https://the47network.com/blog.html Infrastructure insights, product deep-dives, and security engineering from the 47Network team. en © 2026 47Network hello@the47network.com (47Network) hello@the47network.com (47Network) Mon, 10 Feb 2026 09:00:00 +0200 https://the47network.com/assets/logo.png https://the47network.com/blog.html https://the47network.com/blog/qa-maturity-model.html A practical five-level framework for diagnosing your QA maturity — from zero tests to full CI/CD integration. Where most teams actually sit, and the highest-impact change at each level. Mon, 10 Feb 2026 09:00:00 +0000 TestGate Studio Testing https://the47network.com/blog/qa-maturity-model.html https://the47network.com/blog/zero-trust-for-smes.html https://the47network.com/blog/zero-trust-for-smes.html Mon, 10 Feb 2026 09:00:00 +0200 47Network Studio Team Security https://the47network.com/blog/self-hosting-matrix-2026.html https://the47network.com/blog/self-hosting-matrix-2026.html Tue, 28 Jan 2026 09:00:00 +0200 47Network Studio Team Infrastructure https://the47network.com/blog/passvault-architecture.html https://the47network.com/blog/passvault-architecture.html Tue, 14 Jan 2026 09:00:00 +0200 47Network Product Team Product https://the47network.com/blog/ebpf-perimeter-security.html Kernel-level network filtering with eBPF and XDP — no firewall appliance required. Architecture of 47Sentry's Traffic Sentinel, NetMapper, and DNS resilience components. Mon, 03 Feb 2026 09:00:00 +0000 https://the47network.com/blog/ebpf-perimeter-security.html Security Infrastructure https://the47network.com/blog/sms-infrastructure-47comms.html How 47Comms handles multi-tenant SMS routing, consent management, carrier failover, and PBX bridging without vendor lock-in. Wed, 21 Jan 2026 09:00:00 +0000 https://the47network.com/blog/sms-infrastructure-47comms.html Infrastructure Product https://the47network.com/blog/sven-agent-design.html The design decisions behind Sven Agent — tamper-proof audit trails, deterministic skill orchestration via OpenClaw, self-hosting, and the mission control interface. Mon, 17 Feb 2026 09:00:00 +0000 https://the47network.com/blog/sven-agent-design.html Product Architecture https://the47network.com/blog/keycloak-sso-small-teams.html Step-by-step Keycloak deployment for teams of 5-100. Realm setup, OIDC clients, MFA enforcement, production hardening — without enterprise complexity. Sat, 21 Feb 2026 09:00:00 +0000 https://the47network.com/blog/keycloak-sso-small-teams.html Infrastructure Security https://the47network.com/blog/docker-compose-vs-kubernetes.html When to use Docker Compose and when Kubernetes earns its complexity — practical guidance based on team size and operational capacity. Mon, 23 Feb 2026 09:00:00 +0000 https://the47network.com/blog/docker-compose-vs-kubernetes.html Infrastructure https://the47network.com/blog/vault-secrets-management.html Why env vars are the wrong secrets model and how to migrate to Vault — dynamic credentials, leases, Agent Injector, AppRole auth, and what actually breaks. Mon, 23 Feb 2026 14:00:00 +0000 https://the47network.com/blog/vault-secrets-management.html Infrastructure Security https://the47network.com/blog/tamper-proof-audit-trail.html Cryptographic chaining, write-once storage, external anchoring, and append-only PostgreSQL enforcement. Audit logs that withstand forensic scrutiny. Tue, 24 Feb 2026 10:00:00 +0000 https://the47network.com/blog/tamper-proof-audit-trail.html Security https://the47network.com/blog/password-hashing-argon2.html Why Argon2id won the Password Hashing Competition. How to benchmark and tune its parameters. When bcrypt is still acceptable and why MD5/SHA are never acceptable. Tue, 24 Feb 2026 10:00:00 +0000 https://the47network.com/blog/password-hashing-argon2.html Security https://the47network.com/blog/proxmox-production.html The storage, network, backup, and HA cluster decisions that separate a homelab Proxmox setup from one you can stake