Search results for tag #sysadmin
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/115/276/840/417/131/111/original/507e2134cf9f2a8d.webp)
FreeBSD shorts:
Did you know "ps" can natively display Jail information?
Use the -o flag to customize your columns.
Example (shows Jail ID, Name, PID, User, and resources):
# ps -aux -o jid,jail,pid,%cpu,%mem,command
#freebsd #sysadmin #devops #jails
Alt...
Console output of "ps -aux -o jid,jail,pid,%cpu,%mem,command", showing Jail information in the process-list alongside other standard fields.
Little bonus:
Want to see ONLY Jail processes, sorted by CPU%?
This command filters out the host system (JID 0) and sorts the rest by Jail ID and CPU usage:
ps -ax -o jid,jail,pid,user,%cpu,%mem,command | awk 'NR==1 {print; next} $1!=0 {print | "sort -k1n -k5rn"}'
#freebsd #sysadmin #devops #jails #commandline
![[?]](https://gnulinux.social/system/accounts/avatars/109/296/430/358/252/790/original/e5e8ae2da4ff1fc6.png)
Haack's Networking - Authoritative DNS w/ Bind9
- root zone and base server cluster
- name server registration; glue records
- full CLI-driven zones/records
- full Webmin-driven zones/records
- DNSSEC howto for CLI & Webmin
Wiki Tutorial: https://wiki.haacksnetworking.org/doku.php?id=computing:bind9dns
You can add zones/domains & create A, AAAA, SPF, DMARC, DKIM, SRV, CNAME, and/or any DNS record you want; it's self-hosting heaven ;O
#gnulinux #freesoftware #sysadmin #live #debian #peertube #bind9 #dns #opensource #selfhost
Alt...
screenshot of the webmin bind9 dns website panel for a public-facing bind9 cli + webmin dual tri-node authoritative DNS server covered in the tutorial
Haack's Networking - Informal Hacking Sessions #03
Today's agenda includes:
1) Writing the bind9 authoritative tutorial
2) Monitoring the rebuilt rsnapshot nodes
3) Editing and adding to the hard drive vitals post
https://content.haacksnetworking.org/w/byjvKm4LXLLn7q4ngYaG8f
#gnulinux #freesoftware #sysadmin #live #debian #peertube #bind9 #dns
Alt...
nuclear explosion in yellow, orange, and black tones ...
![[?]](https://climatejustice.social/system/accounts/avatars/115/104/286/124/641/038/original/d49361fa489972d8.gif)
I love using Debian. I think it is so interesting that so many distros have been or currently are based on Debian. While I prefer vanillia Debian, I wanted to list all of the Debian based distros (non-Ubuntu) I know of and categorize them based on what makes them unique.
Ease of use:
Linux Mint Debian Edition (LMDE) - Default for Windows refugees.
MX Linux - MXTools is cool.
Deepin - Beautiful, preconfigured DE.
Peppermint_OS – Lightweight, cloud integrated
Modern/Atomic (New Technologies):
Vanilla OS - Immutable, atomic updates, ability to run apps from Fedora/Arch via Apx. Friendly to new users.
Nitrux - Immutable, no systemd (OpenRC), heavy reliance on AppImage
Performance and/or Old Hardware:
Siduction - Based on Debian Sid. Rolling release, newest kernels.
antiX - No systemd, runs on a toaster (256MB RAM)
Sparky Linux - Debian testing w/better support for drivers/gaming.
BunsenLabs - minimalist OpenBox
Elive - Enlightenment desktop, high-end looks for 20 year old hardware.
Window Maker Live - NeXTSTEP look, fast, polished, and based on Debian 13.
Multimedia/Creative:
AV Linux (MX Edition) – Preconfigured w/low-latency kernel for audio production.
Neptune OS – Polished KDE with excellent media support.
Toolbox Distros:
Kali Linux / Parrot OS - Penetration tools preloaded, think hackerman.
Tails - Anonymity, amnesic, no trace
Whonix – Highly secure via dual-VM setup.
Proxmox VE - Server, machine host for VMs
TrueNAS SCALE - NAS, built for ZFS storage and applications.
OpenMediaVault – Turn old hardware into a NAS
Grml/Finnix/Knoppix - The "oh shit" buttons
Raspberry Pi OS - built for Pi's
VyOS – Router OS
BashCore - Ultra minimalist, stealth, CLI focused, live environment, zero branding.
Protest Distros:
Devuan - dislike for systemd
PureOS – FSF endorsed, 100% free software, privacy-focused
Global & Educational:
Endless OS – Designed for developing world for offline content.
Emmabuntüs – Reviving donated PCs for schools in Africa.
You could also consider Debian Pureblends, like Debian Med and Debian Edu.
Did I miss any? Please let me know, I will edit the list. Thank you!
#Debian #GNULinux #GNU #Linux #Privacy #SysAdmin #Tech #OpenSource #LMDE #LinuxMint #Mint #MXLinux #Deepin #PeppermintOS #antiX #SparkyLinux #BunsenLabs #Elive #AVLinux #NeptuneOS #KaliLinux #Kali #Tails #Whonix #Proxmox #OpenMediaVault #GRML #FINNIX #Knoppix #RaspberryPi #Pi #VyOS #Devuan #PureOS #Nitrux #EndlessOS #Emmabuntüs #Siduction #Bashcore #VanillaOS #TrueNAS #TrueNASScale #WindowMakerLive
Haack's Networking - Informal Hacking Session #03
1) Today's agenda is rsnapshot script/stack migration from backup 8700 machine to 7920, i.e., to backup the backup.
2) Write the article for the bind9 authoritative DNS server.
3) If time and/or stamina permits, we will work on this month's timbre post where I cover my month's listening history.
Live Steam w/ Chat: https://content.haacksnetworking.org/w/byjvKm4LXLLn7q4ngYaG8f
#livestream #live #gnulinux #sysadmin #floss #freesoftware #rsync #rsnapshot #shellscripts
Alt...
Haack's Networking logo, which is two hs side by side
It will take a while but I will write up my tri-node authoritative DNS server tutorial today. I decided to do everything via the CLI but/and, I used Webmin as well for easy post-configuration record creation. DNSSEC is also covered. SOON. #gnulinux #sysadmin #floss #freesoftware #opensource
![[?]](https://mastodon.blablalinux.be/system/accounts/avatars/113/675/429/104/963/472/original/82a1c1608044837c.png)
🚀 Marre des erreurs "Message manipulated" ou "400 Bad Request" sur vos instances Debian Trixie et Ubuntu 24.04 ? 🐧
J'ai mis à jour le wiki avec une configuration optimisée d'APT-Cacher NG pour stabiliser votre parc Proxmox et booster vos mises à jour ! ⚡️
👉 Lire le guide : https://wiki.blablalinux.be/fr/optimisation-apt-cacher-ng-debian-ubuntu
![[?]](https://media.burningboard.net/accounts/avatars/109/892/422/024/311/931/original/f22e604f554272c0.png)
New blog post: Interactive System Troubleshooting with AI using linux-mcp-server
Instead of copy-pasting command output into AI chats, your AI assistant can now directly query your Linux systems - checking services, logs, network ports, and resources in real-time.
The post includes a live demo diagnosing a RHEL 10 server running an Omada controller.
https://blog.hofstede.it/interactive-system-troubleshooting-with-ai-the-linux-mcp-server/
![[?]](https://mastodon-assets.nasreddine.com/accounts/avatars/115/732/801/642/231/913/original/bd40413aa27d64bc.png)
Running into the issue where Synology DSM only allows SSH access for the administrators group? 😤
I needed a non-root user for Borg backups from my TrueNAS, so I documented the workaround: a quick sed on /etc/passwd and a boot task to make it stick (since Synology loves to revert system files).
Full guide here: https://wael.nasreddine.com/synology/synology-allow-ssh-for-non-adm.html
#Synology #HomeLab #SysAdmin #TrueNAS #BorgBackup #SelfHosted #socialmedia
![[?]](https://cdn.masto.host/floss/accounts/avatars/111/059/286/876/672/393/original/ff6f5dfc75c1f378.png)
RE: https://mastodon.social/@jessie/115774314854244968
I notice that the British Library is also hiring a #Linux Server Specialist (#RedHat), UK only, to recover from their 2023 cyber attack.
This posting is up in Boston Spa; that's not that Boston, not /that/ Boston, keep going.... yep that one.
It's interesting to see them trying to hiring #opsec and #sysadmin skills to try and harden their systems. Wonder if it will work.
tk 🍜 boostedEarly Christmas present from me if you're reading this and you're a:
- Senior web developer
- In London
- Really into books and libraries
- Looking for work rnI am excited to inform you that the British Library is hiring a new head of web development
![[?]](https://files.mastodon.social/accounts/avatars/000/010/848/original/e453cb134e596fdb.jpg)
🕵️♂️ "Cacher n'est pas effacer !"
Vous pensez qu'un simple rectangle noir protège vos secrets dans un PDF ? ❌ Grosse erreur !
Je vous montre comment un petit script Python de quelques lignes peut lire à travers vos masquages OnlyOffice ou LibreOffice comme s'ils n'existaient pas. La sécurité, ce n'est pas du coloriage ! 🎨💻
Apprenez à vraiment protéger vos données sensibles sur le Wiki : 👉 https://wiki.blablalinux.be/fr/securite-pdf-reveler-texte-masque-python
#BlablaLinux #Sécurité #PDF #Python #Debian #OpenSource #SysAdmin
![[?]](https://social.nerdbear.de/files/webpublic-d3cc2cc1-6c11-443f-b048-96f5b880c59c.jpg)
linuxcommand.dev bietet dir eine spezialisierte Suchmaschine für über 1.500 Terminal-Kommandos. Du findest dort Syntax, kompakte Beschreibungen und praxisnahe Beispiele – plattformübergreifend und ohne Umwege. Unterstützt werden u. a. Ergänzend gibt es praktische Tools wie Hash-Berechnung und RSA-Key-Generierung direkt im Browser. Gedacht für
Alt...
linuxcommand.dev bietet dir eine spezialisierte Suchmaschine für über 1.500 Terminal-Kommandos. Du findest dort Syntax, kompakte Beschreibungen und praxisnahe Beispiele – plattformübergreifend und ohne Umwege.
👉 Retrouve les configurations pour mes 15 services (WordPress, Mastodon, Gitea...) ici : 🔗 https://wiki.blablalinux.be/fr/gestion-centralisee-robots-txt-nginx-proxy-manager
C'est cadeau, c'est du partage, et c'est sur le Wiki ! 🐧🚀
#BlablaLinux #SysAdmin #SelfHosted #NPM #RobotsTxt #OpenSource #LogicielLibre
![[?]](https://whitespashe.uk/system/accounts/avatars/000/000/014/original/0013482b488b3928.jpg)
![[?]](https://files.colquitt.xyz/accounts/avatars/113/589/480/603/662/014/original/12c97a4266e90828.jpeg)
It’s day 2 of my Christmas vacation and I’ve cleaned the garage, rotated my S/MIME certs, and rewrote some of my sieve filters and hacks bash scripts as milters using pymilter, which has sped up my SMTP transaction by a factor of 10 🎉 #sysadmin #selfhosted #email
Clearly, I wasn’t built for sitting still.
![[?]](https://files.mastodon.social/accounts/avatars/110/966/718/965/472/697/original/fac2bee55c11faab.jpg)
🔹 A tour of my personal #Proxmox setup (hardware & config).
🔹 How to set up efficient monitoring with #VictoriaMetrics.
🔹 Real-time stress testing (let’s see if we can break it live!).
Whether you run a #Raspberry Pi or a full rack in your basement, come hang out and get some inspiration for your winter projects.
📅 When: December 30th at 10am PT | 6pm GMT | 7pm CET
🔗 Live on our YouTube Channel
https://youtube.com/live/rsSHcONUfGU
#Homelab #DevOps #Proxmox #VictoriaMetrics #SysAdmin #HolidayProjects
Pimp my Mastodon ! 🎨🐧
Le bleu par défaut, c'est sympa, mais aux couleurs de Blabla Linux, c'est mieux ! J'ai sorti le pinceau (et surtout le CSS) pour harmoniser mon instance avec le blog et le wiki 🖌️
Envie de faire pareil sur la vôtre ? Je vous ai mâché le travail (avec code, capture et GIF à l'appui) sur le Wiki :
👉 https://wiki.blablalinux.be/fr/personnaliser-css-mastodon
On se retrouve là-bas pour voir la vie en Vert & Orange ! 🚀
#Mastodon #CSS #SelfHosted #Linux #OpenSource #BlablaLinux #SysAdmin
Online-Kurse auf Admindocs.de: Linux-Administration 🚀 Egal ob du gerade erst mit Jedes Kapitel hat echte Beispiele, die du direkt nutzen kannst, um Effizienz und Sicherheit in Enterprise-Umgebungen hochzuziehen.
#Server #SelfHosting #EnterpriseIT #LinuxLearning #foss
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/740/169/477/916/693/original/dfa8f1b9beefa405.png)
A short while ago I was explaining to a client the reason why his website has seen a very significant increase in load over the past few weeks. On many of the servers I manage, I see connections coming from residential users, yes, but mainly from unscrupulous AI scrapers that do not care about overloading everything. Someone on their side replied to me: "Wouldn’t moving everything to the cloud solve the problem? I mean... autoscaling!"
That sparked a somewhat "conspiratorial" thought. Some colleagues have told me that, with the recent surge in AI bot traffic, their costs have skyrocketed. Given how much money is being spent, and not earned, on AI, are we really sure this is not, in some way, planned or at least welcomed as a way to increase costs for end users of cloud services and funnel them into AI budgets?
Quand ton cerveau d'admin système passe en mode "Automatisation totale"… ✨
J'ai tellement de campagnes planifiées pour 2026 qu'on dirait que j'ai installé un module de prédiction du futur sur mon Proxmox ! 🔮
Le Wiki Blabla Linux va chauffer, vous n'êtes pas prêts ! 🚀
#Listmonk #Organisation #SelfHosted #SysAdmin #BlablaLinux
📡 Besoin d'un Proxy ?
Fini de fouiller dans les menus de Gnome ! J'ai publié le guide complet pour installer Squid sur Debian.
Le bonus Blabla Linux : mes alias magiques pour activer/désactiver le proxy en une seconde dans le terminal ! ✨
📖 À lire ici : https://wiki.blablalinux.be/fr/installation-configuration-proxy-squid-debian
![[?]](https://static.piaille.fr/accounts/avatars/109/268/784/924/781/300/original/1de24a3b6c74ce43.jpg)
Over at my blog (https://blog.hofstede.it), I value privacy. No 3rd-party analytics here!
