Identity Is the New Perimeter: AuthN, AuthZ, MFA, and Why They Matter
OAuth is authorization. OIDC is identity. MFA is necessary but not sufficient. A practitioner's map of AuthN, AuthZ, federation, and the DevOps use cases that live on top.
HagZag — DevOps, Platforms, and AI-driven delivery
Practitioner notes on SRE, Platform Engineering, Kubernetes, and how AI changes the way we ship. DevOps, SRE, Platform Engineering, and AI-driven delivery — by Haggai Philip Zagury.
Featured
WireGuard: Why Simpler Won
WireGuard won because it's boring — a short config, a fixed crypto suite, and a kernel module the size of a caffeine habit. Here's the practitioner's case for it in 2026.
VPNs: OpenVPN, IPsec, and the TLS Tunnel
VPNs extended the trust boundary over the public internet — and preserved the flaw at the heart of it. A practitioner's tour of OpenVPN, IPsec, split-DNS, and the DPI blocking era.
Latest
Identity Is the New Perimeter: AuthN, AuthZ, MFA, and Why They Matter
OAuth is authorization. OIDC is identity. MFA is necessary but not sufficient. A practitioner's map of AuthN, AuthZ, federation, and the DevOps use cases that live on top.
WireGuard: Why Simpler Won
WireGuard won because it's boring — a short config, a fixed crypto suite, and a kernel module the size of a caffeine habit. Here's the practitioner's case for it in 2026.
VPNs: OpenVPN, IPsec, and the TLS Tunnel
VPNs extended the trust boundary over the public internet — and preserved the flaw at the heart of it. A practitioner's tour of OpenVPN, IPsec, split-DNS, and the DPI blocking era.
SSH and the Cryptographic Turn
SSH replaced telnet in a few years and still runs everything three decades later. Here's why 'SSH is solved' is the most dangerous sentence in your runbook.
From Trusted Wires to the Open Internet
Why telnet, rsh, and finger made sense once — and why every modern remote-access control traces back to the moment the wire stopped being trusted.
From API to Owned: MiniMax M2.7, Gemma 4, and the Case for Running Models on Your Laptop
Two major open-source model releases in one week signal a tipping point. Here's why I'm running capable agent models on my own hardware — and how you can too.