Linux is for everyone, from desktop beginners to platform engineers

Linux Is for Everyone: Why This Blog Now Welcomes Beginners Too

My neighbour is 70 years old. He’s been using Windows his entire life. Last month he asked me: “Tom, I keep hearing about Linux. Is that something for me too?” He’s not the first. Over the past year, friends, family and colleagues have asked me the same thing in different shapes. “I want to get off Windows, but I don’t know where to start.” “Is Linux hard?” “Can I still use my normal programs?” To me these questions seem obvious. I’ve been running Linux since SuSE 6.0, back when you had to specifically pick hardware components that actually had Linux drivers. To someone who’s never seen a terminal, they feel genuinely daunting. ...

June 11, 2026 · 7 min read · Tom Meurs
Isometric illustration of data streams being corrupted with noise

Data Poisoning: Reclaiming Your Privacy Through Offence

Here is how privacy works today. You read the policy. You dismiss the cookie banner. You hunt through three settings menus for the opt-out toggle that someone deliberately buried. You do this to exercise a right that should have been the default. And while you are still on the first paragraph of the terms of service, every click, scroll, hover, and the exact timing of your keystrokes has already been harvested, packaged, and sold. We have accepted this as normal. ...

June 7, 2026 · 8 min read · Tom Meurs
Isometric illustration of a central key with three identity branches shielded by a quantum barrier

Quantum-safe GPG identity with multiple aliases

A cryptographic signature is one of the few things online that still means exactly what it says. If the key is yours and the signature verifies, the content came from you. Full stop. No vendor handed you this identity, no CA can pull it, no platform can suspend it. It exists because you generated the key, and it stays yours for exactly as long as you hold the private half. Most of what we casually call “online identity” is borrowed: a handle someone can ban, a checkmark someone can strip, an email address a domain owner can take back the day they feel like it. A GPG signature lives outside all of that. The key that signed this paragraph is either yours or it belongs to someone else, and nobody gets a vote. ...

April 18, 2026 · 14 min read · Tom Meurs
Vault secrets management visualization

Vault for Beginners: Secrets Management in Kubernetes

The first time I ran kubectl get secret myapp -o yaml and base64-decoded the value, I felt my stomach drop. There was my database password, sitting in etcd, readable by anyone who could reach the API with the right RBAC. Kubernetes Secrets are not secrets. They’re base64-encoded plain text with a fancy name. That’s the default, and it’s the thing nobody warns you about on day one. Every cloud provider has a fix for sale. AWS has Secrets Manager, Google has Secret Manager, Azure has Key Vault. They work. The catch shows up later: the day you need to migrate, the day you want to know exactly what happens to a secret after you write it, the day you realise your most sensitive data lives in a system you can’t inspect. ...

July 2, 2025 · 13 min read · Tom Meurs
Kubernetes running in offline island mode

Running Kubernetes Offline: Edge Computing Without Internet

What happens when your Kubernetes cluster can’t reach the internet? I don’t mean a slow connection. I mean no connection at all. Ships at sea. Remote mining sites. Factory floors with air-gapped networks. Military deployments. For a lot of people that sounds exotic, like a problem someone else has. I treat it as a baseline design requirement, and I’ll explain why it makes my homelab better even though I almost never actually pull the cable. ...

March 4, 2025 · 10 min read · Tom Meurs