I visualize logs myself without data ever leaving my infra: Caddy (JSON) -> Promtail -> Loki -> Grafana
Even ASN/GeoIP enrichment happens locally via MaxMind DBs in the pipeline. All running in a FreeBSD jail.
IPs are anonymized (last octet blanked) and logs wiped after 14 days. Total data sovereignty.
#SelfHosted #Privacy #Grafana #Loki #Observability #SysAdmin #FreeBSD
![[?]](https://static.piaille.fr/accounts/avatars/109/270/440/383/710/359/original/37f84169cb378067.jpg)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/000/023/015/original/dabc9a6ccea3b6ae.jpg)
You are an experienced Dev(Sec)Ops. How well do you know Kubernetes?
#devops #devsecop #infosec #it #ops #sysadmin
| I am an expert. I can run my own cluster and maintain it in time: | 12 |
| I use Kubernetes well, but I don't run it myself. I use hosted platforms.: | 8 |
| I know a bit about Kubernetes, but I don't use it that often.: | 11 |
| I am not knowledgeable on Kubernetes. Just the general idea.: | 24 |
| Kubernetes?: | 5 |
Closed
![[?]](https://s3.us-east-005.backblazeb2.com/musicianstoday/accounts/avatars/109/525/730/258/233/266/original/89cf6419ecb30d25.png)
Grew up in the 60s & 70s and that's my feeble excuse for the uncontrollable tittering at my Nextcloud's daily status check - I just can't help myself... 😁
Security & setup warnings:
High-performance backend
No High-performance backend configured - Running Nextcloud Talk without the High-performance backend only scales for very small calls (max. 2-3 participants). Please set up the High-performance backend to ensure calls with multiple participants work seamlessly.
![[?]](https://cdn.masto.host/enosmtown/accounts/avatars/109/341/527/116/255/990/original/16fee146425349c3.jpg)
boosted![[?]](https://media.hachyderm.io/accounts/avatars/114/425/237/136/592/921/original/be1a2ac44668d120.png)
The federated feed is great, but I want to follow more experts who are deep in the weeds.
Tag a Mastodon account that posts high-quality content about:
• Reverse Engineering
• Vintage Computing
• Network Security
• Accessibility / UX
• Privacy
• Enshittification
• Art
• Photography
Who is your favorite "must-follow" account that deserves more eyes?
#weekend #followfriday #feditips #askfedi #linux #sysadmin #mastodon #vintage #infosec #enshittification #art #photography #writing #design #ux
![[?]](https://cdn.hosted.spacebear.ee/sb-53d788bcd8441bb97cfb7a64f2552521/accounts/avatars/109/331/059/732/420/534/original/6ee41c3fffb95318.jpg)
thank you for the useful error message, tt-rss! #sysadmin
"Exception while creating PDO object:SQLSTATE[08006] [7] connection to server at "127.0.0.1", port 3306 failed: received invalid response to SSL negotiation: Z"
🚀 Le secret des mails bien sapés !
Tu t'es déjà demandé comment personnaliser l'aperçu de tes newsletters sans polluer ton design ? 📧✨
Je viens de publier un nouveau guide sur le Wiki pour dompter le preheader invisible dans Listmonk ! Tes campagnes vont enfin avoir de la gueule dans la boîte de réception de tes abonnés 🐧🛠️
Le tuto complet avec l'astuce du nettoyage visuel : 👉 https://wiki.blablalinux.be/fr/listmonk-optimisation-preheader
#BlablaLinux #Listmonk #Mailing #Newsletter #SelfHosted #SysAdmin #EmailMarketing
![[?]](https://cdn.fosstodon.org/accounts/avatars/000/186/507/original/d6235003bb2d678e.jpg)
Have you worked with tags on your jails yet?
One nice benefit of using tags is that you can also TARGET by tag name, meaning you can group like systems and maintain those separate from others.
`bastille tags help`
Usage:
bastille tags TARGET [add|delete] tag1,tag2
bastille tags TARGET list [TAG]
Comparing devices at the office this afternoon.
#IT #SysAdmin #Networking #MikroTik #FreeBSD
Alt...
A small office desk with two MikroTik networking devices being compared. A white MikroTik Chateau 5G router with two external antennas sits at the back, while a smaller dark gray MikroTik hAP ax lite LTE6 stands in front of it, connected by a cable. Both devices use two different sims of the same mobile provider. In the background, a gray stand with a FreeBSD sticker is visible next to a wall radiator.
🤖 STOP aux bots d'IA qui scrapent vos données ! ✋
Au lieu de se battre avec des dizaines de robots.txt (Hello WordPress & Gitea), on passe à l'offensive centralisée. 🛡️
On bloque les GPTBot, ClaudeBot, et autres directement à la porte, au niveau de notre cher NGINX Proxy Manager !
C'est plus propre, plus efficace, et ça fait plaisir à notre CPU. 😉
👉 La méthode complète, avec le fichier .conf à créer : https://wiki.blablalinux.be/fr/blocage-robots-ia-nginx-proxy-manager
🚨 Astuce #SysAdmin ! 🚨
Optimisez vos animations web : apprenez à convertir vos GIFs en MP4 légers et performants avec FFmpeg ! Un guide essentiel pour tout administrateur système sous Linux.
Le contrôle du CRF expliqué pour un équilibre parfait entre qualité et taille.
👉 https://wiki.blablalinux.be/fr/optimisation-gif-mp4-ffmpeg-linux
#Linux #FFmpeg #Optimisation #DevOps #AdminSys #TechTip #LogicielLibre
![[?]](https://social.dk-libre.fr/social/oldsysops/s/7e93fa6bf16b47da4f57ddf9072aff8c.png)
- donner la carte graphique à un conteneur pour faire du offload pour #jellyfin.
- donner un dongle usb #zigbee à un conteneur pour créer mon serveur #homeassistant (et ne plus dépendre d'un service cloud)
![[?]](https://cdn.masto.host/floss/accounts/avatars/111/340/454/048/716/134/original/1a10719906213ed3.jpg)
Use setgid on shared directories: `chmod g+s /shared/project`. New files inherit group ownership, preventing permission chaos when multiple users collaborate.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
RE: https://mastodon.bsd.cafe/@82mhz/115722686490910352
In my experience, 95% of the situations I follow could transition to totally open-source solutions without major problems. Some others could do so by implementing a progressive plan.
The limitation is almost always human: people accustomed to working in a certain way for years, and a lack of willingness and commitment to change, even minimal change. If in private sectors, this happens under the "threat" of a drop in productivity. If in public sectors, under the threat of severe inefficiencies.
I saw a local election won (in part) thanks to a promise not to change anything.
Inertia, at times, causes incalculable damage.
My home state of Bavaria is planning to spend 1 billion Euros in the next five years on Microsoft products. One fucking billion Euros!
Meanwhile, the state of Schleswig Holstein has been transitioning to open source software and estimates that it will save them around 15 million Euros a year.Maybe it's time to move.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/115/259/277/430/803/651/original/4b70dbf4edf35875.jpg)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/000/070/798/original/d20ead2f85c91066.jpg)
We are approaching the 28th or 29th anniversary of my “Thursday” story. Back in 1996 or 1997, I was head of #IT for the UVA CS department. I was pretty much as amateur then as I am now. But I digress.
I come home and check my answering machine messages. “Hi Paco, it’s Gabe. It’s Thursday and the printers aren’t working. Can you have a look?”
It wasn’t just Thursday. It was Christmas day.
Gabe was the only Jewish faculty member in the department at the time, and he wasn’t going to let a perfectly good Thursday go to waste.
I'm looking at the architecture of things like Fedora Silverblue, NixOS, and the Steam Deck.
The concept of an immutable root filesystem with atomic updates seems like the technically correct way to do an OS. No more dependency hell, no more breaking the system with a bad sudo command. But the muscle memory of apt-get install / dnf install is hard to break. Containerizing everything (flatpak/distrobox) feels like a friction point for quick tasks.
For those who daily drive an immutable distro: Was the learning curve worth the stability? Or is it still too much friction for a machine? 🤔
#askfedi #linux #fedora #steam #steamdeck #NixOS #foss #opensource #programming #sysadmin
![[?]](https://files.bitbang.social/accounts/avatars/000/045/839/original/ed4d1d748ba25b17.jpeg)
Wasting bunch of time reducing the public IPv4 usage on AWS for a client to reduce recurring monthly costs (AWS charges by the hour for IPv4s)
There are things AWS doesn’t even support that would help, like giving an RDS instance a public IPv6 without public IPv4. It's dual-stack or die! Please, I don't need any IPv4…
I pray for the day all networking is #IPv6 native and any IPv4 is just gateways for backcompat for laggards…
✨️ Your Terminal Wrapped, 2025 Edition ✨️
>You typed sudo !! 482 times because you're in charge, but forgetfully.
>You distro-hopped 4 times, proving that the perfect desktop environment is always the next one.
>You spent 26 hours compiling a program from source that was already in your package manager.
>Your top artist was grep. Your most played track was | less.
>You explained to a Windows user that "no, it's not a black screen, it's working" 17 times.
>It's been 3 minutes since you last ran apt update && apt upgrade.
>There are 2 kernel updates waiting for you RIGHT NOW. Good luck with your Wi-Fi driver.
#linux #sysadmin #wrapped #vim #alpine #gnome #kde #manjaro #linuxmint #arch #fedora #debian #ubuntu #terminal
Le NGINX qui râle, le Certbot qui tourne... tout est sous contrôle. On corrige, on optimise, on découvre... et on recommence. C'est la vie de l'infra ! 😉
#HomeLabLife #Sysadmin #Linux #NGINX
Goodbye Linux & Podman, hello FreeBSD & Jails! 
Just migrated my blog (https://blog.hofstede.it) to a fully native BSD stack (where my Gemini Capsule was already living).
Stack (using Bastille VNET Jails)
- Caddy (Ingress, TLS, Reverse-Proxy)
- Nginx Jail (Internal. Static file serving)
- PF
The Cool Part: A Zero-Trust CI/CD pipeline.
My Forgejo runner deploys via restricted rrsync into an air-gapped "transporter" jail, which nullfs mounts the web root.
Security: Source-IP restricted, no interactive shells, no PTY.
The simplicity of files-on-disk beats container abstraction every time.
#BastilleBSD #SelfHosted #SysAdmin #IPv6 #ZFS #FreeBSD #RunBSD
Filebrowser is open for public registration & more testing on the navidrome/jellyfin instances. Drop-in music/media and and watch it populate!
https://upload.gnulinux.studio
https://upload.gnulinux.media
Create an account & test away. Post issues here as replies or DM me. Main site:
https://gnulinux.studio
https://gnulinux.media
User: pubglug
Pass: musicisawesome
Pass: moviesareawesome
#music #opensource #freesoftware #demo #jellyfin #navidrome #debian #sysadmin
Library gets nuked every Monday at 3am.
Alt...
screenshot of filebrowser project page
![[?]](https://files.mastodon.social/accounts/avatars/000/038/659/original/b0de8058da52f2aa.jpg)
Here is a small tip: to easily configure your installed FreeBSD, use the `bsdconfig` command as the root user. A lot of FreeBSD users or developers (including some IT/sysadmin folks) don't know this, but you can use `bsdconfig` to set up many system configuration settings, both for new systems and for changing settings on existing systems.
#unix #tips #freebsd #sysadmin
Alt...
A screenshot of bsdconfig(8) command running on my FreeBSD machine.
Demo'ing Navidrome and Jellyfin for our Public GNU/Linux Club:
User: pubglug
Pass: musicisawesome
Pass: moviesareawesome
https://gnulinux.studio [music]
https://gnulinux.media [videos]
#music #opensource #freesoftware #demo #jellyfin #navidrome #debian #sysadmin
Come join the fun: https://matrix.to/#/#introductions:gnulinux.club
Each of these instances has an associated filebrowser instance: https://tech.haacksnetworking.org/2025/12/09/setting-up-a-secure-public-facing-filebrowser-instance/
Making uploading, editing, removing, etc., music easy. DMs to test Filebrowser!
Alt...
cover of brand new day by lime, on navidrome instance
Mise à jour ⚙️ réussie vers Mastodon v4.5.3 !
En tant qu'administrateur système sous Linux, j'apprécie toujours quand la mise à jour se passe sans accroc. Merci Docker de m'épargner le RAILS_ENV=production bundle exec rails assets:precompile ! 😅
🚀 Le Fédivers continue de tourner !
#sysadmin #mastodon #update #linux #docker
The difference between a community-led open source operating system and a corporate-backed open-source OS?
The company wants AI in the system, the company gets AI. #sysadmin
https://fedoramagazine.org/find-out-how-your-fedora-system-really-feels-with-the-linux-mcp-server/
#sysadmin
![[?]](https://social.coukaratcha.fr/system/accounts/avatars/110/582/482/417/948/667/original/75ecb214c0f73f5a.jpg)
Bonjour tout le monde,
Je suis Build & Release Manager @ Arkane Lyon #gamedev
Je bidouille #devops et #sysadmin
J'héberge et gère plusieurs services dont cette instance #mastodon
Je fais aussi du #speedrun sur plusieurs jeux dont #DEATHLOOP et Super Smash Bros. Melee.
J'aime bien les jeux de société #JdS et jeux de rôle #JdR, surtout #DnD
Enfin, je fais un peu de #broderie, surtout du #pointdecroix
J'ai un blog où je partage tout ça :
When you start patching or upgrading an old server with issues... and it suddenly feels like a TV commercial from my childhood.
I found this funny. credit https://www.threeboy.com/
#sysadmin #technology #life #jobs
Alt...
A comic strip titled "TrueNuff Heck Support"
Jay is IT person and when looking at the coworker monitor, he yells "NO," when asked, "JAY, CAN I INSTALL ...?"
Jay walks away from a female coworker who says, "I THINK MY COMPUTER NEEDS ....," to which he replies, "IT DOESN'T."
Another coworker shouts, "HEY! WHY'S MY COMPUTER BROKEN AGAIN?" Jay yells back, "BECAUSE YOU DOWNLOAD DUMB SHIT."
Later, Jay is relaxing on a couch playing video games. Another person asks him, "HOW WAS WORK?" Jay, holding a bottle, smiles and replies, "AWESOME."
