Posts
Page 22 of 47
-
Restic vs Borg vs Kopia: Backups That Actually Deduplicate
rsync is not a backup. Restic, Borg, and Kopia do deduplication, encryption, and incremental snapshots properly. Here's which one fits your home lab and why.
7 min read -
Suricata vs Snort: Network Intrusion Detection That Actually Works
Snort invented network intrusion detection. Suricata multi-threaded its way past it. Here's how to set up real IDS/IPS on your home lab and actually understand what it's telling you.
6 min read -
Proxmox vs XCP-ng: Hypervisors for People Who Like Their Data Center at Home
Running 15 VMs on a machine that cost $300 because you're an adult with hobbies — that's the homelab dream. But first you have to pick a hypervisor, and the two best free options take completely different approaches to the same problem. Here's how to pick the right one.
9 min read -
Continue.dev vs Cody vs Tabby: AI Code Help Without the Cloud
GitHub Copilot is great until you read the ToS. Continue.dev, Cody, and Tabby bring AI code assistance to your editor with local or self-hosted models — no code leaves your machine.
6 min read -
Self-Hoster's Disaster Recovery: When Everything Goes Wrong at Once
Everyone has a backup strategy until their backup fails the one time it matters. Disaster recovery is the full plan: what you recover, in what order, and how you know it worked. Here's how to build one for your home lab before you need it.
9 min read -
SBOMs and Supply Chain Security
A Software Bill of Materials tells you exactly what's in your software. Syft generates one, Grype scans it for CVEs. Together they're your supply chain paper trail.
7 min read -
Terraform vs Pulumi: Infrastructure as Code Without the YAML Nightmares
Terraform's state file has a way of becoming the most precious and anxiety-inducing file in your infrastructure. Pulumi lets you write infrastructure in TypeScript, Python, or Go instead of HCL — loops, functions, and all. Here's when each one wins.
8 min read -
Chaos Engineering: Break Things on Purpose Before They Break Themselves
Your app handles a 500ms database response beautifully in testing because the database has never been slow in tests. Chaos engineering is the practice of finding those embarrassing assumptions before your users do — by deliberately causing the failures you've been hoping won't happen.
9 min read -
HashiCorp Vault: Stop Hardcoding Secrets Like It's 2012
AWS_SECRET_KEY=supersecretpassword123 committed to a public GitHub repo. We've all seen it. Vault is the tool that makes hardcoded secrets unnecessary — KV storage, dynamic credentials, PKI, and AppRole auth, all accessible via API. Here's how to actually run it.
8 min read -
Sysctl Tuning: The Linux Kernel Settings Nobody Told You About
Linux ships with conservative kernel defaults meant for general use. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just values to paste.
7 min read -
Woodpecker CI vs Drone CI: Lightweight Pipelines for People Who Hate Waiting
Jenkins needs a server. GitHub Actions needs GitHub. If you're self-hosting your Git and want CI that doesn't weigh more than the code it's testing, Drone CI and its community fork Woodpecker CI are worth knowing about. One changed its license. The other exists because of that decision.
7 min read -
Container Security: Scan and Sign Your Images Like You Mean It
Pulling unscanned images onto your server is a gamble. Trivy finds the CVEs. Cosign proves the image hasn't been swapped out. Here's how to add both to your workflow.
6 min read
