Skip to content

Tag: security

All the articles with the tag "security".

Wireguard VPN Server in Docker

Wireguard VPN Server in Docker

· Updated:

Run a WireGuard VPN server in Docker with the linuxserver image — Compose setup, peer config generation, and road warrior access to your home network.

Container Escape: How to Stop It

Container Escape: How to Stop It

Containers are not VMs. Here are the real escape vectors — privileged mode, mounted sockets, kernel CVEs — and the runtime hardening that actually helps.

Cosign Keyless: Sign Without Keys

Cosign Keyless: Sign Without Keys

Cosign keyless signing uses GitHub OIDC + Fulcio + Rekor to sign container images without managing private keys. Here's how it actually works and why you want it.

Sysbox vs gVisor vs Kata

Sysbox vs gVisor vs Kata

Containers aren't security boundaries — Sysbox, gVisor, and Kata fix that. Here's which isolation runtime fits your actual threat model.

Trivy vs Grype vs Docker Scout

Trivy vs Grype vs Docker Scout

Trivy, Grype, and Docker Scout go head-to-head on speed, CVE coverage, CI integration, and cost. Pick the right scanner for your home lab or pipeline.

Beyond Akismet: Spam Protection for 2026

Beyond Akismet: Spam Protection for 2026

Akismet's licensing terms are increasingly hostile to small sites. Here are 11 spam-protection options — hosted APIs, CAPTCHA widgets, and DIY honeypots — that actually work in 2026.

Distroless Images: When Minimal Goes Too Far

Distroless Images: When Minimal Goes Too Far

Distroless containers are tiny, secure, and loved by security teams — until you need to debug one at 2 AM. Here's when Google distroless actually pays off vs when it's just container hipster points.

Incident Response for Self-Hosters

Incident Response for Self-Hosters

You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.