#mail #sysadmin #hotmail [SENSITIVE CONTENT]
#askFedi #mailquestion to all #mail #sysadmin around here : What do you do of all complaint from staff@hotmail.com ?
I've check the header and i must confess i didn't understand why they complain.
All complain so far have been legitimate mail actually send by the allowed mail server (SPF/DKIM/DMARC).
haven't configured BIMI and ARC yet but ..
I decided to spin up a secure Filebrowser instance like the Navidrome lead dev suggests, make it public-facing w/ TLS and a reverse proxy, a simple brute force fail2ban jail for it, and an ACL to make sure it plays nice with the navidrome user. Here's the original article and the Filebrowser one:
Navidrome Setup: https://tech.haacksnetworking.org/2025/10/29/setting-up-navidrome/
Filebrowser Setup: https://tech.haacksnetworking.org/2025/12/09/setting-up-a-secure-public-facing-filebrowser-instance/
#floss #freesoftware #opensource #selfhost #navidrome #filebrowser #linux #gnulinux #sysadmin
Alt...
picture of filebrowser open source web-based file browser home page logo and banner
Alt...
FAQ by lead Navidrome dev on what they suggest for managing files on the remote instance; they suggested Filebrowser
I have a strong suspicion that the VM running FediMeteo is being throttled. The network speed is abysmal, and the same goes for I/O.
Tomorrow morning I’ll try moving it to another provider at the same price. Let’s see, I’m really curious to observe what happens.
![[?]](https://cdn.masto.host/federatesocial/accounts/avatars/109/362/298/411/339/649/original/3a499f9fa22fd027.jpg)
I have an enforcing #DMARC policy set up on my personal email domain. I use #DMARCAnalyzer for processing aggregate reports from servers that send them. Every week I log in and check to make sure everything's fine, i.e., (a) there isn't a significant uptick of people forging emails from my domain that I should look into (unlikely), and (b) I haven't broken something stupid in my infrastructure and caused my own outbound emails to violate my policy.
#SMTP #emailAdmin #sysAdmin (1/2)
A message comes in: a website is not responding. Or rather, it responds but it crawls.
It is a WordPress with a few plugins, all in good shape.
I log in and the load is near zero, traffic is tiny. I start digging and nothing makes sense. I run the command "w" and the machine is frozen.
Nothing in the logs.
Then the light bulb goes on:
"ping bsd.cafe"
No resolution.
The provider’s upstream DNS servers (set in a hurry, I normally install a local unbound) are not responding and everything grinds to a halt. I switch the DNS servers and everything magically starts working again.
Of course it was DNS! 🙂
boosted"Networking for System Administrators, 2nd ed" is out everywhere except Amazon's Kindle store. And that's the way it'll stay. #sysadmin
(Followers probably know this, but I really should blog it so here it is.)
Just got back from the local @mikrotik distributor with a load of "toys" for a new job for a client.
The next few days are going to be fun!
#Networking #MikroTik #Router #Switch #IT #SysAdmin
Alt...
A large cardboard shipping box filled with multiple Mikrotik product packages. Most of the boxes are labeled “RB5009 series” with the Mikrotik logo and a geometric patterned design. Additional Mikrotik boxes, including some from the “Cloud Router Switch series”, are partially visible underneath. The boxes are neatly arranged and are new and unopened.
![[?]](https://media.mstdn.social/accounts/avatars/109/197/908/539/057/893/original/aaccd7e755384328.png)
I got quoted in The Guardian again, I guess CloudFlare must have been down or something? 
> “These companies have become too big to not fail. And because they handle so much traffic, when they do fail, this immediately becomes a massive problem”
Après 10 ans, le vieux thème « Publication » de Blabla Linux a pris sa retraite bien méritée ! 😅
Nouvelle ère, nouveau look : Bienvenue à Astra ! Mon site a fait un lifting complet... et il a enfin l'air d'avoir moins de 80 ans !
Venez juger par vous-même : 🔗 https://blablalinux.be
#WordPress #Astra #BlablaLinux #Linux #Refonte #SysAdmin
![[?]](https://files.mastodon.social/accounts/avatars/000/317/042/original/c45a6ca725f06601.jpg)
A functional and useful dashboard for #OPNsense that utilizes #InfluxDB, #Grafana, #Graylog, and #Telegraf.
https://github.com/bsmithio/OPNsense-Dashboard
#lgdl #networking #opensource #sysadmin #freesoftware #security #firewall
![[?]](https://social.taupehat.com/system/accounts/avatars/109/306/819/433/396/351/original/be040812fb880814.jpg)
You haven't truly lived the life of a #sysadmin until you're googling around to figure out some issue and find a post about it where someone's asking the exact same question and... it's you. You, asking the exact same question ten years ago. And nobody answers.
![[?]](https://cdn.bolha.us/bolhaprod/accounts/avatars/109/354/356/442/525/305/original/e20e547380abd198.jpg)
Vaga SysAdmin remoto, na Hostinger. em Floripa(?).
"Estamos buscando um Administrador de Sistemas Linux para nos ajudar a construir, monitorar, manter, automatizar e dar suporte à nossa infraestrutura de hospedagem em rápido crescimento, que alimenta mais de 7 milhões de sites em mais de 1.500 servidores físicos em todo o mundo. Nesse ambiente dinâmico, você trabalhará ao lado de engenheiros de sistemas e software experientes, enfrentando desafios reais que impactam milhões de clientes diariamente. Você se aprofundará, aprenderá constantemente e adquirirá conhecimento para se tornar o próximo talento de alto nível."
https://jobs.lever.co/hostinger/ccc58b23-99d7-41e9-b7eb-6e92ee33d5f6
So I bought a full-sized rack for the garage. Might be a bit too big to call it a #homelab any more 😜
It came with 2 PDUs that take 3-phase, 60A, 250V AC. I, um, won’t be plugging those into the house. My servers run on 240V, 2-phase. This plug is just a monster. My hand in the photo for scale.
I’m tickled that it says “Sun” on the side. I got my start in #sysadmin work on Sun IPCs and Sparc 4s back in the day.
Alt...
Photo of the PDU mounted in the rack. It has 6 banks of 6 plugs each.
Alt...
Photo of the side of the rack with the “Sun Oracle” logo on it. I like the Sun icon with the 4 S’s
Alt...
The IEC309 power plug. My hand for scale. Just the wire itself is huge.
![[?]](https://files.mastodon.social/accounts/avatars/000/027/233/original/4a1f1367cafeaaa0.jpg)
The Call for Papers for #bsdcan is open, see https://www.bsdcan.org/2026/papers.html and https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html for some background (f you want to explain to less BSD-savvy friends) #bsdcan #bsd #freebsd #netbsd #openbsd #freesoftware #libresoftware #development #sysadmin #devops #conference
#Linux security best practice: Create system user accounts for services that can’t be used for login: `useradd -r -s /sbin/nologin servicename`
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
![[?]](https://files.mastodon.social/accounts/avatars/110/313/914/144/289/307/original/028599dd509a1226.png)
My underrated Linux pick is the lsof command. It tells you exactly which files are open and which processes are using them. Because Linux treats everything as a file, this tiny command ends up being insanely powerful and useful in everyday troubleshooting.
Here are useful lsof command examples 😎👇 #cybersecurity #infosec #sysadmin
Find high-res pdf books with all my #linux related infographics at https://study-notes.org
![[?]](https://static.piaille.fr/accounts/avatars/109/421/044/519/198/213/original/018e7d58fb2d6466.png)
Désolé pour la petite interruption de service de #BookWyrm francophone ce dimanche midi.
Pour sécuriser le serveur face aux bots et diverses attaques, j'ai malencontreusement auto-bloqué nos propres services :-) ça devrait normalement être bon désormais :-)
![[?]](https://kolektiva.social/system/accounts/avatars/000/004/395/original/123051a70a5f6fd8.jpg)
how to audit for open services with iproute2 https://anarc.at/blog/2023-03-10-listening-processes/ #debian-planet #python-planet #sysadmin
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/112/943/374/179/881/625/original/a1e9590077e5fdf0.png)
The major reason I got out of #Sysadmin was because of the ingratitude.
Many nights spent in cold computer rooms.
Many out of business hours emergencies.
Poke a finger into a bucket of water, you will leave more of a mark...
Most folks remember me chilling by my desk.
Fireman looking lazy because you prevent the fires.
So here is my advice to new sysadmins.
Create your own fires so you can put them out publicly.
Professional ethics be damned.
Toot your own heroics, no one will notice if you make shit run smoothly.
Everyone will call you a hero for putting out the fire.
the udp port was not wide open !!
silly #sysadmin
🤯 Mon rsync est passé en mode GÉ-NIE ! 🤯
Fini le simple cp -r ! J'ai appris à maîtriser rsync pour des sauvegardes :
Intelligentes (il ne copie que ce qui a changé 🧠).
Sécurisées (via SSH).
Historiques (--link-dest pour des sauvegardes incrémentales qui prennent peu de place !).
C'est l'outil indispensable du SysAdmin ! 🛠️
➡️ Le Guide rsync : https://wiki.blablalinux.be/fr/rsync-synchronisation-sauvegarde
#Linux #Sauvegarde #rsync #SysAdmin
💤 Mon serveur Debian dort, mais il met à jour ! 🛡️
J'ai activé les Mises à Jour Automatiques (unattended-upgrades) sur mon serveur. Fini le stress d'oublier les patchs de sécurité !
Le guide explique comment :
Installer le service.
Configurer la fréquence (quotidien ! ⏰).
Activer le redémarrage auto si besoin (à 4h du mat, on est tranquille).
La sécurité sans effort, c'est possible. 👌
➡️ Le guide pour la tranquillité : https://wiki.blablalinux.be/fr/debian-unattended-upgrades
#Debian #SysAdmin #Serveur #Sécurité #Linux
boostedHey! @b0rk is running a sale on her zines.
All you #sysadmin sorts should take a look.
https://social.jvns.ca/@b0rk/115622285573521088
Big books are too much. Julia maps the territory so you can find your way and figure out the next questions you need to ask.
La magie du backup continue ! ✨ Proxmox Backup Server 4.1 apporte encore plus de performance et de stabilité à vos sauvegardes.
Mettez à jour et dormez sur vos deux oreilles ! 😴
Lien : https://www.proxmox.com/en/about/company-details/press-releases/proxmox-backup-server-4-1
#Proxmox #Backup #ITInfrastructure #Sysadmin #DataProtection #PBS4
![[?]](https://social.mitexleo.one/system/accounts/avatars/115/271/953/765/819/112/original/19a815118e11e122.jpg)
How do you guys block YouTube shorts in your network? I'm not sure if Adguard Home or RouterOS can do this.
![[?]](https://static.piaille.fr/accounts/avatars/109/916/233/850/304/650/original/97bcc6b71bfd369b.png)
Hey mastodon, je suis à la recherche d'une solution pour gérer un parc de 400 produits déployés chez le client :
- informations sur le site de déploiement (terrain, infrastructure client)
- informations sur le matériel (hardware déployé, numéros de série de composants)
- information sur le logiciel (services déployés sur ces produits)
C'est un peu à la croisée du #sysadmin et de l'#inventaire #produit. C'est à destination de profils opérationnels/commerciaux pour avoir une vue globale.
On a déjà une solution (maison) pour gérer la connectivité à distance, mais je cherche à découpler la logique de connectivité de celle de l'inventaire.
Des idées ?
"Install on Kubernetes with Helm (recommended for production)
Install with Docker Compose (single-node install, not recommended for production)
Install for Local Development"
Hey! There's the local installation! Let's have a look at it:
"You need to make sure you have: Docker and Docker compose installed."
Alt...
Bugs Bunny's meme "no"
The #n4sa2e sponsor books have all been mailed (except for a couple problem cases) and are starting to arrive.
Which means I can probably tell folks about the #openzfsmastery sponsorship.
Why I (still) love Linux
I usually publish articles about how much I love the BSDs or illumos distributions, but today I want to talk about Linux (or, better, GNU/Linux) and why, despite everything, it still holds a place in my heart.
https://it-notes.dragas.net/2025/11/24/why-i-still-love-linux/
#Linux #OwnYourData #Server #SysAdmin #Workstation #OpenSource #ITNotes
Document changes with `history | tail -10` to capture recent commands, then add explanations. Future you (and colleagues) will thank you during troubleshooting.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
![[?]](https://snac.it-notes.dragas.net/itnotes/s/432eb4dd10c0aaf9a92cf8005b7e2e8c.png)
Boostez votre #Homelab Proxmox ! 🚀
Fini les manipulations complexes de scripts. Cette interface web moderne (Next.js/React) vous permet de gérer les scripts communautaires PVE du bout des doigts. Un must-have ! ✨
➡️ Le Repo: https://github.com/community-scripts/ProxmoxVE-Local
#Proxmox #ProxmoxVE #PVE #Selfhosting #SysAdmin #DevOps #WebUI #OpenSource
![[?]](https://static.mamot.fr/accounts/avatars/000/375/058/original/bca597ea796b4aa6.png)
Ok I can confirm that gzip bombs work great!
I almost crashed my PC Firefox testing my own bomb.
I got inspiration from @lord 's article: https://lord.re/en/posts/139-gzip-bomb-nginx/ for the bomb
and from @robin 's article https://icewind.nl/entry/nixos-add-nginx-options/
To automate adding the bomb by default to every virtual host I have (with NixOS).
You can find the result here: https://framagit.org/ppom/nixos/-/commit/9a53e5de1df2ed6a3548d5ae94a8ac1178787248
Classic 'Nige'
Can SSH into my server via terminal on my laptop. Works a treat, no issues.
Exactly how did I get that all up and running? But a paltry few months ago? No recollection at all.
So as long as I stick to, "If it ain't broke don't fix it" all should be fine.
If however it does break... bum.
![[?]](https://files.mastodon.social/accounts/avatars/000/298/811/original/e1d75561ec39ffc4.png)
"ByTor" spelled just like it sounds if you're a Rush fan
"I play bass" she said
Some ISPs have good customer service :)
"100W", today's MFA moved back to incandescent from LAD lightbulbs
It could be an allegory about how wasteful computing resources have become
Or maybe it's just 4 random characters
boosted![[?]](https://eldritchcafe.files.fedi.monster/accounts/avatars/110/887/781/260/341/974/original/1a41aefd66718a28.png)
Vous chercher un job ? Ma boîte recrute un⋅e administrateur⋅ice système Linux/DevOps.
