SSH Keys in 2026: Ed25519 Is the Standard
RSA SSH keys are aging out. Why Ed25519 is the 2026 default, how to generate one in 30 seconds, and how to audit and rotate your legacy keys safely.
Tag: security
All the articles with the tag "security".
Why Your VPN Isn't Routing What You Think
You enabled the VPN but half your traffic still bypasses it. Here's why and how routing actually works.
DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
Understand DoH, DoT, and DoQ encrypted DNS protocols and set up self-hosted encrypted DNS with AdGuard Home or Pi-hole. Stop your ISP from logging every domain you visit.
tcpdump Basics: Capture Traffic Without Wireshark
You don't need a GUI to see network packets. tcpdump on the command line beats opening Wireshark every time.
AppArmor vs SELinux: Mandatory Access Control Without the Existential Dread
AppArmor vs SELinux explained: what mandatory access control actually does, how to write AppArmor profiles with aa-genprof, navigate SELinux labels and audit2allow, and when to use each.
Your Server Doesn't Know What Random Means (And That's a Problem)
Linux entropy explained: /dev/random vs /dev/urandom, entropy pools, haveged, virtio-rng, and hardware RNG. Fix low entropy on VMs and containers for safe crypto key generation.
Caddy Advanced: Automatic HTTPS, Plugins, and Config That Doesn't Make You Cry
Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.
Auditd & Audit Logging: Know Exactly Who Touched What on Your Server
Master auditd for Linux audit logging: watch critical files, audit syscalls, use aureport and ausearch, and ship logs to Loki or Elasticsearch for compliance and security monitoring.
HashiCorp Vault: Stop Hardcoding Secrets Like It's 2012
HashiCorp Vault tutorial: Docker Compose setup, KV v2 secrets, AppRole auth, dynamic database credentials, PKI engine for internal certs, and auto-unseal with cloud KMS.
VPN Kill Switch and DNS Leak Prevention: Paranoia, Justified
Set up a WireGuard VPN kill switch and prevent DNS leaks on Linux. Practical iptables rules, resolv.conf locking, and systemd-resolved config.
nmap for Your Own Network: What You Should Be Scanning
nmap isn't just for pen testers. Learn what's actually worth scanning on your home network and what those open ports really mean.
Vaultwarden Organization Sharing: Password Management for Your Whole Household (or Team)
Vaultwarden organizations let you share passwords with family or team members securely. Collections, permissions, CLI usage, and backup — all explained.