Free Tools Pricing
Log in Sign up →

Blog

Your code deserves
better

Developer security, encrypted backups, and protecting your work from cloud sync corruption and AI credential leaks.

22 posts across threat intel, original research, engineering deep dives, and step-by-step tutorials.

Written by the team building DevSafe at HXA Labs.

Sovereignty Jun 22, 2026 12 min read

In 10 days, a government killed two AI models and a $60B acquisition moved your code to new servers. You were not asked.

Your Code Is Not Yours. Here Is How to Fix That.

5 questions that tell you whether you own your stack or rent it. Plus the sovereignty checklist, what DevSafe believes, and what we do about it.

Read the full post
SovereigntyFeatured
Product Jun 15, 2026 6 min read

No one built it. So we did.

DevSafe v1.0: What We Built and Why

There are 75-100 million developers worldwide. Not one commercial product offers local-first encrypted git backup with user-owned storage. Here is what v1.0 includes and why this product needed to exist.

Read the launch post
Releasev1.0
TutorialJun 15, 20265 min read

Three commands. One bucket. Done before your coffee gets cold.

Your First Encrypted Git Backup in 5 Minutes

Install DevSafe. Connect your storage. Run your first backup. Repos discovered automatically, encrypted before anything leaves your machine, verified as restorable.

Follow the walkthrough
Getting StartedTutorial
EngineeringJun 15, 20269 min read

Three levels of "encrypted." Most backup tools stop at level one.

What "Encrypted" Actually Means for Your Code

Server-side encryption means the provider holds the key. Client-side means you do. The difference matters the day someone breaches the provider or serves a subpoena.

Learn the three levels
EncryptionSecurity
EngineeringJun 15, 202610 min read

A .git directory is a database, not a folder. Copy it like files and you break it.

Why Filesystem Backup Fails for Git Repositories

Time Machine, Backblaze, iCloud, Dropbox. They all copy files. Git is a transactional database. A filesystem snapshot taken mid-operation captures a partial write.

See the five failure modes
ArchitectureGit
ProductMay 11, 20267 min read

I lost years of work in one afternoon. No warning. No recovery path.

iCloud Renamed My .git Folder. Here's What I Found.

Every major cloud sync provider has the same problem. Four providers. Four failure modes. 2.75 billion users on broken platforms.

Read the full story
iCloudData Loss
EngineeringMay 11, 20266 min read

You gave it file access. It read your secrets. That is working as designed.

Your .env File Isn't Safe From Your AI Assistant

Your AI coding assistant can read your credentials right now through paths you have not thought about. Here is how to check and what to do about it.

Learn how to check
.envAI Security
EngineeringMay 11, 20267 min read

Backblaze skips it. Time Machine corrupts it. Rsync catches it mid-write.

Backblaze Skips Your .git Folder. Time Machine Corrupts It.

I tested every popular backup tool against a real git repository. None of them got it right.

See what actually works
BackupBackblaze
Threat IntelMay 8, 20266 min read

The company building the AI shipped its own source code. Twice.

Anthropic Shipped Their Source Code. Twice.

Source maps exposed in production. Internal code readable by anyone with browser dev tools. If the AI company cannot protect its own code, what chance does a solo developer have?

Read the analysis
IncidentSource Code
ResearchMay 6, 202618 min read

50 tools. 5 criteria. Not one passed all five.

We Audited 50 Backup Tools. Here Is What We Found.

Cloud sync, system backup, git hosting, dedicated backup tools, and manual scripts. We tested every category against five criteria. The scorecard is not pretty.

See the full audit
ResearchAudit
TutorialMay 6, 202614 min read

A checklist for evaluating any backup tool. Print it.

What to Look for in an Encrypted Backup Tool

Nine questions every vendor should answer. Who holds the key? What cipher? Where are backups stored? What format? Can you restore without the vendor?

Get the checklist
ChecklistEncryption
EngineeringMay 6, 202610 min read

Most tools that say "encrypted" mean something different than you think.

