Rich Gibbs

Practical, opinionated notes on Linux server security, AWS hygiene, and indie-founder operations from Rich Gibbs.

• DKIM key rotation for indie founders: the 15-minute zero-downtime swap

  May 31, 2026

  You have DKIM set up. Now you need to rotate the keys before they expire or leak. The dual-selector trick that lets you swap without bouncing a single message.

• Server monitoring & alerting for indie founders who self-host

  May 29, 2026

  You have the server running. Now you need to know when it is on fire before your users do. The minimal, working monitoring stack that actually gets used.

• I ran a read-only server audit. Here's what I found that the scanners missed.

  May 27, 2026

  Found a world-readable archive with API keys sitting in /var/backups/. A read-only audit finds the quiet risks that scanners miss.

• Docker Compose on one VPS: the production checklist before you outgrow it

  May 24, 2026

  A practical checklist for running Docker Compose on a single VPS: restart policy, health checks, log rotation, backups, deploy path, ports, secrets, rollback, and alerts.

• Before an AI agent gets real tool access, map what it can actually do

  May 23, 2026

  A permission-map checklist for AI agents touching GitHub, Gmail, Slack, Stripe, AWS, or MCP: account, verbs, spend, approvals, logs, kill switches.

• Redacted evidence beats account access: how to get a useful QuickCheck without handing over credentials

  May 22, 2026

  A practical guide for founders who need AI/API cost help, email DNS review, inbox cleanup, or server hygiene advice without sending passwords, API keys, SSH keys, mailbox access, or customer data.

• AI/API bill jumped? Find the token burn before it eats the month

  May 21, 2026

  A practical checklist for founders running agents, internal AI tools, or automation hosts: stuck jobs, expensive model defaults, fallback loops, cache misses, and missing budget controls.

• EC2 read-only hardening audit: what Inspector misses, and what to check by hand (2026)

  May 16, 2026

  AWS Inspector and IAM Access Analyzer are great at IAM-side and CVE-side findings, and they will quietly miss several of the EC2 instance-level problems most likely to get a small SaaS owned. Here is the read-only EC2 hardening audit a one-person ops team can actually run in an hour.

• Encrypting Your EBS Root Volume Without Rebuilding the Server (AWS 2026)

  May 14, 2026

  A practical, indie-founder guide to migrating an unencrypted EC2 root volume to KMS-encrypted EBS — without rebuilding the instance, losing data, or fighting AZ mismatch and root device name traps.

• Security audit vs penetration test: which one does an indie founder actually need?

  May 14, 2026

  A read-only security audit and a penetration test are not the same thing, and asking for the wrong one will either waste your money or leave the actual problem in place. Here is the boring, working distinction for a 1-5 person SaaS team in 2026.

Looking for the free tool? Run free-quickcheck-mini →