The scp command lets you securely copy files between hosts over an SSH connection.

Some of you might think scp is deprecated but in fact what’s deprecated is the scp protocol, not the command itself. The command now uses a more secure sftp protocol by default

Here are some of useful scp command examples 😎👇 #sysadmin

Find high-res pdf books with all my #linux and #cybersecurity related infographics from https://study-notes.org

#askFedi does anyone know of a list of IPs to block for web scrapers, big tech, and/or anything LLM related? I understand that I won't be able to block them all, and I understand there probably isn't one comprehensive list I can copy, but if any web hosters have a preferred list that blocks a significant amount of non-legitimate bot traffic without blocking humans who just want to use the site, I can take a look at as many lists as I can get a hold of!
#webHosting #sysAdmin #ipBlocking #nobot

If you're looking for audio podcasts about Linux, open source software, systems administration, development, and or cloud then check us out!

https://latenightlinux.com/

Our shows are short and to the point, and we don't shy away from politics when the topic inevitably comes up.

#podcast #linux #opensource #development #sysadmin #cloud

What should I do guys? 🤔

#sysadmin #networking

Thinking about migrating from Linux to the rock-solid security of FreeBSD? Our expert training is designed for you. Learn BSD fundamentals, command differences, and how to harness ZFS.

Start your journey with confidence!

https://bastillebsd.org/training/

#FreeBSD #Training #runBSD #SysAdmin #DevOps #BastilleBSD

Today while training some sysadmins I shared this real photo of ancient Greek engineers configuring a mailserver.

On the left the brave engineer is trying to stop unauthorised pipelining through the MTA as their knee is viciously attacked by a subtly broken DKIM key. Meanwhile, their co-sysadmin is hammering away at a perfectly good Postfix sender restrictions policy, screaming "It's not DNS!", while bitten by a PTR record quietly hissing "It'ssss DNSssss".

#sysadmin #selfhosted

Alt...

Ancient Greek artwork painted onto the side of a ceramic vessel featuring two warriors (one of them Heracles) battling a Hydra.

How is it m68k Macs came to have a reputation for superior stability relative to Windows PC's of the era, despite the limits of classic MacOS's memory manager? How much was clever marketing and how much was reality?

#macos #classicmac #windows #sysadmin #retrocomputing #m68k #m68kmac

Use `sed -n '100,200p' largefile.txt` to extract specific line ranges without loading the entire file into memory. Much faster than `head -200 | tail -100` for large files or when targeting middle sections.

🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/

#Linux #SysAdmin

Remise en état du NAS

https://ludovic.hirlimann.net/2025/11/remise-en-etat-du-nas.html

#nas #zvault #sysadmin #homenetwork

Just installed good old trusty `trac` https://trac.edgewall.org/on my system. I'm deploying with Ansible and on a VM, and it was failing while setting the locale. It needs `LC_ALL` set, which for some reason was not set in my system. Set it with `update-locale LC_ALL=en_US.UTF-8`.

#HomeLab #SysAdmin

Je dois choisir mon futur bureau d'enregistrement (transfet) pour 2 domaines persos, sachant que je gère moi même mes ND et zones, je ne m'intéresse pas du tout à cet aspect de leurs offres, éventuellement aux API ou possibilités de mise à jour des enregistrements ns, ds, glue...
Pour les arguments ou d'autres propositions, je n'ai que 4 choix donc ne pas hésiter à laisser une réponse...
#sysadmin #dns

Remise en état du NAS

https://ludovic.hirlimann.net/2025/11/remise-en-etat-du-nas.html

#sysadmin #nas #zvault

You know what... Vagrant. I have heard about this for I don't know many years, but never actually understood what it is.

Today I finally learned it. I feel... stupid for not knowing. It's amazing! 🙂

#SysAdmin #Vagrant

What is the difference between docker and docker-compose

Thanks to @SeaGL for the opportunity to present and thanks to @TheyOfHIShirts for the nice recap. Here's the video from today: https://content.haacksnetworking.org/w/nsMwnJhLnfMrs17W5cAdWg #sysadmin #selfhost #selfhosting #gnulinux #linux #freesoftware #floss #opensource 🙏🏼

Yeah, so I have trouble with my backup.
You see, the USB HDD enclosure I use seems to sometimes disconnect drives. And because I can't seem to be able to disable write cache to them, that inevitably looses some data. The problem is I use #Btrfs and it assumes the write order to disks is kept. Interrupted write cache might violate that. So I have 500+ corruption errors in my Borg repository. Borg crashes during a repo check, but I can still backup to it and mount archives...
#borgbackup #sysadmin

Advice needed: I want to set up #Linux Kiosk PCs. Users must log in with a card ID and password that are verified via a PHP webservice against a MariaDB.

The challenge: I need the Linux desktop login (e.g., via a Display Manager like LightDM/GDM) to authenticate against the custom remote service.

How can I implement this? Custom PAM module? Python-pam? Scripts?🤔

#PAM #linuxhelp #KioskMode
#Authentication #webservice
#PHP #Sysadmin #Python #foss #OpenSource

tfw you can't get the verification code sent by your health insurance company to your email because the IP address it's coming from is listed in Spamhaus AND the email they're sending violates their enforcing DMARC policy. *sigh*
#infosec #DMARC #Spamhaus #SysAdmin #EmailAdmin #healthInsurance

Does anyone know of an easy way to run #Anubis in front of a small static site?

It should be straightforward, low maintenance and affordable for someone who has no experience running anything that's publicly accessible

I'm imagining the standard scenario is a rented VPS and manually configuring Anubis + nginx + SSL/TLS but I'm looking for something simpler

#AskFedi #webhosting #sysadmin #selfhosted #nginx #vps #AntiAi

When I use a rolling TOTP just after it expired but it still works due to the server side tolerance window.

#InfoSec #CyberSec #SysAdmin

Alt...

Starwars scene where Vader asks if they have a code clearance. Response is it's an older code but it checks out.

😉

2.5 Admins 272: NVMe Surprise

Why you should seriously consider buying refurbished hard drives, why drives might be lasting longer than they once did, Jim’s M.2 NVMe drive died at an inopportune moment, using multiple partitions on disks with ZFS.

https://2.5admins.com/2-5-admins-272/

#podcast #sysadmin

Alt...

2.5 Admins artwork

Rebooting a server is the perfect way to figure out all the routes you added manually while setting itup, but forgot to put in configuration.

#sysadmin

Me: I'm gonna write #openzfsmastery in order. No bouncing around in the manuscript, just clean text from beginning to end!

Also me: My test host needs the new compatibility flag for the root pool. I guess I better jump ahead four chapters and write that. #sysadmin #writing

I just had issues with upgrading to the latest #NextCloud. In short, the GroupFolders app was not compatible with the new version and somehow broke everything. Had to disable the app, tried to update al apps (including GF, but that one failed), then finished the NC upgrade, then finished updating all apps, then reenabled the app.

Blog post with more details soon.

#SysAdmin

Trying to `diff` some YAMLs. Plain `diff`'s output is confusing because it splits blocks in the middle and at some point all blocks are marked with diff because the drift is so big it can't keep up. `difftastic` is syntax aware, but it marks additions, changes and removals with color, so redirecting the output to a monochrome output file to do some manual massaging in a text editor is impossible. Anything in the middle?

#developer #SysAdmin

Oh, finally! I was getting genuinely worried this week: up until now, no one had told me yet that 'we need moooar powaaaar'.
Obviously, it wasn't needed: if you keep spawning threads without checking if the previous ones have finished, generating a deadlock (even at zero load) but locking up the application, 'moooar powaaaar' won't solve anything

#IT #SysAdmin

Linux has no fstat(1) command? How do #Linux admins access that information? Just reach straight for lsof? #sysadmin

[ETA: yes, lsof. Why use a scalpel when you have a chainsaw? Okay, fine, whatever, moving on...]

Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.

One simple ruleset gives you automatic brute-force protection with ZERO userland daemons. No log parsing, no reaction delays, no additional attack surface.

table <bruteforce> persist
pass in proto tcp to port 22 flags S/SA (max-src-conn 5, max-src-conn-rate 3/30, overload <bruteforce> flush global)

Kernel-level enforcement, instant blocking, survives reboots with persist.

Why spawn Python processes when your firewall already knows?

#bsd #freebsd #runbsd #firewall #pf #sysadmin

okay. #n4sa2e book production is complete. Time to get on #openzfsmastery.

Which means seriously getting to grips with #bhyve.

Did some bhyve experimenting a couple weeks ago. Got FreeBSD installed just fine. Debian with ZFS, not so much.

So this week it's go back, one step at a time. Install base debian with grub, does it work? Then UEFI, then ZFS secondary disk, then root on ZFS.

This morning's install ends with a console saying:

grub>

#sysadmin

The Debian installer wrote grub to disk, but... didn't configure it? Huh.

Time for some classic #sysadmin headdesking.

This is part of my weekend fun. Coffee stains included.
The two Raspberry Pis are powered by NetBSD, the mini PC by illumos/SmartOS, and the two APU boards by FreeBSD.

#NetBSD #FreeBSD #illumos #SmartOS #IT #SysAdmin #HomeLab #RaspberryPI

Alt...

A top-down shot of a small computer setup on a tan surface with some visible coffee stains. In the upper left, a silver mini-PC is partially visible, with a black USB stick plugged into its side. Below the mini-PC, a black USB to TTL serial adapter is connected to and powering a Raspberry Pi A+. The Raspberry Pi Zero W is connected to and driving a 2-relay module. The Raspberry Pis are running NetBSD, the mini-PC is running llumos/SmartOS, and the two, slightly visible APU devices are running FreeBSD.

Proper FreeBSD system hardning :)
(all for sysctl)

security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processes

security.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)

security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debugging

security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/group

kern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)

security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modules

sysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removed

This can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.

#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin

I just blocked the entire 47.79.0.0/16 subnet from my server because it was querying hundreds of nonsensical pages from my web server using a bogus user agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36.
Each subsequent request was sent from a different IP address in that range to evade rate limiting. I've learned this IP block is owned by Alibaba Cloud LLC, good riddance.