Je vous mets l'offre dans des posts ci-dessous, sous TW parce que sinon ça fait des gros blocs dans la TL, c'est chiant. Et je vous mets un dernier bloc supplémentaire pour vous donner mon avis sur la boîte.
Needed 4 random characters for my PIN, so chose Samwise Gamgee, Rose Tyler, Zoë Boutin-Perry and Hawkeye Pierce
Had to replace Zoë with her mom Jane because the server couldn't handle umlauts
The BastilleBSD team is pleased to announce the release of Rocinante v1.0.1.251120! This release includes a number of fixes and improvements.
Big thank you to everyone that contributed to this release!
https://github.com/BastilleBSD/rocinante/releases/tag/1.0.1.251120
#FreeBSD #BastilleBSD #Rocinante #automation #devops #sysadmin
![[?]](https://files.mastodon.social/accounts/avatars/000/255/026/original/3a861232b25b8ee2.png)
Silly idea for a computer home lab: you probably have a couple old smartphones lying around, gathering dust.
Maybe you can build a compute cluster from them though? They are probably some of the most efficient compute devices available. Also passively cooled so zero noise! With OTG, it might be possible to even connect to them serious storage and build a Ceph cluster...
https://hackaday.com/2025/04/09/self-hosting-a-cluster-on-old-phones/
#tinkering #homeserver #homelab #computers #sysadmin #upcycling
"The contrast with Docker is striking: while the Docker container required 100% CPU to reach peak for the HTTP and HTTPS throughput, the FreeBSD jail delivered the same speed with ~60% of the CPU sitting idle. In terms of performance cost per request, Jails are drastically cheaper."
#ITNotes #Linux #Docker #Containers #FreeBSD #RunBSD #IT #SysAdmin
🚨 Alerte Proxmox 9 ! 🚨
Mes conteneurs Docker/LXC ne démarraient plus après la mise à jour containerd.io... 🤯
J'ai trouvé l'origine du problème (le conflit AppArmor/runc) et je vous explique la seule façon de le corriger (ou de l'éviter !) pour relancer vos services rapidement.
Le guide complet est sur mon wiki 👇 https://wiki.blablalinux.be/fr/proxmox-9-apparmor-docker-lxc-conflit-demarrage
Passez en 9.1 et transformez votre centre de données en une machine de guerre open source !
👉 https://proxmox.com/en/about/company-details/press-releases/proxmox-virtual-environment-9-1
👉 https://youtu.be/4-u4x9L6k1s
Installing #openbsd is easy, but what does it take to keep your system in trim? here is a piece I wrote, "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html to provide some pointers (also at https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html if tracking is not a thing you worry about) #maintenance #sysadmin #dailytasks #dailydriver
![[?]](https://files.mastodon.social/accounts/avatars/000/033/565/original/48537eb7c14b6502.png)
📰 Aujourd'hui j'ai publié un article sur comment automatiser la sauvegarde de ses mots de passe LockSelf/LockPass via un petit outil en ligne de commande que j'ai développé la semaine dernière :
➡️ https://www.wanadevdigital.fr/355-lockpass-automatiser-la-sauvegarde-des-mots-de-passe/
Bonne lecture ! 😁
![[?]](https://masto.bike/system/accounts/avatars/109/298/328/498/155/315/original/70dbdf0cef9f4ef2.png)
AWS, Microsoft Azure, and CloudFlare – services run by gigantic corporations with endless supply of money and talent – all experience catastrophic, global failures that take innumerable other services down with them within 30 days. 
Meanwhile Wikipedia just keeps chugging along, globally stable and reliable as always. 
And yes, Wikimedia Foundation runs a pretty complex infrastructure:
https://wikitech.wikimedia.org/wiki/Wikimedia_infrastructure
There is a book called Normal Accidents:
https://en.wikipedia.org/wiki/Normal_Accidents
The author puts forth three rules that define systems susceptible to catastrophic accidents which are completely to be expected:
- the system is complex
- the system is tightly coupled
- the system has catastrophic potential
This describes huge cloud providers like CloudFlare very well, and specifically describes the last outage very well.
CloudFlare, AWS, Azure, GCP are simply Too Big Not To Fail.
✅ invalid file
✅ deployed globally
✅ crashing the software
CloudFlare just pulled a CrowdStrike?
https://blog.cloudflare.com/18-november-2025-outage/
Static Web Hosting on the Intel N150: FreeBSD, SmartOS, NetBSD, OpenBSD and Linux Compared
Update: This post has been updated to include Docker benchmarks and a comparison of container overhead versus FreeBSD Jails and illumos Zones.
#ITNotes #freebsd #illumos #jail #linux #netbsd #openbsd #ownyourdata #server #smartos #sysadmin #zoneshosting
Cloudflare's problems today confirmed what I have known for a long time: if a customer is down for half an hour due to some kind of server issue (disk replacement, etc.), they immediately start saying a way must be found to avoid it.
When it's Cloudflare that goes down for hours, they accept it with resignation.
![[?]](https://mastodon.opportunis.me/system/accounts/avatars/000/007/081/original/c83b8bd0b4d0e14f.jpg)
Can you guess when we turned on tracing in our #Django webapp?
I had a fun time diagnosing ever-increasing disk usage in $work's #Sentry instance.
I ended up having to dig into Sentry's kinda weird #ClickHouse schema, and doing some mild database crimes to stop the bleeding.
Detailed writeup: https://gitlab.softwareheritage.org/swh/infra/sysadm-environment/-/issues/5746#note_227040
Alt...
A graph for disk usage on a server. there's a continuing upward slope, which becomes much faster in the week of October 1st.
![[?]](https://mastodon.evolix.org/system/accounts/avatars/000/000/059/original/bcc4c75645d0cb31.jpeg)
Alors qu'on n'utilise pas CloudFlare (on est trop attachés à notre indépendance), leur panne d'aujourd'hui nous a fait mal. Certains de nos clients l'utilisent en amont et ne comprennent pas toujours que c'est pas de notre faute si leur site ne marche pas. #pedagogie #sysadmin
Cloudflare down?
https://www.cloudflarestatus.com/incidents/8gmgl950y3h7
You know the drill.
Edit: edited to update the link to direct for the incident, and thus lost the poll responses; sigh.
| BGP: | 19 |
| DNS: | 46 |
Closed
Major Cloud providers have all suffered significant outages recently. At an unprecedented rate.
They are firing engineers because of their 'AI'.
I wonder if these things are related.
Check `ss -tuln` for open ports. Add `| grep :80`, for example, to filter specific services. You'll get clearer output and better performance than with the outdated `netstat`.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
A trend I really dislike in modern browsers is the activation of DoH, or in general any override of the DNS settings provided via DHCP.
In my case I use a local DNS server that doesn’t rely on forwarders but queries the tree directly. I also have integrated ad blocking thanks to filter lists.
This morning a client called me because Chrome could no longer reach their internal server. On their network there’s an internal DNS record that resolves the name to the LAN address, yet it seems their browser randomly resolves it to the external IP instead. I’ll probably fix it with a redirect or NAT hairpinning (I dream of the day when we finally have IPv6 everywhere), but it still feels like a workaround.
Why, when there’s a reasonably secure internal DNS, should you resolve using the usual big players that want to centralise all traffic? I mean, I understand the reasoning behind it. Still, it feels a bit like the "commercial" VPN situation: you fear your provider might inspect your traffic, so you hand everything over to some shady company based who knows where, claiming to protect you while flooding the world with ads.
Last week I had a chat with a colleague who is highly specialized in Microsoft solutions. Young but not too young, smart, not very up to date simply because he has little time for anything else. His specialization depends entirely on where he works, not on personal interest. Lately he seemed a bit disillusioned with some choices made by "other operating systems", and he was starting to consider moving his personal projects toward Microsoft as well, since he already had the experience. Still, he said it with boredom. With the attitude of someone who is tired of wasting time.
He had heard of the BSDs but had never tried installing them. He was convinced that there were no decent hypervisors outside the Linux world and that KVM belonged to Linux alone. I had the terrible idea of showing him the BSDs, how great bhyve is, and how nvmm on NetBSD uses qemu underneath, making it almost a replacement for KVM in many setups. He lit up with the look of someone waking up from a long sleep. I also had the terrible idea of showing him illumos and its distributions. He had no clue it existed and thought old, great Solaris had been dead for years thanks to Oracle.
He called me a little while ago. He was furious. He spent the whole weekend doing tests and now he has no idea what to use among FreeBSD with bhyve, NetBSD with nvmm, and illumos with bhyve or kvm. He is slowly starting to explore jails and illumos zones. He was annoyed (in a positive way) because now he does not know what to pick since everything feels so different from what he was used to, and he found advantages in each option.
I am obviously happy about it, but I also wonder: instead of reinventing the wheel every time, would it not sometimes be better to simply broaden our horizons?
#IT #SysAdmin #OperatingSystems #FreeBSD #Linux #NetBSD #OpenBSD #DragonflyBSD #illumos #SmartOS #OmniOS #OpenIndiana #Tribblix
RE: https://mastodon.bsd.cafe/@vermaden/115564165835643603
I look forward to the @vermaden weekly newsletter as much as I anticipate a perfect tiramisu after a superb lunch. It is truly the cherry on top.
That special something that helps me kick off the week in style.
#RunBSD #FreeBSD #OpenBSD #NetBSD #DragonflyBSD #Linux #IT #SysAdmin
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟱/𝟭𝟭/𝟭𝟳 (Valuable News - 2025/11/17) available.
https://vermaden.wordpress.com/2025/11/17/valuable-news-2025-11-17/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/753/691/400/011/788/original/7decba5a2514dda4.png)
![[?]](https://cdn.masto.host/socialwildeboernet/accounts/avatars/000/000/001/original/7a247866b9436e4b.jpeg)
J'ai mis en ligne les fichiers liés à la présentation sur les mises à jour Debian, qu'on a faite hier avec @gcolpart au @capitoledulibre : https://cfp.capitoledulibre.org/cdl-2025/talk/9N7SYT/ ou directement sur https://gitea.evolix.org/evolix/debian-upgrades-presentation #debian #cdl #sysadmin
![[?]](https://cyberpunklol.files.fedi.monster/accounts/avatars/114/418/052/381/827/125/original/c6dbf45f6d3f0aba.png)
Finished migrating my selfhosted email server to a new hosting provider.
Yes, I did on a Friday, which should be read-only.
But it's OK, because this is a personal system, not a corporate one.
Plus, I'm an anarchist, I refuse to be opressed by silly rules ;-)
#selfhosted #email #sysadmin #readonlyfriday #breakingtherules
This Isn't a Battle
After reading a post describing the FreeBSD community as 'toxic', I share a different perspective. This isn't a battle. It's a reflection on coexistence, the original Open Source spirit, and the quiet richness of taking a different path.
https://my-notes.dragas.net/2025/11/14/this-isnt-a-battle/
#MyNotes #IT #SysAdmin #FreeBSD #NetBSD #OpenBSD #Linux #OpenSource
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/673/890/154/879/794/original/b86b9e9e718d3233.jpg)
Being a #sysadmin of 26 years has taught me most certifications are a pure money making grift from corporations. Most tech workers who know their stuff don't need these. Nothing beats hands-on experience of technology.
Alt...
It's the "Change my mind" meme with: Certifications are just another grift from corporations.
If you absolutely must use XML as the format for your configuration files, at least have the common decency to provide a full schema. 
New blog post: FreeBSD Dual-Stack with Jails on Hetzner Cloud !
How to run VNET jails with proper IPv6 (no NAT66!) by splitting a /64 into two /65 subnets.
- Complete working configs
- IPv6-first philosophy
- Production-tested
https://blog.hofstede.it/freebsd-dual-stack-jails-on-hetzner-cloud/
The scp command lets you securely copy files between hosts over an SSH connection.
Some of you might think scp is deprecated but in fact what’s deprecated is the scp protocol, not the command itself. The command now uses a more secure sftp protocol by default
Here are some of useful scp command examples 😎👇 #sysadmin
Find high-res pdf books with all my #linux and #cybersecurity related infographics from https://study-notes.org
![[?]](https://files.mastodon.social/accounts/avatars/000/199/851/original/21292f83459dd19d.png)
Thinking about migrating from Linux to the rock-solid security of FreeBSD? Our expert training is designed for you. Learn BSD fundamentals, command differences, and how to harness ZFS.
Start your journey with confidence!
Use `sed -n '100,200p' largefile.txt` to extract specific line ranges without loading the entire file into memory. Much faster than `head -200 | tail -100` for large files or when targeting middle sections.
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
Just installed good old trusty `trac` https://trac.edgewall.org/on my system. I'm deploying with Ansible and on a VM, and it was failing while setting the locale. It needs `LC_ALL` set, which for some reason was not set in my system. Set it with `update-locale LC_ALL=en_US.UTF-8`.
![[?]](https://static.piaille.fr/accounts/avatars/109/676/309/314/166/793/original/c1d26355f147d36e.png)
Je dois choisir mon futur bureau d'enregistrement (transfet) pour 2 domaines persos, sachant que je gère moi même mes ND et zones, je ne m'intéresse pas du tout à cet aspect de leurs offres, éventuellement aux API ou possibilités de mise à jour des enregistrements ns, ds, glue...
Pour les arguments ou d'autres propositions, je n'ai que 4 choix donc ne pas hésiter à laisser une réponse...
#sysadmin #dns
| lebureau.coop: | 0 |
| Scaleway (j'y ai déjà des serveurs): | 0 |
| Infomaniak (où sont mes mails): | 0 |
| Ovh: | 0 |
Closed
![[?]](https://secure.gravatar.com/avatar/e91244fd6969f44e84bdd4f88c7cb39c21bf550cda2f265df9cca53b8f5c7f1f?s=120&d=blank&r=g)
Thanks to @SeaGL for the opportunity to present and thanks to @TheyOfHIShirts for the nice recap. Here's the video from today: https://content.haacksnetworking.org/w/nsMwnJhLnfMrs17W5cAdWg #sysadmin #selfhost #selfhosting #gnulinux #linux #freesoftware #floss #opensource 🙏🏼
Yeah, so I have trouble with my backup.
You see, the USB HDD enclosure I use seems to sometimes disconnect drives. And because I can't seem to be able to disable write cache to them, that inevitably looses some data. The problem is I use #Btrfs and it assumes the write order to disks is kept. Interrupted write cache might violate that. So I have 500+ corruption errors in my Borg repository. Borg crashes during a repo check, but I can still backup to it and mount archives...
