Blog

I write about DevOps, WordPress hosting, cloud infrastructure, and web development. Here you'll find technical deep-dives, practical guides, and lessons learned from building and scaling production systems.

Scroll

  1. Claude Mythos: what Anthropic's cyber model means, and how to stay ahead of it

    Anthropic is about to open its restricted Mythos cyber model to the public. Here's what it actually does, why the 10,000-vulnerability headline deserves scrutiny, and the one shift that matters for the software you run.

    2647 words
  2. Air-gapped Kubernetes deployments: why Zarf wins

    Zarf packages container images, Helm charts, and manifests into a single archive for deployment to fully disconnected Kubernetes clusters. Born from a U.S. Navy submarine problem, its ConfigMap-based registry bootstrap is one of the cleverest tricks in the airgap toolbox.

    2088 words
  3. Why I left Google Workspace for self-hosted Nextcloud

    Three weeks of self-hosted Nextcloud Hub 26 Winter alongside Google Workspace, mail moved to Soverin, and on May 18, 2026 I cancelled Google Workspace. Here is what works, what does not, and why this stopped being a fringe choice for EU SMBs.

    2044 words
  4. WordPress 7.0 ships the AI Client. The Abilities API and MCP Adapter are what plugin developers should learn first.

    WordPress 7.0 ships May 20 with the AI Client front and center. But the Abilities API has been in core since November 2025, and the MCP Adapter is what makes WordPress callable by external AI agents. Both deserve your attention before you write your first wp_ai_client_prompt() call.

    2507 words
  5. The Open Cloud Alliantie is real. Seven Dutch providers just made sovereignty a procurement conversation.

    Seven Dutch providers launched the Open Cloud Alliantie on April 1, 2026. The real impact is not technological. It changes what Dutch buyers can say in cloud procurement documents.

    2366 words
  6. Why most Kubernetes backup strategies don't survive real disaster recovery

    Most production Kubernetes clusters have a backup strategy that has never been exercised against the disaster it is meant to handle. What separates the teams who survive a DR event from the teams who don't is operational discipline, not tooling choice.

    2497 words
  7. Kubernetes 1.36 quietly buried one of the worst RBAC patterns in production

    Fine-grained kubelet API authorization graduated to GA in Kubernetes 1.36. The release notes call it 'more precise access control.' What it actually does is retire nodes/proxy as one of the worst RBAC patterns in production: a single permission that monitoring tools demanded by default, that bypassed audit logging and admission control, and that public research showed could be turned into a node-level RCE with a GET request alone.

    1630 words
  8. Why I'm leaving GitHub for Forgejo

    I moved my code from GitHub to a self-hosted Forgejo. Not because of the outages, but because of who owns what runs on top of them. The Dutch government just made the same call.

    3314 words
  9. copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius

    copy.fail is a Linux kernel local privilege escalation disclosed on 29 April 2026. It works on nearly every modern distribution, leaves no on-disk trace, and slips past Kubernetes' default seccomp. Why it matters and what to do.

    1631 words
  10. HashiCorp Vault vs OpenBao: a thorough comparison for platform teams

    Two secrets managers, one shared codebase, two very different licenses. A deep, practical comparison of HashiCorp Vault and OpenBao for platform engineers picking between them.

    4605 words
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. Next page

Start typing to search, or browse the knowledge base and blog.