Posts
Page 11 of 41
-
Trivy + Cosign: Scan and Sign Your Images
You're pulling container images from strangers on the internet. Trivy scans them for CVEs. Cosign proves they haven't been tampered with. Use both.
5 min read -
Kernel Live Patching: Security Updates Without the 3am Reboot
Somewhere in your infrastructure there's a server that hasn't rebooted in 847 days. Everyone knows about it. Nobody wants to touch it. Kernel live patching is the technology that lets you patch critical CVEs without finding out what breaks when it finally comes back up.
8 min read -
Prometheus + Grafana: Monitoring That Doesn't Lie to You
Prometheus scrapes metrics. Grafana makes them pretty. Alertmanager wakes you up at 2 AM. Here's how to wire all three together into a monitoring stack that actually works.
7 min read -
Linux Capabilities: Drop Root Without Breaking Everything
Running everything as root because it's easier is the sysadmin equivalent of giving your web server the keys to reboot the host just because it needs port 80. Linux capabilities let you split root into 40+ granular permissions — here's how to use them without losing your mind.
8 min read -
Fail2ban vs CrowdSec: Blocking the Bots Actually Smartly
Fail2ban bans IPs that attack you. CrowdSec bans them before they attack you, using community threat intelligence. Here's how to set up both and why you might want both.
6 min read -
Sysctl Tuning: The Linux Kernel Knobs That Actually Matter
Your Linux server has hundreds of tunable kernel parameters sitting in /proc/sys, doing nothing because nobody ever touched them. Most don't matter. A handful can meaningfully improve network throughput, reduce swap thrashing, and make your Docker host behave better under load. Here's which ones those are.
8 min read -
Tailscale Deep Dive: Mesh Networking That Actually Works
Tailscale takes WireGuard's speed and wraps it in a control plane that handles key exchange, routing, and ACLs automatically. Here's everything beyond 'tailscale up'.
8 min read -
n8n + LLM: Building Automations That Actually Think
Traditional automation is just very fast copy-paste. When your email filter breaks because someone wrote "URGENT" in lowercase, you realize rule-based logic has limits. Connecting n8n to a local LLM turns "if this then that" into "figure this out and do the right thing."
9 min read -
n8n vs Node-RED: Automate Everything Without Learning to Code (Much)
You're paying $20/month to Zapier to shuffle data between two services that are both free. There's a better way. n8n and Node-RED are two self-hosted automation tools that can replace the SaaS middlemen — and they'll both run happily on a $15 VPS or your home server.
8 min read -
Qdrant vs Weaviate vs Chroma: Vector DB Showdown
Every RAG tutorial says 'just use Chroma.' Then you hit production. Here's what Qdrant, Weaviate, and ChromaDB actually offer and when each one earns its place.
7 min read -
CUDA vs ROCm vs CPU: Running AI on Whatever GPU You've Got
Want to run AI locally but not sure if your GPU will cooperate? Whether you're rocking an NVIDIA card, an AMD GPU, or just a CPU and sheer determination, here's the honest breakdown of what works, what technically works, and what will make you question your life choices.
9 min read -
2FA for SSH and sudo via PAM
Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.
5 min read
