Technology
I Switched to Jellyfin and Never Looked Back: When Plex Hit $250
After Plex Pass's pricing policy change, I detail my experience switching to Jellyfin, from setup to performance, security to user experience…
#linux
55 posts found.
Tutorials
Securing a Server in the First 45 Minutes: VPS Hardening Checklist
I've shared my experiences on how to harden a new VPS with essential security steps in the first 45 minutes. SSH, firewall, and user management.
Tutorials
6-Watt Home Server with N100 Mini PC: Homelab from Scratch in 2026
A step-by-step guide on how to start a homelab from scratch in 2026 by setting up a low-power (6W) home server with an Intel N100 processor mini PC.
Tutorials
I Deleted Google Photos: All My Memories to My Own Server with Immich
I detailed my transition from Google Photos to Immich, the challenges I faced, and the specifics of photo management on my own server, step by step.
Career
Kernel CVE Response Pattern: A Practical 3-Step Approach
Learn how to respond quickly and effectively to critical CVEs in the kernel with a practical 3-step approach.
Career
Kernel CVE Response: 3 Priorities for Infrastructure Professionals
I analyze 3 steps infrastructure managers should prioritize when responding to critical kernel CVEs, based on field experience.
Tutorials
My Favorite Linux Commands: My Silent Heroes in the Console
As a system architect for 20 years, I'm sharing the Linux commands that have saved me the most time, helped me solve the deepest problems, and are always at my.
Career
CI/CD for Side Projects: 3 Pragmatic Design Choices
I explain how I set up CI/CD processes in my side projects using pragmatic approaches and the challenges I encountered during these processes.
Career
Three Challenging Aspects of the Kernel CVE Patching Process: My
I examine three critical challenges in the Linux kernel CVE patching process, with concrete examples and practical solutions.
Life
Kernel CVE Response: The Unexpected Bill of Delaying
We examine why delaying responses to kernel security vulnerabilities can be costly with concrete examples. Read to understand the price of procrastination.
Career
Security Patching on My Own VPS: Hours Stolen from a Client Project
I explain step-by-step a security vulnerability encountered during a client project and how I patched it on my own VPS. Lessons from field experience.
Life
✍️ Hand-written
Swap Fire on My VPS: A Nightmare That Started with a Kernel CVE Patch
I detail the process that began with my VPS's swap usage suddenly spiking and the system crashing, including the kernel CVE patch and the steps I took to.
Technology
✍️ Hand-written
The Silent Death of the System: OOM Killer and My VPS Journey
A detailed look at the Out-of-Memory (OOM) Killer incidents I experienced on my VPS, the intricacies of system memory management, and the silent deaths caused.
Tutorials
7.6 GB VPS Swap Fire with Docker: A Kernel Patch Nightmare
A practical guide to swap issues encountered when using Docker on small VPS instances and kernel patch solutions. Detailed analysis with my experiences.
Tutorials
✍️ Hand-written
Swap Fire: My Kubernetes Experiment on a 7.6 GB VPS
A pragmatic analysis of swap memory issues and their solutions encountered while experimenting with Kubernetes on a small VPS.
Technology
✍️ Hand-written
Moving My GitHub Actions Runner to My Own VPS
A step-by-step guide on how I moved my GitHub Actions runner to my own VPS and reduced costs, while meeting my specific needs.
Tutorials
Guide to Detecting and Limiting Resource-Hog Containers on a VPS
I'm sharing a step-by-step guide on how I identified resource consumption issues on my own VPS and applied limits to Docker containers.
Career
✍️ Hand-written
Docker Disk Fire: Root Cause Analysis on My 7.6 GB VPS
I deeply investigated Docker disk space issues on a small VPS, from image layers to logs, and shared practical solutions.
Life
✍️ Hand-written
Swap Fire on My 7.6GB VPS: A Nightmare That Started with a Kernel
Swap usage on my VPS suddenly spiked. I detail the root cause, solution, and lessons learned from this issue that began with a kernel CVE patch.
Technology
Kernel Memory Wars: The Hidden Swap Trap and Its Solutions
Want to understand the hidden swap trap on Linux systems and learn memory management strategies for high-performance systems? Detailed…
Tutorials
Hidden Kernel Panic Battles: System Betrayal in Production
A field guide to understanding, preventing, and recovering from kernel panics in production. How to keep your systems stable.
Tutorials
Session Recording on the Bastion: tlog + sudo I/O + SSH Audit Pipeline
Making privileged access visible on the bastion: tlog/sudo I/O logging, the access model and a SIEM pipeline.
Tutorials
Core Dump Management and Privacy Runbook with systemd-coredump
Collecting core dumps in production: limits, retention, encryption, access and a practical runbook for safe analysis during an incident.
Tutorials
Centralized Logging with systemd-journal-remote: mTLS and Retention
A practical setup and runbook for shipping journald logs over mTLS to a central collector — without adding agents — while running a disciplined disk budget…
Tutorials
Linux kdump: Kernel Panic Crash Dump and Triage Runbook
Walks through kdump installation, validation and a sustainable production dump retention flow so you can capture vmcore and triage quickly when a kernel panics.
Tutorials
Linux SoftIRQ Saturation and IRQ Affinity Runbook
Quick triage, measurement and safe tuning steps (ring, queue, IRQ, RPS) under packet drops, high softirq load and ksoftirqd pressure.