#borgbackup #sysadmin
![[?]](https://cdn.fosstodon.org/accounts/avatars/000/153/988/original/664c3d3fb4e22b9e.png)
Advice needed: I want to set up #Linux Kiosk PCs. Users must log in with a card ID and password that are verified via a PHP webservice against a MariaDB.
The challenge: I need the Linux desktop login (e.g., via a Display Manager like LightDM/GDM) to authenticate against the custom remote service.
How can I implement this? Custom PAM module? Python-pam? Scripts?🤔
#PAM #linuxhelp #KioskMode
#Authentication #webservice
#PHP #Sysadmin #Python #foss #OpenSource
tfw you can't get the verification code sent by your health insurance company to your email because the IP address it's coming from is listed in Spamhaus AND the email they're sending violates their enforcing DMARC policy. *sigh*
#infosec #DMARC #Spamhaus #SysAdmin #EmailAdmin #healthInsurance
je l'améliore (tremblez #DBA, les #sysadmin vont vous grand remplacé !!)
😉
Me: I'm gonna write #openzfsmastery in order. No bouncing around in the manuscript, just clean text from beginning to end!
Also me: My test host needs the new compatibility flag for the root pool. I guess I better jump ahead four chapters and write that. 
#sysadmin #writing
I just had issues with upgrading to the latest #NextCloud. In short, the GroupFolders app was not compatible with the new version and somehow broke everything. Had to disable the app, tried to update al apps (including GF, but that one failed), then finished the NC upgrade, then finished updating all apps, then reenabled the app.
Blog post with more details soon.
Trying to `diff` some YAMLs. Plain `diff`'s output is confusing because it splits blocks in the middle and at some point all blocks are marked with diff because the drift is so big it can't keep up. `difftastic` is syntax aware, but it marks additions, changes and removals with color, so redirecting the output to a monochrome output file to do some manual massaging in a text editor is impossible. Anything in the middle?
Oh, finally! I was getting genuinely worried this week: up until now, no one had told me yet that 'we need moooar powaaaar'.
Obviously, it wasn't needed: if you keep spawning threads without checking if the previous ones have finished, generating a deadlock (even at zero load) but locking up the application, 'moooar powaaaar' won't solve anything
Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.
One simple ruleset gives you automatic brute-force protection with ZERO userland daemons. No log parsing, no reaction delays, no additional attack surface.
table <bruteforce> persist
pass in proto tcp to port 22 flags S/SA (max-src-conn 5, max-src-conn-rate 3/30, overload <bruteforce> flush global)
Kernel-level enforcement, instant blocking, survives reboots with persist.
Why spawn Python processes when your firewall already knows?
okay. #n4sa2e book production is complete. Time to get on #openzfsmastery.
Which means seriously getting to grips with #bhyve.
Did some bhyve experimenting a couple weeks ago. Got FreeBSD installed just fine. Debian with ZFS, not so much.
So this week it's go back, one step at a time. Install base debian with grub, does it work? Then UEFI, then ZFS secondary disk, then root on ZFS.
This morning's install ends with a console saying:
grub>
The Debian installer wrote grub to disk, but... didn't configure it? Huh.
Time for some classic #sysadmin headdesking.
This is part of my weekend fun. Coffee stains included.
The two Raspberry Pis are powered by NetBSD, the mini PC by illumos/SmartOS, and the two APU boards by FreeBSD.
#NetBSD #FreeBSD #illumos #SmartOS #IT #SysAdmin #HomeLab #RaspberryPI
Alt...
A top-down shot of a small computer setup on a tan surface with some visible coffee stains. In the upper left, a silver mini-PC is partially visible, with a black USB stick plugged into its side. Below the mini-PC, a black USB to TTL serial adapter is connected to and powering a Raspberry Pi A+. The Raspberry Pi Zero W is connected to and driving a 2-relay module.
The Raspberry Pis are running NetBSD, the mini-PC is running llumos/SmartOS, and the two, slightly visible APU devices are running FreeBSD.
Proper FreeBSD system hardning :)
(all for sysctl)
security.bsd.see_other_uids
security.bsd.see_other_gids
--> Don't show other users processes
security.bsd.unprivileged_read_msgbuf
--> Don't allow unprivileges to read kernel buffer (dmesg)
security.bsd.unprivileged_proc_debug
--> Don't allow unprivileged to use debugging
security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
--> restrict hardlinks to same user/group
kern.elf64.aslr.enable
kern.elf32.aslr.enable
--> Enable kernel address randomization (ASLR)
security.bsd.unprivileged_mlock
--> Restrict unprivileged users from loading kernel modules
sysctl kern.securelevel=1
--> Cannot lower securelevel
--> Cannot write directly to mounted disks
--> Cannot write to /dev/mem or /dev/kmem
--> Cannot load/unload kernel modules
--> Cannot change firewall rules (if compiled with IPFIREWALL_STATIC)
--> System immutable and append-only file flags cannot be removed
This can make a FreeBSD system more secure, especially on multi-user systems. Securelevel ca even go higher, but those restrictions generally need care.
#runbsd #freebsd #security #hardening #goodpractice #devops #sysadmin
![[?]](https://friendica.mrpetovan.com/photo/profile/hypolite.png?ts=1682368420)
I just blocked the entire 47.79.0.0/16 subnet from my server because it was querying hundreds of nonsensical pages from my web server using a bogus user agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36.
Each subsequent request was sent from a different IP address in that range to evade rate limiting. I've learned this IP block is owned by Alibaba Cloud LLC, good riddance.
![[?]](https://goto.marcodaleo.com/fileserver/01KX4T0YC1KGNMJRND3PXHD5PW/attachment/original/01K59K2MVT1D5NJ0V8AR9KRX3B.jpeg)
Yesterday I completed the migration from Authentik to Pocket ID on all of my homelab services!
I also included Tinyauth to link OIDC to a service without a login page.
Today, there was a part of me that silently made me think that get rid of my secondary domain and buying a new one was a good idea.
So here I am. Melting on the sofa after 10 hours of Ansible, OIDC clients, creating users, tweaking config files, VPN, Jenkins security and jobs configurations, plus your regular system administration.
Oh, did I mention that it was supposed to be my day off? 😅
#homelab #selfhost #selfhosted #selfhosting #sysadmin #systemadmin #linux #linux #ansible #oidc #vpn #jenkins #sso
![[?]](https://swissodon.ch/system/accounts/avatars/111/766/453/549/475/029/original/21725a7c56a4ddcb.jpg)
Remmina wirft dir für jede Session ein neues Fenster um die Ohren?
Es geht auch ordentlich: Ein kleiner Eintrag in der Config oder ein kurzer gsettings-Befehl, und schon läuft alles brav in Tabs – übersichtlich, platzsparend und endlich ohne Fenster-Tetris.
👉 Blogartikel:
https://www.onesystems.ch/blog/wie-die-remmina-verbindungen-in-tabs-statt-in-neuen-fenstern-oeffnen/
#Linux #Remmina #RDP #Sysadmin #Tips
![[?]](https://snac.bsd.cafe/r1w1s1/s/avatar-a407a557617b316743a014a69dd362e9.jpeg){kind=avatar}
Boot processes, reproducible builds, user-mode Linux, FreeBSD sandboxes, and even /dev/null as a database 😄
Plus:
• Fedora KDE pkg mgmt
• Debian vs systemd
• raconn — a smart tool for parallel SSH connections to multiple hostnames/IPs in one ProxyCommand. (https://blog.izissise.net/posts/raconn/)
• UBIOS (China’s UEFI-alt)
Read it 👉 https://newsletter.nixers.net/entries.php#311
“There are no life hacks, only trade-offs.” — James Clear
#Unix #Linux #FreeBSD #FOSS #SysAdmin #ReproducibleBuilds #SSH #Nixers
Script d'automatisation des mises à jour des VMs et LXC Proxmox avec notification Gotify
Wiki : https://wiki.blablalinux.be/fr/script-update-lxc-vm-gotify-proxmox
ByteStash (Code) : https://bytestash.blablalinux.be/s/0599b82399cf5db305dd6ded8e1bd0a4
#Linux #SysAdmin #Proxmox #Gotify #Automatisation #MiseAJour #BlablaLinux
Il existe des milliers de façons d'arriver au même résultat, et certaines sont sans doute meilleures que les miennes.
C'est pourquoi je vous le dis : vous êtes libres de prendre, d'adapter ou d'ignorer complètement ce que je publie. Vous êtes les maîtres à bord ! 😉
Prenez ce qui vous sert, et jetez le reste !
#Transparence #Tech #SysAdmin #OpenSource #BlablaLinux #Code #DevOps
Utiliser des variables CSS pour modifier la couleur primaire (--override: #MaCouleur) et le tour est joué !
Fini le look standard, place à la personnalisation profonde : ➡️ https://wiki.blablalinux.be/fr/wikijs-html-head
Je ne veux pas laisser mon serveur en mode "presque à jour".
Le guide complet pour installer et configurer l'update automatique de votre PBS, sans crash surprise : ➡️ https://wiki.blablalinux.be/fr/update-pbs-script-cron
Me: "Look. I wrote the book on sudo. Don't just go 'sudo bash'--it's bad practice."
Also me: "sudo tcsh" #sysadmin
Yesterday evening I couldn't use my Netatmo thermal control. I was blaming the changes I was performing in the home network but it seems it was a global #Azure outage.
I think it's time to revamp my old, pre 2010 python program that served me well for years.
#Outage #IT #SysAdmin #OwnYourData
Alt...
Old man yells at cloud - with me instead of Abe
Before anyone mentions how reliable Google Cloud is, here's a massive outage from June this year:
https://www.cnbc.com/2025/06/16/google-cloud-outage-apology.html
And from October last year:
https://status.cloud.google.com/incidents/e3yQSE1ysCGjCVEn2q1h
You will not believe the trick-or-treat trick Microsoft just pulled! 
#Microsoft #Azure #Outage #SysAdmin
Alt...
Screenshot of downdetector.com showing Azure and dozens other large services experiencing problems.
Oh good god the AI trap on the inkscape website has twelve million hits. That's the hidden url that bots are told not to index, but ai bots LOVE to hit that thing.
But attacks continue to increase.
I'm going to have to decide if I need to block t-mobile and other mobile carriers because of all the malware on android phones being used as ai bot sources.
sysop I'm working on some interesting stuff this morning, and I'm really enjoying it. So far, no calls about yesterday's issue, which is reassuring.
But I did get a new call, awaiting a follow-up: a few months ago, I sent a (low-cost) quote to modernize a network stuck 20 years in the past. This included new routers, 4G failover (which they currently lack), transitioning from a PPTP (!!!) based VPN to WireGuard, and using IPsec and/or WireGuard for site-to-site connectivity (which is currently handled in a way I'm embarrassed to even mention).
I've been managing some servers for them for a few years (not in the right way, IMO, and there's a plan to fix that too), and they were enthusiastic about my project (and how cost-effective it was, thanks to choosing the right hardware).
Today's call: a colleague who works with them told me they're reviewing a quote this morning for a "professional", "AI-powered" (and hyper-expensive, with recurring fees) firewall because my proposal is supposedly "too basic to be effective".
If they go that route, that's their choice, but I'm always baffled by how the grass is always greener -trusting the first stranger who shows up with buzzwords and pointlessly expensive products.
On the flip side, this afternoon I have an on-site visit with a potential new client who, and I quote, "prefers to spend money on consulting for open-source products than on useless licenses".
Just for that attitude alone, I'm going to offer them extremely favorable terms if the premises are right.
Anyway, it's only 9:20, but the day is already shaping up to be quite interesting.
![[?]](https://cdn.masto.host/floss/accounts/avatars/000/056/291/original/27995fdd54dd1220.jpg)
Try not to be the reason they needed to install mollyguard
A friendly reminder for no reason at all :)
About a year ago, a client I've worked with for over fifteen years informed me that some of their "less critical" servers would be migrated to $CLOUDPROVIDER. According to them, this provider would guarantee an efficient management panel, "more freedom for their devs", and lower costs. This didn't impact me financially but, on an ethical and personal level, I warned him about the potential problems. Yet they decided to move forward, aided by the arrival of $YOUNGDEV who "has worked with it, it's reliable, and everything works fine". Again, I warned them (where are the backups? A disaster recovery plan? etc.) but they insisted: $CLOUDPROVIDER is efficient and gives us everything.
I studied their plan and immediately understood that their "cost-cutting" strategy wouldn't work: I know their workloads, and the plan they chose was insufficient. Needless to say, a few days later they went down and had to make an "emergency" purchase of the next tier up. The cost? Higher than their previous server infrastructure.
I heard nothing more about these workloads for almost a year but my monitoring tools still were marking them down, from time to time. Then, I get a phone call this afternoon. $YOUNGDEV asks me for support. He doesn't explain, but I immediately understand it's one of those workloads. A serious problem, and they don't have a backup of the database. They don't have a test environment to run diagnostics. The DB is very large, and they don't know what to do. My predictions - not even my worst ones - had come true.
I was running between two appointments. I only remarked that this situation could have been avoided and that it's not something I manage or can manage, but I nonetheless suggested we sync up tomorrow morning. I'm not going to get my hands dirty, but still, $YOUNGDEV is in trouble, and I offered to take a look to suggest a strategy. I then asked for the access credentials to $CLOUDPROVIDER, considering that up until a year ago, I managed all of these workloads. He replied that he "doesn't know if he can give them to me" and that he "would have to ask his bosses". I pointed out that if he wants my help, I need something - I don't even know how $CLOUDPROVIDER grants access to data (or if it does) - how can I give him advice?
It's 18:30 and I have received nothing. Tomorrow morning, if the phone rings, I will answer, but at this point, I won't do anything. I prefer, albeit reluctantly, to completely end the relationship with this client.
If this is the price of dignity and respect, I'll gladly pay it.