production workloads on. Tue, 24 Feb 2026 11:00:00 +0000 https://the47network.com/blog/proxmox-production.html Infrastructure https://the47network.com/blog/prometheus-alerting-that-works.html The most common failure mode in Prometheus alerting is false positives. How to write alerts that fire when something is actually wrong and stay silent otherwise. Tue, 24 Feb 2026 12:00:00 +0000 https://the47network.com/blog/prometheus-alerting-that-works.html Infrastructure https://the47network.com/blog/makefile-that-works.html Make is 50 years old and still the best task runner for most projects. Phony targets, automatic variables, pattern rules, and a self-documenting help target. Tue, 24 Feb 2026 13:00:00 +0000 https://the47network.com/blog/makefile-that-works.html Infrastructure https://the47network.com/blog/email-deliverability-spf-dkim-dmarc.html SPF stops spoofing but doesn't authenticate content. DKIM signs messages but doesn't block forged senders. DMARC ties them together and tells receivers what to do. Here's how all three work and how to deploy them correctly. Tue, 24 Feb 2026 14:00:00 +0000 https://the47network.com/blog/email-deliverability-spf-dkim-dmarc.html Infrastructure https://the47network.com/blog/wireguard-site-to-site.html WireGuard is simpler and faster than OpenVPN or IPsec. Here's how to set up a site-to-site VPN, configure routing between subnets, manage key rotation, and integrate it with a zero-trust architecture. Tue, 24 Feb 2026 14:00:00 +0000 https://the47network.com/blog/wireguard-site-to-site.html Infrastructure https://the47network.com/blog/postgresql-for-developers.html Connection pooling with PgBouncer, partial indexes, EXPLAIN ANALYZE, VACUUM tuning, and the postgresql.conf settings that actually matter in production. Tue, 24 Feb 2026 14:00:00 +0000 https://the47network.com/blog/postgresql-for-developers.html Infrastructure https://the47network.com/blog/ssh-hardening-checklist.html The complete SSH hardening checklist: key-only auth, modern algorithm config, fail2ban, user restrictions, a full sshd_config example, and Teleport for team-scale access management. Tue, 24 Feb 2026 15:00:00 +0000 https://the47network.com/blog/ssh-hardening-checklist.html Security https://the47network.com/blog/nginx-reverse-proxy.html TLS termination with OCSP stapling, three rate-limiting zones for auth and API endpoints, upstream health checks, JSON logging, and a complete production Nginx config. Tue, 24 Feb 2026 16:00:00 +0000 https://the47network.com/blog/nginx-reverse-proxy.html Infrastructure https://the47network.com/blog/restic-backup-strategy.html Encrypted deduplicated Restic backups to S3-compatible storage, retention policies, integrity verification, and automated restore testing with systemd timers. Tue, 24 Feb 2026 17:00:00 +0000 https://the47network.com/blog/restic-backup-strategy.html Infrastructure https://the47network.com/blog/redis-for-developers.html Connection pooling, cache invalidation, BullMQ job queues, pub/sub for real-time events, sorted-set rate limiters, and Redis persistence configuration. Tue, 24 Feb 2026 18:00:00 +0000 https://the47network.com/blog/redis-for-developers.html Infrastructure https://the47network.com/case-studies/media-comms-platform.html Matrix homeserver, 47Comms SMS alerts, and editorial workflow integration for a 120-person national media organisation. Zero third-party message access. Tue, 24 Feb 2026 19:00:00 +0000 https://the47network.com/case-studies/media-comms-platform.html Case Study https://the47network.com/blog/github-actions-cicd.html Self-hosted runners, Vault secrets injection, environment protection gates, reusable workflows, and artifact-based rollback for production CI/CD. Tue, 24 Feb 2026 20:00:00 +0000 https://the47network.com/blog/github-actions-cicd.html Infrastructure https://the47network.com/blog/passkeys-webauthn-2026.html WebAuthn registration and authentication flows, resident keys, cross-device passkeys, attestation, and