Tutorials
Golden Image Pipeline with Packer: CIS Baseline and Patch Strategy
A golden image approach that hardens and tests the server image at build-time, accelerating patch, drift and emergency CVE workflows.
Tutorials
Zero-Downtime Restart with systemd Socket Activation
A runbook for shrinking deploy impact by separating connection acceptance into a socket unit, so the listening port never drops during service restarts.
Tutorials
✍️ Hand-written
Self-Healing Services with systemd Watchdog
Reduce 'stuck but not dead' failures with systemd WatchdogSec + notify: unit configuration, restart policy, and alarm integration.
Tutorials
Packet Capture in Production with tcpdump: A Runbook
Practical tcpdump techniques for collecting minimal-yet-sufficient packet evidence during incidents: filters, snaplen, ring buffer, privacy, and handover…
Technology
Kernel Live Patching and a Maintenance Model on Enterprise Linux
Managing kernel security patches without reboot pressure: a live-patch approach, the risks, a ring strategy, and operational discipline.
Tutorials
An NTS and NTP Hardening Runbook with chrony
A practical chrony runbook for enterprise servers covering secure NTP (NTS), access restrictions, verification commands, and alarm thresholds.
Tutorials
Server Inventory and Security Signals with FleetDM + osquery
Turn 'what's on which server?' into a living inventory; a guide for scaling osquery queries with FleetDM into operational and security signal.
Tutorials
A Safe Migration Runbook from iptables to nftables
Reduce risk while moving production firewall rule sets from iptables to nftables using observability, wave-based rollout, and fast rollback.
Tutorials
SSH + FIDO2: Phishing-Resistant Admin Access (Practical Runbook)
Hardening admin access with OpenSSH security keys (ed25519-sk) using PIN + touch confirmation, while keeping break-glass scenarios intact.
Tutorials
Short-Lived SSH Certificates with an OpenSSH CA
An OpenSSH CA-based approach to set up auditable, time-bound SSH access in place of shared bastion accounts and long-lived keys.
Tutorials
Hardening Services with systemd Sandboxing (ProtectSystem…
Constrain services into a tighter permission set without changing the application itself: filesystem, capability, syscall, and network limits.
Tutorials
Privileged Command Monitoring Runbook on Linux with Auditd
A practical approach that makes privileged operations observable and auditable in production using sudo, auditd rules, and log forwarding.
Tutorials
Linux Conntrack Capacity Planning and Alerting Runbook
A practical guide for generating signals before the nf_conntrack table fills up, applying safe sysctl tuning, and recovering in a controlled way during an…
Tutorials
Linux TCP Backlog and SYN Flood Resilience Runbook
A runbook to triage the connect timeout crisis when the SYN backlog/accept queue fills up, apply rapid mitigation, and design lasting resilience.
Tutorials
Cgroup v2 Memory Pressure Runbook with systemd-oomd
PSI, systemd-oomd policy, testing, and recovery steps to catch a node OOM crisis early and evict workloads in a controlled way.
Tutorials
systemd-Based Service Containerisation with Podman Quadlet
A practical way to manage server services with systemd and Podman Quadlet, free from the Docker daemon dependency.
Tutorials
Service-Based Linux Hardening with AppArmor
An AppArmor guide for securing server services through process-level constraints rather than generic hardening.
Tutorials
An Egress Traffic Policy Layer with nftables
A guide describing how to set up an nftables-based egress policy layer to control which destinations servers can reach in the outside world.
Tutorials
Reliable Remote Log Transport with Rsyslog and RELP
An rsyslog and RELP-based setup that keeps critical logs intact through TCP drops as they ship to a central system.
Tutorials
Policy-Based Routing and Backup Link Design with Netplan
Set up a policy-based routing layout on Linux servers with Netplan that separates primary and secondary uplinks based on source network.
Tutorials
East-West Traffic Profiling with Suricata: A Practical Guide
A low-friction profiling approach with Suricata to make service-to-service traffic visible inside the data center.
Tutorials
Monitoring Time Drift on Servers with Chrony
A Chrony-based guide to making clock drift visible across distributed Linux servers and reducing operational risk.
Tutorials
Network Flow Observability with eBPF and SLO Correlation
An approach to monitoring network flows at the kernel level and correlating them with service latency and error budget signals.
Tutorials
VRRP Failover for the Management Plane with Keepalived
A Keepalived-based VRRP failover approach for reducing single-VIP dependency in internal management services.
Tutorials
Detecting Server Configuration Drift with Ansible
A guide to Ansible-based drift auditing for measuring and reporting deviations from the expected state on Linux servers.
Tutorials
A Server Hardening Baseline with Ansible
A guide to making your Linux server security baseline repeatable and auditable with Ansible.
Tutorials
Runtime Security Observation with Falco
A Falco-based setup guide for surfacing suspicious runtime behavior across Linux and Kubernetes environments.
Tutorials
Observing Linux Network Flows with eBPF
A guide for tracking flows, latency, and connection behavior on Linux servers with eBPF without drowning in packet capture.
Tutorials
Immutable Infrastructure Discipline on Linux Servers
An approach for moving server configuration out of manual labour and into a safe, repeatable automation flow.