social.dk-libre.fr is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
Hey #InfoSec #SysAdmin folks, anybody heard of ShredOS?
Seems like a potentially useful tool, but the website looks sus:
https://shredos.org/
The GitHub repo seems a bit less sus:
https://github.com/PartialVolume/shredos.x86_64
Edit: the website is not affiliated with the project, see replies. Question stands about the tool itself!
Root-Zugriff ist möglich: Exploits zu CVE-2026-46331 (Linux-Kernel) wurden geleakt und betreffen u.a. Debian, Ubuntu & RHEL. Ein Patch ist teils schon drin, Updates fehlen aber noch nicht überall—Admins sollten schnell absichern. 🔧🚨 https://www.golem.de/news/root-zugriff-moeglich-exploits-fuer-gefaehrliche-luecke-im-linux-kernel-geleakt-2606-210283.html #Linux #Security #CVE #SysAdmin
Haack's Networking - Drawing Tablets & X11/Wayland
🖥️ It is nice to see that my Gaomon tablets work right out of the box under KDE 6.6, Debian 14, and Wayland ...
🎉 Massive thanks to the #wayland #redhat team and also a shout to @davidrevoy who recently dropped his Interim setup which first clued me in to "mouse mode" being on the horizon for stable 💘 (finally)
✅️ Sure enough, in Debian Testing w/ Wayland, the "Drawing Tablet" setting in KDE 6.6 automagically works with the following Gaomon tablets with no proprietary driver installed:
1️⃣ MK 2018
2️⃣ PD 1161
💡 The last two years were choppy and I even had to write a custom X config for the MK 2018 to teach an applied math course. Until recently, seeing no progress on the horizon for "out of the box" functionality, I had settled on @XLibreDev @sonicdesktop and was quite happy. In fact, very grateful to them for getting me by this last year - mucho thanks. #xlibre #sonicde #sonic
🏁 But, at the end of the day, I really need mainstream / stock Debian to just work with drawing products, not just for me ... but for my daughter's art projects - she just got her art accepted at @ffmpeg and I'm very proud of her. We rely on these products - there's no denying. At present:
Dascha uses:
1) X1 Carbon 4th Gen - using KDE neon stable (art attached that she did at 13 for ffmpeg)
2) HP All-In-One Touch i5 - using KDE neon stable
All working better natively in Wayland than under the prop driver. They work similarly well to how they work in X now.
Jonathan (me) uses:
1) 3x mini Ryzen PCs - KDE 6.6, Debian Testing, and Wayland - 1 w/ PD 1161 and 2 w/ MK 2018 - all working including "mouse mode" under wayland / stock Debia (art / teaching).
2) Dell 1950 laptop 2023 i7 w/ NVIDIA - had to manually build the nvidia driver under latest on their website, other than that no issues, running Debian Testing, Wayland, KDE 6.6 - MK 2018 works via USBC hub for teaching
3) X1 Carbon 4th gen i5 - Debian Testing, KDE 6.6, Wayland - works with Wacom stylus similar to Dascha's setup no issues
⁉️ How did this happen? I was fixing an old Precision 7920 and setting it up as a PeerTube runner on Lubuntu 26.04 (better with NVIDIA lol). I got bored and installed Kubuntu Desktop and then pluggeed in an MK 2018. It worked ... & so I started testing and researching KDE point releases & looking back at Mr. Revoy's post and switched all 7 machines over in < 48 hours.
Today, I was doing an upgrade of Percona MySQL server from 8.0 to 8.4.
It took 15-20 minutes to download a 118 MB .deb!
I forgot I had added Percona's repo to apt-mirror on an internal server of ours a few weeks back and forgot to update the web server to serve it so I fixed that.
Whipped up a new "deb822" percona.sources with their signing key but our URL. The result?
It took 1 second to download the percona server .deb.
Host your own .deb repos, folks! You can't count on the 3rd party hosted repo to always be there.
j'ai un nextcloud théière...
Schrodinger's Backup: the condition of any backup is unknown until a restore is attempted.
Ask me how I know.
(Submitted by a follower!)
#Linux #SysAdmin #Backups #MemeMonday
Linux tip: `rsync -avz --progress source/ user@host:/destination/` syncs files via SSH with progress display. The `-a` preserves permissions, `-v` is verbose, `-z` compresses during transfer. #Linux #SystemAdministration #SysAdmin
Dear logging and ticketing tools,
if you do not show the time zone for times, you are wrong.
It's like giving coordinates, but not the origin
"over 3 and up 4"
From where? Where I am now? Where I was at the time? I don't know the time because you didn't give a time zone! Heck, you only gave the day within +/- 1
signed,
everybody
PS: when multiple tools do this it's a right pain to build a timeline, you are wasting my time
Als jemand, der viel zwischen Servern, SSH-Sessions und Remote-Hosts jongliert, ist ein gutes Terminal für mich etwas Elementares. Mein persönlicher Favorit ist Termius. Die plattformübergreifende Sync der Hosts und Keys ist Gold wert, SFTP direkt integriert, und das UI macht SSH-Verbindungen endlich weniger nach "Textdatei pflegen und hoffen". Für Teams mit vielen Zugängen ist der Vault-Sync ein echter Zeitgewinn. Und bei euch?
working on #openzfsmastery performance vs resilience section.
Thinking that the fault tolerance of a 3-disk striped VDEV can best be described as "yeet." #sysadmin
This beast is open for sponsorship. https://mwl.io/sponsor
Haack's Networking
✍️ Starting today at 5pm UTC-06/7, the following instances will go down for maintenance:
1) gnulinux.studio
2) gnulinux.media
👀 This maintenance will reduce total core consumption on the host by 8 vCPUs and reduce RAM usage by 16GB. Furthermore, these instances will switch from testing to production usage and public availability.
‼️It is expected that this transition should only take 6-12 hours, however, it could take as long as 72 hours if DNS caching gets delayed. Prepare for down time accordingly.
#sysadmin #selfhosted #linux #freesoftware #opensource #navidrome #jellyfin
boostedNew on the blog: FreeBSD Foundationals #3: The Boot Process
From power-on to login: BIOS vs UEFI, the loader & loader.conf, why a tunable is NOT a sysctl, loading modules the modern way with kld_list, wrangling it all with sysrc, plus a security-hardening baseline.
And the headline act: boot environments. `bectl create` before every upgrade. When freebsd-update or pkg eats your box, you reboot, pick the old BE in the loader menu, and you're back in 30 seconds.
@chessert lol, the scariest lesson I’ve ever learned secondhand was if you’re ever gonna do “rm -rf /” on a Linux server triple check the directory you’re doing that to.
Some new tech at a hosting company I used in the late 90’s deleted the whole server that way. My site was part of the damage.
Underrated reason to have proper SPF setup for all of your hosted domain names to hard fail improper sending routes... when you forget to turn off the mail sender on your dev server and you run a batch action that sends out tens of thousands of emails to users.
I saw my inbox fill up with thousands of email notifications since a lot of the notifications were sent to me. The only reason I'm not panicking is because I looked at the mail headers and saw that because the emails were sent from my computer instead of my server, they failed both SPF and DKIM verification checks so any damage should be limited.
Ugh. 😓
Si la réponse est oui, je pense que vous faites partie du problème, merci de ne plus me suivre.
it turns out that if you auto depend on apt-cacher for the new apt-cacher box on a new network it won't get packages from the apt-cacher you haven't yet installed
And now I know :)
Haack's Networking 
👋 We are live folks ... migrating my personal / business infra from my Data Center to my 8900🧳
🔗 https://content.haacksnetworking.org/w/ddXeefRJ8rw9zeUZRiiRg3
🌅 Come on by and join the fun ... mostly background music on the self-hosted navi while I haack away 😎
Neuer Artikel im Blog: Serielle Konsole bei Debian 🐧
Wer seine VMs virtualisiert hat, kennt das Problem: Man will mal eben draufschauen, aber SSH ist noch nicht bereit oder es lohnt sich nicht extra VNC/SPICE aufzusetzen.
Mit ein paar Anpassungen an GRUB klappt der Zugriff direkt über virsh console – ganz ohne grafische Oberfläche.
Das Vorgehen lässt sich übrigens fast 1:1 auf andere Distributionen übertragen, nur das Kommando zum Neuschreiben von GRUB unterscheidet sich.
🆘Bill Cole 🇺🇦 [Honestly I don’t care but no one will understand if you use she/her.] » 🌐
@grumpybozo@toad.social
@eltonfc Sadly, the days are gone when using a non-standard port is perfect evasion of the cred-stuffers. It's still a good idea, but not adequate.
As others have said, requiring key-based authentication & keeping sshd updated are also essential. You won’t know that the root password has leaked until you regret it. Many people will say it's overkill to prohibit direct root login but I do that as well to hopefully complicate exploitation of new sshd vulnerabilities.
Thank you, @hughsie for all your work on #lvfs and fwupdmgr. Thank you, Lenovo, for supporting firmware and UEFI updates through this mechanism. And thank you, Red Hat, for making all of this readily usable. All my Lenovo Tiny PCs in my homelab are now up2date and can continue to SecureBoot for years to come :)
New #Nginx is out with security fixes, start your upgrades!
https://nginx.org/en/CHANGES
#SysAdmin #MastoAdmin
Workspace 1A window belongs to a single workspace.
Workspace 2
Workspace 3
Firefox -> Tag 1 (Web Browsing)When you view Tag 1, you see your browser and the log monitor. When you
st (nvi/dev) -> Tag 2 (Code/Scripts)
st (Monitor/Logs) -> Tag 1 + Tag 2 (Persistent)
et sinon vous, vous utilisez quoi ?
🎬 Haack's Networking 🎥
✅ We are going live folks‼️
🔗 https://content.haacksnetworking.org/w/qZiaV9nzQ7CyFcrZV9vC1F
✍️ Today, I am testing the new OBS setup. Specifically, video on top of the shared desktop and improved layers. Secondly, getting "background music" working that plays nice with my meteor mic. Additionally, I want to test the new PeerTube transcoding rules (for live) that I added as well as see how much RAM/CPU is used during local recording.
⚡ #gnulinux #linux #selfhosted #peertube #livestream #stream #streaming #debian #sysadmin #floss #freesoftware #opensource ⚡
Come on by just chilling and spinning different tracks! No talking, but chat is open.
Stream: https://content.haacksnetworking.org/w/tgphVpivvkCqyUfWrmSRyp
While reassembling my desk, what if I was to... bear with me here... make the power distribution slightly sane and stop daisy-chaining extension cords? #sysadmin
homelab storage server ready. it just took me 2 years.
