Skip to content

Infrastructure & cloud

IT infrastructure →24/7 management of servers and networks Cloud managed services →Deploy, migrate, run — multi-cloud, no lock-in DevOps & CI/CD →Pipelines, IaC and DevSecOps

Security & operations

Network & NOC →Continuous monitoring and response InfoSec / Managed SIEM →Managed Wazuh, SOC, NIS2 IT support & helpdesk →cPanel, AlmaLinux, tiers L1–L3

★ Featured pillar

Observability triad

Network, servers and AI/agent monitoring in one place. The hundred eyes over your infrastructure.

View the pillar →

AI offerings

AI consulting →Strategy and EU AI Act readiness AI solutions →Models, NLP, computer vision Agentic AI →Agents with real observability

AI infrastructure

AI infrastructure →MLOps, pipelines, GPU AI products →Secure LLM development AI transformation →Modernise your product with AI

★ Featured pillar

Sovereign LLM hosting

Private models on-prem, in a VPC or air-gapped. Your data never leaves the EU.

View the pillar →

Advisory & assessments

Deliverability audit →Find and fix what hurts inboxing vCISO →Security leadership on tap Penetration testing →Find the holes before others do

Cloud & security engineering

Cloud migration →Move workloads into the EU, safely Cloud cost optimization →FinOps: cut spend without risk DevSecOps & supply chain →Secure-by-design, SBOM, CRA

★ Consulting

Advice from the people who operate it

Our assessments are written by the engineers who run the result, so the recommendations stay honest.

Explore consulting →

Team models

Staff augmentation →Talent that joins your team Team as a Service →A dedicated pod, long term Nearshore Europe →EU time zone, multilingual, EU compliance

Managed services

White-label email infra →PowerMTA, IPs, deliverability Technical support →Outsourced helpdesk, L1–L3 Marketing operations →Email marketing with real deliverability

★ Featured pillar

Email Infrastructure

Deliverability done properly: SPF/DKIM/DMARC, BIMI, 2026 bulk-sender rules.

View the pillar →

European regulation

EU AI Act →Governance and conformity readiness NIS2 →Essential and important entities DORA →Operational resilience · financial sector

Sovereignty & data

Digital sovereignty →Who legally controls your infrastructure Cyber Resilience Act →SBOM, secure-by-design EAA accessibility →WCAG 2.1 AA / EN 301 549

★ Flagship pillar

Compliance & Sovereignty

A European regulatory constellation a provider without an EU base cannot credibly cover.

View the pillar →

Services

AI Managed Services Consulting Outsourcing

Differentiators

Compliance & Sovereignty Email Infrastructure Observability & AI Free Tools & Assessments

Language

English Deutsch — soon Français — soon Español — soon

Field notes

What we learn running the systems, written down.

Field notes are working write-ups from the practice: deliverability, EU compliance and sovereign infrastructure, explained by the people who operate it rather than summarised from someone else's blog. Every piece is dated, every claim is sourced, and nothing is padded to look longer than the subject deserves.

There is a lot of email and infrastructure writing online, and most of it is a checklist wrapped around a product pitch. These notes are different in three ways that matter. We write only about work we do ourselves, so the deliverability pieces come from running mail-transfer infrastructure and the compliance pieces from placing regulated workloads, not from rephrasing a vendor's release. We date everything and revisit it, because a sender-requirements rule from 2024 is not the rule in 2026, and a note that does not say when it was written is worth little. And we tell you when the honest answer is to do less, to not build, or to fix the practice rather than buy more around it, because that is the standard we hold our own services to.

Latest notes.

The list is short by design. We publish when we have something operational to say, not on a content calendar.

