Practical security & self-hosting tutorials for devs who run their own infrastructure.

Three cyan envelopes side-by-side, each sealed with a lock, key, and shield glyph — representing Proton Mail, Tutanota, and Mailbox.org compared.

Private Email Showdown 2026: Proton Mail vs Tutanota vs Mailbox.org — I ran all three for 90 days

TL;DR: - Proton Mail — best default for most people. Custom domain works, the apps are polished, deliverability is the best of the three. The bridge is the only way

enim · May 26 · 6 min

Read →

// start here

Three guided paths through ByteGuard — pick one.

01 Run your own services Self-hosting · Docker, Vaultwarden, Gitea 02 Lock down your VPS VPS security · SSH, firewall, fail2ban 03 Learn by breaking things CTF · web, crypto, pwn, forensics

Latest Posts

Glowing cyan padlock with a globe inside, orbiting network nodes — symbolising Proton VPN's encrypted tunnels across the world.

[ vpn ]

Proton VPN in 2026: I ran it for 60 days on my self-hosted stack — here's what works and what doesn't

TL;DR: Proton VPN is the right default for most self-hosters who want a privacy-respecting VPN without DIYing one. It's

May 23 · 9 min

[ security ]

15 Best Free Security Tools in 2026

I spend a lot of time testing security tools — for my own infrastructure, for CTF challenges, and for the tools I recommend

May 13 · 9 min

World map with server nodes in Helsinki, Frankfurt, Amsterdam and a latency bar chart showing benchmarks for 5 VPS providers

[ vps ]

Hetzner vs Contabo vs Vultr vs Linode vs DO: 30-Day VPS Data

TL;DR 33 days of real Uptime Kuma data from a Hetzner CPX22 in Helsinki: 99.98% uptime over 46,934 health

May 10 · 10 min

Gitea server with Git branch tree, Docker whale carrying containers, SSH key, SSL proxy, and CI/CD pipeline

[ self-hosting ]

How to Self-Host Gitea with Docker Compose

GitHub is free, reliable, and deeply integrated into every developer's workflow. So why would anyone self-host Gitea as an alternative?

Apr 30 · 10 min

Fortified Docker container with seccomp filter, Falco owl monitoring, Trivy scanner, image signing, and chains of trust

[ docker-2 ]

Advanced Docker Container Security Guide

If you followed my earlier post on Docker security best practices, you already know the fundamentals: non-root users, read-only filesystems, dropped capabilities.

Apr 29 · 10 min

HackTheBox Lame server with cracked SMB and FTP ports, nmap terminal, Metasploit console, and root flag

[ ctf-2 ]

HackTheBox Lame Walkthrough — Step by Step

Spoiler Warning: This post contains a full walkthrough of the retired HackTheBox machine "Lame," including both exploitation paths and the

Apr 28 · 8 min

[ proxmox ]

How to Build a Home Lab with Proxmox VE

A VPS is great for running production services, but for learning, testing, and breaking things on purpose, nothing beats a home lab.

Apr 27 · 11 min

[ nmap ]

How to Use Nmap Like a Pro — Beginner's Guide

Every time I set up a new server, the first thing I do before hardening anything is figure out what's

Apr 25 · 9 min

Nextcloud cloud icon with orbiting files, Docker whale carrying containers, SSL padlock, and docker-compose terminal

[ self-hosting-2 ]

Self-Hosting Nextcloud with Docker Compose

Google Drive gives you 15 GB for free and sells you convenience. In exchange, it scans your files, trains AI on your

Apr 24 · 9 min

[ security-2 ]

OWASP Top 10 Explained with Real Examples

If you build anything for the web -- APIs, SPAs, server-rendered apps, microservices -- the OWASP Top 10 is the baseline you

Apr 23 · 10 min

Browser security audit panel with HTTP header checklist, shield, magnifying glass, and server icons

[ security-2 ]

How to Check Your Website's Security Headers

Every HTTP response your server sends includes headers that browsers use to decide how to handle your content. Get them wrong --

Apr 22 · 9 min