- RAID ✅
- mkfs, fstab, etc ✅
- borg ✅
- borg extract ⏳
😴
Review of IP KVMs, device to remote control a Computer from anywhere on your LAN: PiKVM, Sipeed NanoKVM, JetKVM, LuckFox PicoKVM... - Article by Jeff Geerling @geerlingguy #SysAdmin https://www.jeffgeerling.com/blog/2026/i-tested-every-ip-kvm/
Quick fact: if you've ever streamed content on Netflix, used a PlayStation, or sent a packet through a Juniper router, you've touched FreeBSD.
Learn more about how FreeBSD is used today: https://freebsdfoundation.org/end-user-stories/
Duran Duran - Paper Gods
I share it again with love:
https://gnulinux.studio/app/#/playlist/G8u06fUHtV6PtfJEkCRDQa/show
User: pubglug
Pass: musicisawesome
It's legit solid top to bottom.
I had vinyl of Rio as a kid ... this album tho, it is so consistent and rhythmic.
#music #postpunk #newwave #renewal #music #duranduran #navidrome #jam #sysadmin #selfhosted #selfhost
@bobdobberson 👀 lol
🔥 Grosse refonte sur le wiki !
Tes logs Nginx ressemblent à un mur de texte indigeste ? Il est temps de donner des couleurs à ton terminal ! 🎨🐧
Le guide complet pour coloriser les logs Nginx a reçu une énorme mise à jour. Plus clair, plus efficace, c'est par ici que ça se passe 👇
🔗 https://wiki.blablalinux.be/fr/coloriser-logs-nginx-terminal
boostedI packed and moved hurriedly but even so, I'm proud that I held the number of keyboards I brought to a bare minimum. #sysadmin
Le guide IPv6 (#OVH / #NPM / #Proxmox / #Docker) fait peau neuve !
Vous connaissez déjà cette page de mon wiki, mais elle vient de s'offrir une réécriture complète !
Pourquoi ? Pour couvrir proprement deux cas de figure bien distincts selon vos besoins. Que vous soyez dans une config ou dans l'autre, tout y est détaillé pas à pas.
👉 À checker et à mettre dans vos favoris ici : https://wiki.blablalinux.be/fr/deploiement-ipv6-ovh-npm-proxmox-docker
Bonne lecture et bon déploiement !
Yesterday an old friend asked me of the impact AI is having on my #sysadmin work, whether I was using it. I responded that it was not, & that using it would be unproductive as I'd lose so much time auditing deployments by an agent I cannot trust for slop, bloat & flaws.
What I didn't have time to add was that I already have v low carbon, 100% sovereign automation I can trust: shell scripts. I know exactly what they do, when & why, because I wrote them. Such value & confidence is irreplaceable.
Shoutout to the unpaid open source devs holding everything together.
You know who you are. We owe you more than a GitHub star.
Development of my personal FreeBSD installer keeps moving forward!
Lots of new ideas and features are currently in the works: the out-of-the-box GUI experience, completion of the Simple and Expert installation modes, automatic hardware detection and configuration (now also GPU support as well).
I'll be publishing a new blog post soon with more details. Stay tuned! 😄
#FreeBSD #BSD #OpenSource #FOSS #UNIX #Coding #Programming #SysAdmin #DevOps #DesktopBSD #Tech #OSS #Lua
I just wrote a little bash script to help automate live VM migrations between hypervisors (using libvirt/kvm/qemu style virtualization).
I really miss being able to focus on this kind of progress with my infra. Chasing money gets tiring... I just want to build cool things that people will use.
Marre des logs NPM tout gris ? Je vous ai préparé une nouvelle variante de colorisation pour votre terminal !
Un coup de Bash et hop, tout devient plus clair à repérer :
🔵 IP client
🟢 Pays OK
🔴 Pays bloqué
🟡 Domaine
🟣 Code HTTP
Le code est ici 👇
👉 https://privatebin.blablalinux.be/?41ae048c9c122ae7#CSodkfFCWSUEgwiSe2Ekt5GcmEhy2zQxXeAfn2kntdui
🗄️ Enterprise-Backup für einen 20TB Ubuntu-Fileserver — IBM Spectrum Protect in einer Session! 🚀
~20 Interaktionen, ca. 15 Minuten. Ergebnis:
▫️ TSM BA-Client 8.1.27 installiert (GSKit + API + Client)
▫️ dsm.sys/dsm.opt konfiguriert
▫️ tsm.sh — prüft Installation, Konfiguration, Server-Verbindung, Node-Registrierung, letztes Backup
▫️ In check-all.sh integriert → läuft täglich mit
▫️ Erkennt automatisch: Node nicht registriert? Server erreichbar? Backup gelaufen?
Warum wichtig? 20TB Fileserver ohne Backup ist kein Storage — es ist ein Zeitbomben-Experiment. 💣
TSM ist der Standard in Unis/Rechenzentren: dedupliziert, verschlüsselt, inkrementell-forever. Der Client checkt jetzt bei jedem Hardware-Check gleich mit ob das Backup lebt.
Tech-Stack: Ubuntu 26.04, IBM Spectrum Protect 8.1.27, DEB-Pakete von IBM DHE, Bash-Monitoring, opencode AI
#Linux #SysAdmin #Backup #TSM #SpectrumProtect #FileServer #Automation
Aggressive caching for a Mastodon reverse proxy: what to cache, what to never cache, and why content negotiation will eventually betray you
The same URL serves HTML to browsers, JSON to apps, and ActivityPub to remote instances. Here's how I cache Mastodon with nginx without betraying any of them.
https://it-notes.dragas.net/2026/06/05/aggressive_caching_for_a_mastodon_reverse_proxy/
#ITNotes #nginx #Caching #IT #SysAdmin #Mastodon #Fediverse #BSDCafe
📱 Même sur mobile, ça pète ! 🚀
Tu as déjà vu passer ma nouvelle coloration de logs sur le wiki ? Voilà ce que ça donne en plein écran sur smartphone avec le script live-ext : un vrai confort visuel avec ses couleurs néon ! 🟣🟢
Pour choper le code mis à jour ou revoir le guide complet, c'est par ici :
👉 Le script fluo : https://privatebin.blablalinux.be/?b6f675e146e55782#7Ug4YDhJT1dfsvwGrZKYJLhwJnZ5AGhrB6gnKgzRBHq2
👉 Le tuto du wiki : https://wiki.blablalinux.be/fr/coloriser-logs-nginx-terminal
"Aggressive caching for a Mastodon reverse proxy: what to cache, what to never cache, and why content negotiation will eventually betray you"
A 34 min read
Coming tomorrow, on IT Notes!
#ITNotes #StayTuned #Mastodon #Fediverse #nginx #IT #SysAdmin
👉 Le code complet et les détails sont ici : https://privatebin.blablalinux.be/?b6f675e146e55782#7Ug4YDhJT1dfsvwGrZKYJLhwJnZ5AGhrB6gnKgzRBHq2
Mais après quelques sueurs froides, tout est corrigé, stable et 100 % au vert ! 🟢✨ Le plaisir ultime de voir le panneau d'administration tout propre.
Et chez vous, ça se passe comment les updates ? 💻☕
#SysAdmin #Nextcloud #Ubuntu #Debian #LXC #SelfHosted #BlablaLinux
🐧 Hardware-Monitoring für einen Ubuntu-Fileserver — in einer Session gebaut! 🚀
~50 Interaktionen, ca. 30 Minuten. Ergebnis:
▫️ sensors.sh — CPU (Package + 6 Cores), NVMe, ACPI Temps
▫️ disks.sh — SMART für HDD (20TB Exos) + NVMe SSD
▫️ system.sh — CPU, RAM (DDR5-Slots!), GPU, BIOS, Mainboard via dmidecode
▫️ mergerfs.sh — Pool-Übersicht: Belegung, Inodes, Berechtigungen
▫️ updates.sh — apt update/upgrade + Neustart-Check
▫️ check-all.sh — Master-Script, läuft alles durch
▫️ mail.sh — Mail-Versand via SMTP
▫️ Custom opencode Skill „log-summary" — liest Log, fasst zusammen, sendet per Mail
▫️ Cron-Job: täglich 01:00 → Check → Zusammenfassung → Mail 📧
Jeden Morgen eine kompakte Übersicht im Postfach — alle Temperaturen einzeln, SMART-Status, Storage, Updates. Nur Alarme wenn was nicht stimmt.
Tech-Stack: Ubuntu 26.04, smartmontools, lm-sensors, dmidecode, mergerfs, opencode AI, Python smtplib, cron
#Linux #SysAdmin #Monitoring #HomeLab #mergerfs #SMART #OpenSource #Automation
thanks to: #qwen36plus
In other news, I've spent hours today dealing with the fact that Spamhaus says there's malware sending spam from the IPv6 range which is supposedly reserved by Akamai for my mail server.
So far I can't find any evidence that my server is compromised, but I've jerryrigged a monitor that will tell me if any processes other than sendmail are making outbound port 25 connections, so I'm hoping if it happens again that'll help me find it.
It's always something. *sigh*
#infosec #sysadmin
🐧 Ubuntu Fileserver in eine Windows-Domäne integriert — und es war satisfying! 🚀
Was wir gebaut haben:
▫️ Domänenbeitritt via realmd/SSSD zu Active Directory
▫️ mergerfs-Pool: 374 GB NVMe + 18 TB HDD = ~18,5 TB vereinter Storage
▫️ Samba als Domain Member mit winbind ID-Mapping
▫️ ACL-Support für Windows-kompatible Berechtigungen
▫️ AD-Gruppen steuern den Zugriff auf Freigaben
Das Besondere: mergerfs lässt jede Platte einzeln ansprechbar. Bei Plattenausfall sind nur die Daten darauf weg — kein RAID-Overhead, dafür TSM-Backup pro Platte. Perfekt für Cold Data.
Samba läuft mit acl_xattr, NTFS-ACLs werden als xattr auf ext4 gespeichert. Windows-Clients verbinden sich nahtlos mit Domänen-Credentials.
Der i5-12400 langweilt sich dabei mit 90% Idle. 📉
Tech-Stack: Ubuntu 26.04, realmd, SSSD, Samba, winbind, mergerfs, ext4
#Linux #Samba #ActiveDirectory #FileServer #mergerfs #SysAdmin #OpenSource
thanks n credits to: #qwen36plus
=)
Sysadmins of the Fediverse, I'm curious what people consider to be a 'large fleet' of servers to operate (physical or virtual), so here's a poll.
