Cloudflare WAF: Free Tier Firewall Rules
Cloudflare's free tier WAF is more powerful than most people use. Here's how to actually configure it — rules, rate limits, and all.
Tag: security
All the articles with the tag "security".
Certificate Pinning: The Nuclear Option for TLS Security (Use With Caution)
Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.
.gitignore Entries Every Project Actually Needs
Stop leaking secrets, dependencies, and OS garbage into git. Here are the .gitignore patterns that save you from disaster.
Vault vs Infisical: Secrets Management for Teams Who've Learned the Hard Way
HashiCorp Vault vs Infisical compared: secrets management for DevOps teams, Docker Compose setup, SDK examples, and when complexity is worth it.
Open Source Licenses Explained: What You Can and Can't Do With Free Software
FOSS licenses explained for developers and self-hosters: MIT vs GPL vs AGPL vs Apache 2.0, copyleft vs permissive, and what recent license changes mean for you.
mTLS Explained: When Regular TLS Isn't Paranoid Enough
Mutual TLS (mTLS) explained for mortals: how both sides authenticate, setting up step-ca for internal PKI, generating client certs, and configuring nginx with mTLS.
Port Knocking: Simple Obscurity for SSH Access
Hide your SSH port from scanners with port knocking. It's not a replacement for security, but it's a valid defense-in-depth tactic.
SSH Keys in 2026: Ed25519 Is the Standard
RSA SSH keys are aging out. Why Ed25519 is the 2026 default, how to generate one in 30 seconds, and how to audit and rotate your legacy keys safely.
Why Your VPN Isn't Routing What You Think
You enabled the VPN but half your traffic still bypasses it. Here's why and how routing actually works.
DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
Understand DoH, DoT, and DoQ encrypted DNS protocols and set up self-hosted encrypted DNS with AdGuard Home or Pi-hole. Stop your ISP from logging every domain you visit.
tcpdump Basics: Capture Traffic Without Wireshark
You don't need a GUI to see network packets. tcpdump on the command line beats opening Wireshark every time.
AppArmor vs SELinux: Mandatory Access Control Without the Existential Dread
AppArmor vs SELinux explained: what mandatory access control actually does, how to write AppArmor profiles with aa-genprof, navigate SELinux labels and audit2allow, and when to use each.