Por qué usar nvm para configurar un entorno de desarrollo y ejecución Node.js en Linux Debian
En Linux Debian, no se pueden instalar paquetes con npm globalmente en el sistema (npm install -g) sin usar sudo. Es una medida de seguridad necesaria que puede provocar problemas de permisos para usuarios sin permisos sudo cuando algún paquete se instala globalmente usando sudo, o que implica tener que instalar cada paquete como dependencia de cada repositorio. Esto puede tener sentido con dependencias del proyecto que se está desarrollando, pero no tanto con paquetes del entorno de desarrollo que se usan en todos los proyectos (linters, revisores de código, typescript...). Esto se soluciona usando nvm que permite crear un entorno Node.js específico para cada usuario del sistema, de manera que los paquetes instalados globalmente son globales para el usuario que los instala. nvm se puede instalar sin usar sudo, así que un usuario no necesita contactar al administrador del sistema. [SENSITIVE CONTENT]
TLDR; En Linux Debian, no se pueden instalar paquetes con npm globalmente en el sistema (npm install -g) sin usar sudo. Es una medida de seguridad necesaria que puede provocar problemas de permisos para usuarios sin permisos sudo cuando algún paquete se instala globalmente usando sudo, o que implica tener que instalar cada paquete como dependencia de cada repositorio. Esto puede tener sentido con dependencias del proyecto que se está desarrollando, pero no tanto con paquetes del entorno de desarrollo que se usan en todos los proyectos (linters, revisores de código, typescript…). Esto se soluciona usando nvm que permite crear un entorno Node.js específico para cada usuario del sistema, de manera que los paquetes instalados globalmente son globales para el usuario que los instala. nvm se puede instalar sin usar sudo, así que un usuario no necesita contactar al administrador del sistema.
Instalar Node Version Manager (nvm)
En el repositorio oficial de nvm se puede descargar un script de bash que descarga nvm y añade la configuración necesaria al archivo de perfil del usuario (~/.bashrc, ~/.bash_profile, ~/.zshrc, o ~/.profile). Es recomendable consultar el repositorio para instalar la última versión. En el momento de escribir este tutorial era la 0.40.3:
$ wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash=> Downloading nvm from git to '/home/skotperez/.nvm'=> Clonando en '/home/skotperez/.nvm'...remote: Enumerating objects: 383, done.remote: Counting objects: 100% (383/383), done.remote: Compressing objects: 100% (326/326), done.remote: Total 383 (delta 43), reused 180 (delta 29), pack-reused 0 (from 0)Recibiendo objetos: 100% (383/383), 391.78 KiB | 2.67 MiB/s, listo.Resolviendo deltas: 100% (43/43), listo.* (HEAD desacoplado en FETCH_HEAD) master=> Compressing and cleaning up git repository=> Appending nvm source string to /home/skotperez/.zshrc=> Appending bash_completion source string to /home/skotperez/.zshrc=> You currently have modules installed globally with `npm`. These will no=> longer be linked to the active version of Node when you install a new node=> with `nvm`; and they may (depending on how you construct your `$PATH`)=> override the binaries of modules installed with `nvm`:/usr/local/lib├── @vue/cli@5.0.8└── npm-check-updates@16.13.2=> If you wish to uninstall them at a later point (or re-install them under your=> `nvm` node installs), you can remove them from the system Node as follows: $ nvm use system $ npm uninstall -g a_module=> Close and reopen your terminal to start using nvm or run the following to use it now:export NVM_DIR="$HOME/.nvm"[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
Para que nvm esté disponible hay que cerrar terminal y abrir una nueva.
Instalar Node Package Manager (npm) usando nvm
Antes de instalar node con nvm puede ser que node esté ya instalada en el sistema de manera global. Para comprobarlo:
$ node -vv20.19.5$ npm -v9.2.0
En Debian Trixie, en el momento de escribir este tutorial, la última versión disponible de node es la 20.19.5, y de npm la 9.2.0.
Para instalar la última versión de node usando nvm:
$ nvm install nodeDownloading and installing node v25.0.0...Downloading https://nodejs.org/dist/v25.0.0/node-v25.0.0-linux-x64.tar.xz...############################################################################################################################################################################ 100.0%Computing checksum with sha256sumChecksums matched!Now using node v25.0.0 (npm v11.6.2)Creating default alias: default -> node (-> v25.0.0)
La primera versión de node instalada con nvm se configura como la versión a usar por omisión.
Si ahora hacemos la comprobación de la versión de node y de npm disponibles por omisión para este usuario:
$ node -vv25.0.0$ npm -v11.6.2
Para otro usuario que no haya instalado nvm, la versiones disponibles seguirán siendo las instaladas desde los repositorios de Debian.
Para instalar una versión específicamente:
$ nvm install 22.21.0Downloading and installing node v22.21.0...Downloading https://nodejs.org/dist/v22.21.0/node-v22.21.0-linux-x64.tar.xz...############################################################################################################################################################################ 100.0%Computing checksum with sha256sumChecksums matched!Now using node v22.21.0 (npm v10.9.4)
Al instalar una nueva versión, ésta se activa automáticamente en esa terminal. Sin embargo, la versión por omisión sigue siendo la primera que se instaló. Múltiples versiones de node pueden convivir para un usuario, que podrá elegir la que quiere usar en cada caso. Para ver todas las versiones instaladas:
$ nvm ls-remote
Para seleccionar una versión de node diferente en un momento dado:
$ nvm use 22.21.0
Instalar paquetes en un entorno node instalado con nvm
Al instalar un paquete de manera global en un entorno node instalado con nvm, el paquete estará globalmente disponible para el usuario:
$ npm install -g @google/gemini-cli
![[?]](https://mastodon-assets.gougere.fr/accounts/avatars/000/000/369/original/22d62f774f88ba53.png)
#DNS #sysAdmin
Petit rappel que si vous utilisez #BIND comme résolveur (alors qu'il existe d'autres choix), METTEZ À JOUR : il y a encore une faille on-va-tous-mourir https://kb.isc.org/docs/cve-2025-40778
Keeping an eye on the queues, load balancing and failover I configured over the weekend on a client's router.
#IT #SysAdmin #MikroTik #Networking #MondayMorning
Alt...
The screenshot shows the MikroTik WinBox interface with multiple windows open related to queue monitoring and routing rules.
At the top left, the Firewall > Mangle rules panel is visible, showing several active rules used for routing and marking connections. Some entries include labels like “Sticky: Inbound Voda”, “Sticky: Inbound Wind”, “Force Netwatch traffic via Vodafone”, “DECIDE_WIND_BACKUP”, and “Apply: Route via Voda.” Each rule has columns for action, chain, and marks, with most actions set to “mark connection” or “mark routing”.
Two windows display Simple Queue statistics:
The first, titled TOTAL, shows traffic graphs and statistics with an upload rate of 870.6 kbps and a download rate of 32.3 Mbps, along with packet rates of 1,954 p/s (upload) and 2,837 p/s (download).
The second, titled TOTAL_WINDTRE, shows lower upload but higher download activity, with 181.2 kbps upload and 48.8 Mbps download, and packet rates of 397 p/s and 4,606 p/s, respectively.
At the bottom, the Log window shows a list of recent messages under the “system, info” and “script, warning” topics. The entries mention load balancing events such as “LB Debug: Voda overloaded, new connections switching to WindTre” and “switching back to Voda” indicating dynamic WAN failover or load balancing between two ISPs, Vodafone and WindTre.
The Simple Queues tab is also open, listing queues like “TOTAL”, “VIP-GARANTITA”, “limit-servers” and “normal”, along with their WindTre-specific variants.
![[?]](https://mastodon-data.cdn.tedomum.net/accounts/avatars/000/172/164/original/754a4bcbcb8cce20.jpg)
Avec ssh -X c'est quel driver graphique que l'on utilise ? Celui de la machine source ou de celle depuis laquelle on fait le ssh ?
🔐 Nouvelle automatisation Proxmox !
Marre des mises à jour manuelles ? 😩
Nouvelle publication sur le Wiki : Automatisez la mise à jour complète de tous vos Conteneurs LXC et VMs (Debian/Ubuntu) sur Proxmox VE grâce à deux scripts Cron.
➡️ Gagnez du temps, restez sécurisé.
Lien direct : https://wiki.blablalinux.be/fr/script-update-lxc-vm-proxmox
Disponible aussi sur ByteStash (solution de stockage d'extraits de code) : https://bytestash.blablalinux.be/s/a055d43f24f8b58218b4cbdad100b7ec
#Proxmox #HomeLab #SysAdmin #DevOps #Automatisation #Linux #cybersécurité
![[?]](https://cdn.masto.host/floss/accounts/avatars/109/305/784/922/240/453/original/431a96f87932ddcf.jpg)
I joined #substack (no subs) to have a place to write longer posts and share them to an interested audience. Primarily #technology related. I've added it to my lnk.bio page, and I'm sharing this here as its my first (very quick) post there: https://bigntallmike.substack.com/p/wifi-is-best-with-wires
➡️ Le résultat ? Vos conteneurs toujours frais, sécurisés et performants, sans lever le petit doigt !
Découvrez comment gagner ce temps précieux :
🔗 Le site officiel (avec la doc) : https://containrrr.dev/watchtower/ 🔗 Le code source (pour les curieux) : https://github.com/containrrr/watchtower
#Docker #DevOps #Automatisation #GainDeTemps #TranquillitéDEsprit #Tech #OpenSource #SysAdmin #Conteneurs 🐳🚀
![[?]](https://media.bsd.network/accounts/avatars/108/169/621/963/093/196/original/d2b514315880ccba.png)
Question pour la team #sysadmin pour du #dns : est-ce que vous avez des bons retours de Netim (https://www.netim.com/fr) comme registraire ?
J'ai un domaine en .ro chez Gandi et comment dire que la politique tarifaire de Netim semble mieux :D
Repouets OK :)
Today's Linux course livestream is going to be awkward. And grepward, and even sedward. We'll talk about text processing! If you'd like to strengthen your command line skills, tune in at 5pm UTC on Twitch, YouTube, or my Owncast channel.
https://monospacementor.com/courses/linsys-1/free-livestream/
#Linux #SysAdmin #SystemAdministration
The client has a terrible, unreliable FTTC connection. So, this morning, I've been testing several devices and 4G carriers to find a reliable alternative when the FTTC is full/down.
The good, old LTE12 Chateau is the best for this task, giving a stable and reliable 220/50 Mbit/sec thanks to carrier aggregation.
The newer but smaller hAP ax lite LTE6 is still giving a good result, around 100/50 - expected, as it's "only" a LTE6. This will probably come to my office, while I'm waiting for the Chateau 5G (LTE20) to arrive - probably not before middle of November.
Now, I need to create proper queues and rules to manage the two connections - at the moment, I've implemented only the failover and some simple queues on the FTTC.
Lunch time.
#Mikrotik #IT #SysAdmin #MorningFun
Alt...
The MikroTik Chateau, the Mikrotik hAP ax lite LTE6, a 4G usb key and a usbc 2.5 gbit/sec ethernet adapter on a wooden table
My backup is down.
How timely, I have just been trying to backup priceless footage shot for a music video for a song where "my backup is down" is spelled out verbatim.
While I wait for a reply from Btrfs mailing list, I am tempted to buy a bigger drive. Like a 20 TB one.
But then I'd really need two to have redundancy, and that would be a tad bit crazy...
If you missed my "announcement" about the music video, here it is:
https://mastodon.social/@unfa/115412018567684691
#Btrfs #SysAdmin #Backup #Music
This morning it looks like two of my connectivity providers had serious issues across almost all of Italy. I didn't notice anything and thought the problem was in other areas.
I was wrong: the problem was related to their DNS, which was down or malfunctioning.
This is why I didn't notice: I use my own DNS resolvers, and they perform resolutions directly, without a forwarder.
Once again and for the second time this week, Own Your Data and decentralization guaranteed continuity.
I will never stop saying it: Own Your Data!
Alt...
photi d'un petit xhuen marron sur un fauteuil en toile rouge. au premier plan il y a une bière dans un verre karmelit.
Traffic meter per ASN without logs https://anarc.at/blog/2025-05-30-asncounter #debian-planet #python-planet #software #network #sysadmin #tor #censorship #python
Dis-moi 
un sshd_config qui n'a aucun PermitRootLogin (donc ni à yes ni à no), ça veut dire que le root login est possible ou qu'il est impossible ?
Y'a (commenté) PermitRootLogin prohibit-password (qui me paraît une option acceptable, non ? ça veut bien dire qu'on ne peut s'y connecter qu'avec une clé ssh autorisée ?) mais y'a rien d'autre sur RootLogin, ni commenté ni décommenté...
edit : on m'a gentiment répondu RTFM et en effet le manuel a la réponse
I have moved my blogs to my @OpenBSDAms VM, as I need that 1 euro small VM for some tests (spoiler: chatmail server for Delta Chat). The DNS TTL is set to 300 seconds, which is 5 minutes. After more than 30 minutes, some hosts are still connecting to that old record.
I agree with @nuintari - the problem usually isn't the DNS but the MISCONFIGURED dns. And it's full of them, out there.
Line go up! 
Alt...
Screenshot of DOwndetector.com showing multiple services experiencing massive outages, indicated by little red graphs going up sharply.
Services visible: AWS, Amazon Alexa, Ring, Robinhood, Max, Chime, Venmo, McDonalds, Spectrum.
This morning, this is extremely appropriate (even if I yell at cloud when it's working, too)
#AWS #AWSDown #AWSOutage #IT #SysAdmin #OwnYourData #Decentralize
Alt...
The meme "old man yells at cloud" but instead of Abe, it's me
![[?]](https://static.piaille.fr/accounts/avatars/109/343/332/935/811/275/original/5c7869043380d9ee.png)
Backup stratégies I've used over the years.
https://ludovic.hirlimann.net/2025/08/a-lifetime-of-backups.html
Is there a way to manually prefilter an #email account?
This morning, a dev I work with flagged a server that was struggling. I logged in and, unfortunately, a bunch of "Scrapers" were hammering it, causing an overload. This dev is very sharp and understood the situation. He started extending the caching margins. I prepared a list of countries of interest and, using pf, blocked the rest of the world.
The load plummeted, and the client doesn't care about their products being visible outside of specific markets.
Shortly after, a similar situation on another server I manage (subcontracted, to be precise). I didn't know this dev and saw there was no caching in place, so I spoke to him and asked him to implement it. His response, sadly predictable, was that another one of his clients just moved to $CLOUD_PROVIDER and no longer has these problems, simply paying more when these "attacks" become more intense. I suggested he try enabling caching and thinking about their markets of interest. He's a positive person, so he agreed to give it a shot. A short while later, just by adding Varnish and some good VCL, the load dropped from 100% to 5%. Without any blocking.
He called me a little while ago, incredulous and happy.
It's always a pleasure to work with people who are willing to experiment, explore, and listen. With people who don't just follow the herd or ad banners, but who think for themselves. I've earned myself a walk outside the office now.
![[?]](https://files.mastodon.social/accounts/avatars/000/035/310/original/43aec69802c8a4c9.jpg)
Disk drive people, sysadmins, etc: would you expect NVMe SSDs to be appreciably faster than SATA SSDs for a relatively low bandwidth fsync() worklog (eg 40 Mbytes/sec + lots of fsyncs)?