(Boosts welcome, as are replies if you think other factors matter or if it differs between physical and virtual.)
| 10 systems is large/lots: | 0 |
| 50 systems is large/lots: | 1 |
| 100 systems is large/lots: | 3 |
| 500 systems is large/lots: | 1 |
Petit rappel utile : Nginx Proxy Manager fait aussi office de bouclier ! 🛡️
Pratique pour verrouiller les fichiers sensibles et ne laisser passer que le LAN et les IP de confiance. Simple, rapide, efficace.
Reflecting on some of my favorite #sysadmin lore from the past 30-40 years, and realized many of you may never have read The Case of the 500-Mile Email https://www.ibiblio.org/harris/500milemail.html #unix
⌨️ Gagne du temps sur ton terminal !
Je partage mon fichier d'alias Bash pour administrer Nginx Proxy Manager, Fail2Ban et GeoIP en un clin d'œil.
👉 https://wiki.blablalinux.be/fr/alias-bash-npm-fail2ban-geoip 🚀
#Linux #Bash #SysAdmin #Nginx #Productivité
Avis de tempête sur le serveur !
Quand le géoblocage IPv6 passe à la vitesse supérieure, ça donne ça : un joli mur d'IP qui n'iront pas plus loin ❌
Sécurité max en place, mes conteneurs respirent ! 🛡️
#SelfHosting #IPv6 #SysAdmin #Securite #Geoblocking #OpenSource
Has anyone made the transition from a traditional #sysadmin or #DevOps role to a true #sre position? What was your process like? Do you find the coding aspect more enjoyable? How challenging was it to make the transition? I feel like it's the kind of work I'd enjoy doing, but my coding skills are best described as "good for a sysadmin but not up to a CS degree level of expertise".
L'analyse complète et l'exemple sont ici 👇
🔗 https://wiki.blablalinux.be/fr/blocage-bots-scraping-nginx-proxy-manager
At 19:00 I receive a notification: the backup server has problems. I log in and check: a drive had died. No big deal; since it's a RAIDZ1, the system kept running. I had already copied the EFI partitions and set things up, so it would be able to boot from the other drives as well. I request a replacement from Hetzner, which they carry out in less than half an hour. Despite being hot-swappable, the server detects the disconnection of another drive and crashes. At that point, I ask them to look into it, and they test the machine. Reboot: it won't start. I request a KVM console. I get it: I had forgotten to update the fstab and it was trying to mount /boot/efi from ada0p1, but ada0 was the replaced drive, and it wouldn't go any further.
Fixed the fstab, recreated the partitions, rebooted, and issued the ZFS command for resilvering.
Result: resilvering in progress and backups working again.
I can turn off the computer and start my Friday evening.
Avis aux fans de Proxmox !
La version 1.1 de Proxmox Datacenter Manager vient de sortir ! Si vous gérez plusieurs clusters et que vous rêviez d'avoir des super-pouvoirs pour tout centraliser au même endroit (et avec style), c'est le moment de jeter un œil.
Toutes les nouveautés sont ici :
👉 https://proxmox.com/en/about/company-details/press-releases/proxmox-datacenter-manager-1-1
#Proxmox #SysAdmin #OpenSource #Datacenter
🛜 GNU/Linux Social has open registration.
Register➡️ https://gnulinux.social
Requirements:
- accounts must be of and about free software and its surrounding culture and background
- modest personal and/or recreational use is allowed, e.g., art, music, pics of fam, etc.
- companies/businesses are allowed only if they are floss
- follow full ToS/CoC
Already a member? Want to give back?
Donate ▶️ https://liberapay.com/oemb1905/
#mastodon #twitter #x #opensource #sysadmin #selfhost #linux #gnulinux
reaction v2.4.0 is out!
Updates:
- JSON log parsing (much handier than regexes for JSON logs!)
- Smarter database
- Important bugfixes
https://framagit.org/ppom/reaction/-/releases/v2.4.0
#reactionrust #reaction #sysadmin #rust
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin
🐧 Looking for a community to discuss #GNU or #Linux?
🤨 Looking for a community #matrix @element instance to use for secure communications?
Register: https://element.gnulinux.club
GNU/Linux Club serves #gnulinux enthusiasts & #copyleft fans.
Requirements:
- Official git profile or tech blog
- Be 18 years of age or older
- Remain active in the pubglug channel
- Follow the ToS & CoC
🫶Donations➡️https://liberapay.com/oemb1905/
#gnulinux #sysadmin #selfhosted #debian #opensource #element
🤔Are you an #opensource or #floss content creator?
👀Are you an #opensource or #floss organization that needs a place to host your meetups/presentations?
🔥GNU/Linux Tube has open registration‼️
- 10GB daily upload default
- 100GB video quota default
- Custom vp9 & opus CPU transcoding
- Quarterly updates & maintenance
- All volunteer devs @sen @oemb1905
Donate: https://liberapay.com/oemb1905/
FediMeteo, timezones, and the art of not breaking what already works
From a simple Italian script to managing 1200+ US cities, timezones, and a secret-leaking crisis. How I completely rebuilt the FediMeteo backend without breaking the Unix-style infrastructure around it.
Most importantly, so I have notes so I can manually do it again... but also considering writing a bash shell script to mostly automate.
If I do that, it would be one of the longest and most ambitious shell scripts I've done. A little intimidating, but I think I'll be able to pull it off.
Probably will save a lot of time later. And even if it doesn't, I will have learned quite a bit.
🎙️ Marre de perdre la connexion avec tes potes sur Mumble à cause d'une IP dynamique ? 🔄❌
Pas besoin de passer par un service de DynDNS tiers ou une usine à gaz ! Dans ce nouveau guide sur le Wiki, on voit comment automatiser proprement la mise à jour de ton IP publique pour que ton serveur Mumble reste toujours joignable, quoi qu'il arrive 🛠️📡
👉 Le tuto est dispo ici : https://wiki.blablalinux.be/fr/mise-a-jour-automatique-ip-serveur-mumble
Bonne lecture et bon déploiement ! 💯
#Mumble #SelfHosted #SysAdmin #Linux #OpenSource
For the record, I'm fully supportive of #floss and/or #opensource #AI - it's essentially free form input statistical software. Use it wisely, be aware of.confirmation bias, use to augment (not replace) or simplify repetitive/tedious work, etc. Support models and companies that encourage this responsible usage. Model it yourself and disclose responsible usage transparently. #sysadmin It's not difficult, really.
For my shop machine, I'm now actively testing Debian 14 Testing w/ Xlibre and SonicDE. So far, so good. I use this machine for client work and it also gets to be my guinea pig for testing drawing tablet workflows. Both native Xlibre (via wacom) and Gaomon's proprietary driver work. I'm impressed with how snappy SonicDE is - first time using it today. Great work folks‼️
@sonicdesktop @XLibreDev #xlibre #freesoftware #opensource #debian #sysadmin #floss #sonicde
Ces pages sont juste là pour t'aider à piger rapidement à quoi on a affaire et comprendre en un coup d'œil ce que proposent concrètement ces outils. Idéal pour faire le tour du propriétaire en 2 minutes chrono ⚙️🚀
👉 Découvre ça sur le Wiki : https://wiki.blablalinux.be
Bonne lecture ! 💯
#Proxmox #PegaProx #ProxCenter #SysAdmin #SelfHosted #OpenSource
@zwol @fuzzyfuzzyfungus @0xabad1dea it's absolutely possible. Apache does it. Qmail did it. Nothing you're writing is more complex than those. Drop privileges. Run every service as a different user. Use mandatory access controls. The tools exist.
#sysadmin #programming #security #cybersecurity
🖥️ Besoin d'une interface sympa pour gérer tes conteneurs Proxmox ? Découvre PegaProx !
J'ai partagé le fichier Docker Compose complet sur mon instance ByteStash, et cerise sur le gâteau : la configuration complète NPM (Nginx Proxy Manager) est présente pour te simplifier la vie à 100 %. Déploiement propre et rapide garanti ! ⚙️🚀
👉 Récupère le snippet ici : https://bytestash.blablalinux.be/s/0b91443745c9ac614bd6b96bf944a546
Bon test et bon déploiement ! 💯
#Proxmox #Docker #NginxProxyManager #ByteStash #SelfHosted #SysAdmin #OpenSource
💥 Avoir des sauvegardes c'est bien, être SÛR qu'elles fonctionnent, c'est mieux ! 💥
Marre de croiser les doigts en espérant que tes dumps SQL soient valides le jour du crash ? 🤞❌
Dans ce nouveau guide étape par étape sur le Wiki, on met en place la vérification automatique des restaurations de tes bases de données avec Databasus. Dormez sur vos deux oreilles ! 😴🛡️
👉 Le guide complet est ici : https://wiki.blablalinux.be/fr/verification-automatique-restaurations-databasus
Bon déploiement ! ⚙️
Le post-quantique, ce n’est pas juste un sujet de labo.
Côté infra, la vraie question c’est plutôt :
qu’est-ce qui, chez moi, doit rester confidentiel dans 10 ou 20 ans ?
Backups, VPN, SSH, certificats, archives longues durées… j’ai essayé de remettre ça à plat ici :
https://cryptolab.re/posts/2026/post-quantum-readiness-guide-for-sysadmins/
en tous cas ca a l'air d'un super poste !
Octopuce recrute une administratrice ou un administrateur système Linux.
Toutes les informations sont là :
https://www.octopuce.fr/octopuce-recrute-une-administrateurtrice-systeme/
Faites tourner, le retoot amène du travail aux copaines 🐙🥰
#jerecrute #sysadmin #adminsys
Le plein de nouveautés sous le capot : C'est basé sur Debian 13 (Trixie) avec le tout dernier Noyau Linux 7.0, Ceph Tentacle 20.2, LXC 7 et OpenZFS 2.4 ! 🐧
Bref, de quoi s'amuser sur nos clusters ! L'ISO est déjà dispo pour les mises à jour 😉
La vidéo officielle juste ici : https://youtu.be/XBVAiwkVaqA
#Proxmox #PVE92 #SysAdmin #OpenSource #Linux #Debian #SelfHosting #Virtualization #WireGuard #DevOps
why I can't remember that ??
may be because i use it only once in a year...
we need more crash server !!
