Platform updates, product releases, infrastructure improvements, and Studio announcements. Updated regularly.
JWT structure, RS256 vs HS256, the alg:none vulnerability, refresh token rotation, token revocation strategies, and secu
Read →RAIDZ2 pool design, dataset hierarchy, compression, snapshots, send/receive replication, scrubs, and ECC RAM — the ZFS s
Read →Label design, LogQL queries, Promtail pipeline stages, correlation with Prometheus metrics, and production deployment pa
Read →Auto-instrumentation, manual spans, context propagation, exporting to Jaeger and Grafana Tempo, and the tracing setup us
Read →Data minimisation, consent mechanisms, right-to-erasure implementation, audit logging for GDPR, and the compliance engin
Read →How Tailscale works, when to self-host the control plane with Headscale, ACLs for zero-trust network policy, and subnet
Read →HTTP-01 vs DNS-01 challenges, wildcard certificates, Nginx TLS hardening, auto-renewal, and Prometheus expiry alerting.
Read →Idempotent playbooks, roles, inventory management, Ansible Vault, and rolling update patterns for self-hosted server fle
Read →Virtual user ramps, thresholds, authenticated scenarios, InfluxDB output, and the five test types every production syste
Read →Page Object Model, auth fixtures, parallel execution, network interception, and CI sharding — the Playwright patterns be
Read →94 automated tests, 5-day regression to 2 hours, k6 load testing that caught a connection pool bug before production.
Read →PromQL for the RED and USE methods, Loki log correlation, alert rules from panels, variable templating, and dashboard or
Read →WebAuthn registration and authentication flows, resident keys, cross-device passkeys, attestation, and fallback strategy
Read →Self-hosted runners, Vault secrets injection, environment protection gates, reusable workflows, and artifact-based rollb
Read →Matrix homeserver, 47Comms SMS alerts, and editorial workflow integration for a 120-person media organisation. 98.7% SMS delivery rate.
Read →Connection pooling, cache invalidation, BullMQ job queues, pub/sub for real-time events, sorted-set rate limiters, and R
Read →Encrypted deduplicated Restic backups to S3-compatible storage, retention policies, integrity verification, and automate
Read →TLS termination with OCSP stapling, three rate-limiting zones for auth and API endpoints, upstream health checks, JSON l
Read →Complete SSH hardening guide: key-only auth, algorithm hardening, fail2ban configuration, a full hardened sshd_config, and Teleport for team-scale SSH access management.
Read guide →Published case study for a Romanian government e-services portal: WCAG 2.1 AA compliance audit, 140 Playwright tests, k6 load testing, and full CI integration in 8 weeks.
Read case study →Practical guide to production PostgreSQL: PgBouncer connection pooling, partial indexes, covering indexes, EXPLAIN ANALYZE, VACUUM tuning, and essential postgresql.conf settings.
Read guide →Published a practical guide to WireGuard site-to-site VPN setup — key generation, routing configuration, persistent keepalives, and multi-site mesh topologies.
Read guide →Published two infrastructure guides: SPF/DKIM/DMARC explained with deployment sequence, and WireGuard site-to-site VPN setup with routing and key management.
Email guide →Published a practical guide to writing maintainable Makefiles — phony targets, automatic variables, pattern rules, and a self-documenting help target convention.
Read guide →Published the seventh Studio case study — three-node Proxmox VE cluster replacing VMware ESXi, 27 VMs migrated with zero unplanned downtime, ZFS RAIDZ2 storage, and PBS deduplicated backups.
Read case study →Published a practical guide to running Proxmox VE in production — ZFS storage, HA clustering with QDevice, Proxmox Backup Server, and the network configuration that prevents 3am failures.
Read guide →Published a practical comparison of password hashing algorithms — how each works, when to use each, and how to benchmark and tune Argon2id parameters for your production hardware.
Read guide →Published a deep-dive on cryptographically chained, append-only audit logs — covering the six required properties, SHA-256 hash chaining mechanics, external anchoring with S3 Object Lock, and how this architecture works inside Sven Agent.
Read guide →Published a practical guide to migrating from environment-variable secrets to HashiCorp Vault — KV engine, AppRole auth, dynamic database credentials, the Kubernetes Agent Injector, and six operational gotchas.
Read guide →Published a practical guide to choosing between Docker Compose and Kubernetes for self-hosted infrastructure — covering team size thresholds, what Compose doesn't do, a decision table for common scenarios, and the Compose production checklist.
Read guide →Published a practical Keycloak SSO setup guide for small teams — realm config, OIDC clients, MFA/TOTP enforcement, and production hardening. Based on Studio deployment experience.
Read guide →Published a new Studio case study: 14-week engagement delivering 47ID SSO unification across 5 internal tools and a full automated QA pipeline (Playwright, k6, GitHub Actions) for a European e-commerce platform — in partnership with TestGate Studio.
Read case study →NetMapper now exports live topology data via REST API and optional Prometheus metrics. Integrate observed network topology directly into Grafana dashboards. Graph format: nodes are hosts, edges are observed connections weighted by traffic volume and recency.
View 47Sentry →The routing layer now maintains per-carrier health scores from delivery receipt windows. Unhealthy carriers are deprioritised automatically — no manual failover required. Secondary carrier configuration now available for all plans.
View 47Comms →All 47Network Kubernetes clusters now run Kyverno for policy enforcement, replacing ad-hoc RBAC rules with declarative, version-controlled policies: no privileged containers, required resource limits, mandatory audit labels, approved registries only.
After four months of private testing with 12 design partners, Sven Agent is now open for early access. Early adopters get unlimited missions during the beta period.
All 47Network product deployments are now fully managed via Argo CD with continuous sync from our private Git repository. Every change is auditable, reversible, and reproducible.
PassVault now supports FIDO2 passkeys as a second factor, and introduces emergency access — a trusted contact can request access after a configurable waiting period.
Self-hosted 47mail deployments can now serve multiple custom domains with per-domain policies. Alias routing allows receive-only addresses that forward to your primary inbox.
Following strong Q4 2025 demand, the Studio has expanded capacity. We're now accepting four new infrastructure engagements starting February 2026.
The centralized identity provider for all 47Network products has been upgraded to Keycloak v26 with conditional MFA, improved WebAuthn support, and a redesigned account console.
Major release: rebuilt analytics backend, custom domain support for Pro/Team, and a new link-in-bio feature.
A timing edge case in the TOTP implementation caused intermittent failures on iOS 18 when system clock drift exceeded 15 seconds. Patched within 4 hours of report.
47Sentry brings kernel-level network visibility to self-hosted environments. eBPF/XDP processes at line rate on commodity hardware.
TestGate Studio as our dedicated QA and testing arm. All Studio engagements now optionally bring full-spectrum QA expertise — web, mobile, app, API, desktop, game, performance and automation — with 20+ years combined experience and an independent mandate to let no bug pass." data-ro="47Network Studio a partenariat cu TestGate Studio — QA complet — web, mobil, aplicații, API, jocuri, performanță și automatizare.">47Network Studio has partnered with TestGate Studio as our dedicated QA arm. Studio engagements now optionally include full-spectrum QA — web, mobile, app, API, desktop, game, performance and automation — via TestGate Studio.
All infrastructure now uses HashiCorp Vault. Dynamic secrets with automatic rotation have replaced all static credentials across every service and pipeline.
47Network goes live with the first cohort: CutUR Link (live), 47Comms (live), PassVault (beta), 47mail (beta). The Studio opens for infrastructure engagements.
Low-frequency updates on product releases, platform changes, and Studio news. No marketing, no noise.