Hosting explained. Platform updates, technical guides, and no-fluff insight from the team that built TrueCore.
When you SSH into our server, you don't actually get the server — you get a sandbox shaped exactly like a server. Here's how flame-bubble uses Linux namespaces, bwrap, and cgroups to keep customers fully separated on shared infrastructure.
Read →A pre-auth CRLF injection bug in cPanel let attackers ransomware around 44,000 servers in a few days. We don't run cPanel — but the bug class is generic, and we audited our own outbound mail code the same week to make sure we hadn't shipped the same shape of mistake.
Read →Every morning, a small daemon reads the day's security advisories, cross-references them against the exact package versions on our fleet, and posts what's actionable to Discord. Here's the design and what it found on day one.
Read →Most hosting providers point your domain at Cloudflare's nameservers and call it a feature. We operate our own three-nameserver fleet — flame-dnsd, on three independent boxes, with sub-five-second zone propagation. Here's why.
Read →When a critical Linux kernel CVE drops, the question isn't 'will the patch land' — it's 'what do you do in the meantime?' Here's how we mitigated Copy Fail across the fleet in hours, before the kernel patch shipped.
Read →What happens to your data if our primary server is destroyed and we lose all the keys with it? Nothing — because we use Shamir secret sharing to split the master key across the fleet, and a single share goes offline with us.
Read →Automated health checks, fleet-wide DNS sync, and Discord alerts — the homegrown monitoring stack keeping TrueCore's infrastructure running around the clock.
Read →WireGuard is a modern VPN protocol built into the Linux kernel. Here's how we use it to connect our fleet of servers without exposing management traffic to the public internet.
Read →XDP kernel-bypass drops, nftables bans with automatic escalation, and nginx rate limiting — our layered approach to keeping bad actors off the server.
Read →Three DNS records that determine whether your email reaches the inbox or the spam folder. We configure them automatically — here's what they actually do.
Read →XDP packet drops, flame-guardian IP bans, nginx rate limiting, and sandboxed PHP execution sit entirely below WordPress. Here's what we handle so your security plugins don't have to carry everything.
Read →Free SSL, renewed automatically before it expires. Here's how our certificate lifecycle works and why you'll never see a 'certificate expired' warning on our platform.
Read →We use Linux cgroups at the kernel level to enforce resource limits. No soft caps, no fair-use policies. Here's what that actually means for your hosting account.
Read →