Tag: Infrastructure

Getting error 8007EFE when checking for Windows Updates on your old version of Windows? Legacy Update continues support for Windows XP, Vista, 7, 8.1, etc. where Microsoft left off.

Browser-based utilities for VCF 9, NSX, vSAN, and networking. No install. Zero data collected.

Content feedback and comments

VMware vSAN stands as a cornerstone of the modern Software-Defined Data Center (SDDC), offering robust, high-performance, and scalable storage solutions integrated directly into the hypervisor. As the

Unofficial repository providing the most up-to-date Debian and Ubuntu packages for Zig, Ghostty, lazygit, yazi, eza, bun, TigerBeetle and other modern development tools.

Last April, I wrote a well-received article about the 13 software engineering laws - Hyrum’s, Conway’s, Zawinski’s, and 10 famous others.

AvSAN stretched clusteris a deployment model where a single vSAN cluster is extended acrosstwo geographically separated data centers, with a third site hosting theWitness Appliance. This architecture

Tu viens de monter un nouveau serveur Linux (un VPS, une VM Proxmox, un Raspberry Pi), SSH est activé, tu t'y connectes avec ton mot de passe, ça marche, affaire classée. Sauf que si ton serveur est exposé sur internet, il se fait scanner en continu par des bots qui

Let's make a tiny, standalone CA! We'll use a Raspberry Pi 4, YubiKey 5 NFC, and Infinite Noise TRNG.

Quartz is a fast, batteries-included static-site generator that transforms Markdown content into fully functional websites.

Complete guide to using NGINX as an API gateway in 2026, covering configuration, load balancing, rate limiting, and the Kubernetes ingress-nginx retirement.

Step-by-step field note for running OpenCode with LM Studio locally using Qwen3.5 9B and 0.8B, including Telegram bot workflow, local config, and M1 performance tradeoffs.

NixOS : comment j'ai troqué 13 ans de Debian contre un système déclaratif, reproductible et sans mauvaise surprise.

Talk to your infrastructure in plain language, get instant answers, and keep everything on-prem if you want.

Storage Policy–Based Management (SPBM)is the backbone of how VMware vSAN delivers predictable, workload‑aligned outcomes. Instead of carving LUNs or managing fixed RAID groups the old-fashioned way,po

How to build a single global queue for distributed systems on object storage: Start with a single file on object storage, then add write batching, a stateless broker, and high-availability.

Recently, I came across an issue in a vSphere cluster at a customer. Some vSAN disks were absent. This blog post will show you how I solved it.

Zero-touch node patching for Proxmox clusters bygyptazy.

Xen Orchestra install/update script. Contribute to ronivay/XenOrchestraInstallerUpdater development by creating an account on GitHub.

Trial expired and vCenter won’t boot? Learn how to license a standalone ESX 9.0 host using a private license file and esxcli entitlement commands.

I Made MCP 94% Cheaper (And It Only Took One Command)

How to build an answer file?

Create and configure Tunnels for public applications, Workers VPC, and Load Balancing without leaving the Core Dashboard — now with native integrations and unified visibility.

See how I built a Proxmox and Ceph home lab with 5 nodes, 17TB NVMe storage, dual 10Gb LACP, and Talos Kubernetes running on distributed Ceph.

Installer Datadog sur un homelab vSphere peut sembler contre-intuitif à cause du coût habituel de la plateforme, mais cela présente des avantages réels en termes de gain de temps et de fonctionnali…

Work around hard NATs and tricky networks with production-grade connectivity nodes you control

Is ProxCenter the vCenter for Proxmox? A deep look at ProxCenter for Proxmox, including DRS, HA, rolling updates, and multi-cluster management.

When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice. DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.

Comprenez la différence MTU MSS pour éviter la fragmentation réseau. Tutoriel complet : config, tests ping, Jumbo Frames et exemples Kubernetes.

Deploy More Resilient Apps. Hatchet is a platform for building distributed web apps that solves scaling problems like concurrency, fairness, and rate limiting.

