Stop Putting Passwords in Docker ENV
ENV bakes secrets into layers visible in docker history. Use BuildKit --secret, runtime vars, or .env files.
All the articles with the tag "security".
ENV bakes secrets into layers visible in docker history. Use BuildKit --secret, runtime vars, or .env files.
LinkedIn scans every visitor's installed extensions and sends the data to third parties without consent. Here's what they're looking for—and how to stop it.
Disaster recovery for your Linux home lab — tiered backups, a restic script that actually runs, restore drills, and the gotchas that bite at 2 AM.
Scan your containers and dependency trees with trivy, grype, syft, and osv-scanner. Generate SBOMs and catch CVEs before a supply chain attack catches you.
OpenConnect replaces the bloated AnyConnect client on Linux. Run ocserv for a self-hosted Cisco-compatible VPN server — no 200MB installer required.
Proxychains-ng, Tor, and VPN+Tor combos tested honestly: which setups actually anonymize traffic and which are security theater you should stop trusting.
Generate SSH keys, set up passwordless auth, configure SSH, and transfer files securely with SCP — the foundation of headless Linux work.
TLS tunneling for legacy plaintext services — stunnel's X.509 cert model vs spiped's pre-shared key simplicity, and when each one actually wins.
Suricata beats Snort on multi-threading and EVE JSON logging. Side-by-side IDS/IPS breakdown with Suricata install, suricata.yaml config, and OPNsense setup for home labs.
AV vs EDR — traditional antivirus signatures vs behavioral endpoint detection. What each catches, what it misses, and what you actually need.
Apply zero-trust principles to your home lab — network segmentation, VLANs, identity-aware proxies, and Tailscale as the glue.
UFW makes iptables manageable — allow and deny rules, app profiles, default policies, and the 5-minute setup for any new Linux server.