Posts
Page 29 of 53
-
Gitea vs Forgejo vs GitLab CE: Self-Hosted Git Without the Existential Crisis
You want to self-host your git. Noble. Responsible, even. But now you're staring down three options and a Reddit thread that's somehow both 4 years old and still being argued about. Gitea, Forgejo, GitLab CE — let's cut through the noise and figure out which one won't ruin your weekend.
9 min read -
Falco: Catch Container Attacks at Runtime
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
5 min read -
WireGuard Is Fast, But You're Leaving Performance on the Table
WireGuard is fast out of the box, but default config leaves throughput on the table. Tune MTU, use the kernel module, and benchmark what you actually get.
8 min read -
Loki vs ELK: Centralized Logging Without the RAM Tax
ELK does everything and wants all your memory. Loki does logging the Prometheus way — label indexes, not content — and runs on a fraction of the resources. Here's the honest comparison.
7 min read -
Vault vs Infisical: Secrets Management for Teams Who've Learned the Hard Way
Your database password is in 14 different `.env` files across three repos, one of which is public on GitHub. Somewhere out there, a bot is already trying it. It's time to fix the secrets sprawl problem — and pick the right tool to do it without spending three weeks on setup.
9 min read -
Cockpit vs Webmin: Web Admin Panels That Don't Make You Cry
Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.
6 min read -
DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
Your DNS queries go out in plain text, so your ISP logs every site you visit. Here's how DoH, DoT, and DoQ fix that — and how to self-host with AdGuard Home.
8 min read -
LangGraph vs CrewAI vs AutoGen: AI Agents Without the Hype
LangGraph gives you graph-level control. CrewAI gives your agents job titles. AutoGen makes them have a conversation. Here's which one to reach for when building real AI workflows.
6 min read -
Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
No port forwarding, no DDNS drama. Cloudflare Tunnels advanced config: multiple services, Access policies, origin TLS, and what Cloudflare can actually see.
9 min read -
Your Server Doesn't Know What Random Means (And That's a Problem)
Your freshly booted VM is generating SSH keys with barely any entropy, and that should make you nervous. Linux needs randomness to do cryptography, and headless servers are terrible at collecting it. Here's what's actually happening inside /dev/random and how to fix it before you generate a weak key.
8 min read -
Auditd & Audit Logging: Know Exactly Who Touched What on Your Server
When the config changes and nobody owns up, auditd has the receipts. Linux's kernel audit framework logs every file access, sudo, and syscall you tell it to.
8 min read -
Trivy + Cosign: Scan and Sign Your Images
You're pulling container images from strangers on the internet. Trivy scans them for CVEs. Cosign proves they haven't been tampered with. Use both.
6 min read