#SysAdmin #SystemAdministration

Yesterday I completed the migration from Authentik to Pocket ID on all of my homelab services!
I also included Tinyauth to link OIDC to a service without a login page.

Today, there was a part of me that silently made me think that get rid of my secondary domain and buying a new one was a good idea.

So here I am. Melting on the sofa after 10 hours of Ansible, OIDC clients, creating users, tweaking config files, VPN, Jenkins security and jobs configurations, plus your regular system administration.

Oh, did I mention that it was supposed to be my day off? 😅

#homelab #selfhost #selfhosted #selfhosting #sysadmin #systemadmin #linux #linux #ansible #oidc #vpn #jenkins #sso

Does someone know a good article/tutorial about setting up SDN (software defined network) on #Proxmox ? It’s quite new and not very well documented yet. #sysadmin

unbound, tcpdump, pihole-FTL

and it was something completely unrelated

not really, but quite.

#sysadmin #homelab #linux #troubleshootingSkills

Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)

Read it 👉 https://newsletter.nixers.net/entries.php#311

“There are no life hacks, only trade-offs.” — James Clear

#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers

Script d'automatisation des mises à jour des VMs et LXC Proxmox avec notification Gotify
Wiki : https://wiki.blablalinux.be/fr/script-update-lxc-vm-gotify-proxmox
ByteStash (Code) : https://bytestash.blablalinux.be/s/0599b82399cf5db305dd6ded8e1bd0a4

#Linux #SysAdmin #Proxmox #Gotify #Automatisation #MiseAJour #BlablaLinux

Il existe des milliers de façons d'arriver au même résultat, et certaines sont sans doute meilleures que les miennes.

C'est pourquoi je vous le dis : vous êtes libres de prendre, d'adapter ou d'ignorer complètement ce que je publie. Vous êtes les maîtres à bord ! 😉

Prenez ce qui vous sert, et jetez le reste !

#Transparence #Tech #SysAdmin #OpenSource #BlablaLinux #Code #DevOps

J'espère vous y retrouver ! 👌

#Linux #Cyberlettre #Listmonk #BlablaLinux #TechNews #SysAdmin

Utiliser des variables CSS pour modifier la couleur primaire (--override: #MaCouleur) et le tour est joué !

Fini le look standard, place à la personnalisation profonde : ➡️ https://wiki.blablalinux.be/fr/wikijs-html-head

#WikiJS #CSS #Customization #Theme #WebDev #SysAdmin

Je ne veux pas laisser mon serveur en mode "presque à jour".

Le guide complet pour installer et configurer l'update automatique de votre PBS, sans crash surprise : ➡️ https://wiki.blablalinux.be/fr/update-pbs-script-cron

#Proxmox #PBS #Linux #SysAdmin #Automation #Cron #Backup

Me: "Look. I wrote the book on sudo. Don't just go 'sudo bash'--it's bad practice."

Also me: "sudo tcsh" #sysadmin

`"status":200.0` is... _sigh_

#HTTP #SysAdmin

Yesterday evening I couldn't use my Netatmo thermal control. I was blaming the changes I was performing in the home network but it seems it was a global #Azure outage.

I think it's time to revamp my old, pre 2010 python program that served me well for years.

#Outage #IT #SysAdmin #OwnYourData

Alt...

Old man yells at cloud - with me instead of Abe

Before anyone mentions how reliable Google Cloud is, here's a massive outage from June this year:
https://www.cnbc.com/2025/06/16/google-cloud-outage-apology.html

And from October last year:
https://status.cloud.google.com/incidents/e3yQSE1ysCGjCVEn2q1h

#SysAdmin #Outage #Gatekeepers

You will not believe the trick-or-treat trick Microsoft just pulled!

#Microsoft #Azure #Outage #SysAdmin

Alt...

Screenshot of downdetector.com showing Azure and dozens other large services experiencing problems.

Oh good god the AI trap on the inkscape website has twelve million hits. That's the hidden url that bots are told not to index, but ai bots LOVE to hit that thing.

But attacks continue to increase.

I'm going to have to decide if I need to block t-mobile and other mobile carriers because of all the malware on android phones being used as ai bot sources.

#foss #floss #sysadmin #ddos #ai #inkscape

New blogpost: Using a SSH config: https://h3artbl33d.nl/blog/using-a-ssh-config

#OpenBSD #OpenSSH #SysAdmin

I'm working on some interesting stuff this morning, and I'm really enjoying it. So far, no calls about yesterday's issue, which is reassuring.

But I did get a new call, awaiting a follow-up: a few months ago, I sent a (low-cost) quote to modernize a network stuck 20 years in the past. This included new routers, 4G failover (which they currently lack), transitioning from a PPTP (!!!) based VPN to WireGuard, and using IPsec and/or WireGuard for site-to-site connectivity (which is currently handled in a way I'm embarrassed to even mention).

I've been managing some servers for them for a few years (not in the right way, IMO, and there's a plan to fix that too), and they were enthusiastic about my project (and how cost-effective it was, thanks to choosing the right hardware).

Today's call: a colleague who works with them told me they're reviewing a quote this morning for a "professional", "AI-powered" (and hyper-expensive, with recurring fees) firewall because my proposal is supposedly "too basic to be effective".

If they go that route, that's their choice, but I'm always baffled by how the grass is always greener -trusting the first stranger who shows up with buzzwords and pointlessly expensive products.

On the flip side, this afternoon I have an on-site visit with a potential new client who, and I quote, "prefers to spend money on consulting for open-source products than on useless licenses".

Just for that attitude alone, I'm going to offer them extremely favorable terms if the premises are right.

Anyway, it's only 9:20, but the day is already shaping up to be quite interesting.

#IT #SysAdmin #Consulting

Try not to be the reason they needed to install mollyguard

A friendly reminder for no reason at all :)

#GeekHumor #sysadmin

changeme. A default credential scanner

About a year ago, a client I've worked with for over fifteen years informed me that some of their "less critical" servers would be migrated to $CLOUDPROVIDER. According to them, this provider would guarantee an efficient management panel, "more freedom for their devs", and lower costs. This didn't impact me financially but, on an ethical and personal level, I warned him about the potential problems. Yet they decided to move forward, aided by the arrival of $YOUNGDEV who "has worked with it, it's reliable, and everything works fine". Again, I warned them (where are the backups? A disaster recovery plan? etc.) but they insisted: $CLOUDPROVIDER is efficient and gives us everything.

I studied their plan and immediately understood that their "cost-cutting" strategy wouldn't work: I know their workloads, and the plan they chose was insufficient. Needless to say, a few days later they went down and had to make an "emergency" purchase of the next tier up. The cost? Higher than their previous server infrastructure.

I heard nothing more about these workloads for almost a year but my monitoring tools still were marking them down, from time to time. Then, I get a phone call this afternoon. $YOUNGDEV asks me for support. He doesn't explain, but I immediately understand it's one of those workloads. A serious problem, and they don't have a backup of the database. They don't have a test environment to run diagnostics. The DB is very large, and they don't know what to do. My predictions - not even my worst ones - had come true.

I was running between two appointments. I only remarked that this situation could have been avoided and that it's not something I manage or can manage, but I nonetheless suggested we sync up tomorrow morning. I'm not going to get my hands dirty, but still, $YOUNGDEV is in trouble, and I offered to take a look to suggest a strategy. I then asked for the access credentials to $CLOUDPROVIDER, considering that up until a year ago, I managed all of these workloads. He replied that he "doesn't know if he can give them to me" and that he "would have to ask his bosses". I pointed out that if he wants my help, I need something - I don't even know how $CLOUDPROVIDER grants access to data (or if it does) - how can I give him advice?

It's 18:30 and I have received nothing. Tomorrow morning, if the phone rings, I will answer, but at this point, I won't do anything. I prefer, albeit reluctantly, to completely end the relationship with this client.

If this is the price of dignity and respect, I'll gladly pay it.

#IT #SysAdmin #HorrorStories #OwnYourData

TLDR; En Linux Debian, no se pueden instalar paquetes con npm globalmente en el sistema (npm install -g) sin usar sudo. Es una medida de seguridad necesaria que puede provocar problemas de permisos para usuarios sin permisos sudo cuando algún paquete se instala globalmente usando sudo, o que implica tener que instalar cada paquete como dependencia de cada repositorio. Esto puede tener sentido con dependencias del proyecto que se está desarrollando, pero no tanto con paquetes del entorno de desarrollo que se usan en todos los proyectos (linters, revisores de código, typescript…). Esto se soluciona usando nvm que permite crear un entorno Node.js específico para cada usuario del sistema, de manera que los paquetes instalados globalmente son globales para el usuario que los instala. nvm se puede instalar sin usar sudo, así que un usuario no necesita contactar al administrador del sistema.

Instalar Node Version Manager (nvm)

En el repositorio oficial de nvm se puede descargar un script de bash que descarga nvm y añade la configuración necesaria al archivo de perfil del usuario (~/.bashrc, ~/.bash_profile, ~/.zshrc, o ~/.profile). Es recomendable consultar el repositorio para instalar la última versión. En el momento de escribir este tutorial era la 0.40.3:

$ wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash=> Downloading nvm from git to '/home/skotperez/.nvm'=> Clonando en '/home/skotperez/.nvm'...remote: Enumerating objects: 383, done.remote: Counting objects: 100% (383/383), done.remote: Compressing objects: 100% (326/326), done.remote: Total 383 (delta 43), reused 180 (delta 29), pack-reused 0 (from 0)Recibiendo objetos: 100% (383/383), 391.78 KiB | 2.67 MiB/s, listo.Resolviendo deltas: 100% (43/43), listo.* (HEAD desacoplado en FETCH_HEAD)  master=> Compressing and cleaning up git repository=> Appending nvm source string to /home/skotperez/.zshrc=> Appending bash_completion source string to /home/skotperez/.zshrc=> You currently have modules installed globally with `npm`. These will no=> longer be linked to the active version of Node when you install a new node=> with `nvm`; and they may (depending on how you construct your `$PATH`)=> override the binaries of modules installed with `nvm`:/usr/local/lib├── @vue/cli@5.0.8└── npm-check-updates@16.13.2=> If you wish to uninstall them at a later point (or re-install them under your=> `nvm` node installs), you can remove them from the system Node as follows:     $ nvm use system     $ npm uninstall -g a_module=> Close and reopen your terminal to start using nvm or run the following to use it now:export NVM_DIR="$HOME/.nvm"[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

Para que nvm esté disponible hay que cerrar terminal y abrir una nueva.