What "Encrypted" Should Mean and Usually Does Not

Four levels of encryption. Most backup tools stop at level two. Here is what each level protects and where the industry falls short.

Read the breakdown
EncryptionStandards
Threat IntelMay 4, 202612 min read

The protocol has no secret management. That is how it works.

MCP stores your credentials in plain text.

No keychain integration. No encryption. No env var requirement. We scanned 1,722 public configs on GitHub and found 1 in 31 leaking real credentials.

Read the full report
MCPAI Security
TutorialMay 4, 20268 min read

It takes 5 commands to know. It takes 5 days to recover.

Is iCloud already corrupting your git repos?

Open your terminal. Run these five commands. If the output matches what we show you, your repos are already damaged.

Check your repos now
iCloudCorruption
ResearchMay 4, 202615 min read

We broke git repos 10 different ways. All four major sync services watched.

The 10 ways cloud sync destroys your git repos

Lockfile races. Partial pack writes. Index conflicts. Ref pointer overwrites. We reproduced every failure mode across all four major sync services.

See the full breakdown
ResearchCloud Sync
Threat IntelMay 4, 202610 min read

You gave it file access. It read your secrets. That is working as designed.

Your .env is in the AI context window right now

We tested five AI coding assistants. Every single one ingested environment variables into model context. Database URLs, API keys, cloud credentials.

See what gets exposed
.envAI Assistants
ResearchMay 4, 20266 min read

Your hosting provider can read every file you pushed today.

"Private" is not "encrypted." Stop confusing the two.

A private repo means access control. It does not mean your code is encrypted. One subpoena, one breach, one rogue employee.

Understand the difference
EncryptionGitHub
ResearchMay 4, 202614 min read

Four companies. 2.75 billion users. Not one safe git experience.

The cloud sync corruption problem nobody is solving

Apple, Microsoft, Google, and Dropbox serve 2.75 billion users. We tested every service. Every single one corrupts git repositories.

Read the research
Market ResearchCloud Sync
Threat IntelMay 4, 20268 min read

You do not need a team to lose everything. You just need one bad Tuesday.

The threat model nobody writes for solo developers

Laptop theft. SSD failure. Cloud sync corruption. AI credential leaks. Account takeover. You face the same threats as a 50-person team with none of the infrastructure.

See your threat surface
Threat ModelSolo Dev
ResearchMay 4, 20267 min read

A remote is not a backup. Say it until you believe it.

"Isn't GitHub my backup?" No. And here is why.

Your laptop dies. GitHub has an outage. Now what? A remote is a collaboration tool. A backup is an insurance policy.

Stop making this mistake
BackupGitHub
TutorialMay 2, 20268 min read

Five questions. Most backup tools fail at least three.

5 Questions to Ask Before You Trust Any Backup

Can you restore without the vendor? Can the provider read your data? Does it capture uncommitted work? Have you tested a restore?

Take the test
ChecklistBackup
EngineeringMay 2, 20267 min read

77% of tested backups reveal failures. Most are never tested.

Why Most Backup Tools Fail the Restore Test

A backup you have never restored is an assumption, not a fact. We tested the restore process for every major backup approach.

See the test results
RestoreTesting
TutorialMay 2, 20269 min read

The first hour decides everything. Here is exactly what to do.

What to Do in the First 60 Minutes After Data Loss

Step-by-step recovery guide using git's own tools. Check stashes, run fsck, search the reflog, recover staged files. Most of what you think is gone is still there.

Read the recovery guide
RecoveryTutorial

No posts in this category yet. Check back soon.

Newsletter

Stay ahead of threats

Research, threat intel, and tutorials. We only publish when we have something worth your time.

No spam. Unsubscribe anytime.

What topics interest you?

Threats
Tutorials
Engineering
AI Security
Product
Everything

Skip this step

English is my second language, and I am deaf. I use AI tools to help organize ideas and communicate clearly. Everything you read here reflects my own thinking, experience, and perspective. AI helps me bridge communication barriers so I can focus on sharing ideas rather than struggling with language mechanics.