Per-component uptime from tagged incidents.

Give LLM agents shell access without risking your host system. A practical libvirt guide covering VM creation, snapshots for safe experimentation, and remote access options.

This video explains the basic networking within Red Hat OpenShift Platform. From pod network to services, routes and secondary vlan and private networks.

On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

I recently picked up a Starlink Mini to use as a backup connection for my home network. The underlying technology is fascinating - thousands of satellites in low Earth orbit delivering broadband almost anywhere. With the new £4.50 standby plan, it's an excellent way to keep things online.

Creating Talos Kubernetes cluster using VMware.

If you work with Proxmox clusters long enough, you will likely have a cluster that you need to remove a node from. This is a fairly easy process using...

Short blog about my experiences with Nutanix CE and which workarounds I needed.

Comment j'ai obtenu mon propre ASN et utilisé BGP pour annoncer des routes IPv6 depuis chez moi.

Crack, splash, boom! In 2024, the VMware ecosystem endured a seismic shift. Broadcom acquired VMware and quickly introduced a controversial change in its pricing model — shifting from a vRAM-based system to one centered on per physical core (pCore) licensing — and shaking the veritable ground users stood upon. What once allowed customers to pay for […]

The Nutanix Cloud Bible - A detailed narrative of the Nutanix architecture, how the software and features work and how to leverage it for maximum performance.

Author: Nemanja Ilic

Get early access to our brand-new v4 APIs and SDKs! Covering Python, Java, Javascript, and Go there's an SDK for many of our users, along with client REST APIs for those languages that don't yet have an official SDK.

Author: Nemanja Ilic

We built an open-source proxy that adds tenant isolation to Prometheus, Loki, and Tempo by rewriting queries based on user identity.

Walkthrough on how to build and deploy a Telegram bot to Cloudflare Workers. Durable Objects are used for per-person DB and grammY is used to interact with the Telegram API

A gentle introduction to the Pi coding agent and why I think it’s a glimpse into the future of software.

Accurate vNIC-to-IP mapping is fundamental for virtual networking visibility, security, and troubleshooting. On the Nutanix AHV hypervisor, this mapping becomes especially important for services like Flow Virtual Networking, microsegmentation,...

A 5-20x faster experimental Homebrew alternative. Contribute to lucasgelfond/zerobrew development by creating an account on GitHub.

Instant Linux boxes via SSH. Create stock boxes or OCI image-backed VMs. Scale to zero and pay only for what you use.

This guide covers patching the entire VCF 9 platform including all fleet level and domain level components with a full end to end guide

A comprehensive step-by-step guide series to creating Kubernetes managed clusters on Proxmox using Cluster API and Cilium as a CNI.

Today is a big day for us, and for everyone who cares about transparency, privacy, and having full control over their own traffic. We’re finally open-sourcing the protocol that powers AdGuard VPN. And it now has a name: TrustTunnel.

iximiuz Labs founder shares a grounded, hands-on look at agentic coding in a real production codebase: massive speedups, surprising failures, and why domain knowledge still matters most.

I've been using GitLab for years for all my private projects. Some thoughts on why it stuck.

| Small Office/Home Office (SOHO)| Small-to medium-sized business (SMB)| Medium-to large-sized enterprises (MLE)

●

GoReplay is a versatile open-source tool designed to capture and replay live HTTP traffic. Perfect for replay production traffic and conducting comprehensive traffic replay testing, it allows you to seamlessly record and replay traffic in staging environments for effective debugging and quality assurance.

A powerful, intuitive Docker platform for everyone. Real-time container management, Compose stacks, Git deployments, and SSO - all free.

Datadog cut off our observability overnight. We migrated to an open Grafana stack in 48 hours. Here’s why vendor lock-in is fading in an AI-native world.

Let’s start with a question. What is DevOps all about?

A quick introduction to VCF 9 Automation in All Apps mode

Why zombie instances survive health checks, and what the choice between server-side and client-side load balancing means for how fast your system detects and reacts to failure.