My naive thinking is that AFAIK the slow bit is writing to the flash chips to make things actually durable when you ask, and it's basically the same underlying flash chips, so I'd expect NVMe to not be much faster than SATA SSDs on this narrow workload.
Crash serveur (saturation mémoire), il ne reviens en pas au reboot et c'est le seul (vieux) serveur sans accès kvm!
Bon, je peut vous dire que l'on maîtrise la restauration depuis les backups...
Et que puppet (ou tout autre outils de gestion de conf), c'est génial pour remettre en service ailleurs from scratch !
On va dire qu'aujourd'hui j'ai bien mérité mon salaire, j'allais dire: pour une fois! mais j'ai de plus en plus de collègues sur mastodon, faut dire que cette manie d'envoyer les propositions de postes sur le fedivers...
En vrai, ça m'a fait plaisir de voir qu'on a eu presque que 5 heures d'interruption d'un service. Et encore c'est principalement du temps de restauration.
New blog post: N4SA2e Print Sponsor Address Check
If you want to see the #sysadmin Baby Jesus cry, there's a link for that.
TFW you copy-and-paste your error message into your least loathed search engine and it produces one result, in a language you don't speak and that can't be auto-translated. #sysadmin
(because y'all'll ask: it's "/usr/local/sbin/vm: ERROR: cannot use ZVOL storage unless ZFS support is enabled" )
Moi : Oui bonjour, pourriez-vous me fournir un nouveau fichier de configuration OpenFortiVPN pour accéder à nos machines chez vous ?
Le sysadmin : malheureusement nous ne fournissons pas de fichier de config. Pourriez-vous tester l'accès sur un poste normal (Windows) ?
La parenthèse qui fait mal.
#Linux can lock accounts after login failures. For example, edit `/etc/security/faillock.conf` to set `deny=5` (lock after 5 failures) and `unlock_time=900` (15-minute lockout).
🔗 Learn more in my course: https://monospacementor.com/courses/linsys-1/
Enterprise world, today
Alt...
A 3-panel "Boardroom Suggestion" meme with the following content:
Panel 1: In a boardroom, an angry boss slams his hands on the table and says to his employees, "We need stability and reliability. Share your plans".
Panel 2: The employees offer their suggestions. The first man says, "Kubernetes and DevOps!". The woman says, "Mooar Powaaar!". The third man, casually leaning on his hand, suggests, "An efficient OS - FreeBSD?".
Panel 3: A split panel showing a close-up of the boss's furious face, while in the background, the man who suggested FreeBSD is being thrown out of the high-rise office building's window.
Dis-moi , si un professionnel (médecin, avocat, notaire, petit entrepreneur...) veut arrêter de faire n'importe quoi niveau informatique et demande à ce qu'on l'aide à mettre en place les bonnes pratiques (passage au libre, chiffrement des données et des communications, isolation du réseau, sauvegardes automatiques, respect du RGPD, etc...), est-ce qu'il existe des guides complets sur ce qu'il faut faire ?
![[?]](https://hostux.social/system/accounts/avatars/000/194/506/original/96c70aa837013a92.png)
Andrew Engelbrecht, a previous #SysAdmin at the #FSF, created Open Alert Viewer, a #libre phone and desktop app that makes receiving network and server alert notifications on your phone and desktop easy. Check it out here: https://u.fsf.org/483
Great success! I've returned my instance back to local storage, all in aid of reducing costs in other cloud platforms.
I had set up nginx to cache my S3 media in SSD cache space, so now I need to modify that config to do the same for my media living on high-capacity spinning rust.
I know that as a small instance this isnt really needed, but who knows, maybe I'll have a sudden influx of new users and will be glad of having it set up!
Keep your FreeBSD system cool with built-in temperature monitoring!
No ports needed, just sysctl and a simple shell script. Perfect for FreeBSD 14.x users who want lightweight, dependency-free thermal monitoring.
Quick, practical, and very Unix.
https://codeberg.org/Larvitz/gists/src/branch/main/2025/20251009-FreeBSD_Temp-Monitoring.md
This week i've done my (Big) mistake (of the week).
Nothing destroyed, no interuption, no worse : a silent error.
I've broke the puppet configuration with a syntaxe mistake on hiera.yaml...
I would I figured out eventually, but m'y coworker was faster (and clever) and find it before me ...
And you how is you're week?
#sysadmin #puppet #confMgmt #mistake
Cómo instalar Virtualbox 7.2 y vagrant 2.4.9 en Debian 13 Trixie
Actualmente en Debian 13, incluso con los repositorios unstable activos la versión más reciente de Virtualbox que se puede instalar es la 7.0. A mí me está dando muchos problemas ya que no se compila bien el kernel 6.16. La única manera que he conseguido de arreglarlo es instalar Virtualbox 7.2. Como uso Vagrant para gestionar las máquinas virtuales creadas con Virtualbox, he necesitado actualizar a Vagrant 2.4.9 ya que las versiones anteriores no son compatibles con Virtualbox 7.2. La versión más reciente en los repositorios de Debian es la 2.3.7, así que la versión 2.4.9 hay que instalarla desde otras fuentes. [SENSITIVE CONTENT]
Actualmente en Debian 13, incluso con los repositorios unstable activos la versión más reciente de Virtualbox que se puede instalar es la 7.0. A mí me está dando muchos problemas ya que no se compila bien el kernel 6.16. La única manera que he conseguido de arreglarlo es instalar Virtualbox 7.2. Como uso Vagrant para gestionar las máquinas virtuales creadas con Virtualbox, he necesitado actualizar a Vagrant 2.4.9 ya que las versiones anteriores no son compatibles con Virtualbox 7.2. La versión más reciente en los repositorios de Debian es la 2.3.7, así que la versión 2.4.9 hay que instalarla desde otras fuentes.
Instalar Virtualbox 7.2 en Debian Testing Trixie
Hay que añadir el repositorio de Oracle para poder instalar la última versión 7.2. En la página oficial de Virtualbox se puede encontrar el procedimiento:
deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian trixie contrib
En mi caso uso la nueva sintaxis de fuentes de apt. Si es el caso hay que crear el archivo virtualbox.sources en /etc/apt/sources.list.d/ con el siguiente contenido:
Types: debURIs: https://download.virtualbox.org/virtualbox/debianSuites: trixieComponents: contribSigned-By: /usr/share/keyrings/oracle-virtualbox-2016.gpg
Luego hay que descargar la clave pública del repositorio de Oracle y añadirla al keyring de apt:
wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor
Y por último actualizar los índices de paquetes de apt e instalar Virtualbox 7.2:
sudo apt updatesudo apt install virtualbox
En el repositorio de Oracle están disponibles las versiones 7.1 y 7.2, así que se puede instalar también la 7.1, aunque a mí no me solucionaba el problema.
Instalar Vagrant 2.4.9 en Debian Testing Trixie
Para instalar la versión 2.4.9 de Vagrant hay que añadir el repositorio de hashicorp. En la página de Hashicorp, la empresa que desarrolla Vagrant, se puede encontrar el procedimiento para añadir sus repositorios e instalar Vagrant.
Primero añadir la nueva fuente a apt:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
En mi caso, de nuevo, con la nueva sintaxis de apt, en vez del comando anterior hay que crear el archivo vagrant.sources en /etc/apt/sources.list.d/:
Luego hay que descargar la clave pública del repositorio de Hashicorp y añadirla al keyring de apt:
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
Actualizamos ahora los índices de paquetes de apt:
sudo apt updatesudo apt install vagrant
En mi caso, como tengo configurado también el repositorio unstable de Debian para ciertos paquetes, para poder instalar vagrant desde el repositorio de hashicorp es necesario darle a éste prioridad sobre el unstable, porque si no se seguirá teniendo como última versión la 2.3.7 y no la 2.4.9. Para ello hay que incluir la excepción en un archivo con un nombre cualquiera, por ejemplo vagrant.preferences, en la carpeta /etc/apt/preferences.d/:
Package: vagrantPin: release a=trixiePin-Priority: 1200
El valor de Pin-Priority tiene que ser mayor que el del repositorio unstable.
Para instalarlo:
sudo apt install -t trixie vagrant
One hour left to get the "Networking for System Administrators, 2nd ed" special version, or the cover painting! Or just get the book before retailers. #kickstarter #sysadmin
The "Networking for System Administrators" #kickstarter is on its last day. Back this book, get four #sysadmin ebooks!
The last stretch goal got broke late yesterday. Today, it's jumped halfway to the next one. It might--MIGHT--fall, making the reward FIVE books?
Don't ask me why, but I'm not happy:
https://uk.finance.yahoo.com/news/qualcomm-to-acquire-arduino-amid-edge-computing-push-130012919.htm
boostedindexing #n4sa2e and came across this tidbit. #sysadmin #understatement
Alt...
Put your public-facing authoritative and recursive nameservers on different machines. The twentieth-century practice of combining authoritative and recursive DNS on one machine led to many security problems. In hindsight, the “store the sacrosanct Single Source of Truth for our company’s public face” function and the “collect and cache random data from any system anywhere on the Internet” function should not share one memory stack.
Nine hours left to back this one #sysadmin book and get three bonus ebooks.
https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition #n4sa2e
Tonight at 9PM EDT, I get to shut the hell up.
Until then, I gotta say: the "Networking for Sysadmins" #Kickstarter is on its last day. All backers get four bonus #sysadmin ebooks!
https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition
In brazen jungle marketing move @mwl reminds us you can get viruses from BSD [conferences][0]
While considering his security books remember he has a kickstarter for the next version of his networking for sysadmins book[1]
His books are delivered secured in plain brown cardboard to protect them from viruses while in the postal net
But also wear a mask and get vaccinated
You can even buy the cover
ENDS TUESDAY
[0] https://mastodon.social/@mwl@io.mwl.io/115306447433635372
[1] https://mastodon.social/@mwl@io.mwl.io/115329295183837529
boosted"Networking for System Administrators" broke another stretch goal, so all backers get four #sysadmin books!
One day remains. It might--MIGHT--go up to five books? Dunno.
![[?]](https://files.mastodon.social/accounts/avatars/114/368/991/106/654/640/original/53b5d06197b40028.png)
🆕 openSUSE Leap 16 is out, featuring major upgrades:
– Built on SUSE Linux Enterprise 16 for seamless migration & enterprise-level QA 🔧
– 24 months free support, with updates planned till 2032 🛡️
– New web-based Agama installer supports remote setups 🌐
– SELinux now default for stronger security 🔒
– Wayland-first, 64-bit only, Y2038-ready 💻
🔗 https://news.itsfoss.com/opensuse-leap-16-release/
#TechNews #Linux #OpenSUSE #FOSS #OpenSource #CyberSecurity #Wayland #SELinux #InfoSec #SysAdmin #DevOps #Privacy #Cloud #Software
31 hours left!
The "Networking for System Administrators" #Kickstarter is now $153 from all backers getting FOUR #sysadmin books!
Sponsoring new work aside, it's a heck of a deal.
36 hours to go on the "Networking for System Administrators" #Kickstarter, and it's <$400 from all backers getting FOUR #sysadmin books!
Plus, you know, fighting less with the network team and all that.
tootctl media remove --days=7ETA: 41:56:22
Ah. This'll take longer than just a single coffee break. Ah well. See you all on the other side of a great media purge!
After that, it's syncing my B2 bucket back to my local disk!
#sysAdmin #Niche #Ansible #Debian
Utiliser des paquetages de Debian unstable via Ansible : https://www.bortzmeyer.org/ansible-debian-unstable.html
Three days left on the "Networking for System Administrators" #kickstarter. Every #sysadmin should know what's in this book.
Last chance to get the special edition, yes, but also the first chance to get the ebook or paperback!
I would appreciate your support.
Network admins who disable ICMP: do you also take the numbers off the front of your house to keep the burglars out? #sysadmin
Four days left on the "Networking for System Administrators" #kickstarter! Back this campaign, get at LEAST three #sysadmin books.
Actually reading it will help you achieve peace with your network team.
Five days left on the "Networking for System Administrators" #Kickstarter. Backers get two bonus Unix books so far. It might be more. Depends on how high it goes.
If you're a #sysadmin sick of fighting with the network team, this book will help you. #n4sa2e
boostedBack the "Networking for System Administrators" #kickstarter and get 3 #sysadmin books!
As the backers go up, so do the free books.
The "Networking for System Administrators" #Kickstarter broke $20k! All backers get not one, not two, but THREE #sysadmin books!
Thanks, everyone!
The "Networking for System Administrators" Kickstarter is now less than $200 from all backers getting three #sysadmin books!
Proper services https://anarc.at/blog/2025-09-30-proper-services #debian-planet #debian #sysadmin
One week left on the "Networking for System Administrators" #Kickstarter!
Back it and also get a free ZFS book, plus we're super close to a free SSH book.
Alt...
Ad for "Networking for System Administrators, 2nd ed." Text reads "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The choice is yours."
Nine days left on the "Networking for System Administrators" #Kickstarter! https://mwl.io/ks #sysadmin #n4sa2e
Your network team wants every #sysadmin to read this book.
Ten days left! I would appreciate your support.
https://mwl.io/ks #kickstarter #n4sa2e #sysadmin
Alt...
ad for "Networking for System Administrators, 2nd ed" Kickstarter. Text reads: TCP/IP: Where the rubber meets the road. Someone's gotta steer. It could be you. Kickstarter closes 7 October 2025.
Once again my personal web server is on its knees, this time thanks to Amazon who's probing a non-existent Health Check endpoint with a rare intensity. In the Apache access log, it looks like this:
<domain>:80 15.177.10.187 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.26.71 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.42.155 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.30.95 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"
<domain>:80 15.177.50.106 - - [25/Sep/2025:22:04:50 +0000] "GET /ok HTTP/1.1" 404 457 "-" "Amazon-Route53-Health-Check-Service (ref 0c1421fb-b0fe-4dbd-af57-dc05457a9d2e; report http://amzn.to/1vsZADi)"I followed the link provided and submitted a report, but I'm guessing they are only handled during US business hours. To be able to access my other web sites, I took offline the target vhost, and Amazon immediately switched to another one. I filed a report, took it offline, etc... Four vhosts down the line, the web form prevented me from submitting yet another report because of a rate limiting feature.
