massive JSON list; filter it client-side.

URL: https://www.arbeitnow.com/api/job-board-api

Python Snippet: The Rate Limiter

Always sleep between requests to avoid IP bans.

import time
import requests

# Be polite
time.sleep(2) 
response = requests.get(url, headers=headers)

If you have time checkout my TIL (Today I learned)!
Zayan-Mohamed/til

If you find it useful, drop a ⭐ on the repo—it helps a lot!

How do I backup my identity files (SSH/GPG) without compromising them?

Zayan Mohamed — Wed, 07 Jan 2026 17:13:31 +0000

The Story: Paranoia & SSH Keys 🔑

I have a specific paranoia: losing my SSH and GPG keys.

If my laptop dies today, I lose access to my servers, my GitHub signing capabilities, and my encrypted backups. But backing them up is terrifying.

Copying id_rsa to a USB drive feels risky (what if I lose the drive?).
Uploading ~/.ssh to Google Drive or Dropbox feels like a security nightmare.

I wanted a middle ground. I wanted a way to create a "digital safety deposit box." I wanted to take my most sensitive keys, lock them inside a folder that is mathematically impossible to open without my password, and then feel safe uploading that encrypted blob to the cloud.

That is why I built Vaultix. It wasn't just for "secrets" in general—it was specifically designed to be the safest transport layer for my digital identity.

What is Vaultix? 🛡️

Vaultix is a cross-platform command-line tool written in Go. It manages password-protected encrypted folders locally on your machine.

It’s designed to be:

Simple: No complex key management. Just a password.
Secure: AES-256-GCM encryption with Argon2id key derivation.
Invisible: Even the filenames inside the vault are encrypted.

The "Cool" Features

I didn't just want encryption; I wanted a good Developer Experience (DX). Here is what makes Vaultix fun to use:

1. Fuzzy Matching 🪄

I hate typing long filenames.
If you have a file named super_secret_aws_keys_v2.json, you don't need to type that whole thing.

# This works!
vaultix extract aws

It finds the best match and extracts it.

2. Zero Metadata Leaks 🕵️

If someone steals your laptop and finds your vault, they won't even know what you are hiding. Vaultix encrypts the file contents and the filenames. A file named passwords.txt becomes a random string like 3f9a2c1d.enc on the disk.

3. Drop & Go 🗑️

Need to use a file once and then destroy it? Use the drop command. It decrypts the file for you to use, and immediately removes it from the secure vault.

vaultix drop api_keys

This specific use case makes the article much more compelling because it's a real problem every developer faces: "How do I backup my identity files (SSH/GPG) without compromising them?"

Here is a rewritten Introduction & Story section. You can replace the "The Problem with Secrets" section in the previous draft with this.

Here is how I use Vaultix to sleep better at night. I backup my SSH keys in 3 commands:

# 1. Create a secure vault
mkdir my_identity_backup
cd my_identity_backup
vaultix init

# 2. Add the sensitive keys
cp ~/.ssh/id_ed25519 .
cp ~/.gnupg/private-keys-v1.d/* .
vaultix add id_ed25519

# 3. Verify and Sync
vaultix list
# Now I can zip this 'my_identity_backup' folder 
# and upload it to Google Drive without fear.

How It Works (The Techy Stuff) 🤓

For the security nerds out there (like me), here is the architecture. I followed the Golden Rule: Don't Roll Your Own Crypto.

Language: Go (1.21+)
Encryption: AES-256-GCM (Authenticated encryption ensures nobody tampered with your data).
Key Derivation: Argon2id (Resistant to GPU cracking attacks).
Storage: All data lives in a hidden .vaultix/ folder in your directory.

Crucially: Vaultix never stores your password. It exists only in memory while the program is running. If you lose your password, the data is gone forever. That’s a feature, not a bug.

Quick Start

You can grab the binary for Windows, macOS, or Linux from the Releases page, or build it from source if you have Go installed:

go install github.com/zayan-mohamed/vaultix@latest

Let's secure a folder:

Initialize the vault:

cd my_secrets
vaultix init
# Enter a strong password...

Add a file:

vaultix add .env

List your secure files:

vaultix list
# Files in vault:
#   .env

That's it. Your .env file is now encrypted at rest.

Why Go? 🐹

I chose Go because I wanted a single static binary with zero dependencies. I didn't want users to have to install Python, Node, or OpenSSL libraries just to decrypt their files. You download vaultix, and it just works.

Give it a Try!

I’m looking for feedback, contributors, and security enthusiasts to break it (or fix it!).

