Posts
Page 10 of 42
-
SBOMs and Supply Chain Security
A Software Bill of Materials tells you exactly what's in your software. Syft generates one, Grype scans it for CVEs. Together they're your supply chain paper trail.
7 min read -
Terraform vs Pulumi: Infrastructure as Code Without the YAML Nightmares
Terraform's state file has a way of becoming the most precious and anxiety-inducing file in your infrastructure. Pulumi lets you write infrastructure in TypeScript, Python, or Go instead of HCL — loops, functions, and all. Here's when each one wins.
8 min read -
Jellyfin vs Plex: Your Media Deserves Better Than a Subscription
Plex built the gold standard for media servers, but added a paywall. Jellyfin is the open-source answer that's finally caught up. Here's which one belongs on your server in 2026.
5 min read -
Chaos Engineering: Break Things on Purpose Before They Break Themselves
Your app handles a 500ms database response beautifully in testing because the database has never been slow in tests. Chaos engineering is the practice of finding those embarrassing assumptions before your users do — by deliberately causing the failures you've been hoping won't happen.
9 min read -
HashiCorp Vault: Stop Hardcoding Secrets Like It's 2012
AWS_SECRET_KEY=supersecretpassword123 committed to a public GitHub repo. We've all seen it. Vault is the tool that makes hardcoded secrets unnecessary — KV storage, dynamic credentials, PKI, and AppRole auth, all accessible via API. Here's how to actually run it.
8 min read -
Sysctl Tuning: The Linux Kernel Settings Nobody Told You About
Linux ships with conservative kernel defaults meant for general use. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just values to paste.
7 min read -
Woodpecker CI vs Drone CI: Lightweight Pipelines for People Who Hate Waiting
Jenkins needs a server. GitHub Actions needs GitHub. If you're self-hosting your Git and want CI that doesn't weigh more than the code it's testing, Drone CI and its community fork Woodpecker CI are worth knowing about. One changed its license. The other exists because of that decision.
7 min read -
Container Security: Scan and Sign Your Images Like You Mean It
Pulling unscanned images onto your server is a gamble. Trivy finds the CVEs. Cosign proves the image hasn't been swapped out. Here's how to add both to your workflow.
6 min read -
Gitea vs Forgejo vs GitLab CE: Self-Hosted Git Without the Existential Crisis
You want to self-host your git. Noble. Responsible, even. But now you're staring down three options and a Reddit thread that's somehow both 4 years old and still being argued about. Gitea, Forgejo, GitLab CE — let's cut through the noise and figure out which one won't ruin your weekend.
9 min read -
Falco: Catch Container Attacks at Runtime
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
5 min read -
WireGuard Is Fast, But You're Leaving Performance on the Table
WireGuard is already faster than OpenVPN and IPsec out of the box — but default config leaves real throughput on the table. MTU misconfiguration alone can cost you 30% of your bandwidth. Here's how to tune WireGuard properly, measure what you actually get, and understand why the numbers are what they are.
8 min read -
Loki vs ELK: Centralized Logging Without the RAM Tax
ELK does everything and wants all your memory. Loki does logging the Prometheus way — label indexes, not content — and runs on a fraction of the resources. Here's the honest comparison.
6 min read