Et alors quoi ? On ne peut plus passer une semaine sans faille majeure dans le noyau Linux ? #pintheft #linux #sysadmin
https://github.com/v12-security/pocs/tree/main/pintheft
I'm officially old. This is my first kernel v7 in production.
root@sagittarius-a:~# uname -a
Linux sagittarius-a 7.0.7+deb14-amd64 #1 SMP PREEMPT_DYNAMIC Debian 7.0.7-1 (2026-05-15) x86_64 GNU/Linux
What was you first "production" kernel? (doesn't matter the context, first PC/server/project/failure)
| 2.2 or older: | 38 |
| 2.4, 2.6: | 24 |
| 3 or newer: | 2 |
| 4 or newer: | 7 |
Closed
EDIT: some things have changed since I wrote this post. Now they're more accurate.
AI models don’t really 'get' the BSDs. As a result, they often provide incomplete, imprecise, or flat-out wrong answers by defaulting to Linux paradigms. When it comes to illumos-based systems, they just completely lose the plot.
This is becoming a serious issue for the BSDs and illumos ecosystems. We are seeing entire websites flooded with AI-generated tutorials and guides that are totally incorrect. Most people don't realize this; they follow the instructions, fail, and then assume that the BSDs doesn't work well or are 'unstable' because they have supposedly changed since the guide was written.
Luckily, some people eventually find my blog, reach out, and finally understand what's actually going on. Others, unfortunately, end up on major social sites or comments, claiming that these systems are broken.
In 2026, one of our greatest challenges will be teaching people how to vet their sources and filter information.
And I see this as a very, very uphill battle.
#IT #SysAdmin #FreeBSD #NetBSD #OpenBSD #illumos #News #UnderstandingText #Disinformation
I was having some issues with picky destination servers who were rejecting emails sent via a relay. No matter how clean the records/setup were, emails got rejected.
So, I decided to configure exim4 to use satellite mode to send behind NAT without issue. Here's what I came up with using stock exim4 documentation and resources:
https://tech.haacksnetworking.org/2026/05/19/emailbehindnat/
This is a clean stock setup for workstations behind NAT, VPSs that don't have outgoing smtp, etc.
Anyone out there who runs a Linux server, I hope you've been checking for and applying system updates like mad the past couple of weeks. There have been some very nasty vulnerabilities that hit the open recently that need immediate action.
Even if you don't run a server that's not Linux based, you should probably check twice a day for security updates and apply everything you can for the time being. Something that your server relies on definitely is Linux based and you're probably not exempt from potential issues.
I’ve been replacing sudo/doas on most of my FreeBSD boxes with something much smaller: mdo(1) + mac_do(4) from base.
No port. No sudoers parser. No setuid helper. Just a kernel MAC policy, a sysctl rule, and an explicit “SSH is the gate” security model.
Wrote up the full walkthrough for FreeBSD 15, including rule syntax, examples, caveats, and my surrounding hardening sysctls:
https://blog.hofstede.it/mdo-on-freebsd-15-base-system-privilege-delegation-with-mac_do/
FediMeteo, HAProxy, and the art of not wasting snac threads
How FediMeteo uses HAProxy caching, static pages, and small FreeBSD jails to keep snac quiet and serve ActivityPub traffic efficiently.
https://it-notes.dragas.net/2026/05/18/fedimeteo-haproxy-and-the-art-of-not-wasting-snac-threads/
#FediMeteo #snac #snac2 #haproxy #freebsd #it #sysadmin #ITNotes
The Four Horsemen of the LLM Apocalypse https://anarc.at/blog/2026-05-16-four-horsemen #llm #analysis #sysadmin #copyleft #copyright #debian-planet #python-planet #internet #linux #security #kernel #software #vulnerability #free-software
Webmin is hardened & clustered w/ three total nodes, ns1, ns2, and ns3 etc. I will eventually add clustered nodes on two other locations so records are still served when one cluster's host is down.
https://tech.haacksnetworking.org/2025/12/29/authoritative-dns-w-bind-9/ feedback welcome.
Added larger tmp directory & source-IPd vhost so webmin won't lock. Obv, make sure you use static, dedicated, & fully hardened external IPs for permitted list.
#selfhosted #homelab #sysadmin #linux #dns #webmin #opensource #freesoftware #networking
I had found a very thorough server checker (e.g. TLS, DKIM, certificates, PFS, DMARC, you name it) here on the fedi at some point and thought I'd bookmarked it, but just can't find it anymore. Any recommendations from the sysadmin crowd?
I describe myself as a #saltStack fanboi. But existence of this file https://github.com/saltstack/salt/blob/master/agents/docs/git-and-ci.md and especially the first point there, sounds like it's time to do that in past tense. Shame, it was an interesting project, with capabilities hardly anything else has.
3 Uhr nachts, ich update mein Arch-System und denke: "Wird schon nichts kaputtgehen."
Spoiler: Es ging was kaputt.
Der Bootloader und ich haben jetzt eine gemeinsame Therapie gebucht. 🫠
Aber hey – immerhin habe ich gelernt, dass `journalctl -xb` mein bester Freund ist. Und Snapper-Snapshots vorher? Hätte. Hätte. Fahrradkette.
Macht Backups, Freunde. Nicht morgen. Jetzt.
This morning, something happened that brought me immense pleasure. A long-standing client called and asked if they could "bother" me. I replied that they weren't bothering me at all, and that I was "testing some new things". They immediately said, "Oh, I'll call you another time then".
Of course, they had my full and undivided attention from that moment on.
One of the challenging aspects of my work method is making people (not necessarily clients, but generally) understand that experimentation is more important than deployment itself. When they see me set up a server in a very short time (and it will stay up for years), it's not (just) because I use effective tools, but also because it's backed by research, errors, and successes. In a word: experience.
Sitting in front of my computer with two old APUs, therefore, isn't a pastime but one of the most critical parts of my testing. Dated and underperforming hardware necessitates optimization. When people grasp this, it's a true joy for me.
Now, if you'll excuse me, I need to go check how a signal penetrates concrete walls with three different access points placed in the same spot...
...And the fact that I enjoy all of this immensely is just an added bonus! 😆
RE: https://mastodon.bsd.cafe/@stefano/114914266063275474
I'm now upgrading the FreeBSD inside the red APU. This will be moved to the office and keep the backups of the backups.
#IT #SysAdmin #ZFS #OwnYourData
This morning, something happened that brought me immense pleasure. A long-standing client called and asked if they could "bother" me. I replied that they weren't bothering me at all, and that I was "testing some new things". They immediately said, "Oh, I'll call you another time then".
Of course, they had my full and undivided attention from that moment on.One of the challenging aspects of my work method is making people (not necessarily clients, but generally) understand that experimentation is more important than deployment itself. When they see me set up a server in a very short time (and it will stay up for years), it's not (just) because I use effective tools, but also because it's backed by research, errors, and successes. In a word: experience.
Sitting in front of my computer with two old APUs, therefore, isn't a pastime but one of the most critical parts of my testing. Dated and underperforming hardware necessitates optimization. When people grasp this, it's a true joy for me.
Now, if you'll excuse me, I need to go check how a signal penetrates concrete walls with three different access points placed in the same spot...
...And the fact that I enjoy all of this immensely is just an added bonus! 😆
"I need the full DevOps workflow to publish the site."
"It's a static site. Here are the SFTP credentials to upload the files you have, which were generated by the client's SSG."
"You don't understand. I need to upload the site; I need the DevOps procedure."
"No, you don't understand. It's generated by BSSG; all you have to do is upload the output via SFTP into the FreeBSD jail and the deploy is automatic."
Silence.
"But how does the deploy bot handle it?"
Silence.
The person who hired him (as an intern) gets on the line:
"Just humor him, the kid is sharp-he's really good with AI!"
I tell him we're talking about two completely different things.
He fires back: "If you can't keep up with him, I think you need to update your skills. That's what we're paying you for."
And that was that. I've decided that for 80 Euros a year - while providing a dedicated FreeBSD jail, over 100GB of hosting, backups, monitoring, and custom BSSG tweaks - they can definitely find someone more "up to date" elsewhere.
"I need the full DevOps workflow to publish the site."
"It's a static site. Here are the SFTP credentials to upload the files you have, which were generated by the client's SSG."
"You don't understand. I need to upload the site; I need the DevOps procedure."
"No, you don't understand. It's generated by BSSG; all you have to do is upload the output via SFTP into the FreeBSD jail and the deploy is automatic."
Silence.
"But how does the deploy bot handle it?"
Silence.
The person who hired him (as an intern) gets on the line:
"Just humor him, the kid is sharp-he's really good with AI!"
I tell him we're talking about two completely different things.
He fires back: "If you can't keep up with him, I think you need to update your skills. That's what we're paying you for."
And that was that. I've decided that for 80 Euros a year - while providing a dedicated FreeBSD jail, over 100GB of hosting, backups, monitoring, and custom BSSG tweaks - they can definitely find someone more "up to date" elsewhere.
A client asked for a server install for a specific CRM developed by one of Italy's biggest software houses. They’re dropping Windows Server 2022 support in a few months, even though the OS itself has a much longer lifecycle.
We looked into Linux support: Rocky Linux 9 and Ubuntu 24.04 are "certified", but only until April 2027. Since we'd rather not reinstall everything in less than a year, we asked for a path that guarantees official support beyond 2027.
The "support" team replied with a canned response, attaching a 2023 document where every single distribution is listed as EoL since 2025. 🤡
And then people ask me why these "software giants" are the primary cause of my receding hairline...
#SysAdmin #TechLife #EnterpriseSoftware #ITProblems #CRM #IT #OwnYourData
I've always loved the concept of caching.
I've always thought of it as an optimization, and all optimizations, especially when they're simple and effective, are welcome.
We don't need moaaar powaaaar.
We need moooaar caching!
Une faille vieille de 18 ans dans Nginx, un PoC public, beaucoup de bruit… mais qui est vraiment concerné ?
3 Uhr morgens, ich starre auf ein Bash-Script, das gestern noch funktioniert hat. Nichts wurde geändert. Niemand hat es angefasst. Es funktioniert einfach nicht mehr.
Das ist der Moment, in dem man versteht, warum frühe Informatiker an Geister geglaubt haben. 👻
`set -x` ist mein Beichtvater geworden.
Avis aux curieux du Labo !
Le prochain numéro de la newsletter "Le Labo Wiki" est sur les rails. Au programme : un pack "Power User" complet avec de l'IPv6 aux petits oignons, du GeoIP, du S3 et bien d'autres astuces pour une infra au top.
Surveillez votre boîte mail ce lundi 18 mai à 18h00 !
Pas encore abonné à cette liste ? C'est le moment de corriger ça pour ne rien rater des prochains dossiers techniques :
https://listmonk.blablalinux.be/subscription/form
I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?
My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.
#selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin
boostedNew post: FreeBSD resource monitoring and accounting.
A practical tour of the base-system toolkit for figuring out *what is actually using my server*: top, vmstat, systat, gstat, netstat/sockstat, procstat, pfctl, and per-jail attribution with kern.racct and rctl.
No ports, no agents. Just FreeBSD.
https://blog.hofstede.it/freebsd-resource-monitoring-accounting-and-troubleshooting/
RE: https://poliversity.it/@devconf/116549350437622576
La DevConf sarà un evento davvero interessante, ricco di interventi stimolanti.
Il programma prevede argomenti a tutto tondo, con una particolare attenzione al Fediverse e alle tecnologie di comunicazione libera.
Personalmente presenterò #FediMeteo, raccontando come è nato, perché, come è fatto, a chi è rivolto, alla libertà dietro il progetto stesso. E ad una truffa.
Stay tuned!
https://devconf.it/2026/programma.html
#DevConf #DevConfItalia #IT #SysAdmin #Fediverso #Fediverse #OwnYourData
Guten Morgen! ☕
Erinnerung an mich selbst: `rm -rf` ist kein Backup-Tool. Auch nicht um 7 Uhr. Auch nicht mit Kaffee.
Apropos: Wann habt ihr eigentlich das letzte Mal einen Restore getestet? Nicht das Backup – den Restore. Das ist nämlich der Teil, der zählt. Ein Backup, das man nie zurückspielt, ist nur ein teurer Datenfriedhof.
Dirty Frag vient de sortir : une nouvelle faille Linux permettant une élévation locale de privilèges jusqu’à root via le page cache, xfrm/ESP et RxRPC.
J’ai écrit un article pour expliquer :
- ce que fait la faille
- pourquoi elle rappelle Dirty Pipe
- quoi vérifier sur ses serveurs
- quelles mitigations appliquer
Ubuntu 26.04 LTS est sortie, mais côté serveur ce n’est pas une simple mise à jour “nouvelle LTS, nouveau noyau”.
J’ai écrit un article orienté admins/VPS/homelab : support, OpenSSH 10.2, Chrony, paquets serveur, sécurité, GPU/IA, cloud, Livepatch et stratégie de migration depuis 24.04 LTS.
À lire avant de lancer un `do-release-upgrade` un peu trop confiant :
https://cryptolab.re/posts/2026/ubuntu-26-04-lts-resolute-raccoon/
#Ubuntu #Linux #SysAdmin #Homelab #OpenSource #Server #UbuntuServer
If you’re implementing a timezone selector after handling all continents, oceans, and pseudo-macro regions… don’t forget Büsingen am Hochrhein 😄 https://en.wikipedia.org/wiki/B%C3%BCsingen_am_Hochrhein
A tiny German town of fewer than 1,500 people, completely surrounded by Switzerland.
Fun historical timezone trivia:
Büsingen is associated with Europe/Zurich instead of Europe/Berlin.
Why? In 1980, West Germany introduced DST, but Switzerland initially did not. For a few months:
Germany was UTC+2
Switzerland stayed UTC+1
and Büsingen followed Swiss time to avoid daily chaos with the surrounding area.
That historical difference is still reflected in the tz database today.
#coding 👨💻 #timezone 🌐 #freebsd #unix #time 🕜 #sysadmin 🖥️ #germany 🇩🇪 #Berlin #Switzerland 🇨🇭 #Zurich
Here we go again: #dirtyfrag
https://github.com/V4bel/dirtyfrag
Mitigation:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
Happy Friday patch! #sysadmin
If anyone knows of any decent write-up on securing ZooKeeper / ClickHouse Keeper, I am very interested.
Documentation of both is really crap I find, and security seems to be a complete afterthought.
I would love to be proven wrong on that last bit.
Monitor your devices with LibreNMS on FreeBSD
A guide on how to set up LibreNMS inside a FreeBSD jail.
https://it-notes.dragas.net/2026/05/07/monitor-your-services-with-librenms-on-freebsd/
#ITNotes #FreeBSD #Monitoring #Server #OwnYourData #Alerting #IT #SysAdmin #LibreNMS
(Edit to add: I am an idiot, this host was never pkgbasified, but leaving for the edification of others)
Weird #FreeBSD #pkgbase thing. #sysadmin
I updated my hosts from 14->15 with freebsd-update, then ran pkgbaseify and switched to pkgbase. No problem.
My jails & bhyves update, no problem.
# freebsd-version
15.0-RELEASE-p8
The bare metal install?
# freebsd-version
15.0-RELEASE-p4
# pkg upgrade -r FreeBSD-base
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
FreeBSD-base is up to date.
Checking for upgrades (1 candidates): 100%
Processing candidates (1 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
So it finds packages, but there's nothing to update? #headdesk
@tg I dont have that but have you checked this :
Find the better Hetzner server deals - https://github.com/clouedoc/hzfind
How to find the type of a #SSH key
#tips #sysadmin
https://lazybea.rs/notes/find-the-type-of-a-ssh-key
May the 4th be with you!
And may your servers stay up, your configs stay clean, and your on-call alerts stay silent.
bref prochain incident de prod prévu demain à 9:00 pour un autre client (ou pas, on verra bien).
#sysadmin
le champ des possibles est infini (ou presque)
Bon dimanche, prennez soin de vous et aujourd'hui surtout : faites vous plaisir !
RE: https://floss.social/@mikebabcock/116284712899761792
find is the razor blade of shell tools. You'll make the finest, easiest cuts eventually. But the way to get there is a series of painful nicks.
#sysadmin
One of the most powerful commands on your #linux system is 'find' ... and one of the most annoying commands on your system is also find.
Do you need to use -and between parameters?
Did you specify the right #regex type before -regex search? And "./"?
Can you remember the before and after date syntax?
If you want to do something to a certain subset of files, find is probably the right way. And you'll spend fifteen minutes fixing the command-line before getting it right.
boostedFresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.
It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.
https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md
#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail
🚨 Alerte Sécurité Linux ! La faille "Copy Fail" (CVE-2026-31431) permet de devenir root sur presque toutes les distribs depuis 2017 😱
C'est invisible et redoutable pour vos conteneurs ! Découvrez tout ce qu'il faut savoir et comment patcher ici : 👇
#Linux #CyberSec #CopyFail #SysAdmin
https://blablalinux.be/b/4S1?utm_source=mastodon&utm_medium=jetpack_social
boostedFresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.
It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.
https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md
#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail
🐧 Base solide : Le système passe sur Debian 13.4 (Trixie) avec un Kernel Linux 7.0 et ZFS 2.4.
Une version qui mise sur la flexibilité et la performance pour nos infrastructures !
👉 Tous les détails ici : https://www.proxmox.com/en/about/company-details/press-releases/proxmox-backup-server-4-2
#Proxmox #PBS #Backup #SysAdmin #OpenSource #Linux #Debian #CloudStorage
Networking on Linux isn't magic. It just looks that way until you know where to look!
Check your network interfaces: ip addr show
Test connectivity: ping -c 4 google.com
Check your routing table: ip route show
Me: I could just add more HTTP redirects to redirect the redirects to the redirected--
Also me: You're an idiot. You know that, don't you? One redirect at most, you dumbass. #sysadmin
RE: https://glammr.us/@platypus/116477665536937182
I hate to say I told you so -- no.
wait.
Truth is, I LOVE to say "I told you so," but I'm so damn tired of it.
A glorious example of why you shouldn't trust AI. #sysadmin
looks like my old Intel Mac Air that I bought only for Vellum is about to become my main laptop. Which raises the most vital #sysadmin question when deploying a new laptop: sticker selection and placement.
#Linux #SysAdmin
RT: https://social.retroedge.tech/objects/1cd82a79-e198-4076-b00d-18cc27cb264d
Opération vide-greniers sur Proxmox ! 🧹
On fait de la place pour de nouveaux projets. Adieu les VMs qui dorment, on ne garde que le meilleur ! 💪
#Linux #Proxmox #SysAdmin #ProxCenter
3rd Party Provider for a mutual client got in touch regarding setting up a feature in a system they support
Them: "We can't get this configured, could you take a look?"
Me: takes look, gets same error, reads the documentation of the software product, finds out why, enable required settings "I was getting the same error, but then I read the documentation and we need to set these options..."
Them: "Oh, that's a nice find!"
It's effectively their documentation! They are the support provider for the product! IT WAS NOT A NICE FIND, IT WAS WRITTEN RIGHT THERE IN SIMPLE WORDS
Today's tech screw up:
I botched an upgrade on Zentyal, our Active Directory alternative. So, being a good sysadmin, I triggered a restore from our Veeam platform, which dutifully shut down the broken VM and began the restore operations.
Using a service account that's stored in active directory. The restore failed, and now I'm reconfiguring my backup software to use locally stored service credentials.
You live and learn!
Quand l'interface décide de faire grève... 😅 J'ai repéré un petit souci de chargement des contrôleurs JavaScript sur la dernière version de Password Pusher. L'issue est postée, plus qu'à attendre le fix des dev ! 🚀
#SysAdmin #Docker #OpenSource #DevLife #PwPush
Wusstest du, dass `find` und `xargs` zusammen echte Superkräfte entfalten?
find . -name "*.log" -mtime +30 | xargs rm -f
Löscht alle Logfiles älter als 30 Tage. Einmal als Cronjob eingerichtet und du denkst nie wieder dran. 🧹✨
Kleiner Tipp: erst mit `echo` testen, bevor du `rm` unleashed. Vertrauen ist gut, Terminal ist besser. 😅
I've used RustDesk to connect remotely to Uncle's computer to help him with stuff ever since TeamViewer enshittified.
I've been using the public RustDesk server, whose performance has gotten progressively worse. As performance has worsened they've been more and more aggressively begging people to self-host their own servers. So today I decided to do that.
#homelab #tailscale #rustdesk #synology #sysadmin (1/5)
Haack's Networking
Tolerating Cockpit on Debian
https://tech.haacksnetworking.org/2026/04/21/tolerating-cockpit-on-debian/
It began with tolerance and ended with adoption. Enclosed, please find my recipe for self-hosting Cockpit securely and conveniently !!
#selfhosting #sysadmin #linux #opensource #freesoftware #floss #debian #cockpit
Kleiner Reminder: `history | grep sudo` zeigt dir alle Befehle, bei denen du Root-Rechte hattest. Manchmal erschreckend, manchmal amüsant, immer lehrreich. 😅
Und falls da `sudo rm -rf` auftaucht – keine Sorge, du lebst noch, also hat's wohl geklappt.