💻 GitHub:
Zayan-Mohamed / vaultix

A cross-platform CLI tool for managing password-protected encrypted folders. Uses AES-256-GCM encryption with Argon2id key derivation. Single binary, zero dependencies, works on Linux, macOS, and Windows.
vaultix

A cross-platform command-line tool for managing password-protected encrypted folders

Features • Installation • Quick Start • Documentation • Security • Contributing

📖 Overview

vaultix is a secure, lightweight CLI tool that encrypts files in place using military-grade cryptography. No cloud, no services, no complexity—just strong encryption for your sensitive files.

Key Highlights
- 🔒 Strong Encryption: AES-256-GCM with Argon2id key derivation
- 🚀 Zero Dependencies: Single static binary, no runtime requirements
- 💻 Cross-Platform: Linux, macOS, and Windows support
- 🎯 Simple UX: Intuitive commands with smart defaults
- 🔐 No Password Storage: Passwords exist only in memory
- 📦 Portable: Encrypted vaults work across all platforms
✨ Features

✅ Automatic Encryption - Initialize a vault and all files are encrypted instantly
✅ Master Key Encryption - Random 256-bit master key protects all vault data
✅ Recovery Key Support - Unlock vault if you forget your password
✅ Dual…
View on GitHub
📄 Docs: zayan-mohamed.github.io/vaultix

If you find it useful, drop a ⭐ on the repo—it helps a lot!

Disclaimer: While I used industry-standard libraries, always have backups of your important data!

I Built a Zero-Latency Chrome Extension with Svelte 5 (Runes) & Tailwind v4

Zayan Mohamed — Mon, 05 Jan 2026 17:40:38 +0000

The Problem

I’ve tried almost every "New Tab" extension out there. They usually fall into two categories:

Bloated: Takes 2 seconds to load because it's fetching data from 5 different APIs.
Cluttered: Filled with motivational quotes, random wallpapers, or ads I didn't ask for.

I wanted something instant, keyboard-first, and private. So, I built DevDash.

The Tech Stack: Bleeding Edge

I didn't just want to build an extension; I wanted to experiment with the latest tools in the ecosystem. Here is the stack I chose and why:

Svelte 5 (Runes): I used the new Runes syntax ($state, $effect, $props) for everything. It makes reactivity incredibly explicit and removes a lot of the "magic" from Svelte 4.
Tailwind CSS v4: Yes, v4. It’s faster, has zero configuration (CSS-first), and integrates seamlessly with Vite.
SvelteKit + Vite: Used for the build pipeline to compile everything down to a static, zero-runtime-overhead extension.
TypeScript: Strict mode enabled. No any allowed.

Feature Highlights

1. Zero Latency

Because Svelte compiles to vanilla JavaScript, there is no heavy runtime. The new tab loads instantly.

2. The Command Palette (Omnibar)

I’m a Vim user, so I hate reaching for the mouse. The central Omnibar lets you:

Search Google (g <query>)
Search GitHub (gh <repo>)
Open localhost ports (l 3000 -> localhost:3000)
Navigate history with ↑ / ↓

3. Privacy First

Everything is stored in chrome.storage.local. No analytics, no tracking, no external API calls unless you explicitly ask for them (like the Weather widget).

🛠️ Under the Hood: Svelte 5 Runes

If you haven't tried Svelte 5 yet, here is a snippet from my Clock.svelte component. Look how clean the state management is:

<script lang="ts">
  let time = $state(new Date());

  $effect(() => {
    const interval = setInterval(() => {
      time = new Date();
    }, 1000);

    return () => clearInterval(interval);
  });
</script>

<div class="font-mono text-6xl">
  {time.toLocaleTimeString()}
</div>

No more onMount, no more imports for lifecycle hooks. Just standard JS with $effect.

🎨 Tailwind v4 Configuration

One of the coolest parts of this project was using Tailwind v4. I didn't need a tailwind.config.js. Everything is configured directly in CSS:

@import "tailwindcss";

@theme {
  --color-bg-primary: #0d1117;
  --color-accent: #58a6ff;
  --font-mono: "JetBrains Mono", monospace;
}

Roadmap & Contributing

This project is fully open source. I’m currently working on:

[ ] Firefox/Edge support
[ ] A plugin system for custom widgets
[ ] Cloud sync (optional)

🤝 Call for Contributors

I built the core of DevDash, but I want this to be the ultimate developer dashboard—and I can't build every widget alone.

If you are looking for a project to contribute to (or just want to play with Svelte 5 runes), this is a great place to start.

Here is what I need help with right now:

1. Build New Widgets 🧩

The widget system is modular. I’m looking for community contributions for:

Crypto/Stocks Ticker: A simple price watcher.
Hacker News Feed: A minimal list of top stories.
Todoist/Notion Integration: Sync tasks via API.
System Monitor: CPU/Ram usage (using Chrome System API).