Instalar Node Package Manager (npm) usando nvm

Antes de instalar node con nvm puede ser que node esté ya instalada en el sistema de manera global. Para comprobarlo:

$ node -vv20.19.5$ npm -v9.2.0

En Debian Trixie, en el momento de escribir este tutorial, la última versión disponible de node es la 20.19.5, y de npm la 9.2.0.

Para instalar la última versión de node usando nvm:

$ nvm install nodeDownloading and installing node v25.0.0...Downloading https://nodejs.org/dist/v25.0.0/node-v25.0.0-linux-x64.tar.xz...############################################################################################################################################################################ 100.0%Computing checksum with sha256sumChecksums matched!Now using node v25.0.0 (npm v11.6.2)Creating default alias: default -> node (-> v25.0.0)

La primera versión de node instalada con nvm se configura como la versión a usar por omisión.

Si ahora hacemos la comprobación de la versión de node y de npm disponibles por omisión para este usuario:

$ node -vv25.0.0$ npm -v11.6.2

Para otro usuario que no haya instalado nvm, la versiones disponibles seguirán siendo las instaladas desde los repositorios de Debian.

Para instalar una versión específicamente:

$ nvm install 22.21.0Downloading and installing node v22.21.0...Downloading https://nodejs.org/dist/v22.21.0/node-v22.21.0-linux-x64.tar.xz...############################################################################################################################################################################ 100.0%Computing checksum with sha256sumChecksums matched!Now using node v22.21.0 (npm v10.9.4)

Al instalar una nueva versión, ésta se activa automáticamente en esa terminal. Sin embargo, la versión por omisión sigue siendo la primera que se instaló. Múltiples versiones de node pueden convivir para un usuario, que podrá elegir la que quiere usar en cada caso. Para ver todas las versiones instaladas:

$ nvm ls-remote

Para seleccionar una versión de node diferente en un momento dado:

$ nvm use 22.21.0

Instalar paquetes en un entorno node instalado con nvm

Al instalar un paquete de manera global en un entorno node instalado con nvm, el paquete estará globalmente disponible para el usuario:

$ npm install -g @google/gemini-cli

#DNS #sysAdmin
Petit rappel que si vous utilisez #BIND comme résolveur (alors qu'il existe d'autres choix), METTEZ À JOUR : il y a encore une faille on-va-tous-mourir https://kb.isc.org/docs/cve-2025-40778

#sysAdmin

Bon, toutes mes machines Alpine vivaces ont bien été migrées avec usr-merger ?

Keeping an eye on the queues, load balancing and failover I configured over the weekend on a client's router.

#IT #SysAdmin #MikroTik #Networking #MondayMorning

Alt...

The screenshot shows the MikroTik WinBox interface with multiple windows open related to queue monitoring and routing rules. At the top left, the Firewall > Mangle rules panel is visible, showing several active rules used for routing and marking connections. Some entries include labels like “Sticky: Inbound Voda”, “Sticky: Inbound Wind”, “Force Netwatch traffic via Vodafone”, “DECIDE_WIND_BACKUP”, and “Apply: Route via Voda.” Each rule has columns for action, chain, and marks, with most actions set to “mark connection” or “mark routing”. Two windows display Simple Queue statistics: The first, titled TOTAL, shows traffic graphs and statistics with an upload rate of 870.6 kbps and a download rate of 32.3 Mbps, along with packet rates of 1,954 p/s (upload) and 2,837 p/s (download). The second, titled TOTAL_WINDTRE, shows lower upload but higher download activity, with 181.2 kbps upload and 48.8 Mbps download, and packet rates of 397 p/s and 4,606 p/s, respectively. At the bottom, the Log window shows a list of recent messages under the “system, info” and “script, warning” topics. The entries mention load balancing events such as “LB Debug: Voda overloaded, new connections switching to WindTre” and “switching back to Voda” indicating dynamic WAN failover or load balancing between two ISPs, Vodafone and WindTre. The Simple Queues tab is also open, listing queues like “TOTAL”, “VIP-GARANTITA”, “limit-servers” and “normal”, along with their WindTre-specific variants.

Avec ssh -X c'est quel driver graphique que l'on utilise ? Celui de la machine source ou de celle depuis laquelle on fait le ssh ?

#sysadmin

🔐 Nouvelle automatisation Proxmox !

Marre des mises à jour manuelles ? 😩

Nouvelle publication sur le Wiki : Automatisez la mise à jour complète de tous vos Conteneurs LXC et VMs (Debian/Ubuntu) sur Proxmox VE grâce à deux scripts Cron.

➡️ Gagnez du temps, restez sécurisé.

Lien direct : https://wiki.blablalinux.be/fr/script-update-lxc-vm-proxmox

Disponible aussi sur ByteStash (solution de stockage d'extraits de code) : https://bytestash.blablalinux.be/s/a055d43f24f8b58218b4cbdad100b7ec

#Proxmox #HomeLab #SysAdmin #DevOps #Automatisation #Linux #cybersécurité

I joined #substack (no subs) to have a place to write longer posts and share them to an interested audience. Primarily #technology related. I've added it to my lnk.bio page, and I'm sharing this here as its my first (very quick) post there: https://bigntallmike.substack.com/p/wifi-is-best-with-wires

#wifi #networking #sysadmin #computing

➡️ Le résultat ? Vos conteneurs toujours frais, sécurisés et performants, sans lever le petit doigt !

Découvrez comment gagner ce temps précieux :

🔗 Le site officiel (avec la doc) : https://containrrr.dev/watchtower/ 🔗 Le code source (pour les curieux) : https://github.com/containrrr/watchtower

#Docker #DevOps #Automatisation #GainDeTemps #TranquillitéDEsprit #Tech #OpenSource #SysAdmin #Conteneurs 🐳🚀

Question pour la team #sysadmin pour du #dns : est-ce que vous avez des bons retours de Netim (https://www.netim.com/fr) comme registraire ?

J'ai un domaine en .ro chez Gandi et comment dire que la politique tarifaire de Netim semble mieux :D

Repouets OK :)

Today's Linux course livestream is going to be awkward. And grepward, and even sedward. We'll talk about text processing! If you'd like to strengthen your command line skills, tune in at 5pm UTC on Twitch, YouTube, or my Owncast channel.
https://monospacementor.com/courses/linsys-1/free-livestream/
#Linux #SysAdmin #SystemAdministration

The client has a terrible, unreliable FTTC connection. So, this morning, I've been testing several devices and 4G carriers to find a reliable alternative when the FTTC is full/down.
The good, old LTE12 Chateau is the best for this task, giving a stable and reliable 220/50 Mbit/sec thanks to carrier aggregation.
The newer but smaller hAP ax lite LTE6 is still giving a good result, around 100/50 - expected, as it's "only" a LTE6. This will probably come to my office, while I'm waiting for the Chateau 5G (LTE20) to arrive - probably not before middle of November.

Now, I need to create proper queues and rules to manage the two connections - at the moment, I've implemented only the failover and some simple queues on the FTTC.

Lunch time.

#Mikrotik #IT #SysAdmin #MorningFun

Alt...

The MikroTik Chateau, the Mikrotik hAP ax lite LTE6, a 4G usb key and a usbc 2.5 gbit/sec ethernet adapter on a wooden table

My backup is down.

How timely, I have just been trying to backup priceless footage shot for a music video for a song where "my backup is down" is spelled out verbatim.

While I wait for a reply from Btrfs mailing list, I am tempted to buy a bigger drive. Like a 20 TB one.

But then I'd really need two to have redundancy, and that would be a tad bit crazy...

If you missed my "announcement" about the music video, here it is:

https://mastodon.social/@unfa/115412018567684691

#Btrfs #SysAdmin #Backup #Music

This morning it looks like two of my connectivity providers had serious issues across almost all of Italy. I didn't notice anything and thought the problem was in other areas.
I was wrong: the problem was related to their DNS, which was down or malfunctioning.

This is why I didn't notice: I use my own DNS resolvers, and they perform resolutions directly, without a forwarder.

Once again and for the second time this week, Own Your Data and decentralization guaranteed continuity.

I will never stop saying it: Own Your Data!

#OwnYourData #IT #SysAdmin

Traffic meter per ASN without logs https://anarc.at/blog/2025-05-30-asncounter #debian-planet #python-planet #software #network #sysadmin #tor #censorship #python

Dis-moi un sshd_config qui n'a aucun PermitRootLogin (donc ni à yes ni à no), ça veut dire que le root login est possible ou qu'il est impossible ?

Y'a (commenté) PermitRootLogin prohibit-password (qui me paraît une option acceptable, non ? ça veut bien dire qu'on ne peut s'y connecter qu'avec une clé ssh autorisée ?) mais y'a rien d'autre sur RootLogin, ni commenté ni décommenté...

#ssh #sysadmin #Debian

edit : on m'a gentiment répondu RTFM et en effet le manuel a la réponse

I have moved my blogs to my @OpenBSDAms VM, as I need that 1 euro small VM for some tests (spoiler: chatmail server for Delta Chat). The DNS TTL is set to 300 seconds, which is 5 minutes. After more than 30 minutes, some hosts are still connecting to that old record.

I agree with @nuintari - the problem usually isn't the DNS but the MISCONFIGURED dns. And it's full of them, out there.

#IT #SysAdmin #DNS

deb.sury.org

Line go up!

#AWS #AWSOutage #SysAdmin

Alt...

Screenshot of DOwndetector.com showing multiple services experiencing massive outages, indicated by little red graphs going up sharply. Services visible: AWS, Amazon Alexa, Ring, Robinhood, Max, Chime, Venmo, McDonalds, Spectrum.

This morning, this is extremely appropriate (even if I yell at cloud when it's working, too)

#AWS #AWSDown #AWSOutage #IT #SysAdmin #OwnYourData #Decentralize

Alt...

