The Reverse Tunnel: ngrok, Cloudflare Tunnel, and the Service That Dials Out
ngrok, cloudflared, Tailscale Funnel, frp — a practitioner's map of reverse tunnels: how they work, when they're production-grade, and how they fit the Zero Trust picture.
DevOps, Platforms, and AI-driven delivery
Practitioner notes on SRE, Platform Engineering, Kubernetes, and how AI changes the way we ship. DevOps, SRE, Platform Engineering, and AI-driven delivery — by Haggai Philip Zagury.
Featured
Compliance, Cloud, and Consulting from Anywhere
The finale of the Zero Trust series: where compliance frameworks meet ZTNA, how the hyperscalers ship it natively, and what twenty years of remote-access evolution means for working practitioners.
Zero Trust Networking: Identity Meets the Network
ZTNA is what you get when you stop treating the network as the trust boundary and make every packet a policy decision against identity. A practitioner's map of the model, the vendors, and the DNS turn.
Latest
The Reverse Tunnel: ngrok, Cloudflare Tunnel, and the Service That Dials Out
ngrok, cloudflared, Tailscale Funnel, frp — a practitioner's map of reverse tunnels: how they work, when they're production-grade, and how they fit the Zero Trust picture.
Compliance, Cloud, and Consulting from Anywhere
The finale of the Zero Trust series: where compliance frameworks meet ZTNA, how the hyperscalers ship it natively, and what twenty years of remote-access evolution means for working practitioners.
Zero Trust Networking: Identity Meets the Network
ZTNA is what you get when you stop treating the network as the trust boundary and make every packet a policy decision against identity. A practitioner's map of the model, the vendors, and the DNS turn.
Identity Is the New Perimeter: AuthN, AuthZ, MFA, and Why They Matter
OAuth is authorization. OIDC is identity. MFA is necessary but not sufficient. A practitioner's map of AuthN, AuthZ, federation, and the DevOps use cases that live on top.
WireGuard: Why Simpler Won
WireGuard won because it's boring — a short config, a fixed crypto suite, and a kernel module the size of a caffeine habit. Here's the practitioner's case for it in 2026.
VPNs: OpenVPN, IPsec, and the TLS Tunnel
VPNs extended the trust boundary over the public internet — and preserved the flaw at the heart of it. A practitioner's tour of OpenVPN, IPsec, split-DNS, and the DPI blocking era.