I am seething with rage and I want AWS IPs off my web server, but I'm off my depth in system administration. I see I could do it with iptables (by compiling a list of IP blocks from the JSON provided by Amazon) and I was hoping fail2ban would have a ready-made jail, but it seems to be meant for repeated authentication errors, not for crawler errors.
Neither of these solutions feel workable, would anyone have an easier method to cut AWS off my box?
Thanks a bunch!
Fixing the “Kernel Panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)” Error After Upgrading Ubuntu
There's a #bug in the #NextCloud updater, where it complains about an extra file found called `REUSE.toml`. According to https://github.com/nextcloud/server/issues/55111 it's safe to remove the file by hand and retry the upgrade.
In a little more than half an hour (17:00 UTC), it's time again for our weekly livestreamed #Linux #SysAdmin course! Today, we'll look at all the essential features of the Linux shell.
Sign up and join us live: https://monospacementor.com/courses/linsys-1/free-livestream/
Almost 20k second free ebook on the horizon
Networking for System Administrators (2nd Edition) by Michael W Lucas — Kickstarter
https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition/
Computers were a mistake.
So were networks.
When they overlap, you're in trouble. A #sysadmin must know some networking.
How much? This much. https://mwl.io/ks #kickstarter #n4sa2e
For a #sysadmin, networking knowledge is the difference between a bad day and a routine one.
Alt...
Isn't your forehead getting sore from beating against all those brick walls? Tear one wall down! On Kickstarter 16 September-7 October
![[?]](https://files.mastodon.social/accounts/avatars/000/025/491/original/fc4d5c73605d6965.png)
Whatever I do in my work as a #sysadmin be it writing yaml for Ansible or Salt or programming, I always go back to #vim (or nowadays #neovim) on my local machine. I don’t even know why it feels so annoying to switch between a a non-cli editor like VS Codium, Pycharm, etc, even emacs and my terminal.
Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.
The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.
The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.
The result:
- systemd stops Nginx.
- Port 80 becomes free.
- certbot, in standalone mode, immediately grabs it for validation.
- systemd tries to restart Nginx, which fails with "Address already in use".
The web server was knocked offline by its own certificate renewal script.
I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.
systemd was doing its job, but something failed because of the interactions.
Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.
Has anyone experienced this? Could this be a networking issue, a storage bottleneck, or something else? I’d appreciate any insights.
(5/5)
#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech
I had to force shutdown the server and restart. I get why the PBS VM might crash - 4 GB RAM, 2 CPU cores, and my internet speed maxes out at 60-70 Mbps - but why does the host server itself hang?
(4/5)
#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech
Here’s the problem: when I try backing up a VM from another server (Proxmox 1), the VM is 300 GB but only ~30 GB used. Everything is fine until it hits 34% (104 GB), then the PBS VM and the host server become unreachable.
(3/5)
#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech
I run Proxmox Backup Server (PBS) in a VM on one of my servers - let’s call it Proxmox 2. PBS uses 100 GB of cache storage because I’m using S3 as a datastore. Chunks are stored in the cache before uploading to S3.
(2/5)
#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech
I solved one issue, and now two more popped up. My Proxmox backups were super slow because of my router. I got a Netgear GS108E Gigabit switch, and now backups are way faster. 🎉
(Please boost 🙏 .. Need urgent help)
(1/5)
#sysadmin #system #homelab #selfhosting #linux #proxmox #opensource #tech
boostedI have a new #sysadmin book in #kickstarter right now.
if you've ever gotten annoyed with your network admins, try reading https://mwl.io/ks #n4sa2e
81.30.107.134, qui essaie des noms d'utilisateur sur le port de soumission SMTP, vient de tenter sa chance avec "Reception123". Il y a vraiment des comptes avec ce nom là ?
OPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection. - OPNsense -
https://opnsense.org/
#networking #sysadmin #freesoftware #jpol2025
via https://magicfab.ca/liens
boostedFor the weekend crowd: "Networking for System Administrators, 2nd ed" is now live on #Kickstarter! Back it and get a free ZFS book.
![[?]](https://files.sfba.social/accounts/avatars/109/390/941/867/145/185/original/17ee2851fbce348c.jpg)
#TIL #Linux can defragment the memory! It's called compaction:
https://www.kernel.org/doc/html/latest/admin-guide/sysctl/vm.html#compact-memory
![[?]](https://media.illumos.cafe/icmedia/accounts/avatars/115/037/536/526/882/804/original/78d2593b414e139b.jpeg)
![[?]](https://is-a.cat/system/accounts/avatars/108/675/359/091/569/719/original/f0fdf31423871eb6.png)
boostedAn author is biased.
But here's what a real network engineering manager thinks of "Networking for System Administrators." Sorry for the noise, but it was recorded in an actual data center. #n4sa2e #kickstarter #sysadmin
In less than 2 hours, we're starting the second livestream session of my course "Basic Linux System Administration". Today, we're covering important fundamentals: The shell and the vim editor.
https://monospacementor.com/courses/linsys-1/free-livestream/
Join us for free on one of my livestream channels!
#Linux #Sysadmin #SelfHosting #SystemAdministration
![[?]](https://pwet.what.tf/media/2e2fd0ca-0820-430c-8450-ef9b41ed09b5/rodolphe_small.jpg)
https://rodolphe.breard.tf/article/ma-config-ssh/
Gonna have to do a bunch of Debian manual installs for #openzfsmastery, so I'm installing on a flash drive that I can move between test hosts. Yes, I have the live CD, but I want a user account with SSH keys and static IP and all that.
Filesystems. Ugh. #sysadmin
"Networking for System Administrators, 2nd ed" is now live on Kickstarter! It broke $10k, which means all backers also get a bonus ebook on ZFS. #sysadmin
Alt...
ad for N4SA2e. Text reads: "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The choice is yours.
The new edition of "Networking for System Administrators" went live on #Kickstarter today.
Next stretch goal: everyone gets a bonus #ZFS book. #n4sa2e #sysadmin
Alt...
ad for the "Networking for System Administrators" Kickstarter, with book on phone & paper. Text reads: "Option 1: Spend days arguing with the network team. Option 2: Read a book and be left in peace. The Choice is yours."
VMWare made their hypervisor free for home lab use again?
Huh. Imagine that.
Anyway, bhyve and kvm... #sysadmin
Currently waiting https://www.kickstarter.com/projects/mwlucas/networking-for-system-administrators-2nd-edition , I find @mwl 's technical books to be very readable, and I learn something each time I read one.
boostedNext Tuesday, "Networking for System Administrators" launches on Kickstarter. https://mwl.io/ks
If you have any interest, I'd appreciate a follow. KS uses follower count and first-day backers to determine how much they'll promote it for me. #sysadmin
Friday @homelab #sysadmin round. `dnf update; reboot` on all Homelab machines and my VPSes out there. Connected the APC UPS (BX500MI) and installed `apcupsd` on my management machine, so my Homelab can safely survive power outages. I now also know that the complete homelab uses 30W :) (I always do the updates on a Friday. In case of something breaking, I have the weekend to fix. These are my private machines after all.)
![[?]](https://hostux.social/system/accounts/avatars/109/302/920/015/525/774/original/195d68b4084d3e91.jpeg)
Si on veut faire un serveur de stockage compatible #S3 vous recommandez un logiciel en particulier ?
(en général je suis sous #linux mais on peut mettre du BSD si vraiment il faut)
[EDIT: on me suggère Garage https://garagehq.deuxfleurs.fr/ qui a l'air trop bien, je vais essayer !]
Can any #AWS nerds out there help me figure out how to transfer a file from a server inside an AWS container to my local computer? I normally would do this with SCP, but I have no idea how to reference the remote virtual server as I don't have a hostname or an IP address.
I have keys for the instance and I'm able to ssh into the server after I run a start-session like so:
aws ssm start-session --target i-01234567890
I've been tunneling into this server and then transferring the file to a physical server and then using SCP to get the file from that server instead, but that's a chore.
Is there any way to shortcut this and just get my AWS client to let me download the file directly?
The feeling when the last successful thing you did on the filesystem before it broke was pushing your work for an important project to a git server...
Phew.
Also - good I have recent backup so I can recover everything else.
#sysadmin #git
#dataloss #backup #BorgBackup #Borg #Vorta #btrfsTransIdVerificationFailed
Alt...
Screenshot of a colorful (RED) dmesg log showinbg Btrfs fiulesystem errors.
Exact text below:
BTRFS error (device sda): parent transid verify failed on logical 10038756720640 mirror 1 wanted 110571 found 110645
BTRFS error (device sda): parent transid verify failed on logical 10038756720640 mirror 2 wanted 110571 found 110645
BTRFS: error (device sda: state A) in __btrfs_free_extent:3092: errno=-5 IO failure
BTRFS info (device sda: state EA): forced readonly
BTRFS error (device sda: state EA): failed to run delayed ref for logical 10037305835520 num_bytes 16384 type 176 action 2 ref_mod 1: -5
BTRFS: error (device sda: state EA) in btrfs_run_delayed_refs:2165: errno=-5 IO failure
(...)
Alt...
Screenshot from a pivate Forgejo instance showing:
"unfa pushed to main at unfa-games/game-02 12 hours ago"
Now that OpenBSD-current is 7.8-beta, it is time to reprise "You Have Installed OpenBSD. Now For The Daily Tasks." https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html (tracked version https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html) to prepare :)
#openbsd #newrelease #78beta #upgrading #sysadmin #unixlike #devops #development
![[?]](https://mastodon.sdf.org/system/accounts/avatars/000/024/868/original/4515c312b31aec06.jpg)
@maphew My situation is similar to yours, as I'm not really a developer (rather a #Sysadmin)... but I like to provide nice stuff from time to time. Heavily biased, as I like both #Python and #KDE / #Qt very much. So with all those disclaimers disclaimed:
#QtDesigner, which works great with #PyQt might be right for you.
Here's a nice introduction:
https://realpython.com/qt-designer-python/#creating-a-dialog-with-qt-designer-and-python
Let us know about what you choose and how it went!
If you want to raise your shell scripts to a new level, give `shellcheck` a try! It'll give you valuable feedback on the style of your shell code and on possible issues with it.
(Also: Know when to switch to a proper programming language.)
#TIL there's and RFC about how NOT to name your computers. As a cow-orker says, not an Apr01 RFC.
> One machine was named "up"[...] Conversations would sound like this: "Is up down?"
sept. 08 16:32:21 mx postfix/smtp[123398]: 2AD809CC7B2: to=#sysadmin, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1b]:25, delay=0.98, delays=0.06/0.01/0.41/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1757341941 ffacd0b85a97d-3d92d5197acsi11914604f8f.162 - gsmtp)
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/672/249/979/877/917/original/8270c7333033effb.jpg)
Sometimes you need to run some scripts on your infrastructure and Puppet Enterprise Tasks feature gives you that option to do run an ad-hoc task on target environments with either an agent or agentless. Get a quick walk through with Barr and Stephen on how to execute a reboot on a target system so you can get an idea of how this works!
If your terminal ever gets confused by random control sequences, for example after you accidentally output binary data, there's a good chance you can restore order with the `reset` command.
* les croquettes sont mangées (et sont plutôt bonnes).
* le serveur de mail reçoit des mails de l'extérieur \o/
* par contre _impossible_ d'en envoyer....
je crois que le #sysadmin à oublié un petit détail : free bloque le port 25 en sortie...
a priori pas moyen de l'ouvrir tout seul...
quelqu'un connaît un #adminsys chez #free ?#CestPasPourUnAmi !
![[?]](https://files.mastodon.social/accounts/avatars/000/032/668/original/76808fc2e57e777b.png)
I’m looking for an app (ideally on Linux) that can scan a local SMB network periodically, pick all shared files and create an incremental backup. Is there such a thing ?
In a perfect world, this could upload an encrypted copy onto an external storage (OneDrive, Google Drive, whatever) and there would be a way to get back N days in time, because shit happens.
Boosts appreciated. :-)
![[?]](https://files.mastodon.social/accounts/avatars/114/406/659/686/570/731/original/440a290360d1f50c.png)
2.5 Admins 263: Seagate RAID
McDonald’s IT systems seem to be riddled with 90s-style coding errors, we finally know where the fraudulent hard drives came from, when IT workers go rogue, and ZFS on root without using FreeBSD or Ubuntu.
https://2.5admins.com/2-5-admins-263/
Alt...
2.5 Admins artwork
The /proc filesystem was a genius idea giving the #sysadmin direct control of the Linux kernel. In this article, David Both explains how to change kernel parameters at runtime.
I just had the misfortune of dealing with #Cisco "Secure E-mail" while dealing with a client and I must say its just red flags all over the place for me.
I'm sent an E-mail with an HTML attachment and told to save it and load it into my browser from my drive.
I would never advise a client to follow these instructions because of the potential dangers of saving and loading HTML files from attackers.
This then takes you on a ride to a sign up page ...
#security #sysadmin #email #encryption
Q: How do you figure out whether intermittent network issues are being caused by your computer's network connection vs. upstream packet loss?
Symptoms: A few times per hour I get a network connection failure, but when I repeat whatever just failed it works fine the second time. Some of these failures are reporting "Network as unreachable" as the error.
What are your favorite Linux-based tricks for debugging something like this?
More details in the replies.
#SysAdmin #Networking #Linux
Come to Zagreb September 24-28, 2025 and geek out with other BSD people at EuroBSDcon!
See https://2025.eurobsdcon.org/
Program https://events.eurobsdcon.org/2025/schedule/
Registration https://2025.eurobsdcon.org/registration.html
#openbsd #netbsd #freebsd #zagreb #eurobsdcon #conference #freesoftware #libresoftware #development #devops #sysadmin #networking #security
In case you only show up here on US holidays:
The #kickstarter for "Networking for System Administrators, 2nd ed" launches 16 September. I would appreciate your support. #sysadmin #n4sa2e
JVM essentials for Elasticsearch: Metrics, memory, and monitoring | Elastic Blog
https://www.elastic.co/blog/jvm-essentials-for-elasticsearch
Just published a comprehensive FreeBSD Cheat Sheet for Linux Admins!
Covers all the essentials:
- Hardware info (pciconf → lspci)
- Network commands (sockstat is amazing!)
- Disk management & ZFS operations
- Service management differences
- Package management across systems
Perfect for Linux admins diving into FreeBSD or anyone working across both systems. Includes 100+ command comparisons and real-world examples.
https://codeberg.org/Larvitz/gists/src/branch/main/2025/20250829-FreeBSD_CheatSheet_Linux.md