The meme "old man yells at cloud" but instead of Abe, it's me

Un fsck sur le disque lui-même qui renvoie une erreur de superbloc, c'est qu'il y a une erreur de superbloc ou bien que l'erreur était de faire le fsck sur le disque et pas sur la partition ?

#sysadmin #Linux

alias exut='exit'

#ProTip #SysAdmin

Backup stratégies I've used over the years.

https://ludovic.hirlimann.net/2025/08/a-lifetime-of-backups.html

#backups #homesysadmin #sysadmin

Is there a way to manually prefilter an #email account?

Context.: https://en.osm.town/@mdione/115390140394066150

#parenting #SysAdmin #HomeLab

This morning, a dev I work with flagged a server that was struggling. I logged in and, unfortunately, a bunch of "Scrapers" were hammering it, causing an overload. This dev is very sharp and understood the situation. He started extending the caching margins. I prepared a list of countries of interest and, using pf, blocked the rest of the world.
The load plummeted, and the client doesn't care about their products being visible outside of specific markets.

Shortly after, a similar situation on another server I manage (subcontracted, to be precise). I didn't know this dev and saw there was no caching in place, so I spoke to him and asked him to implement it. His response, sadly predictable, was that another one of his clients just moved to $CLOUD_PROVIDER and no longer has these problems, simply paying more when these "attacks" become more intense. I suggested he try enabling caching and thinking about their markets of interest. He's a positive person, so he agreed to give it a shot. A short while later, just by adding Varnish and some good VCL, the load dropped from 100% to 5%. Without any blocking.

He called me a little while ago, incredulous and happy.

It's always a pleasure to work with people who are willing to experiment, explore, and listen. With people who don't just follow the herd or ad banners, but who think for themselves. I've earned myself a walk outside the office now.

#IT #SysAdmin #BeFree

Disk drive people, sysadmins, etc: would you expect NVMe SSDs to be appreciably faster than SATA SSDs for a relatively low bandwidth fsync() worklog (eg 40 Mbytes/sec + lots of fsyncs)?

My naive thinking is that AFAIK the slow bit is writing to the flash chips to make things actually durable when you ask, and it's basically the same underlying flash chips, so I'd expect NVMe to not be much faster than SATA SSDs on this narrow workload.

#sysadmin

On va dire qu'aujourd'hui j'ai bien mérité mon salaire, j'allais dire: pour une fois! mais j'ai de plus en plus de collègues sur mastodon, faut dire que cette manie d'envoyer les propositions de postes sur le fedivers...

En vrai, ça m'a fait plaisir de voir qu'on a eu presque que 5 heures d'interruption d'un service. Et encore c'est principalement du temps de restauration.

#sysadmin

Configuring MariaDB for Remote Client Access Guide

New blog post: N4SA2e Print Sponsor Address Check

If you want to see the #sysadmin Baby Jesus cry, there's a link for that.

https://mwl.io/archives/24445

TFW you copy-and-paste your error message into your least loathed search engine and it produces one result, in a language you don't speak and that can't be auto-translated. #sysadmin

(because y'all'll ask: it's "/usr/local/sbin/vm: ERROR: cannot use ZVOL storage unless ZFS support is enabled" )

Moi : Oui bonjour, pourriez-vous me fournir un nouveau fichier de configuration OpenFortiVPN pour accéder à nos machines chez vous ?

Le sysadmin : malheureusement nous ne fournissons pas de fichier de config. Pourriez-vous tester l'accès sur un poste normal (Windows) ?

La parenthèse qui fait mal.

#vpn #windows #linux #sysadmin

#Linux can lock accounts after login failures. For example, edit `/etc/security/faillock.conf` to set `deny=5` (lock after 5 failures) and `unlock_time=900` (15-minute lockout).

🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/

#SysAdmin #SystemAdministration

Enterprise world, today

#RunBSD #IT #SysAdmin

Alt...

A 3-panel "Boardroom Suggestion" meme with the following content: Panel 1: In a boardroom, an angry boss slams his hands on the table and says to his employees, "We need stability and reliability. Share your plans". Panel 2: The employees offer their suggestions. The first man says, "Kubernetes and DevOps!". The woman says, "Mooar Powaaar!". The third man, casually leaning on his hand, suggests, "An efficient OS - FreeBSD?". Panel 3: A split panel showing a close-up of the boss's furious face, while in the background, the man who suggested FreeBSD is being thrown out of the high-rise office building's window.

Dis-moi , si un professionnel (médecin, avocat, notaire, petit entrepreneur...) veut arrêter de faire n'importe quoi niveau informatique et demande à ce qu'on l'aide à mettre en place les bonnes pratiques (passage au libre, chiffrement des données et des communications, isolation du réseau, sauvegardes automatiques, respect du RGPD, etc...), est-ce qu'il existe des guides complets sur ce qu'il faut faire ?

#degafamisation #sysadmin
#logiciellibre

Anubis is interesting - but it's breaking a lot of the RSS feeds I follow. Several sites I regularly read using text browsers are suddenly inaccessible.

I get the urge to block AI scraper bots, but breaking basic web access doesn't feel like the right trade-off.

#anubis #SysAdmin

Andrew Engelbrecht, a previous #SysAdmin at the #FSF, created Open Alert Viewer, a #libre phone and desktop app that makes receiving network and server alert notifications on your phone and desktop easy. Check it out here: https://u.fsf.org/483

Great success! I've returned my instance back to local storage, all in aid of reducing costs in other cloud platforms.

I had set up nginx to cache my S3 media in SSD cache space, so now I need to modify that config to do the same for my media living on high-capacity spinning rust.
I know that as a small instance this isnt really needed, but who knows, maybe I'll have a sudden influx of new users and will be glad of having it set up!

#sysadmin #mastoadmin #homelab #backblazeb2

Keep your FreeBSD system cool with built-in temperature monitoring!

No ports needed, just sysctl and a simple shell script. Perfect for FreeBSD 14.x users who want lightweight, dependency-free thermal monitoring.

Quick, practical, and very Unix.

https://codeberg.org/Larvitz/gists/src/branch/main/2025/20251009-FreeBSD_Temp-Monitoring.md

#FreeBSD #BSD #SysAdmin #Unix

Actualmente en Debian 13, incluso con los repositorios unstable activos la versión más reciente de Virtualbox que se puede instalar es la 7.0. A mí me está dando muchos problemas ya que no se compila bien el kernel 6.16. La única manera que he conseguido de arreglarlo es instalar Virtualbox 7.2. Como uso Vagrant para gestionar las máquinas virtuales creadas con Virtualbox, he necesitado actualizar a Vagrant 2.4.9 ya que las versiones anteriores no son compatibles con Virtualbox 7.2. La versión más reciente en los repositorios de Debian es la 2.3.7, así que la versión 2.4.9 hay que instalarla desde otras fuentes.

Instalar Virtualbox 7.2 en Debian Testing Trixie

Hay que añadir el repositorio de Oracle para poder instalar la última versión 7.2. En la página oficial de Virtualbox se puede encontrar el procedimiento:

deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian trixie contrib

En mi caso uso la nueva sintaxis de fuentes de apt. Si es el caso hay que crear el archivo virtualbox.sources en /etc/apt/sources.list.d/ con el siguiente contenido:

Types: debURIs: https://download.virtualbox.org/virtualbox/debianSuites: trixieComponents: contribSigned-By: /usr/share/keyrings/oracle-virtualbox-2016.gpg

Luego hay que descargar la clave pública del repositorio de Oracle y añadirla al keyring de apt:

wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor

Y por último actualizar los índices de paquetes de apt e instalar Virtualbox 7.2:

sudo apt updatesudo apt install virtualbox

En el repositorio de Oracle están disponibles las versiones 7.1 y 7.2, así que se puede instalar también la 7.1, aunque a mí no me solucionaba el problema.

Instalar Vagrant 2.4.9 en Debian Testing Trixie

Para instalar la versión 2.4.9 de Vagrant hay que añadir el repositorio de hashicorp. En la página de Hashicorp, la empresa que desarrolla Vagrant, se puede encontrar el procedimiento para añadir sus repositorios e instalar Vagrant.

Primero añadir la nueva fuente a apt:

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

En mi caso, de nuevo, con la nueva sintaxis de apt, en vez del comando anterior hay que crear el archivo vagrant.sources en /etc/apt/sources.list.d/:

Luego hay que descargar la clave pública del repositorio de Hashicorp y añadirla al keyring de apt:

wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

Actualizamos ahora los índices de paquetes de apt:

sudo apt updatesudo apt install vagrant

En mi caso, como tengo configurado también el repositorio unstable de Debian para ciertos paquetes, para poder instalar vagrant desde el repositorio de hashicorp es necesario darle a éste prioridad sobre el unstable, porque si no se seguirá teniendo como última versión la 2.3.7 y no la 2.4.9. Para ello hay que incluir la excepción en un archivo con un nombre cualquiera, por ejemplo vagrant.preferences, en la carpeta /etc/apt/preferences.d/:

Package: vagrantPin: release a=trixiePin-Priority: 1200

El valor de Pin-Priority tiene que ser mayor que el del repositorio unstable.

Para instalarlo:

sudo apt install -t trixie vagrant

My current yak:

* Wanted to switch from `mod-php` to `php-fpm` #php #apache
* setup a dev instance and pointed #Ansible there
* Fixed many bugs in my playbooks
* Ended up breaking `apt`:

```
$ apt search apache2 | head
apache2/stable,stable 2.4.65-2 amd64
(none)
```

#debian #SysAdmin #HomeLab

One hour left to get the "Networking for System Administrators, 2nd ed" special version, or the cover painting! Or just get the book before retailers. #kickstarter #sysadmin

https://mwl.io/ks

#AdGuardHome #Pihole #DNS #SysAdmin #Homelab #TechLife #TechTips #IT #Réseaux #Configuration #Automatisation #AdGuardSync

The "Networking for System Administrators" #kickstarter is on its last day. Back this book, get four #sysadmin ebooks!

https://mwl.io/ks

The last stretch goal got broke late yesterday. Today, it's jumped halfway to the next one. It might--MIGHT--fall, making the reward FIVE books?