2. Browser Support 🌐

Currently, the build pipeline targets Chrome. I need help testing and tweaking the manifest.json for:

Firefox (Gecko)
Microsoft Edge
Brave

3. Internationalization (i18n) 🌍

I want DevDash to be accessible to everyone. Setting up a lightweight translation layer would be a huge win.

💡 How to Start

I’ve tagged a few issues as good first issue on the repo.

Fork the repo.
Run pnpm install && pnpm dev.
Create a new file in src/lib/components/widgets/.
Open a PR!

Check out the Issues tab here: Issues

If you want to see how a Svelte 5 app is structured in production or just want a faster new tab page, check out the repo!

🔗 GitHub Repo:

Zayan-Mohamed / dev-dash

A zero-latency, keyboard-first Chrome Extension that replaces your new tab with a developer-focused dashboard built with Svelte 5 and Tailwind CSS v4.

A Zero-Latency Developer New Tab Extension

Replace your Chrome new tab with a blazing-fast, keyboard-first developer dashboard

Features • Screenshots • Installation • Usage • Development • Tech Stack • Changelog

📸 Screenshots

Main dashboard with clock, top sites, and omnibar

Optional widgets: Pomodoro, Notepad, Weather, and more

Customizable settings panel

✨ Features

🎯 Core Features

⚡ Zero Latency - Instant page load with compiled Svelte (no runtime overhead)
⌨️ Keyboard First - Command palette with Vim-inspired shortcuts
🎨 Hacker Aesthetic - GitHub Dark Dimmed theme with monospace fonts
🔒 Privacy Focused - 100% local storage, zero tracking, no external calls
🚀 Modern Stack - Built with Svelte 5 (runes), SvelteKit, TypeScript, Tailwind v4

🧩 Widgets & Components

Widget	Description	Status
🕐 Clock	Large digital clock with 12/24h format & dynamic greeting	✅ Core
🔗 Top Sites	Most visited sites from Chrome history	✅ Core
⌨️ Omnibar	Universal search/command bar

…

View on GitHub

Stars and PRs are welcome!

Stop paying the 'Vercel Tax' for hobby projects. Here is a complete walkthrough on how I built a powerful, self-hosted deployment platform using Linode and Coolify for just $5/month.

Zayan Mohamed — Sat, 03 Jan 2026 07:36:36 +0000

Zayan Mohamed

Jan 2

Goodbye Heroku: How I Built My Own PaaS on Linode for $5

#devops #selfhosting #coolify #linode

Comments

4 min read

Goodbye Heroku: How I Built My Own PaaS on Linode for $5

Zayan Mohamed — Fri, 02 Jan 2026 16:06:49 +0000

We all love the "git push to deploy" magic of platforms like Vercel, Netlify, and Heroku. But once your hobby project scales or you need a backend database, the pricing tiers can get scary fast.

I recently decided to take back control. I wanted the Developer Experience (DX) of a PaaS but the price tag of a raw VPS.

Enter the power couple: Linode (for the hardware) and Coolify (for the magic).

Why This Stack?

1. The Hardware: Linode

I chose Linode because it’s reliable, straightforward, and Linux-centric. You don't need to navigate a maze of IAM roles and VPCs just to launch a server. A standard "Shared CPU" Nanode starts at $5/month, which is plenty for a few containerized apps and a small database.

2. The Software: Coolify

If you haven't heard of Coolify, it’s an open-source, self-hostable Heroku alternative. It gives you a beautiful dashboard to manage your applications, databases, and services. It handles:

Reverse Proxies (Traefik) automatically.
SSL Certificates (Let's Encrypt) automatically.
Databases (Postgres, Redis, MySQL) with one click.
Deployments from GitHub/GitLab.
Even better: you can host your own Gitea

The Setup Process

Step 1: Spin up the Server
Head over to Linode and create a new Compute Instance.

Image: Ubuntu 24.04 LTS (always bet on LTS).
Region: Pick whatever is closest to your users.
Plan: Nanode 1GB (or higher if you plan to host heavy apps).

Step 2: DNS Configuration
Point your domain (e.g., paas.yourdomain.com) to your new Linode IP address. This will be the dashboard for your Coolify instance.

Step 3: Secure the Server & Install (The Right Way)

Before we run the magic Coolify script, we need to do some housekeeping. Remember, when you move from Vercel to a VPS, you are the security team.

