Security

To connect two remote LANs over WireGuard , you configure a WireGuard peer on one gateway device at each site, set AllowedIPs to include the remote site’s subnet, enable IP forwarding on both gateways, and add routing so LAN clients send cross-site traffic through the tunnel. Once configured, every device on either LAN can reach devices on the other LAN transparently - no VPN client installation on individual machines. A single UDP port open on at least one side is all you need.

If you just ran rm on something important and you’re in a panic, stop touching that filesystem right now. Run mount -o remount,ro /dev/sdX to remount the partition read-only first. Every write to the disk after deletion cuts your odds of getting those files back. Here is the short answer. For ext4, try extundelete or debugfs first, then PhotoRec as a fallback. For Btrfs, roll back a snapshot if you have one, or use btrfs restore if you don’t. The right move depends on your case, so read on.

Tailscale builds a private WireGuard -based mesh VPN across all your devices with almost no setup. You install the client on each machine and sign in with your identity provider. Every device then gets a stable 100.x.y.z IP that works no matter the NAT, firewalls, or network changes. Tailscale v1.96 adds ACL tags for per-device policy, exit nodes, subnet routers, and MagicDNS for hostname lookups. For homelabbers, it is the easiest way to link a server, cloud VPS, phone, and laptop into one network.

Hardening a Docker image means cutting the attack surface at every layer. Start from a minimal base like distroless or Alpine. Run as a non-root user. Set the filesystem read-only. Drop all Linux capabilities and add back only what the app needs. Pin dependency versions with checksums. Scan images with Trivy or Grype before you push. Each layer of this checklist stands on its own, so you can adopt them one at a time.

The numbers are in, and they’re bad. Escape.tech scanned 5,600 vibe-coded apps in the wild. It found over 2,000 bugs, more than 400 exposed secrets, and 175 leaks of personal data, including medical records and IBANs. A separate December 2025 audit by Tenzai found 69 flaws across just 15 test apps built with five popular AI coding tools. Georgia Tech’s Vibe Security Radar tracked CVEs caused by AI-generated code. They climbed from 6 in January 2026 to 35+ by March. The incidents aren’t hypothetical now. They’re outages, leaked databases, and wiped customer records.

Your AI coding agent has the same file access, shell rights, and database keys you do. A review of 78 studies from January 2026 (arXiv:2601.17548 ) tested every big coding agent. The list ran every major agentic coding assistant . All fell to prompt injection. Adaptive attacks landed more than 85% of the time. This isn’t theory. CVE-2026-23744 gave attackers remote code execution on MCPJam Inspector at CVSS 9.8. A booby-trapped PDF tripped a physical pump through a Claude MCP link at a plant. Attackers hit GitHub’s MCP server to exfiltrate private repository data via malicious issues . And 47 firms fell to a poisoned plugin ecosystem that hid for six months.