Don't ask me why, but I'm not happy:

https://uk.finance.yahoo.com/news/qualcomm-to-acquire-arduino-amid-edge-computing-push-130012919.htm

#IT #SysAdmin

indexing #n4sa2e and came across this tidbit. #sysadmin #understatement

https://mwl.io/ks

Alt...

Put your public-facing authoritative and recursive nameservers on different machines. The twentieth-century practice of combining authoritative and recursive DNS on one machine led to many security problems. In hindsight, the “store the sacrosanct Single Source of Truth for our company’s public face” function and the “collect and cache random data from any system anywhere on the Internet” function should not share one memory stack.

Nine hours left to back this one #sysadmin book and get three bonus ebooks.

https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition #n4sa2e

Tonight at 9PM EDT, I get to shut the hell up.

Until then, I gotta say: the "Networking for Sysadmins" #Kickstarter is on its last day. All backers get four bonus #sysadmin ebooks!

https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition

Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

In brazen jungle marketing move @mwl reminds us you can get viruses from BSD [conferences][0]

While considering his security books remember he has a kickstarter for the next version of his networking for sysadmins book[1]

His books are delivered secured in plain brown cardboard to protect them from viruses while in the postal net

But also wear a mask and get vaccinated

You can even buy the cover

ENDS TUESDAY

[0] https://mastodon.social/@mwl@io.mwl.io/115306447433635372

[1] https://mastodon.social/@mwl@io.mwl.io/115329295183837529

#networking #sysadmin

"Networking for System Administrators" broke another stretch goal, so all backers get four #sysadmin books!

https://mwl.io/ks

One day remains. It might--MIGHT--go up to five books? Dunno.

🆕 openSUSE Leap 16 is out, featuring major upgrades:
– Built on SUSE Linux Enterprise 16 for seamless migration & enterprise-level QA 🔧
– 24 months free support, with updates planned till 2032 🛡️
– New web-based Agama installer supports remote setups 🌐
– SELinux now default for stronger security 🔒
– Wayland-first, 64-bit only, Y2038-ready 💻

🔗 https://news.itsfoss.com/opensuse-leap-16-release/

#TechNews #Linux #OpenSUSE #FOSS #OpenSource #CyberSecurity #Wayland #SELinux #InfoSec #SysAdmin #DevOps #Privacy #Cloud #Software

31 hours left!

The "Networking for System Administrators" #Kickstarter is now $153 from all backers getting FOUR #sysadmin books!

https://mwl.io/ks

Sponsoring new work aside, it's a heck of a deal.

36 hours to go on the "Networking for System Administrators" #Kickstarter, and it's <$400 from all backers getting FOUR #sysadmin books!

https://mwl.io/ks

Plus, you know, fighting less with the network team and all that.

tootctl media remove --days=7
ETA: 41:56:22

Ah. This'll take longer than just a single coffee break. Ah well. See you all on the other side of a great media purge!

After that, it's syncing my B2 bucket back to my local disk!

#sysadmin #mastoadmin #homelab #backblazeb2

#sysAdmin #Niche #Ansible #Debian
Utiliser des paquetages de Debian unstable via Ansible : https://www.bortzmeyer.org/ansible-debian-unstable.html

Three days left on the "Networking for System Administrators" #kickstarter. Every #sysadmin should know what's in this book.

Last chance to get the special edition, yes, but also the first chance to get the ebook or paperback!

https://mwl.io/ks

I would appreciate your support.

Four days left on the "Networking for System Administrators" #kickstarter! Back this campaign, get at LEAST three #sysadmin books.

Actually reading it will help you achieve peace with your network team.

https://mwl.io/ks

Five days left on the "Networking for System Administrators" #Kickstarter. Backers get two bonus Unix books so far. It might be more. Depends on how high it goes.

If you're a #sysadmin sick of fighting with the network team, this book will help you. #n4sa2e

https://mwl.io/ks

Back the "Networking for System Administrators" #kickstarter and get 3 #sysadmin books!

As the backers go up, so do the free books.

https://mwl.io/ks

#sysAdmin
Tiens, #Ansible (plus exactement son module apt), quand on lui demande d'installer un paquetage Debian, met par défaut qu'il veut uniquement la version stable (même si on a unstable, avec une faible priorité, dans la liste des sources).

An interesting changelog entry for those of you upgrading a fully LUKS2 disk encrypted Debian Bookworm box to Trixie:

https://www.debian.org/releases/trixie/release-notes/issues.en.html#default-encryption-settings-for-plain-mode-dm-crypt-devices-changed

Changes are required to /etc/crypttab, or the encrypted disk will become unreadable, appearing as random data. The changes should be made before reboot post dist-upgrade, as an encrypted '/' will include the above file!

You can see the precise existing settings for your encrypted storage with `cryptsetup luksDump <LUKS partition>`

#sysadmin

The "Networking for System Administrators" #Kickstarter broke $20k! All backers get not one, not two, but THREE #sysadmin books!

Thanks, everyone!

https://mwl.io/ks #n4sa2e

The "Networking for System Administrators" Kickstarter is now less than $200 from all backers getting three #sysadmin books!

https://mwl.io/ks

Proper services https://anarc.at/blog/2025-09-30-proper-services #debian-planet #debian #sysadmin

One week left on the "Networking for System Administrators" #Kickstarter!

Back it and also get a free ZFS book, plus we're super close to a free SSH book.

https://mwl.io/ks

#sysadmin #n4sa2e

Alt...

Ad for "Networking for System Administrators, 2nd ed." Text reads "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The choice is yours."

🚀 Nous avons développé NcStatusCheck, un outil pour centraliser le monitoring de vos instances #Nextcloud !

C'est un outil simple qui se base sur la page /status.php des instances Nextcloud, aucune action nécessaire du côté des Nextcloud surveillés.

✅ Versions Nextcloud (Stable, Old-stable, Dev)
✅ Statut Nextcloud (à jour, mise à jour nécessaire)
✅ Planning avec les dates de sortie des prochaines releases
✅ Stats globales sur votre parc

Infos complémentaires si disponibles : version PHP, serveur web et version HTTP

🔗 Démo : https://ncstatuscheck-demo.ezeo.coop

#OpenSource #sysadmin #Monitoring

Alt...

NcStatusCheck screenshot

nginx-cgi: run cgi scripts with nginx

Nine days left on the "Networking for System Administrators" #Kickstarter! https://mwl.io/ks #sysadmin #n4sa2e

Your network team wants every #sysadmin to read this book.

Ten days left! I would appreciate your support.

https://mwl.io/ks #kickstarter #n4sa2e #sysadmin

Alt...

ad for "Networking for System Administrators, 2nd ed" Kickstarter. Text reads: TCP/IP: Where the rubber meets the road. Someone's gotta steer. It could be you. Kickstarter closes 7 October 2025.

Niveau 0. Utiliser une distro EOL sur un serveur.
Niveau 1. Avoir un serveur qui tourne encore sous Centos 7 en 2025.
Niveau 2. Avoir un serveur sous Centos 7 et qui a encore des mises à jour à recevoir.

#sysadmin #server #linux #rhel #centos

Just renewed my SSL certificate with Certbot for my server. It has wildcards in it so I am still doing manually every 90 days (yes, I know I know... 🙄😉).

This time it mildly amused me as the new expiry date is 25th December 2025, meaning I know what the server's getting for christmas this year 😂 ... as long as it's 'good' of course.

#certbot #server #SysAdmin

Once again my personal web server is on its knees, this time thanks to Amazon who's probing a non-existent Health Check endpoint with a rare intensity. In the Apache access log, it looks like this:

<domain>:80 15.177.10.187 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.26.71 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.42.155 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.30.95 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.50.106 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"

I followed the link provided and submitted a report, but I'm guessing they are only handled during US business hours. To be able to access my other web sites, I took offline the target vhost, and Amazon immediately switched to another one. I filed a report, took it offline, etc... Four vhosts down the line, the web form prevented me from submitting yet another report because of a rate limiting feature.

I am seething with rage and I want AWS IPs off my web server, but I'm off my depth in system administration. I see I could do it with iptables (by compiling a list of IP blocks from the JSON provided by Amazon) and I was hoping fail2ban would have a ready-made jail, but it seems to be meant for repeated authentication errors, not for crawler errors.

Neither of these solutions feel workable, would anyone have an easier method to cut AWS off my box?

Thanks a bunch!

#SystemAdministration #SysAdmin #SysAdmining #Help

Fixing the “Kernel Panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)” Error After Upgrading Ubuntu

There's a #bug in the #NextCloud updater, where it complains about an extra file found called `REUSE.toml`. According to https://github.com/nextcloud/server/issues/55111 it's safe to remove the file by hand and retry the upgrade.

#SysAdmin #HomeLab

In a little more than half an hour (17:00 UTC), it's time again for our weekly livestreamed #Linux #SysAdmin course! Today, we'll look at all the essential features of the Linux shell.

Sign up and join us live: https://monospacementor.com/courses/linsys-1/free-livestream/

Almost 20k second free ebook on the horizon

Networking for System Administrators (2nd Edition) by Michael W Lucas — Kickstarter
https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition/

#book #ks #sysadmin #networking

Computers were a mistake.

So were networks.

When they overlap, you're in trouble. A #sysadmin must know some networking.

How much? This much. https://mwl.io/ks #kickstarter #n4sa2e

For a #sysadmin, networking knowledge is the difference between a bad day and a routine one.

https://mwl.io/ks

Alt...

Isn't your forehead getting sore from beating against all those brick walls? Tear one wall down! On Kickstarter 16 September-7 October

Whatever I do in my work as a #sysadmin be it writing yaml for Ansible or Salt or programming, I always go back to #vim (or nowadays #neovim) on my local machine. I don’t even know why it feels so annoying to switch between a a non-cli editor like VS Codium, Pycharm, etc, even emacs and my terminal.

Une clé Ventoy qui soudainement se met à booter sur le grub et pas sur Ventoy, c'est arrivé à quelqu'un ?

(sur le grub du PC, quoi : elle est reconnue par le BIOS, et quand on la sélectionne au boot elle ne donne pas de message d'erreur, mais lance le grub du PC)

#Ventoy #sysadmin

Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.

The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.

The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.