3.1 First Contact & Updates

SSH into your new Linode instance. If you added your SSH keys during the Linode creation process (highly recommended), use:

ssh root@<your-linode-ip>

Once inside, update the package repositories to ensure we aren't installing stale software.

apt update && apt upgrade -y

3.2 Configure the Firewall (UFW)

Ubuntu comes with ufw (Uncomplicated Firewall). We want to close every door except the ones we need.

Coolify needs a few specific ports open to function:

22: SSH (So you don't lock yourself out!)
80: HTTP (For web traffic)
443: HTTPS (For secure web traffic)
8000: The Coolify Dashboard (You can close this later or proxy it, but keep it open for setup)
6001: (Optional) If you plan to use the real-time service feature.

Run these commands one by one:

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8000/tcp
ufw enable

Press y when it warns you that this might disrupt existing SSH connections.

3.3 The Install

Now that the fortress is built, let's install the commander.

Coolify works best on a fresh server. It relies heavily on Docker and its own internal reverse proxy. If you have Nginx or Apache already running on port 80, the installation will fail.

Run the official install script:

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

What is this script actually doing?

It installs Docker Engine (if not found).
It creates a data directory at /data/coolify.
It pulls the necessary Docker images for the Coolify database and API.
It sets up a restart policy so your PaaS comes back up if the server reboots.

3.4 Verification

The script usually takes 2–5 minutes depending on your Linode plan. Once it returns you to the command prompt, verify that the containers are humming along:

docker ps

You should see coolify, coolify-db, and coolify-proxy listed. If you see them, you're golden.

Note: Always verify scripts before running them on your server!

Step 4: The Dashboard
Once the installation finishes, visit your domain (port 8000). You’ll be greeted by the Coolify setup wizard. From here, you can connect your GitHub account.

The "Aha!" Moment

The magic happens when you deploy your first app.

Select your repository in Coolify.
Choose your build pack (Node, Docker, Rust, Go, etc.).
Click Deploy.

Coolify will pull your code, build the container, set up the internal networking, generate an SSL certificate, and expose it to the internet.

Pros vs. Cons

Pros:

Cost: Fixed monthly cost (Linode) regardless of bandwidth spikes.
Privacy: You own your data.
No Limits: No "build minutes" or "bandwidth caps" other than what your VPS provides.

Cons:

Maintenance: You are now the sysadmin. If the server goes down, you have to fix it.
Setup Time: Takes about 15-30 minutes upfront compared to 2 minutes on Vercel.

Conclusion

Building your own PaaS might sound like overkill, but tools like Coolify have lowered the barrier to entry significantly. For the price of a coffee, you get a powerful, private, and professional deployment environment.

If you have a spare domain and $5, give it a try. You might never go back to managed hosting again.

Stop Manual Configs: How I Built a Fully Reproducible Linux Dev Environment

Zayan Mohamed — Fri, 26 Dec 2025 11:09:57 +0000

We’ve all been there. You get a new machine, or your OS crashes, and you spend the next three days trying to remember that specific .zshrc alias or that one Neovim LSP setting that made everything work.

I decided to end the "Mystery State" of my machine. I built a dotfile management system that turns "Setup" into a single command.

My Philosophy: One Repo to Rule Them All

I wanted a setup that followed three rules:

No Manual Copying: Everything is symlinked. If I change a config, it’s already in the git repo.
Idempotent: Running the install script twice shouldn't break anything.
Health Checks: A script that tells me if a symlink is broken or if I'm missing a dependency like ripgrep or fzf.

The Architecture

My repository

Zayan-Mohamed / dot_files

Personal Linux dotfiles managed in a single repo with symlinks for a fully reproducible setup. Includes terminal configs, Zsh + Powerlevel10k, Neovim (80+ plugins), helper scripts, health checks, and detailed documentation.

dot_files

A fully reproducible Linux development environment built around symlinks.

This repository manages everything in ~/.config and essential dotfiles in ~, all tracked in one place and safely symlinked back to the system.
The goal is simple: clone the repo, run one script, and get your exact setup every time.

No manual copying. No drift. No mystery state.

What this repo gives you

A clean, versioned ~/.config
Predictable dotfiles in ~
Idempotent install and update scripts
Health checks to catch broken symlinks
A heavily tuned Neovim setup with documentation
A Zsh environment that feels fast, safe, and modern

⭐ Recent Enhancements

🚀 Starship Prompt Integration

This dotfiles setup now includes Starship, a blazing-fast, cross-shell prompt written in Rust! It works alongside Powerlevel10k, giving you the flexibility to switch between themes instantly.

Why Starship?