@blackoutvpn ... this is why I use disconnect and pihole. Every time I use a VPN that VPN knows everything about me too.
Heute mal wieder stundenlang ein Open-Source-Tool konfiguriert, das eigentlich "einfach funktionieren" sollte. Aber weißt du was? Ich hab dabei mehr gelernt als in jedem Tutorial. 🔧
Das ist irgendwie das Schöne daran: Der Weg durch die Config-Hölle IST die Dokumentation.
(Der Kaffee war trotzdem alle.) ☕
That feeling...
You go into office room, pointing at one of network sockets on the wall and say to coworkers: Don't use this one, I am doing tests here. I reprogrammed this one to use other network.
Like you are some dark wizard with arcane powers to change fabric of reality... Or you hacked the simulation
boostedA punchline by @mwl again :)
sanity and self-respect - gregR ☯ - /usr/share/images
https://images.gregr.fr/2023-04-06-sanity-and-self-respect.html
#dns #sysadmin
Question to the #mail-admins here who have multiple servers and use #DANE. Let‘s say I have multiple servers and each server creates a wildcard-certificate for the same domain via Let‘s Encrypt. How are those TLSA-records handled? Or do you need a central certificate that gets distributed over all servers with a single TLSA-record? #email #unix #linux #bsd #sysadmin
The big problem with my hip keyboard is that I have to reach up and away to touch the mouse. Annoying.
Solution? My mouse rings have finally arrived.
#sysadmin nerd diagnosis: terminal.
(ETA: https://proloring.com/ -- not yet recommending because I haven't yet played with them much, but folks are asking so there you go.)
Lazyweb ( #sysadmin version), if you were to get a small scale external KVM over IP solution that also supported virtual media, do you have any particular views on what you'd get? We're looking at offsite machines we're going to need to reinstall someday with new OSes and that don't have good BMCs. One machine, 8 machines, it's all good if it has KVM over IP + virtual media.
(Yes yes PXE etc, that's more troublesome and challenging than using our existing install media remotely.)
Two nights ago I had a nightmare where I run an Ansible playbook that at some point rebooted network devices, without telling it which machine to apply to, so it run it on all of them, and there was no way to stop it.
Do you have failsafes in your tools for such cases?
Red Hat published RHSA-2026:7381 for CVE-2026-4631. The flaw is unauthenticated remote code execution in Cockpit. Cockpit is the default web console on RHEL 9, RHEL 10, Rocky, and AlmaLinux. CVSS 9.8. Cockpit passes hostnames and usernames from the browser straight to SSH, before any password check. One HTTP request to the login page runs commands as the server. Default on, web-facing, unauthenticated. Patch this week.
Michael T Babcock [https://en.pronouns.page/@bigntallmike] » 🌐
@mikebabcock@floss.social
Adam Savage learning about how evil #USB devices can be is a fantastic thing to watch.
https://youtu.be/OpcuqePIL7k
Le partage et l'open source, c'est ça qui compte ! 🐧
#Linux #OpenSource #SysAdmin #CronMaster #BlablaLinux #Traduction
🚀 Mise à jour pour CronMaster sur mon ByteStash !
J'ai optimisé le déploiement Docker pour plus de sécurité et de robustesse :
✅ Ajout d'un Healthcheck pour surveiller la disponibilité du service.
✅ Documentation plus précise pour la variable HOST_CRONTAB_USER (la gestion des utilisateurs cron n'aura plus de secrets pour vous).
Retrouvez le snippet complet et mis à jour ici :
👉 https://bytestash.blablalinux.be/s/a3a7439fb75fe126d1df250da5ee5c88
Bon déploiement à tous ! 🐧
#Linux #OpenSource #SysAdmin #CronMaster #BlablaLinux #Docker
The BSDCan 2026 schedule has been published, https://www.bsdcan.org/2026/timetable/timetable-all.html
You can register for the conference, which runs June 17 - 20, 2026 at https://www.bsdcan.org/2026/registration.html @bsdcan #bsdcan #ottawa #freebsd #netbsd #openbsd #development #sysadmin #devops #libresoftware #freesoftware
J'ai publié le snippet complet et prêt à l'emploi sur mon ByteStash :
👉 https://bytestash.blablalinux.be/s/a3a7439fb75fe126d1df250da5ee5c88
Bon déploiement à tous ! 🐧
RE: https://mastodon.bsd.cafe/@stefano/116396058506070034
Sometimes I start "battles" to convince "vibe coding devs" to actually learn something. Sometimes I succeed (especially with the younger ones), other times I don't (especially with the less young ones, who became devs precisely "thanks" to vibe coding).
What holds them back is often practical: they say things move so fast that stopping to learn something means "wasting time", since whatever they learn will be outdated very quickly anyway.
Maybe we've moved too fast and we're still moving too fast. I'm seeing worrying things, like stable projects implemented in Go that are "using AI" to progressively rewrite everything in Rust. Why?
Still, the fact remains that at least the basics should be there. To drive a car, even with semi-autonomous driving systems, you still need a license. So why isn't this considered necessary when writing the code for the system that will handle my sensitive data? Not a license, clearly. But, at least, some basic knowledge.
My week starts with a request: "I need a server to deploy to production, but the devs have no idea how to do it. They don't know how to use the terminal, they don’t know how to handle certificates, nothing. They need to be able to click a few buttons and deploy directly to production. They're Vibe Coding experts."
Welcome to 2026.
My week starts with a request: "I need a server to deploy to production, but the devs have no idea how to do it. They don't know how to use the terminal, they don’t know how to handle certificates, nothing. They need to be able to click a few buttons and deploy directly to production. They're Vibe Coding experts."
Welcome to 2026.
In the world of BSD conferendes, BSDCan 2026 https://bsdcan.org is next, on June 17-20 in Ottawa, Canada.
Read more about the BSD conferences in "What is BSD? Come to a conference to find out!" https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html #netbsd #openbsd #freebsd #conference #freesoftware #libresoftware #development #networking #sysadmin
🚀 Domptez le stockage S3 en ligne de commande !
Marre de passer par une interface web pour gérer vos buckets ? Je viens de vous pondre un petit guide sur le wiki pour configurer le client MinIO (mc) sur Debian. 🐧
C’est simple, c’est rapide et ça change la vie pour vos scripts de sauvegarde !
👉 https://wiki.blablalinux.be/fr/configurer-client-minio-mc-debian
Retrouvez l'ensemble de mes services sur https://blablalinux.be/mes-services-publics/
TIL
* GNU `tar` has options `--strip-components` and `--transform` to manipulate the resulting filenames.
Edit: it's a GNU extension.
current state of the ship at https://arcanechat.me
the system is working completely without pressure to accommodate the by now +13k passengers
only 22% of RAM used
only 9% of disk used
very low CPU used
#selfhosting #sysadmin #opensource #decentralization #digitalindependence #diday #privacy #encryption #sovereignty #european #europe #ArcaneChat #DeltaChat
Linux tip: Use the “setgid” mode bit on shared directories: “chmod g+s /shared/project”. New files will inherit group ownership, which prevents permission chaos between users.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
BREAKING: reportedly a baby was sighted successfully self-hosting a #chatmail relay after accidentally typing on the keyboard of unsupervised parent's laptop
#selfhosting #selfhost #decentralization #email #chatting #chat #encryption #security #security #humor #joke #meme #comedy #programmer_humor #sysAdmin
Personnellement je n'ai pas cherché d'usage (j'ai essayé de lui faire écrire une PSSI un soir de désespoir... ca n'a pas été concluant)
@devnull les paquets non purgés peuvent être listés avec la commande
apt list ~c
Pour les purger, il suffit de faire
apt purge ~c
https://manpages.debian.org/trixie/apt/apt-patterns.7.en.html
Linux sysadmin question (since it's no longer possible to find actual answers via search on the Internet):
How can I configure the PATH to *always* have a specific directory in it when a shell (Bash) is started, regardless of whether the shell is login/non-login, interactive/non-interactive, etc.?
The normal steps (adding a file in /etc/profile.d which adds to the path) work for login/interactive shells, but not for shells opened by sshd with a command to execute (no pty).
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.
I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layer
This is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
2️⃣ Le "Matrix by BlablaLinux" : Mon portail de liens a subi une mise à jour binaire. Une pluie de caractères alphanumériques et Katakana, aux couleurs de mes services et à vitesses variables !
👉 https://link.blablalinux.be
Alors, tu prends la pilule rouge ou la pilule bleue ? 🐧✨
#BlablaLinux #Matrix #SysAdmin #Nginx #WebDesign #AutoHebergement #Proxmox #OpenSource
boostedThe Defenestrated Edition has broken another stretch goal! Backers get a free copy of "Dear Abyss" immediately upon backing. Plus, I have to film me defenestrating the books and make the TWP documentation public.
Give your favorite Windows-hating #sysadmin the gift of knowledge while maintaining their open source purity.
EuroBSDcon 2026's call for papers is open, see https://2026.eurobsdcon.org/cfp/
Here is a direct link to the submissions form https://events.eurobsdcon.org/2026/submit/ew426G/info/
@eurobsdcon #eurobsdcon #openbsd #netbsd #freebsd #conference #development #devops #sysadmin #freesoftware #libresoftware
With #openbsd 7.9 now in beta and the release expected to hit in a few weeks' time, "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html may be due for a re-read. (And minor updates to come, certainly)
#openbsd #development #devops #sysadmin #freesoftware #libresoftware
NodeJS, for all the brilliant projects out there leaning on it, has a supply chain that might as well run the length of a dark alley permanently at 2am in the club district.
https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
Anyway, hope none of you good people are affected by this latest pox
Tonight, 22:45 UTC, I'm talking at NYCBUG. "What's Changed Since I Came This Way: A Talk that was supposed to be about #OpenZFS" #sysadmin #freebsd
In meatspace in New York City, and streamed online. https://www.nycbug.org/
Kleiner Reminder: `history | grep sudo` zeigt dir all die mutigen Entscheidungen von gestern Nacht. 🙈
Manchmal ist das beste Backup nicht die Datensicherung, sondern das Wissen, wann man `man` aufrufen sollte *bevor* man einen Befehl ausführt.
Lernt aus meinen Fehlern. Oder macht sie selbst. Ist auch eine valide Lernstrategie. 😅
It funded in 15 minutes?
Look. You people didn't read the description. This isn't SUPPOSED to fund well. This silly thing exists entirely so I can train my new helper.
