K3s on Proxmox: Production-Ready Cluster from Scratch
Spin up a K3s v1.36.1 cluster on Proxmox VE 9 using dedicated VMs. Control plane, worker nodes, and the baseline configuration that actually holds up in production.
Deep Dives
Full technical analysis when the topic earns it. Tested against real hardware, with versions named.
Wazuh 4.x to 5.0 migration checklist
Wazuh 5.0 is not a standard upgrade. The manager cannot be upgraded in-place from any 4.x version -- you are doing a clean install. This checklist covers the full migration: agent inventory, manager rebuild, config migration, and post-migration verification.
Tiny-vLLM: LLM Inference in C++ and CUDA
Tiny-vLLM rebuilds vLLM's core inference algorithms in pure C++ and CUDA — no Python required. Here is what self-hosters and inference engineers can learn from reading 3,000 lines of clean, annotated code.
SQLite as a Durable Workflow Engine
SQLite is enough for durable workflows when you run a single node and stay under ~5,000 state transitions per second. This deep dive compares SQLite, Postgres-backed DBOS, and Temporal so you can pick the right tool for your self-hosted setup.
Azure Linux 4.0: Microsoft Enters the Server OS Race
Azure Linux 4.0 is Microsoft's first Fedora-based general-purpose server distro, released into public preview on Azure VMs. Here's what it means for teams running Linux in production — and why Microsoft now wants to own the OS layer, not just host it.
Copy Fail: Root Any Linux Box in 732 Bytes
CVE-2026-31431 lets any local user escalate to root on Linux 4.14+ via a logic flaw in the AF_ALG crypto socket interface. A 732-byte Python script works every time, on every major distro. Here is how to check your exposure and apply the fix.
OTel for AI agents: same tool, new conventions
OpenTelemetry graduated at CNCF on 21 May 2026. It now has developing semantic conventions for LLM spans and agent spans. If you already instrument microservices with OTel, here is what changes when you add AI to the stack.
Migrating from ingress-nginx: a practical guide
ingress-nginx was archived on March 24, 2026. About half of cloud-native environments still run it. Here is what a real migration looks like: the options, the trade-offs, and the parts nobody tells you about upfront.
23,000 vulnerabilities: what Project Lightwell means for you
IBM and Red Hat launched Project Lightwell backed by $5B and Anthropic's Mythos AI model, which flagged 23,000 potential vulnerabilities across 1,000+ open source projects. Here's what the numbers actually mean and what to do before the disclosures land.
Technitium DNS Server in a homelab
13 million NXDomains in a year. How to run Technitium DNS in a homelab for ad blocking, split DNS, and LDAP service discovery — with real numbers.
Langflow CORS Flaw: Your AI Stack's Master Key
CVE-2025-34291 in Langflow is a CVSS 9.4 chain that hands an attacker your entire SaaS stack — API keys, OAuth tokens, database credentials — from a single page visit. CISA added it to KEV on May 21 with a June 4 federal deadline.
Three Linux kernel LPEs in 14 days: triage guide
Three Linux kernel LPEs in 14 days. This is a triage guide for sysadmins deciding which reboot to schedule first — and what to do until you can.
Pixel 10 root in 5 lines: the zero-click chain
Google Project Zero built a zero-click root exploit for Pixel 10 in under a day. Arbitrary kernel read/write in 5 lines. 71 days to patch.
First Public macOS Kernel Exploit Bypasses MIE
Researchers at Calif published the first public kernel exploit for macOS on M5 hardware that survives Apple's Memory Integrity Enforcement — a data-only LPE chain completed in five days.
Replacing SQLite with an FST: 300x smaller (and why it works)
Andrew Quinn replaced a 3 GB SQLite database with a 10 MB FST binary. 300x smaller, same lookups. Here is when FSTs beat SQLite for static lookup data.
CVE-2026-7482 Bleeding Llama: Ollama heap leak hits 300K servers
CVE-2026-7482 'Bleeding Llama' in Ollama leaks heap memory (API keys, env vars, chat history) to unauthenticated attackers. Patched in 0.17.1.
Kubernetes 1.36 DRA: GPU scheduling is production-ready
Kubernetes 1.36 completes DRA's GA story for GPU workloads. We cover device taints, MIG partitioning, and what breaks before you ship this to prod.
seo-mcp: GSC and Bing data for your AI assistant
A small MCP server connecting an AI assistant to live Google Search Console and Bing Webmaster Tools data. Why I built it instead of using what existed.
Grafana 13 upgrade guide for self-hosted operators
Grafana 13 for self-hosted: Git Sync is GA, React 19 breaks community plugins, Unified Storage auto-migrates. Here is the list before you change the image tag.
Using AI Critique to Gate Agent Task Handoffs
I put a critique gate before every agent handoff. It strips vague assumptions before they reach downstream workers and produce wrong-but-confident output.
AI SEO audit tools: pass/fail yes, counting no
Cogny said 44. We fixed what it flagged, ran it again: 85. Then Lighthouse and SEOptimer in the same 30 minutes. Here is what each tool gets right and wrong.
Local AI in 2026: what's running on the box
Local AI on a single RTX 3060: Ollama, SillyTavern, and Stable Diffusion WebUI Forge. What's on the box, why those choices, and what changed in 2026.
AI agent telemetry: cutting prompt costs with data
A Python parser, Prometheus, and Grafana running locally gives per-agent cache hit rates and cost-per-session data. Here is what we did with it.
@holmdigital/engine: WCAG failures mapped to law
Axe flags which WCAG criterion failed. @holmdigital/engine maps that to the law you broke, the enforcing authority, and 17 countries in scope including the EAA.
Stop Calling It an AI Assistant. Build a Team.
Single-agent prompts collapse under their own weight. How to design Claude Code agent teams that hold up: org chart first, profiles second, budget last.
K3s on Proxmox: what actually breaks in production
Running K3s inside Proxmox VMs exposed problems the quick-start skips. MTU mismatches, storage driver conflicts, node-pressure evictions — here is what broke.