Short, opinionated writing about the things we keep tripping over. No marketing, no listicles.
Ballot SC-081v3 cuts public TLS cert validity from 398 to 47 days by 2029. The timeline, the renewal math, and what to automate now.
By 2029 most teams will renew TLS certificates 8 times a year. The spreadsheet workflow is finally breaking. Here's what to replace it with.
TLS cert validity drops in phases: 398 days now, 200 in 2026, 100 in 2027, 47 in 2029. How many renewals a year that really means.
We shipped v1 as usage-metered SaaS. Two months in, we rewrote the business model. Here's why, and what it means for free and paid users.
Why a DNS change takes hours to land, what's really happening in resolver caches, and how to verify your records with TTL-aware checks.
What ports to keep closed, what to monitor, what to do when something unexpected is listening, and the audits worth running quarterly.
The four numbers worth memorising about IPv4 subnetting, how CIDR actually works, and how to spot common subnet mistakes in production.
What a MAC address tells you about a device, and what it hides once iOS or Android randomises it. OUI lookups and their limits.
ICMP is one signal out of many. Here are five other connectivity checks that actually tell you whether your service is reachable, plus when each one matters.
How Spanning Tree Protocol stops layer 2 loops, the misconfigurations that cause network meltdowns, and the settings that make STP boring again.
Every TCP and UDP port worth memorising, from well-known to ephemeral ranges, plus the security rules that keep open ports from hurting you.
A step-by-step process for diagnosing DNS failures, covering NXDOMAIN errors, dead resolvers, slow lookups, and the dig commands that find the cause.