The result:

- systemd stops Nginx.
- Port 80 becomes free.
- certbot, in standalone mode, immediately grabs it for validation.
- systemd tries to restart Nginx, which fails with "Address already in use".

The web server was knocked offline by its own certificate renewal script.

I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.

systemd was doing its job, but something failed because of the interactions.

Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.

#SysAdmin #Linux #SystemD #Rant #KISS

Has anyone experienced this? Could this be a networking issue, a storage bottleneck, or something else? I’d appreciate any insights.

(5/5)

#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech

I had to force shutdown the server and restart. I get why the PBS VM might crash - 4 GB RAM, 2 CPU cores, and my internet speed maxes out at 60-70 Mbps - but why does the host server itself hang?

(4/5)

#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech

Here’s the problem: when I try backing up a VM from another server (Proxmox 1), the VM is 300 GB but only ~30 GB used. Everything is fine until it hits 34% (104 GB), then the PBS VM and the host server become unreachable.

(3/5)

#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech

I run Proxmox Backup Server (PBS) in a VM on one of my servers - let’s call it Proxmox 2. PBS uses 100 GB of cache storage because I’m using S3 as a datastore. Chunks are stored in the cache before uploading to S3.

(2/5)

#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech

I solved one issue, and now two more popped up. My Proxmox backups were super slow because of my router. I got a Netgear GS108E Gigabit switch, and now backups are way faster. 🎉

(Please boost 🙏 .. Need urgent help)

(1/5)

#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech

I have a new #sysadmin book in #kickstarter right now.

if you've ever gotten annoyed with your network admins, try reading https://mwl.io/ks #n4sa2e

Today I figured out I know almost nothing about networking.

#networking #sysadmin

#sysAdmin

81.30.107.134, qui essaie des noms d'utilisateur sur le port de soumission SMTP, vient de tenter sa chance avec "Reception123". Il y a vraiment des comptes avec ce nom là ?

OPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection. - OPNsense -
https://opnsense.org/
#networking #sysadmin #freesoftware #jpol2025
via https://magicfab.ca/liens

For the weekend crowd: "Networking for System Administrators, 2nd ed" is now live on #Kickstarter! Back it and get a free ZFS book.

https://mwl.io/ks

If you don't trust me, listen to @sng #sysadmin #n4sa2e

Is anyone else getting a huge number of bot visits from servers in the Fastly network? I'm seeing junk traffic that approaches low level dDOS numbers and a huge chunk of it is coming from Fastly data centers.

#fastly #infosec #ddos #sysadmin

#TIL #Linux can defragment the memory! It's called compaction:

https://www.kernel.org/doc/html/latest/admin-guide/sysctl/vm.html#compact-memory

#SysAdmin

Erarlier than expected...

FreeBSD vs. SmartOS: Who's Faster for Jails, Zones, and bhyve VMs?

https://it-notes.dragas.net/2025/09/19/freebsd-vs-smartos-whos-faster-for-jails-zones-bhyve/

#FreeBSD #illumos #SmartOS #bhyve #kvm #Virtualization #IT #SysAdmin #jails #zones

FreeBSD vs. SmartOS: Who's Faster for Jails, Zones, and bhyve VMs?

https://it-notes.dragas.net/2025/09/19/freebsd-vs-smartos-whos-faster-for-jails-zones-bhyve/

#FreeBSD #illumos #SmartOS #bhyve #kvm #Virtualization #IT #SysAdmin #jails #zones

https://it-notes.dragas.net/2025/09/19/freebsd-vs-smartos-whos-faster-for-jails-zones-bhyve/

#ITNotes #NoteHUB #bhyve #data #freebsd #hosting #illumos #jail #linux #ownyourdata #server #smartos #sysadmin #virtualization #zones

Dear diary, today I learned all memes about cable mess in #server rooms are also based on reality...

#IT #sysadmin

An author is biased.

But here's what a real network engineering manager thinks of "Networking for System Administrators." Sorry for the noise, but it was recorded in an actual data center. #n4sa2e #kickstarter #sysadmin

https://mwl.io/ks

In less than 2 hours, we're starting the second livestream session of my course "Basic Linux System Administration". Today, we're covering important fundamentals: The shell and the vim editor.

https://monospacementor.com/courses/linsys-1/free-livestream/

Join us for free on one of my livestream channels!
#Linux #Sysadmin #SelfHosting #SystemAdministration

#ssh #openssh #sysadmin #sécurité

Gonna have to do a bunch of Debian manual installs for #openzfsmastery, so I'm installing on a flash drive that I can move between test hosts. Yes, I have the live CD, but I want a user account with SSH keys and static IP and all that.

Filesystems. Ugh. #sysadmin

"Networking for System Administrators, 2nd ed" is now live on Kickstarter! It broke $10k, which means all backers also get a bonus ebook on ZFS. #sysadmin

https://mwl.io/ks

Alt...

ad for N4SA2e. Text reads: "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The choice is yours.

The new edition of "Networking for System Administrators" went live on #Kickstarter today.

Next stretch goal: everyone gets a bonus #ZFS book. #n4sa2e #sysadmin

https://mwl.io/ks

Alt...

ad for the "Networking for System Administrators" Kickstarter, with book on phone & paper. Text reads: "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The Choice is yours."

VMWare made their hypervisor free for home lab use again?

Huh. Imagine that.

Anyway, bhyve and kvm... #sysadmin

A new book by @mwl - Michael W. Lucas - is now on Kickstarter: Networking for System Administrators (2nd Edition)

I just supported it - and you probably should, too.

https://mwl.io/ks

#IT #SysAdmin #Books

funded in 15 minutes?

Thank you all!

https://mwl.io/ks #n4sa2e #sysadmin #kickstarter

Currently waiting https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition , I find @mwl 's technical books to be very readable, and I learn something each time I read one.

#sysadmin #techbook #bookstodon

Who is using chroot with php-fpm? Is it worth it?

d'ailleurs le service submission, on le fait tourner sur dovecot ou sur postfix ? #sysadmin #mail

Any suggestions for sourcing quality USB flash drives?

I keep running into flash drives that report — say — 32GB to the system but, in fact, have a capacity that is in fact far less. I'm also wary of malware from the factory issues. Thanks!

#Linux #Windows #sysadmin #cybersecurity #askfedi

Next Tuesday, "Networking for System Administrators" launches on Kickstarter. https://mwl.io/ks

If you have any interest, I'd appreciate a follow. KS uses follower count and first-day backers to determine how much they'll promote it for me. #sysadmin

Friday @homelab #sysadmin round. `dnf update; reboot` on all Homelab machines and my VPSes out there. Connected the APC UPS (BX500MI) and installed `apcupsd` on my management machine, so my Homelab can safely survive power outages. I now also know that the complete homelab uses 30W :) (I always do the updates on a Friday. In case of something breaking, I have the weekend to fix. These are my private machines after all.)

Very pleased to present another round of Tunnel and Fortress, live classes in the design, deployment & administration of self-hosted, tightly secured & sovereign server infrastructure.

The classes draw from 2 decades deploying dozens of servers & services for orgs & groups, big & small, & often with powerful adversaries.

I want to teach you to be able to do the same, to get the communities you care about off Big Tech.

https://video.nikau.io/w/9RVN23fgj7AeMVmVrr8so9

https://learn.nikau.io/courses/course-v1:Nikau+TF2+2025_T4/about

#exitbigtech #sysadmin

Si on veut faire un serveur de stockage compatible #S3 vous recommandez un logiciel en particulier ?

(en général je suis sous #linux mais on peut mettre du BSD si vraiment il faut)

#sysadmin

[EDIT: on me suggère Garage https://garagehq.deuxfleurs.fr/ qui a l'air trop bien, je vais essayer !]

Can any #AWS nerds out there help me figure out how to transfer a file from a server inside an AWS container to my local computer? I normally would do this with SCP, but I have no idea how to reference the remote virtual server as I don't have a hostname or an IP address.

I have keys for the instance and I'm able to ssh into the server after I run a start-session like so:

aws ssm start-session --target i-01234567890

I've been tunneling into this server and then transferring the file to a physical server and then using SCP to get the file from that server instead, but that's a chore.

Is there any way to shortcut this and just get my AWS client to let me download the file directly?

#sysadmin

The feeling when the last successful thing you did on the filesystem before it broke was pushing your work for an important project to a git server...

Phew.

Also - good I have recent backup so I can recover everything else.

#sysadmin #git
#dataloss #backup #BorgBackup #Borg #Vorta #btrfsTransIdVerificationFailed

Alt...

Screenshot of a colorful (RED) dmesg log showinbg Btrfs fiulesystem errors. Exact text below: BTRFS error (device sda): parent transid verify failed on logical 10038756720640 mirror 1 wanted 110571 found 110645 BTRFS error (device sda): parent transid verify failed on logical 10038756720640 mirror 2 wanted 110571 found 110645 BTRFS: error (device sda: state A) in __btrfs_free_extent:3092: errno=-5 IO failure BTRFS info (device sda: state EA): forced readonly BTRFS error (device sda: state EA): failed to run delayed ref for logical 10037305835520 num_bytes 16384 type 176 action 2 ref_mod 1: -5 BTRFS: error (device sda: state EA) in btrfs_run_delayed_refs:2165: errno=-5 IO failure (...)

Alt...

Screenshot from a pivate Forgejo instance showing: "unfa pushed to main at unfa-games/game-02 12 hours ago"

Now that OpenBSD-current is 7.8-beta, it is time to reprise "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html (tracked version https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html) to prepare :)

#openbsd #newrelease #78beta #upgrading #sysadmin #unixlike #devops #development

wordfence-cli. Wordfence malware and vulnerability scanner command line utility

@maphew My situation is similar to yours, as I'm not really a developer (rather a #Sysadmin)... but I like to provide nice stuff from time to time. Heavily biased, as I like both #Python and #KDE / #Qt very much. So with all those disclaimers disclaimed:

#QtDesigner, which works great with #PyQt might be right for you.

Here's a nice introduction:

https://realpython.com/qt-designer-python/#creating-a-dialog-with-qt-designer-and-python

Let us know about what you choose and how it went!