If y'all support the Defenestrated Edition, you will make my life difficult. #sysadmin
2️⃣ Gestion à distance : allumez (WOL), éteignez ou redémarrez vos serveurs sans quitter votre canapé. Idéal pour votre facture d'électricité ! ⚡
👉 https://wiki.blablalinux.be/fr/gestion-alimentation-distance-proxmox-wol
À vos terminaux, et vive l'automatisation ! 🐧💻
#Proxmox #SysAdmin #Linux #OpenSource #BlablaLinux #AutoHost
oMailgw 1.0, un outil libre pour superviser des passerelles SMTP sortantes mutualisées
https://linuxfr.org/users/kepon85/journaux/omailgw-1-0-un-outil-libre-pour-superviser-des-passerelles-smtp-sortantes-mutualisees
#sysadmin #email
@fdroidorg how about you do some responsible journalism and read the part where Google won't stop you from side-loading whatever you want so long as you jump through a couple hoops to make sure you're not being coerced by a third party?
Are you being purposely ignorant or do you have an angle here?
Google has *very clearly* stated they won't prevent you from doing these things with a little hand-holding.
#technology #sysadmin
RE: https://framapiaf.org/@sebsauvage/116313774703216263
This article is quite interesting and I'm interested about the idea of #immutable #Linux, at least for end users. I found nothing official on the #debian wiki.
On Debian, I don't remember having often experienced myself upgrade problems, with more than 25 years using it. Not on stable at least. (because ofc I run #testing :)
I don't know much about Fedora but I had the idea that it was not *that* stable because of its bleeding-edge nature.
#sysadmin #desktop #desktoplinux #yearofdesktoplinux
#Linux #système
Les choix techniques fait par Fedora pour mettre à jour le système sont tout à fait intéressants.
https://www.howtogeek.com/fedora-quietly-solved-linuxs-update-problem/
(Même si en plus de 15 ans j'ai très rarement eu de problèmes avec Linux Mint, d'autant que j'ai toujours Timeshift pour faire un retour-arrière en cas de pépin.)
Quand ta stack Proxmox décide d'être très bavarde entre 9h39 et 10h29 ce matin... ☕️🤖
Résultat : une avalanche de notifications Gotify ! Mon téléphone a fait son sport pour le lundi 😂📜
👉 https://picsur.blablalinux.be/i/ee03af7b-ca00-4a94-bb0a-c29f41bed7ad.jpg
Bonne semaine à tous ! 💻🔥
#Proxmox #Gotify #Lundi #SysAdmin #SelfHosted
Wusstet ihr, dass `find` und `xargs` zusammen echte Superkräfte haben? 🦸
find . -name "*.log" -mtime +30 | xargs rm -f
Löscht alle Logfiles älter als 30 Tage. Einmal verstanden, nie wieder vergessen – und euer /var/log dankt es euch morgen früh. 🗂️✨
Aber bitte: erst testen, dann löschen. Mit `echo` statt `rm` schauen was passiert wäre. 😅
I wrote up my entire backup strategy for my servers across FreeBSD and Linux:
- ZFS snapshots with sanoid
- Off-site replication via syncoid to rsync.net (encrypted at rest)
- Proxmox Backup Server fronting Backblaze B2 for VMs
- A Podman trick for backing up RHEL hosts without native packages
- Dead man's switch monitoring
- Quarterly restore tests recorded with asciinema
Real configs included.
https://blog.hofstede.it/my-multi-stage-backup-strategy-zfs-proxmox-and-paranoia/
Finally, I managed to install and configure a graphical environment directly during a #FreeBSD installation session 🎉
Most of the friction was around GPU drivers, but the feedback and suggestions I received were incredibly helpful. A lot of people want to use FreeBSD on their laptops and desktops, and that really shows.
For now, the goal was to provide a simple option to install #KDE Plasma. If there’s interest and more requests, we can definitely expand this in the future with additional desktop environments and options.
Special thanks to the FreeBSD Foundation for their support 🙌
#RUNBSD #FreeBSDDesktop #FreeBSD #BSD #OpenSource #Unix #KDE #KDEPlasma #DesktopEnvironment #GUI #Laptop #Desktop #FOSS #Tech #SysAdmin #DevOps #OperatingSystem
@fdroidorg 😂 what hyperbole.
First is the falsehood that #Google had ever claimed #Android devices are the "best computing device[s] in the world that [do] everything."
Second, the fallacy that this definition would preclude a protected ecosystem like they propose. Apple? Most people prefer the safety it offers them.
Side-loading? Valid. Silly argument.
The new changes protect *most* users from themselves.
Best? Power users aren't being stopped at all. Its an inconvenience at best.
#sysadmin
Découvrez comment mettre ça en place sur le wiki :
👉 https://wiki.blablalinux.be/fr/sauvegarde-restauration-sqlite-multiservices-proxmox
#SelfHosted #Proxmox #SQLite #BlablaLinux #Backup #Linux #SysAdmin
New post: shell tricks that aren't exactly secret, but aren't always taught either.
Split into two sections: what works on any POSIX sh (FreeBSD, OpenBSD, Alpine...) and what's Bash/Zsh-specific. Because not everyone is on Linux with bash as their login shell.
Things like CTRL+W, $_, pushd/popd, fc, set -euo pipefail caveats, and more.
https://blog.hofstede.it/shell-tricks-that-actually-make-life-easier-and-save-your-sanity/
@drscriptt @monospace I got my workplace almost entirely converted to XML back when it was "fresh" and then JSON took over and we've mostly avoided the shift.
Explaining to people why I prefer XML over JSON when they're too young to understand the move from CSV is just hard.
#greybeard #sysadmin
@drscriptt @monospace its very handy when looking for specific connections, or frequently in my case, connections not coming from specific subnets:
```ss not src $LOCALNET/24 dport :587```
But those more 'interesting' commands I've just saved to mini ~/bin/ scripts so I don't have to type them and frequently forget the syntax.
u wot m8?
> Most modern operating systems include cURL by default. On Windows, use 'cmd' since in powershell curl is added as alias for Invoke-WebRequest (Microsoft.PowerShell.Utility)
Let me get this straight: Microslop decided that it makes total sense to have a "curl" command that in PowerShell is a different thing than the standard "curl" available in `cmd`?..
Ffs. I have no words.
I used ‘find’ on a Linux server today.
find /path/to/directory -type f -mtime +365 -delete Yes, I had to look up the flags to make it do what I wanted it to. I do not have them memorized.
#Linux #SysAdmin
RT: https://floss.social/users/mikebabcock/statuses/116284712899761792
One of the most powerful commands on your #linux system is 'find' ... and one of the most annoying commands on your system is also find.
Do you need to use -and between parameters?
Did you specify the right #regex type before -regex search? And "./"?
Can you remember the before and after date syntax?
If you want to do something to a certain subset of files, find is probably the right way. And you'll spend fifteen minutes fixing the command-line before getting it right.
@thenewoil and yet, passkeys are still single-source authenticators. As a result, they are not as secure as proper 2FA systems, simply better than passwords alone.
#security #sysadmin #fud
@monospace `ss -lpn | grep :8080` is my goto personally. I find it much more robust and fast. ymmv.
#linux #sysadmin #networking
@geerlingguy as a guy who's been building his own routers professionally for decades now, this is great advice. Also its really quite easy (and always has been with the right knowledge).
Just PLEASE don't run additional software on your routers. Run them on a device *behind* the router. You'll thank me eventually.
#firewall #router #sysadmin #networking
One of the most powerful commands on your #linux system is 'find' ... and one of the most annoying commands on your system is also find.
Do you need to use -and between parameters?
Did you specify the right #regex type before -regex search? And "./"?
Can you remember the before and after date syntax?
If you want to do something to a certain subset of files, find is probably the right way. And you'll spend fifteen minutes fixing the command-line before getting it right.
#Linux security best practice: Create system user accounts for services that can’t be used for login: `useradd -r -s /sbin/nologin servicename`
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
Envie de l'auto-héberger sur votre Docker/LXC ? Voici mes snippets Compose tout frais sur ByteStash :
Version Persistance (API) :
https://bytestash.blablalinux.be/s/4f7a1a645f316457803c94cd237ee388
Version Sandbox (Démo) :
https://bytestash.blablalinux.be/s/dcdcfa327c4d5f666a96b963d19d99de
Projet source sur GitHub : https://github.com/rackulalives/rackula
Amusez-vous bien avec vos baies !
#SelfHosting #Docker #Linux #Rackula #BlablaLinux #SysAdmin #Proxmox
Running a FreeBSD server with two independent uplinks?
My latest deep dive covers how to mix a physical provider and a BGP tunnel to serve NAT'd, routed, and pure public jail traffic on a single bridge.
We break down Dual-FIB policy routing and show you how to use PF's rtable and reply-to directives to fix asymmetric routing and keep traffic strictly separated.
Policy routing done right: https://blog.hofstede.it/dual-fib-policy-routing-on-freebsd-two-upstreams-one-server-zero-confusion/
Kleines Terminal-Reminder für einen entspannten Nachmittag:
`htop` zeigt dir, was deinen Rechner gerade ausbremst.
`df -h` zeigt, wo der Speicher hingeflossen ist.
`ss -tulpn` zeigt, welche Dienste lauschen.
Drei Befehle, und du weißt mehr über dein System als die meiste proprietäre Software dir jemals verraten würde. 🐧
🚀 Défi accepté !
Un grand merci à l'équipe de https://www.proxcenter.io/ pour la licence d'évaluation : 10 nœuds à tester, mais seulement 10 jours au compteur ! ⏱️
Le marathon commence : tests, article de blog et vidéo en approche. Je vais pas chômer ! 🐧💻
#ProxCenter #Proxmox #Linux #SysAdmin #BlablaLinux
Der Bewerber für die eine (viel zu wenig) ausgeschriebene Stelle als Linux-Administrator kommt nächsten Mittwoch.
Er ist im dritten Lehrjahr bei einem IT-Dienstleister, der wohl - allgemein(?) - keine Azubis übernimmt.
Er hat in seinem CV ganz schön aufgeschnitten (verglichen mit meiner ersten Bewerbung nach der Ausbildung).
Angeblich ist er Jack of all Trades, was Ansible, Git, Container, Linux, CI/CD Pipelines und Kubernetes angeht.
Bei uns ist das zweite Vorstellungsgespräch das fachliche und die Bewerber liefern eine Probearbeit von ca. 1,5 Stunden ab.
Ich denke mir noch was aus um seine Kenntnisse abzuklopfen.
Orientiere mich wahrscheinlich an den Red Hat-Prüfungen, die ich abgelegt habe.