⚡ Blazing Fast - Written in Rust for maximum performance
🎨 Beautiful - Rich colors…

View on GitHub

uses a clean separation of concerns:

/config: Mirrors ~/.config (Alacritty, Kitty, Neovim).
/home: Essential dotfiles that live in the root (like .zshrc or .gitconfig).
/scripts: The engine room. Includes health_check.sh and update.sh.

Key Features

1. The "Health Check" Script

Most dotfile repos just link files and walk away. I added a health_check.sh that verifies every symlink and checks if my favorite CLI tools (bat, eza, fd) are actually installed. No more "Command not found" surprises.

2. A 6-Week Neovim Mastery Path

My Neovim setup has 80+ plugins, which can be overwhelming. To solve this, I wrote a full NVIM_STUDY_GUIDE.md inside the repo. It’s not just a config; it’s a curriculum for learning LSP, Telescope, and Git integration.

3. Modern Tooling

The shell environment is built for speed:

Zsh + Powerlevel10k for the UI.
FZF-lua for lightning-fast searches.
Ghostty/Alacritty/Kitty support built-in.

How to use it

If you want to try it out or fork it for your own needs:

git clone git@github.com:Zayan-Mohamed/dot_files.git ~/dot_files
cd ~/dot_files
./scripts/install.sh

Conclusion

Managing your system as code isn't just for DevOps—it's for anyone who values their time. By version-controlling your ~/.config, you treat your development environment with the same respect as your production code.

Check out the full repository here: Zayan-Mohamed/dot_files

I’d love to hear from you: Do you use a manager like GNU Stow or Chezmoi, or do you prefer custom bash scripts like I do? Let's discuss in the comments!

Forem: Zayan Mohamed

I Built a Terminal-Based WiFi & LAN Security Scanner in Go (NOVA)

The Terminal Needs More Security Tools 🛡️

What is NOVA? 🌌

Core Capabilities:

The Tech Stack 🛠️

A Crucial Note on Ethics ⚖️

Try It Out & Break It 🔨

Why Everyone Is Talking About Claude Code (And Why Open Source is Sleeping on the Sidelines)

Why I Spent 4 Months Building a "Map" for the Model Context Protocol (MCP)

The Beginning: From Data Science to AI Agents

The Middle: Curating the Chaos

The Result: The mcp-registry

Why I’m doing this

Check it out!

Zayan-Mohamed / mcp-registry

A curated discovery engine for Model Context Protocol (MCP) servers: installation guides, security profiles and configuration snippets.

Essential MCP Server Registry

Master List

Knowledge Retrieval

Vector Stores

Data Stores

I Built a TUI to Replace `git commit` (and it's written in Go)

Why build another Git tool?

The Tech Stack: Go + Charm

Features at a Glance

1. Interactive Context Wizard

2. Auto-Detect Co-Authors

3. Smart Issue Linking

4. Security

How it works (The Architecture)

Give it a Try

Contributing

Zayan-Mohamed / gitwiz

🧙 Interactive Git commit wizard with smart metadata trailers. Compose better commit messages with TUI-guided co-authors, issue references, and conventional commits. Built with Go + Charm.

GitWizard 🧙

📸 Screenshots

Commit Subject Input

Commit Body (Optional)

Co-Authors Selection

Issue References

Fixes Issues

Final Commit Preview

✨ Features

📦 Installation

Using Go Install

Download Binary

From Zero Echo to Top 7: Why Consistency Wins

The Intention

The "Ghost Town" Phase

Why It Was Worth It

A Quiet Confirmation

Let's Discuss 💬

Stop Zipping Folders: How I Built a Zero-Trust Tunnel to Share Files Instantly (in Go)

The Problem with "Quickly" Sharing a Folder 😫

Meet Orb: Zero-Trust, Terminal-First File Sharing 🛡️

The "Aha!" Moment 💡

How to Use It (In 30 Seconds) ⏱️

1. Share a Folder (Alice)

2. Connect and Browse (Bob)

Under the Hood: The Nerdy Stuff 🤓

Security is Not an Add-on

Why Open Source? ❤️

Try It Out! (And Roast My Code) 🔥

Zayan-Mohamed / orb

Orb is a secure, terminal-first utility that allows you to share a local folder across the internet using end-to-end encryption. No accounts, no cloud storage, no port forwarding required.

Orb — Zero-Trust Folder Tunneling Tool

Demo

Sharing a Folder

Browsing Shared Files

Features

Quick Start

Install

Job Board Scraping: API Endpoints & Cheat Sheet

1. LinkedIn (The "Guest" API Trick)

2. Remotive (Public API)

3. Arbeitnow

Python Snippet: The Rate Limiter

How do I backup my identity files (SSH/GPG) without compromising them?

The Story: Paranoia & SSH Keys 🔑