If you want to raise your shell scripts to a new level, give `shellcheck` a try! It'll give you valuable feedback on the style of your shell code and on possible issues with it.

https://www.shellcheck.net/

(Also: Know when to switch to a proper programming language.)

#Linux #SysAdmin #SystemAdministration #Shell

#TIL there's and RFC about how NOT to name your computers. As a cow-orker says, not an Apr01 RFC.

> One machine was named "up"[...] Conversations would sound like this: "Is up down?"

https://datatracker.ietf.org/doc/html/rfc1178

#SysAdmin

sept. 08 16:32:21 mx postfix/smtp[123398]: 2AD809CC7B2: to=

, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1b]:25, delay=0.98, delays=0.06/0.01/0.41/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1757341941 ffacd0b85a97d-3d92d5197acsi11914604f8f.162 - gsmtp)

Sometimes you need to run some scripts on your infrastructure and Puppet Enterprise Tasks feature gives you that option to do run an ad-hoc task on target environments with either an agent or agentless. Get a quick walk through with Barr and Stephen on how to execute a reboot on a target system so you can get an idea of how this works!

https://www.youtube.com/watch?v=9UbUiEJM9Lo

#SysAdmin #DevOps #Puppet

If your terminal ever gets confused by random control sequences, for example after you accidentally output binary data, there's a good chance you can restore order with the `reset` command.

#Linux #Shell #SystemAdministration #SysAdmin

je crois que le #sysadmin à oublié un petit détail : free bloque le port 25 en sortie...

a priori pas moyen de l'ouvrir tout seul...

quelqu'un connaît un #adminsys chez #free ?#CestPasPourUnAmi !

I’m looking for an app (ideally on Linux) that can scan a local SMB network periodically, pick all shared files and create an incremental backup. Is there such a thing ?

In a perfect world, this could upload an encrypted copy onto an external storage (OneDrive, Google Drive, whatever) and there would be a way to get back N days in time, because shit happens.

Boosts appreciated. :-)

#SysAdmin #backup

TIL about DNS.

https://as112.net/

#til #sysadmin #dns

#sysadmin

2.5 Admins 263: Seagate RAID

McDonald’s IT systems seem to be riddled with 90s-style coding errors, we finally know where the fraudulent hard drives came from, when IT workers go rogue, and ZFS on root without using FreeBSD or Ubuntu.

https://2.5admins.com/2-5-admins-263/

#podcast #sysadmin

Alt...

2.5 Admins artwork

The /proc filesystem was a genius idea giving the #sysadmin direct control of the Linux kernel. In this article, David Both explains how to change kernel parameters at runtime.

https://www.redhat.com/sysadmin/linux-kernel-tuning

I just had the misfortune of dealing with #Cisco "Secure E-mail" while dealing with a client and I must say its just red flags all over the place for me.
I'm sent an E-mail with an HTML attachment and told to save it and load it into my browser from my drive.
I would never advise a client to follow these instructions because of the potential dangers of saving and loading HTML files from attackers.
This then takes you on a ride to a sign up page ...
#security #sysadmin #email #encryption

Q: How do you figure out whether intermittent network issues are being caused by your computer's network connection vs. upstream packet loss?
Symptoms: A few times per hour I get a network connection failure, but when I repeat whatever just failed it works fine the second time. Some of these failures are reporting "Network as unreachable" as the error.
What are your favorite Linux-based tricks for debugging something like this?
More details in the replies.
#SysAdmin #Networking #Linux

@matrix just an idea to improve backups:

Make exponential backoff like backups: last month, months 2-3 ago, mos 4-6 ago, 7-12moa, 2-3ya, etc. Or with N messages instead of N days.

Sounds like you could recover the fresher data first, then catch up, then restore backwards.

#backup #SysAdmin

Come to Zagreb September 24-28, 2025 and geek out with other BSD people at EuroBSDcon!

See https://2025.eurobsdcon.org/
Program https://events.eurobsdcon.org/2025/schedule/
Registration https://2025.eurobsdcon.org/registration.html

#openbsd #netbsd #freebsd #zagreb #eurobsdcon #conference #freesoftware #libresoftware #development #devops #sysadmin #networking #security

In case you only show up here on US holidays:

The #kickstarter for "Networking for System Administrators, 2nd ed" launches 16 September. I would appreciate your support. #sysadmin #n4sa2e

https://mwl.io/ks

#sysAdmin #Unix
Berkeley DB qui dit "Read-only file system" alors que les systèmes de fichier sont bien rw et que je peux y créer des trucs sans problème, ça dit quelque chose à quelqu'un ?

A new, magnificent article by @Linkshaender has been published in the BSD Cafe Journal: "Why "caffè" may not be "caffè""

I highly recommend reading it!

https://journal.bsd.cafe/2025/09/01/why-caffe-may-not-be-caffe/

#BSDCafeJournal #IT #SysAdmin

#sysAdmin #Debian
Aïe, après mise à jour, #Grub me dit "error: can't find command `echo'." C'est mal parti.

JVM essentials for Elasticsearch: Metrics, memory, and monitoring | Elastic Blog

https://www.elastic.co/blog/jvm-essentials-for-elasticsearch

#java #jvm #sysadmin

Just published a comprehensive FreeBSD Cheat Sheet for Linux Admins!

Covers all the essentials:
- Hardware info (pciconf → lspci)
- Network commands (sockstat is amazing!)
- Disk management & ZFS operations
- Service management differences
- Package management across systems

Perfect for Linux admins diving into FreeBSD or anyone working across both systems. Includes 100+ command comparisons and real-world examples.

https://codeberg.org/Larvitz/gists/src/branch/main/2025/20250829-FreeBSD_CheatSheet_Linux.md

#FreeBSD #Linux #SysAdmin #DevOps #OpenSource #ZFS

"Just use common sense" 👏

#Linux #Infosec #CyberSecurity #OpenSource #FOSS #LinuxMemes #Meme #Programming #Hacking #SysAdmin #TechHumor #Ubuntu #Debian #Fedora #LinuxMint #Arch #ArchLinux #Terminal #CyberAwareness #DevOps #Antivirus #GitHub #Desktop #Privacy #Security #TechNews #Microsoft #Windows #Apple #MacOS #iOS #OS #OperatingSystem

Alt...

Four-panel comic: A drowning hand labeled "Linux users asking for antivirus" reaches up. A hand labeled "Redditors" reaches out to help. Instead of helping, the hand pats the drowning hand and says, "You just need to be a programmer to understand what this random script from GitHub does." The drowning hand disappears underwater.

I have a #PCEngines APU4 machine with an external m.2 in a USB encase. It used to boot from it, but not anymore. I used to use a USB stick to boot with some #GRUB + #Linux + initrd ISO image, but can't remember which.

Tried several ISOs (gparted, grml, debian installer, others). Many are not even detected by the (#UEFI less) SeaBIOS 1.12.0.1 (see pic), and the few that do can't be told to boot from another disk.

Need to find or create a BIOS bootable disk, docs and help appreciated.

#SysAdmin

Alt...

SeaBIOS 1.12.0.1 booting, showing the boot menu and the setup screen showing no signs of UEFI support or detecting the external disk as bootable.

#sysAdmin

À force d'essayer plein de trucs différents, la charge de la machine est tombée de 20 à 0,5.

#Unix

#TIL

* `/etc/sub{uid,gid}` to map user ids in containers to host ids. https://rootlesscontaine.rs/getting-started/common/subuid/

#SysAdmin #Linux

EuroBSDCon 2025 in Zagreb September 24-28 https://2025.eurobsdcon.org/
Program https://events.eurobsdcon.org/2025/schedule/
Register https://2025.eurobsdcon.org/registration.html

#zagreb #freebsd #netbsd #openbsd #conference #development #devops #sysadmin

TOMORROW!
Get ready to finally understand your network data.
We're going live to break down everything from #SNMP headaches to modern tools like gNMI, Suricata, and more.

⏰ Set a reminder for August 28th, at 10 am PDT | 6 pm BST | 7 pm CEST!

https://bit.ly/3JAZloa

#LiveStream #SNMP #SysAdmin #SRE

Yes, yes, I write entire books as pranks. But it's rare that even the book's title is a lie.

This is one of those times.

Coming 16 September on #Kickstarter: "Networking for System Administrators, 2nd ed." #sysadmin

https://mwl.io/ks

Tonight I made a simple, yet destructive (or at least partly) mistake: when I told FreeBSD which disk to destroy, I accidentally gave it the system disk of my little home server. This happened because it had the same size as the external SSD I had just plugged in, and I got confused.

I lost some reproducible configurations (the server’s name was in fact tempfbsd01), but I took the chance to run an experiment. My home server runs FreeBSD in read-only mode (that's the part I destroyed). From there, I manually enable the external drives (encrypted with GELI) and, in turn, the ZFS pools. Then I start the various jails and the (single, Proxmox Backup Server) VM.

Since I also have another test box running SmartOS, I decided to experiment: I connected the disks to it, created a FreeBSD bhyve VM on SmartOS, and passed the entire disks through to the VM. I reconfigured the FreeBSD VM with the bare minimum and booted it all up. The jails with BastilleBSD started without any issues - obviously the Proxmox Backup Server VM itself is still missing, but I’ll deal with that later.

I’m tempted to leave everything like this for a while.

And yes, for anyone wondering: I had fun 🙂

#FreeBSD #RunBSD #illumos #SmartOS #DisasterRecovery #IT #SysAdmin #Homelab

Use setgid on shared directories: `chmod g+s /shared/project`. New files inherit group ownership, preventing permission chaos when multiple users collaborate.

🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/

#Linux #SystemAdministration #SysAdmin

jiangcuo/pxvirt: A fork of Proxmox VE for ARM and LoongArch architectures - #PXVIRT is an open-source virtualization platform derived from #Proxmox VE, specifically adapted to support ARM and LoongArch architectures. This project originally began as "Proxmox-Port" and has now evolved into a fully independent fork under the new name PXVIRT.
https://github.com/jiangcuo/pxvirt
#Proxmox #virtualization #sysadmin #networking #freesoftware #arm
via https://magicfab.ca/liens

Time on system
Tuesday, 26 August 2025 10:40
Kernel and CPU
Linux 6.8.0-65-generic on x86_64
Processor information
Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 4 cores
CPU temperatures
Core 1: 42 °C Core 2: 41 °C Core 3: 41 °C Core 4: 41 °C
System uptime
27 days, 22 hours, 34 minutes
Running processes
228

Well, that's all OK then - feet up!
#SysAdmin

I have a client who uses Proxmox and its backup server. Last week, I upgraded the backup server from Debian 12 to 13. The backup server "sleeps" most of the day, so it also runs Docker for a Gitea runner. Everything seemed fine initially.