Security Linux server hardening in 2026: the order that matters, the controls that earn their keep, and a score for your fleet A Linux server ships configured for convenience, and the internet finds the defaults within minutes. The hardening order that front-loads impact: SSH lockdown first, default-deny firewall, fail2ban/CrowdSec, patching, kernel sysctl, auditd and AIDE, CIS benchmarks and OpenSCAP, the lockout mistake that ends careers, and a hardening score for your own server. 12 June 2026 · 27 min · Read the note → Security MDR in 2026: why 24/7 detection costs what it costs, and when to buy it instead of building it A security tool nobody watches at 3am is a smoke detector in an empty house. What MDR really is against EDR, XDR, SIEM and MSSP, the staffing geometry that makes a 24/7 SOC cost millions, MTTD and MTTR, the build-versus-buy maths with a calculator, and why every DORA and NIS2 clock starts at detection. 11 June 2026 · 27 min · Read the note → Deliverability BIMI in 2026: your logo in the inbox, what it really costs, and the CMC that changed the math BIMI is the visible reward for authentication done right: your verified logo beside your mail in Gmail, Apple and Yahoo. For years it was gated behind a trademark and an expensive certificate. The Common Mark Certificate changed that. The four prerequisites, the VMC-vs-CMC decision, the SVG Tiny PS rules, the real costs, and a record generator with a readiness check. 11 June 2026 · 25 min · Read the note → Compliance Data sovereignty in 2026: why a Frankfurt data centre isn't European enough Storing EU data in an EU region satisfies residency, which is a different and weaker thing than sovereignty. The CLOUD Act gap, the GDPR transfer machinery and Schrems III, what DORA and the Data Act now demand, sovereign cloud vs EU-native, and the architecture that makes foreign access impossible rather than merely forbidden, all the way to where AI model weights may live. 11 June 2026 · 26 min · Read the note → Compliance DORA in 2026: the grace period is over, and the clock starts at four hours DORA went live in January 2025 and 2025 was the year supervisors looked the other way. That year is gone. Who it binds across 20 financial entity types and their ICT providers, the five pillars, the four-hour incident clock, the Register of Information, the oversight of critical providers, and where it stacks with NIS2 and the GDPR. 10 June 2026 · 26 min · Read the note → Deliverability DKIM in 2026: selectors, key rotation, and the signature that breaks in ways you can't see DKIM is the strongest evidence in email authentication and the least maintained. How the signature really works, why selectors are never reused, 2048-bit vs Ed25519, the l= weakness and oversigning, zero-downtime rotation with drain periods, and an inspector that reads your record. 10 June 2026 · 26 min · Read the note → Deliverability SPF in 2026: the ten-lookup budget, the record that silently breaks, and how to build one that doesn't SPF looks like the simplest authentication record and causes the most invisible failures, because it carries a budget most people never count. How evaluation spends your ten lookups, the void-lookup limit nobody mentions, the honest fix ladder, and a generator with the meter running. 10 June 2026 · 25 min · Read the note → Deliverability Email subdomain strategy in 2026: isolating reputation without confusing your recipients A subdomain keeps a marketing misstep from sinking your password resets, and most senders either skip it or overdo it. When a subdomain beats the root and when you need a separate domain, per-subdomain SPF/DKIM/DMARC and the sp tag, naming that doesn't look like phishing, and a planner. 10 June 2026 · 24 min · Read the note → Security Wazuh as your SIEM in 2026: what free really costs, and when managed beats both Commercial SIEM pricing punishes the logging security needs most. What Wazuh genuinely does, where the SIEM money goes in 2026, a cost calculator for your volumes, and the honest choice between self-run, commercial and managed. 9 June 2026 · 24 min · Read the note → Deliverability DMARC in 2026: from p=none to p=reject without breaking your mail Most domains have a DMARC record; far fewer are protected, because they stopped at monitoring. What every tag does, how the none-to-reject journey is done without blocking your own mail, and a generator to build your record. 9 June 2026 · 24 min · Read the note → Deliverability One-click unsubscribe in 2026: RFC 8058, the two headers, and why so many break it It looks like the simplest rule in the bulk-sender requirements and is one of the most quietly broken. The two headers, why it must be a POST, the DKIM trap, the 48-hour rule, and a validator for your own headers. 9 June 2026 · 23 min · Read the note → Deliverability Warming up a new sending domain or IP in 2026: the schedule, the math, and when you don't need to Warmup is less about volume now and more about engagement, and the first honest question is whether you need it at all. How it works, a ramp you can generate for your own numbers, and the limits of warmup tools. 9 June 2026 · 22 min · Read the note → Compliance NIS2 in 2026: who it covers, the 24-hour clock, and why your country's version is the one that counts NIS2 is past deadline, unevenly transposed, and starting to bite. Who is in scope, the ten Article 21 measures, the reporting clock, personal liability for directors, and the detection capability it quietly demands. 9 June 2026 · 21 min · Read the note → Compliance The EU AI Act in 2026: what applies now, what moved, and what to do regardless Some of the AI Act already binds you, the biggest deadline is being pushed to 2027 but is not yet law, and the work that matters is the same whichever date wins. The state of play in June 2026, in plain terms. 9 June 2026 · 20 min · Read the note → Deliverability Bulk email sender requirements in 2026: the rules every European sender now has to meet Gmail, Yahoo, Microsoft and Apple now reject non-compliant bulk mail outright. What each one requires, where they raised the bar through 2026, and the European compliance layer most checklists leave out. 9 June 2026 · 20 min · Read the note →