Posts
Page 10 of 41
-
Gitea vs Forgejo vs GitLab CE: Self-Hosted Git Without the Existential Crisis
You want to self-host your git. Noble. Responsible, even. But now you're staring down three options and a Reddit thread that's somehow both 4 years old and still being argued about. Gitea, Forgejo, GitLab CE — let's cut through the noise and figure out which one won't ruin your weekend.
9 min read -
Falco: Catch Container Attacks at Runtime
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
5 min read -
WireGuard Is Fast, But You're Leaving Performance on the Table
WireGuard is already faster than OpenVPN and IPsec out of the box — but default config leaves real throughput on the table. MTU misconfiguration alone can cost you 30% of your bandwidth. Here's how to tune WireGuard properly, measure what you actually get, and understand why the numbers are what they are.
8 min read -
Loki vs ELK: Centralized Logging Without the RAM Tax
ELK does everything and wants all your memory. Loki does logging the Prometheus way — label indexes, not content — and runs on a fraction of the resources. Here's the honest comparison.
6 min read -
Vault vs Infisical: Secrets Management for Teams Who've Learned the Hard Way
Your database password is in 14 different `.env` files across three repos, one of which is public on GitHub. Somewhere out there, a bot is already trying it. It's time to fix the secrets sprawl problem — and pick the right tool to do it without spending three weeks on setup.
9 min read -
Cockpit vs Webmin: Web Admin Panels That Don't Make You Cry
Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.
6 min read -
DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
Every website you visit starts with a DNS query, and by default that query goes out in plain text so your ISP, your coffee shop's router, and anyone in between can log exactly what you're looking at. Encrypted DNS fixes this — here's how DoH, DoT, and DoQ work, and how to self-host it with AdGuard Home.
8 min read -
LangGraph vs CrewAI vs AutoGen: AI Agents Without the Hype
LangGraph gives you graph-level control. CrewAI gives your agents job titles. AutoGen makes them have a conversation. Here's which one to reach for when building real AI workflows.
6 min read -
Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
No port forwarding, no DDNS drama. Cloudflare Tunnels advanced config: multiple services, Access policies, origin TLS, and what Cloudflare can actually see.
9 min read -
Your Server Doesn't Know What Random Means (And That's a Problem)
Your freshly booted VM is generating SSH keys with barely any entropy, and that should make you nervous. Linux needs randomness to do cryptography, and headless servers are terrible at collecting it. Here's what's actually happening inside /dev/random and how to fix it before you generate a weak key.
7 min read -
Immich vs PhotoPrism: Escape Google Photos Without Losing Your Mind
Immich vs PhotoPrism in 2026: which self-hosted photo library beats Google Photos without making you regret the migration. Mobile app, ML, and gotchas.
10 min read -
Auditd & Audit Logging: Know Exactly Who Touched What on Your Server
Sometime between "it was working yesterday" and "someone deleted the config file," you'll wish you knew who had been on your server. Auditd is Linux's built-in surveillance system — it records every file access, privilege use, and suspicious syscall if you know how to ask.
8 min read
