<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Products on Security Architects</title>
		<link>https://securityarchitects.com/products/</link>
		<description>Recent content in Products on Security Architects</description>
		<generator>Hugo</generator>
		<language>en-us</language>
		
		
		
		
			<atom:link href="https://securityarchitects.com/products/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>Authinator3</title>
				<link>https://securityarchitects.com/products/authinator/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://securityarchitects.com/products/authinator/</guid>
				<description>&lt;p&gt;&lt;strong&gt;Authinator&lt;/strong&gt; is a web login gateway for firewalls: authenticate over HTTPS,&#xA;click once, and your current IP address is granted passage through the&#xA;firewall. Everyone else sees a wall.&lt;/p&gt;&#xA;&lt;p&gt;It solves the classic remote-access dilemma. Leaving management ports (SSH,&#xA;VPN, admin panels) open to the internet invites the whole world to knock;&#xA;port-knocking schemes are brittle and awkward to use from a phone or a&#xA;borrowed machine. Authinator replaces both with something anyone can operate:&#xA;a login page.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Claudette</title>
				<link>https://securityarchitects.com/products/claudette/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://securityarchitects.com/products/claudette/</guid>
				<description>&lt;p&gt;&lt;strong&gt;Claudette&lt;/strong&gt; is a sandbox for running AI coding agents — like Claude Code —&#xA;safely on your own machine. AI agents read web pages, READMEs, issue threads,&#xA;and email while wielding real tools: your shell, your git credentials, your&#xA;network. Claudette puts a security boundary around all of that, so an agent&#xA;doing useful work can&amp;rsquo;t be turned into a liability by the untrusted content&#xA;it reads.&lt;/p&gt;&#xA;&lt;p&gt;It isn&amp;rsquo;t a research prototype. It&amp;rsquo;s the sandbox Security Architects uses to&#xA;run AI coding agents in production, every day — including the work behind this&#xA;very website.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Truepost</title>
				<link>https://securityarchitects.com/products/truepost/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://securityarchitects.com/products/truepost/</guid>
				<description>&lt;p&gt;&lt;strong&gt;Truepost&lt;/strong&gt; is an email client that finally feels like the messaging apps&#xA;you actually enjoy using: conversations grouped by &lt;em&gt;people&lt;/em&gt;, chat-style&#xA;bubbles, one composer — no more digging through stacked threads to find the&#xA;latest reply. It works with the email you already have: &lt;strong&gt;Gmail, Yahoo, and&#xA;Outlook&lt;/strong&gt;, connected via OAuth2 and IMAP.&lt;/p&gt;&#xA;&lt;h2 id=&#34;trust-you-can-see&#34;&gt;Trust you can see&lt;/h2&gt;&#xA;&lt;p&gt;Truepost treats sender identity as a security surface, not a cosmetic one:&lt;/p&gt;&#xA;&lt;ul&gt;&#xA;&lt;li&gt;&lt;strong&gt;The address is the identity; the display name is just a claim.&lt;/strong&gt; A&#xA;spoofer sending &lt;code&gt;From: &amp;quot;Your Bank&amp;quot; &amp;lt;evil@attacker.example&amp;gt;&lt;/code&gt; gets a badge&#xA;and identity derived from the &lt;em&gt;address&lt;/em&gt; — the claimed name can never&#xA;impersonate its way into the avatar.&lt;/li&gt;&#xA;&lt;li&gt;&lt;strong&gt;Reputation-tinted sender tiles&lt;/strong&gt; put a visible trust signal on every&#xA;conversation — something mainstream clients simply don&amp;rsquo;t show.&lt;/li&gt;&#xA;&lt;li&gt;&lt;strong&gt;One-click block and report.&lt;/strong&gt; Senders you don&amp;rsquo;t want hearing from are&#xA;gone in a tap.&lt;/li&gt;&#xA;&lt;/ul&gt;&#xA;&lt;h2 id=&#34;privacy-first&#34;&gt;Privacy-first&lt;/h2&gt;&#xA;&lt;p&gt;Your mail stays yours: no server-side scanning, no selling data, no&#xA;training models on your inbox. Optional end-to-end encryption between&#xA;Truepost users is on the roadmap.&lt;/p&gt;</description>
			</item>
			<item>
				<title>1lan</title>
				<link>https://securityarchitects.com/products/1lan/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://securityarchitects.com/products/1lan/</guid>
				<description>&lt;p&gt;&lt;strong&gt;1lan&lt;/strong&gt; (&amp;ldquo;One LAN&amp;rdquo;) makes machines stuck behind NAT and firewalls reachable&#xA;again — home servers, lab boxes, appliances in the field — by having each one&#xA;dial home with a persistent reverse SSH tunnel to a relay server you own.&#xA;Once connected, every client is one SSH command away, and selected service&#xA;ports (web UIs, media servers, APIs) are reachable through the relay&amp;rsquo;s&#xA;hardened HTTPS front end.&lt;/p&gt;&#xA;&lt;p&gt;It&amp;rsquo;s the self-hosted answer to commercial tunnel and overlay services: no&#xA;third-party relay in your traffic path, no proprietary agent, no subscription.&#xA;The moving parts are deliberately boring — &lt;strong&gt;plain OpenSSH, a shell script,&#xA;and a systemd unit&lt;/strong&gt; — because boring is auditable.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Ozone (Legacy)</title>
				<link>https://securityarchitects.com/products/ozone/</link>
				<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
				<guid>https://securityarchitects.com/products/ozone/</guid>
				<description>&lt;p&gt;&lt;strong&gt;Ozone&lt;/strong&gt; is Security Architects&amp;rsquo; heritage product: a Host Intrusion&#xA;Prevention System (HIPS) for Windows 2000, XP, and Server 2003 that protected&#xA;server and client machines from both known and unknown attacks — including&#xA;the worm epidemics of its day (Blaster, Sasser, MyDoom, Witty).&lt;/p&gt;&#xA;&lt;h2 id=&#34;the-idea&#34;&gt;The idea&lt;/h2&gt;&#xA;&lt;p&gt;Unlike reactive products such as anti-virus and intrusion detection systems,&#xA;Ozone did not rely on constantly updated databases of &amp;ldquo;bad behaviour&amp;rdquo;&#xA;signatures. Instead it enforced &lt;strong&gt;good behaviour&lt;/strong&gt;: explicit policy describing&#xA;what each computer, application, and user is allowed to do — and nothing else.&#xA;A web server may listen on port 80 and serve pages; it may not execute&#xA;arbitrary programs or open connections to arbitrary hosts.&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