Then, my client messaged me yesterday because the runner had stopped working. When I logged in, I found that for some reason, the runner could no longer connect to the Docker socket, even though I was passing it the official way. I tried the same thing on a different Debian 13 server and got the same result. But, on a Debian 12 VM using the (old) Docker from the Debian repos, everything worked perfectly.

This incident just reinforces my point that for production servers, it’s crucial to use solutions that don't introduce breaking changes between releases. It seems to be an Apparmor issue (thanks @gyptazy for the head up!).

Because this component was non-critical and easily replaceable, I didn't pay much attention to testing it right after the server upgrade.

#IT #SysAdmin #RunBSD

Hey #windows11 people, do NOT install KB5063878 or KB5062660 (preview).

It's bricking SSDs and I'm currently dealing with rolling back damage from this. (Noticed when I couldn't mount SMB shares anymore)

If you already have it installed, roll back with: wusa.exe /uninstall /KB:5063878

and: wusa.exe /uninstall /KB:5062660

#Windows #Microsoft #sysadmin

https://www.windowslatest.com/2025/08/20/microsoft-is-investigating-windows-11-kb5063878-ssd-data-corruption-failure-issue/

Time for today's edition of the #TechIsShitDispatch. Here's the tech-related shit I've had to wade through since yesterday.
Part of why I post these is for the catharsis, but I am also absolutely trying to make a point here. I want more people to wake up to how bad things are and get more people agitating and demanding better.
We deserve better.
So let's dive in.
#SysAdmin #ITDIY #HealthInsurance #GitHub #Microsoft #Windows11
🧵1/10

Bright and early Monday morning?

Yippee.

You're probably at work. My next book supposedly teaches networking for #sysadmin types, but really, it's about how to survive employment. Coming to #Kickstarter 16 September.

https://mwl.io/ks

What are we using these days as bare metal hypervisor for Windows, Linux and BSD guests?

Last I setup a server like this I was paying for ESXi. Not a fan of proxmox. It seems like XCP-ng is something people are divided in if it’s good or not.

I’m okay setting up KVM and putting a web interface on top, if the interface works and provides a console so I don’t have to mess with RDP etc on clients for basic administrative tasks. #devops #ops #sysadmin

Here's today's dispatch from the "tech is shit" battlefront, in which I bitch about the things that went wrong for me with tech since my last dispatch that I had to deal with.
#TechIsShitDispatch #SysAdmin #ITDIY #BestBuy #rsync
🧵1/8

@mwl The 1st edition IMHO is among the best books available on #networking, so... I just can't wait for the new one!

#sysadmin

Ça vous est déjà arrivé, une barrette de ram qui "tombe en panne" ?

mon pc a planté et bip "no memory detected" au démarrage.

Ça marche avec une autre barrette, mais passer de 8G à 4G, ça pique un peu. Et non je n'ai pas d'autre emplacement.

#sysadmin
#monday

For the weekend crowd:

"Networking for System Administrators, 2nd ed" now has a full Kickstarter page, with a book description and everything. It starts by confessing the title is a lie.

https://mwl.io/ks

I'd appreciate folks spreading the word. #sysadmin

Invincible #Postgres Saga, episode 3...

(At least this didn't happen on production )

Earlier this week I tried to do some tests on my "wonderful" misconfigured testing environment. I had some errors here and there and they had to reveal themselves during my experiment...
To make everthing up-to-date I had to refresh data in my app, which uses #Patroni #Postgresql database. Of course it crashed when I tried to do it. It didn't turn down whole cluster, only that one server, and in theory it still had normal API access. I expected it to come back quickly after I fixed things breaking my servers. But for some reason it couldn't. It didn't even try, at least in any visible way.
Seriuosly it was the most disturbing thing there It should try to do something, right?!?
I tried to restart services in panic, without any result. It was late and I finished work for that day. Tired and worried I had to leave it stuck in "cannot reach consistent state" stage.

Next day I thought about doing force reinit or something to move it. But when I log into that server... Everything just worked :neofox_scream_stare_256:
I checked logs... Almost nothing special, just like database was stuck and after ~14 hours suddenly started working. Only one line telling backup was restored.
Damn, what backup?!? Why I don't understand what it did?!? And why it needed so much time?!?

At least I had working environment and didn't had to wonder what to do. Maybe my first chaotic attempts to force it to work did more harm than good and I should just leave it...

Someone should write in docs, which API status means "just leave me alone, trying to fix things" It would be easier.

#sysadmin #admin #IT

You all probably thought I was exaggerating when I said something went wrong with my IT every single day and I often spent hours dealing with the problems. I wasn't exaggerating. Here's today's edition of "computer shit I had to fix"…
#IT #SysAdmin #ITDIY
🧵1/14

That's all for today. I'm sure you're all on the edge of your seats waiting to see what's in tomorrow's thread of computer shit I needed to fix.
#IT #SysAdmin #ITDIY
🧵14/14

It seems I miss #debugging at work so much I had to spend Saturday afternoon updating everything on my VPS

#nerd #IT #Sysadmin #selfhosting

My home desktop - 1 March 2000 - a Pentium 233 MMX.
The OS was Debian Linux - you can see a printed Tux near the keyboard.
No broadband connection, just a 56k modem.
Iomega Zip drive - so I could download stuff at Uni and bring it back home.
One year later, this became my first 24/7 server.

#IT #SysAdmin #Linux #Debian #Throwback #Memories #Vintage #OldPhotos #OldTimes #OldNerd #OldMe #VintageSetup

Alt...

A late 1990s - early 2000s computer setup on a white desk, featuring a large beige Sony CRT monitor, a beige tower PC with front-facing floppy disk and CD-ROM drives, an external 56k modem, a beige keyboard, and various scattered items such as CDs, cables, and glasses. Behind the monitor is a large black Sony speaker, and a motorcycle poster hangs on the wall. The photo’s timestamp reads “1.3.2000.”

For the weekend crowd:

"Networking for System Administrators, 2nd ed" now has a full Kickstarter page, with a book description and everything. It starts by confessing the title is a lie.

https://mwl.io/ks

I'd appreciate folks spreading the word. #sysadmin

Fuck yeah !

#YunoHost 12.1 release / Sortie du YunoHost 12.1 - Announcements

https://forum.yunohost.org/t/yunohost-12-1-release-sortie-du-yunohost-12-1/38294

Merci @yunohost !

Soutenons-les: https://yunohost.org/donate.html

#SysAdmin #ServerAdmin

Time for today's edition of "what went wrong with the computers today"…
When I sat down at my computer this morning, the Windows 11 upgrade I kicked off yesterday had indeed failed as I had suspected it was going to <https://federate.social/@jik/115069952179945603>, but not in the way I expected. My VM was on the boot screen with the spinning Windows booting animation, and on top of that was a pop-up: "Please insert external drive".
#SysAdmin #ITHelpdesk #HomeIT #ITDIY
🧵1/23

Switched phone to Consumer Cellular.

The wifi hotspot has great ipv6 connectivity, and zero ipv4 access.

It has begun. #sysadmin

The "Networking for System Administrators" #kickstarter now has a launch date and a description. #sysadmin #n4sa2e

https://mwl.io/ks

I'd appreciate interested folks sharing the word on any appropriate forum. Thank you!

The "Networking for System Administrators" #kickstarter now has a launch date and a description. #sysadmin #n4sa2e

https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition

I'd appreciate interested folks sharing the word on any appropriate forum. Thank you!

It took me a few hours of futzing around to set up a dual-display Ubuntu VM on my workstation directly connected to my network. I'm going to use it as a presentation host that I can remote control via VICREO Listener from a Companion VM that runs in my homelab and is controlled by a Stream Deck. The presentation display is shared via OBS, the presenter display is for me.
These are the lengths I'm going to achieve maximum production value in my #Linux #SysAdmin course.
https://monospacementor.com/courses/linsys-1/

The "Networking for System Administrators" #kickstarter now has a launch date and a description. #sysadmin #n4sa2e

https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition

I'd appreciate interested folks sharing the word on any appropriate forum. Thank you!

This morning I took some time to jot down how I temporarily lost all the mail on my family's mail server last week, how I recovered, and what I've done to minimize the impact of similar events in the future.
Some of this was my fault, but the bigger TLDR is that IMO Cyrus imapd is a big pain in the ass, I should probably switch to a different IMAP server, but I don't have time to deal with that right now.
#CyrusImapd #SysAdmin #MailServer #backups #IMAP #btrfs #PostMortem
https://blog.kamens.us/2025/08/21/how-i-lost-my-familys-email-recovered-most-of-it-and-made-sure-it-wouldnt-happen-again/

OK, so here is my #introduction !

I live in the most isolated capital city in the world, #Perth , and therefore on Whadjuk #noongar boodja. I pay my respects to the traditional custodians of the land, and their Elders - past, present, and emerging.

I am male (he/him), and married to the amazing artist @leece .

I have been a #Linux #Sysadmin for most of my professional life, and use Linux or derivatives exclusively at home.

For fun, I play #rpg games, and #boardgame . I also swim as a #mermaid (well, mer-dude), and ride a three-wheeled human-powered vehicle called a Me-Mover. I have a Hobie Outback pedal-powered kayak, which takes me back to my past as a Sea Scout on the Swan. I enjoy playing with #lego, #cooking, #preserving, and many, many other things.

I am #teetotal (and have been all my life) but love making mixed drinks, and have an extensive #zeroproof bar.

I am an amateur #photographer without any particular speciality, but I do particularly like taking shots of #birds (especially #raptors ), and other mer-folk. I also enjoy shooting #pinhole B&W, and play with in-camera #cyanotype (about which I have written extensively on my blog) . To round things out, I take quite a few #solargraph images.