It's not often you see a CVE perfect 10.
Anyone with a #Ubiquiti #Unifi network needs to update their Network controller immediately.
🚀 BentoPDF version BlablaLinux est en ligne !
Instance 100% optimisée :
✅ SEO : Sitemap et robots.txt 100% locaux.
✅ Réseaux : Vignettes Open Graph corrigées (logo BlablaLinux).
✅ Perf : Support WASM & Gzip activés via NPM.
✅ IA : Blocage centralisé des bots.
✅ Branding : Intégration complète.
À tester ici :
👉 https://bentopdf.blablalinux.be
#Linux #OpenSource #BentoPDF #SelfHosted #BlablaLinux #SysAdmin
I just finished an amazing call.
The person I was talking to was trying to explain to me that Docker is an entire operating system, so he doesn’t want Linux or any of the BSDs, but Docker. I explained that, in order to run Docker, you need a kernel.
"No, you don't. Docker does everything on its own. If you think that, then you don’t really understand operating systems."
I told the guy that I couldn’t help him, since I'm not experienced enough with operating systems. He was a bit disappointed, but we said goodbye on friendly terms.
I'm used to recognizing when I'm too ignorant for the person I'm talking to, and I'm happy to step aside.
Ah, Debian. Add a disk and you yet again renumber your network interfaces. #sysadmin

boostedTon disque dur USB joue à cache-cache ? 🛑
Ras-le-bol des erreurs "Input/Output" en plein milieu d'une sauvegarde ? 😫
C’est souvent juste Linux qui veut faire des économies d’énergie un peu trop agressives !
Apprenez à garder vos disques "éveillés" et vos backups en sécurité avec ce nouveau guide step-by-step 🛠️🐧
👉 C’est par ici : https://wiki.blablalinux.be/fr/stabiliser-disques-usb-autosuspend
En attendant de voir si ça finit en article ou en vidéo, je vous ai déjà préparé le terrain. Si vous voulez le déployer proprement (testé et validé en LXC Docker), mon Docker Compose et son fichier .env sont dispos sur mon ByteStash.
🌍 Site officiel : https://proxcenter.io
🔥 Le snippet ByteStash : https://bytestash.blablalinux.be/s/849d4b39f08647dbff1cfee83d681f2f
Affaire à suivre... 😏
#Proxmox #HomeLab #Docker #SelfHosted #ProxCenter #BlablaLinux #SysAdmin
Easy way to kickstart a runbook: Log actions with “history | tail -20 | tee file.md” to capture recent commands, then add explanations.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
I have been suggested that the company I'm working is not doing well. Than and a push for AI is telling me it's maybe time to move on.
What am I? Currently I'm doing #Python, #SysAdmin, GitHub/GitLab admin (yes, both), some Kafka, used to do some Postgres (now we have a DB team), Ansible and more.
Edit: more info: https://en.osm.town/@mdione/116302423501761728
What do I want? No AI, no gambling, no blockchain. In #Marseille or remote. I can invoice abroad, but I would rather be an employee.
1/
Why I love FreeBSD
A personal reflection on my first encounter with FreeBSD in 2002, how it shaped the way I design and run systems, and why its philosophy, stability, and community still matter to me more than twenty years later.
boostedBug-for-bug compatibility is great, but having an actual feedback loop into enterprise Linux development is better. I wrote about my experience running CentOS Stream in production, how it handles security updates without the rebuild lag, and why the upstream model beats the old CentOS way.
https://blog.hofstede.it/why-i-prefer-centos-stream-over-old-centos/
You just provisioned a fresh Linux server. Within minutes, the SSH brute-force bots will arrive.
There are too many ways to build a firewall in Linux. I wrote a practical guide to the four major tools: iptables, nftables, firewalld, and ufw, including their mental models and deployable configs.
Also includes a deep dive into the "Docker Trap" (why Docker silently bypasses your default-deny rules) and how to fix it.
(And yes, I still spend the intro and conclusion reminding everyone that FreeBSD's PF is the undisputed king of packet filtering. Let's argue in the replies.)
Read it here: https://blog.hofstede.it/linux-firewalls-how-to-actually-secure-a-cloud-server-iptables-nftables-firewalld-ufw/
#Linux #Sysadmin #DevOps #Security #Netfilter #Docker #Networking
🚀 Mises à jour en série chez BlablaLinux !
SearXNG, 2FAuth, Gitea, StirlingPDF et plein d'autres services sont tout frais, tout beaux... mais ce n'est même pas moi qui ai bossé ! 😎
Merci qui ? Merci Watchtower ! 🤖🐳
Retrouvez tous mes services ici :
👉 https://blablalinux.be/mes-services-publics/
#BlablaLinux #AutoUpdate #Docker #Watchtower #SelfHosted #LogicielLibre #SysAdmin #Linux #Debian #Proxmox #LXC
Tonight I'll be trying to set up a runner for Gitea actions. I hope to get it to "build" docker images automatically on changes, then publish them to Gitea's container image registry: https://docs.gitea.com/usage/packages/container
It'll be the first time I've worked with gitea actions and gitea runners, so lots of trial and error to be had!
Alright, here we are. The decline is accelerating.
An IT manager at a client company, someone capable I've been collaborating with for years, recently hired three new developers. However, he asked me for a Linux server instead of the usual FreeBSD because "that way the devs can move faster, AIs can't produce valid results for BSD systems".
Given our relationship, I called him and told him I disagreed. Somewhat bitterly, he replied that these guys had been "imposed on him". They're polite and willing, but completely lacking any real programming principles. They are "experts in vibe coding", and for management that's more than enough.
In other words, we're not supposed to build a working and efficient server anymore, but a vibe-coding-friendly one.
My instinctive reaction was to ask him whether, when a data breach eventually happens, because sooner or later it will if the people writing the code neither write nor read code, they'll be able to tell the authorities that the data controller was an AI.
He didn't say anything else and thanked me. Maybe, and I stress maybe, management will understand that.
Échec et mat !
> Check Point ThreatCloud flags whole cloudfront.net... - Check Point CheckMates
> False positives can happen and do happen from time to time. Normally I would not create a CheckMates post for that.
https://community.checkpoint.com/t5/General-Topics/Check-Point-ThreatCloud-flags-whole-cloudfront-net-as-phishing/m-p/271664#M45533
#dns #sysadmin #infosec
My oldest still running server ..
HP ProLiant DL120, installed in May 2012 with Debian 7 Wheezy, even before systemd was a thing.
Continously upgraded up to Debian 12 Bookworm.
Former Mailserver, Blog Server, Photo Gallery, Git Forge ..
5 SAS Hard disks were replaced over the years. Other than that, it just worked since 2012.
root@helium:~# # Farwell old friend. You served well! See you in the nether.
root@helium:~# poweroff
Broadcast message from root@helium.edelga.se on pts/1 (Wed 2026-03-11 18:21:28 CET):
The system will power off now!
Shared connection to helium.edelga.se closed.
🥺
Trying some traffic shaping on my PFSense box today.
The idea is to give priority In/Out of the internet to traffic that directly affects the wife and I.
HTTP/S, VoIP, Streaming Media, etc are all prioritized over other things such as Steam downloads, Linux ISO downloads, etc.
With any luck, this will make our daily usage smoother by limiting the amount of bandwidth taken up by lower-priority services.
We've got a DnD session tonight (with the VTT hosted by me) with the traditional discord voice chat, so we'll see if that makes a difference!
Linux tip: Use “ss -tuln” to check for open ports. Filter specific port numbers by adding “| grep :80”, for example.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
RE: https://mastodon.social/@dzwiedziu/115570876140855775
Sooo, remember my most boosted post of #wrapstodon 2025?
I'm still unemployed, now facing moving out of France by the end of April.
Recap: jack of all trades #Linux sysadmin, with broad, 10y+ experience in system and applications administration. Preferred location would be #Strasbourg or fully remote or as a mentee for #freelance with #ADHD.
(Please clap, I mean boost 🔁)
If you want to raise your shell scripts to a new level, give this a try! It'll give useful feedback on the style of your shell code and on possible issues with it.
PS: Know when to switch to a proper programming language.
J'arrive pas à booter sur KVM une VM récupérée d'une sauvegarde Proxmox, qu'est-ce que je fais mal ?
La sauvegarde était en vma, elle a été convertie en raw, je l'ai convertie en qcow2, je fais l'importation comme le tutoriel le dit mais j'obtiens soit "no bootable disk" (en BIOS) ou juste un shell UEFI (en UEFI).
Marre de stresser pour vos données ? 😱
Si Timeshift s'occupe de votre système, il ne faut pas oublier vos fichiers perso, vos sites web ou votre Nextcloud ! 🎯
Nouveau guide sur le Wiki BlablaLinux : un script Rsync universel pour tout sauvegarder proprement, avec des alias simples et des logs automatiques 🐧💻
👉 Tout est là : https://wiki.blablalinux.be/fr/sauvegarde-donnees-script-rsync-universel
If your terminal ever gets confused by random control sequences, for example after you accidentally output binary data, there's a good chance you can restore order with the `reset` command.
D'ailleurs, l'instance Papra BlablaLinux tourne déjà avec toutes ces optimisations !
✅ Le labo (mis à jour) : https://papra.blablalinux.be
✅ Le Docker Compose complet : https://bytestash.blablalinux.be/s/c696e234a3d12996b9d6821d8c684b06
Fini les "je n'ai pas reçu le mail" et les serveurs encombrés, tout roule ! 🐧🔥
#SelfHosting #Linux #Papra #OpenSource #SysAdmin #BlablaLinux #Docker #Automation #Productivité
@SecureOwl I'm so sorry to the few honest ones but the entire #cybersecurity industry feels so corrupt and gross these days. All these "insurance" companies with their own remediation teams they pay out of your insurance plan? Ew. It would be illegal in any other industry.
So do fake message robocalls surprise me? Not at all.
#sysadmin
The /proc filesystem was a genius idea giving the #sysadmin direct control of the Linux kernel. In this article, David Both explains how to change kernel parameters at runtime.
Optimiser, c'est bien. Comprendre pourquoi on le fait, c'est mieux ! 🧠
J'ai ajouté une section spéciale sur le Wiki pour expliquer mes choix de compression (résolutions, bitrates, CPU).
Pourquoi 3468px ? Pourquoi 6000k ? Je vous déballe toute ma logique basée sur mes propres tests réels 📈💻
Tout est détaillé ici :
🔗 https://wiki.blablalinux.be/fr/optimisation-automatique-medias-nextcloud#pourquoi-ces-réglages-de-compression