fallback strategy for production implementation. Tue, 24 Feb 2026 21:00:00 +0000 https://the47network.com/blog/passkeys-webauthn-2026.html Security https://the47network.com/blog/grafana-dashboards.html PromQL for the RED and USE methods, Loki log correlation, alert rules from panels, variable templating, and dashboard organisation for production observability. Tue, 24 Feb 2026 22:00:00 +0000 https://the47network.com/blog/grafana-dashboards.html Infrastructure https://the47network.com/case-studies/fintech-playwright-qa.html 94 automated Playwright E2E and API contract tests, k6 load testing, and GitHub Actions CI gate — reducing a 5-day manual regression to under 2 hours. Tue, 24 Feb 2026 23:00:00 +0000 https://the47network.com/case-studies/fintech-playwright-qa.html Case Study https://the47network.com/blog/playwright-e2e-testing.html Page Object Model, auth fixtures, parallel execution, network interception, and CI sharding — the Playwright patterns behind every 47Network Studio QA engagement. Tue, 24 Feb 2026 20:00:00 +0000 https://the47network.com/blog/playwright-e2e-testing.html QA https://the47network.com/blog/k6-load-testing.html Virtual user ramps, thresholds, authenticated scenarios, InfluxDB output, and the five test types every production system needs — baseline through soak. Tue, 24 Feb 2026 20:30:00 +0000 https://the47network.com/blog/k6-load-testing.html QA https://the47network.com/blog/ansible-infrastructure-automation.html Idempotent playbooks, roles, inventory management, Ansible Vault, and rolling update patterns for self-hosted server fleets. Wed, 25 Feb 2026 09:00:00 +0000 https://the47network.com/blog/ansible-infrastructure-automation.html Infrastructure https://the47network.com/blog/tls-certificates-certbot-acme.html HTTP-01 vs DNS-01 challenges, wildcard certificates, Nginx TLS hardening, auto-renewal, and Prometheus expiry alerting. Wed, 25 Feb 2026 09:30:00 +0000 https://the47network.com/blog/tls-certificates-certbot-acme.html Security https://the47network.com/blog/tailscale-headscale-mesh-vpn.html How Tailscale works, when to self-host the control plane with Headscale, ACLs for zero-trust network policy, and subnet routing. Wed, 25 Feb 2026 10:00:00 +0000 https://the47network.com/blog/tailscale-headscale-mesh-vpn.html Security https://the47network.com/blog/gdpr-compliance-engineering.html Data minimisation, consent mechanisms, right-to-erasure implementation, audit logging for GDPR, and the compliance engineering patterns used in 47Network's fintech and healthcare engagements. Wed, 25 Feb 2026 11:00:00 +0000 https://the47network.com/blog/gdpr-compliance-engineering.html Security https://the47network.com/blog/opentelemetry-distributed-tracing.html Auto-instrumentation, manual spans, context propagation, exporting to Jaeger and Grafana Tempo, and the tracing setup used alongside Prometheus in 47Network Studio engagements. Wed, 25 Feb 2026 11:30:00 +0000 https://the47network.com/blog/opentelemetry-distributed-tracing.html Infrastructure https://the47network.com/blog/loki-log-aggregation.html Label design, LogQL queries, Promtail pipeline stages, correlation with Prometheus metrics, and production deployment patterns for Grafana Loki. Wed, 25 Feb 2026 12:00:00 +0000 https://the47network.com/blog/loki-log-aggregation.html Infrastructure https://the47network.com/blog/zfs-storage-guide.html RAIDZ2 pool design, dataset hierarchy, compression, snapshots, send/receive replication, scrubs, and ECC RAM — the ZFS setup behind 47Network hardware deployments. Wed, 25 Feb 2026 13:00:00 +0000 https://the47network.com/blog/zfs-storage-guide.html Infrastructure https://the47network.com/blog/jwt-token-authentication.html JWT structure, RS256 vs HS256, the alg:none vulnerability, refresh token rotation, token revocation strategies, and secure client-side storage patterns. Wed, 25 Feb 2026 13:30:00 +0000 https://the47network.com/blog/jwt-token-authentication.html Security