Coming Soon to BitNinja. Already in Production in CFM.

BitNinja’s July newsletter — a JavaScript Proof-of-Work CAPTCHA, a unified WAF, and a “coming soon” SOS mode — describes features a one-person, open-source WAF shipped last spring, plus two kernel layers the newsletter never mentions. A friendly, factual comparison.

AlmaLinux 10: Dual EFI + mdadm RAID1 on Bare Metal (or: How I Spent My Friday Evening Arguing With a Boot Loader)

Introduction, or “What Could Possibly Go Wrong” So you have a perfectly good server. Two perfectly good SATA SSDs. A perfectly reasonable desire to mirror them so that when one inevitably dies at 3am on a Sunday, your server keeps running. You’ve done this a hundred times. mdadm, RAID1, /boot on the array, done, beer, … Read more

Hardening Shared Linux Hosting Kernels: What cfm kernsec Actually Does (and Doesn’t Do)

A grounded look at kernel attack surface reduction for production hosting servers — no silver bullets, just honest defense. The kernel LPE wave of 2025–2026 was a good reminder that most Linux servers are running with more attack surface exposed than they need. Dirty Frag, Copy Fail (CVE-2026-31431), the ksmbd parade, watch_queue, Dirty Cred — … Read more

CVE-2026-41940: The 64-Day Backdoor Into the Internet’s Control Plane

A critical authentication bypass in cPanel & WHM gave attackers root access to over a million publicly exposed servers — silently, without a password, defeating two-factor authentication — for sixty-four days before anyone patched a thing. What Was Actually at Stake cPanel and WHM are not just web applications. They are the administrative nervous system … Read more

Argus: when a Netflow engine grows into its own platform

There was a point where it became obvious that flowenricher had outgrown its original shape. It started as an engine: ingesting NetFlow/IPFIX, enriching traffic with ASN, GeoIP, BGP path, PTR and SNMP data, running detections, and handling mitigation/blackhole logic. The backend side was already doing serious work. But the operator experience around it still belonged … Read more

Local LLM spam classifier — model shootout

We tested 9 local LLM models as spam classifiers on an AMD EPYC 4545P running Ollama. Here’s what we found. After setting up the SpamAssassin + Ollama integration (see the previous post), the obvious next question was: is qwen2.5:7b actually the best choice, or did we just get lucky picking it first? So we ran … Read more