tag: #security

10 posts

1 day ago Day One with the FortiGate 100F - Adding a Real NGFW to a MikroTik-Native Homelab

The FortiGate 100F arrived this week and slots into the homelab between the Fritz!Box modem and the MikroTik core router, adding real next-generation firewall capability to a routing-strong but inspection-light architecture.

#networking #firewall #fortinet #fortigate #homelab #security

2 months ago Trapping SSH Attackers with endlessh-go on a VPS

Running endlessh-go as a Docker container on Strato VPS, deployed via Ansible

#security #homelab #selfhosted #linux #networking

7 months ago Base and Bound Protection

Exploring base and bound memory protection

#os #operating system #linux #security #kernel

4 years ago Log4Shell

On December 9, an arbitrary code execution vulnerability in Apache Log4j 2 went public. The world spent the weekend patching. A week later we have CVE-2021-44228, the follow-up CVE-2021-45046, and CVE-2021-45105, three patches in five days, and a long list of structural lessons that the Java ecosystem will be working through for years.

#security #java #incident

4 years ago Vaultwarden - Self-Hosting the Bitwarden Server

The project formerly known as bitwarden_rs renamed to Vaultwarden last month, completing the rebrand at the request of the Bitwarden team. Six weeks in, the new name is settling. The underlying project remains what it always was - the right way to self-host Bitwarden if you want full control of your password infrastructure.

#selfhosted #security #linux #rust

5 years ago HTTP/3 and QUIC - What's About to Replace TCP

QUIC is in late draft, HTTP/3 is shipping in Chrome and Firefox, and Cloudflare and Google are already serving meaningful traffic over both. The internet's transport layer is being rewritten. This is what changed, why it changed, and what it means for everyone who runs servers.

#networking #security #protocols #tls

7 years ago WireGuard - The VPN That's About to Change Everything

Jason Donenfeld submitted WireGuard for inclusion in the Linux kernel mainline in August. Even before merge, the four-thousand-line VPN is already faster, simpler, and more secure than OpenVPN or IPsec. Here is what it is, why the design matters, and how to deploy it now.

#linux #networking #security #selfhosted #vpn

8 years ago Spectre and Meltdown - What Hardware Trust Looks Like After January 3

On January 3, three vulnerabilities in modern CPUs reframed two decades of assumptions about hardware-enforced isolation. The patches are landing. The deeper lesson — that speculative execution as currently designed is fundamentally hostile to security — is what we are still working out.

#security #linux #hardware

9 years ago Self-Hosting Email

Self-hosting email used to mean installing Postfix and pointing an MX record at it. In 2017, the deliverability fight against Gmail and Outlook is the real work, and most of the difficulty is not the mail server itself.

#linux #selfhosted #email #security

9 years ago BorgBackup - Encrypted, Deduplicated Backups Done Right

Borg 1.0 has been stable since February. If your backup strategy is still rsync to an external drive, you are leaving real safety on the table. Encryption, deduplication, and compression are not optional anymore.

#linux #backup #selfhosted #security

1/2 older >