An inspection of Claude Code's network requests, system prompt, and context handling by intercepting real traffic.

A few months ago, users started reporting that Ghostty was consuming absurd
amounts of memory, with one user reporting37 GBafter 10 days of uptime.
Today, I'm happy to saythe fix has been found and me

We usually learn that 1 kilobyte is 1024 bytes, 1 MB is 1024 kilobytes, etc. But is this true or a kilobyte is precisely 1000 bytes?

A curated list of awesome resources, tools, libraries, and projects for the Mistral AI ecosystem. - samouraiworld/awesome-mistral

Protection & more importantly, recovery of VMware Cloud Foundation (VCF) is something I and Ken Gould have worked closely on for a number of years now. Whether it was a VVD based deployment or …

In VMware Cloud Foundation (VCF) 9.0, identity management takes a leap forward with the introduction of the VCF Identity Broker (VIDB)—a modern, flexible solution for enabling Single Sign-On (SSO) …

Lessons learned from 14 years of engineering at Google, focusing on what truly matters beyond just writing great code.

CLI agents like Claude Code make self-hosting dramatically easier and actually fun. This is the first time I would recommend it to normal software-literate people.

The world tried to kill Andy off but he had to stay alive to to talk about what happened with databases in 2025.

Harvest a host's real configuration and turn it into Ansible roles/playbooks. Safe-by-default, with optional SOPS encryption.

Running six Claude Code agents in parallel from an iPhone. A cloud VM, Tailscale, mosh, and push notifications enable async development from anywhere.

Happy New Year! 🎉 Kicking off 2026 with my first blog post of the year 😁 Customers can use the Broadcom Product Lifecycle portal to search for products across the seven Broadcom Software Divisions …

Last month i shared a screenshot of a single switch validation. 12 tests.

How to reset the thermostat, and CodeRabbit as a case study

“Bye bye bye.” It took some time, and a serious amount of research, but I have finally crossed the finish line. I have officially migrated my digital life to pure, EU-hosted solutions.

When we talk about routing, we often picture routers, firewalls, and network appliances moving traffic across large networks.

VMs, on the internet, quickly

How I built MacThrottle, a menu bar app that tells me when my Mac is thermal throttling, and the journey to find the right macOS APIs.

Découvrez comment déployer un cluster Kubernetes entièrement en IPv6 avec Talos OS.

A Primer

An unofficial and opinionated book for beginners

Minimal Linux container host. Contribute to vmware/photon development by creating an account on GitHub.

Userspace WireGuard® Implementation in Rust. Contribute to mullvad/gotatun development by creating an account on GitHub.

Learn how to clone PostgreSQL databases instantly using reflinks. Turn slow template copies into milliseconds with PostgreSQL 18's new file copy options.

In previous blog post here, VMware vCloud Foundation 9 – Licensing Part 1 We talked about registering VCF Operations on the Broadcom Portal and applying licenses to VCF Operations. Let’s conti…

VCF 9 adopts a streamlined, subscription-based licensing model that simplifies management and compliance: Single license file replaces multiple component-specific keys (vCenter, ESXi, NSX, etc.) Li…

What Kabir Writes

I recently ran into a claim: Docker Compose is outdated and K3s is the king for my 1Gb VPS. At the same time, docker-compose.py is effectively deprecated, with Compose now shipped as a built-in docker compose command. That alone is not a problem, but it raised a reasonable question: has the role of Docker Compose actually changed, or is this just noise from the Kubernetes church?

How NSVisualEffectView renders blur effects under the hood, and building a custom material view from scratch using CABackdropLayer.

I got hacked, my server started mining Monero this morning.

In an air-gapped or disconnected environment, license entitlement for VMware Cloud Foundation (VCF) involves a multi-step file exchange between the VCF Business Service Console (BSC) and your deplo…

Firstyear's blog

In VCF Operations 9 we introduced a feature called Log Assist which allows you to upload Support Bundles to Broadcom Support from VCF Operations itself. Here's how it works.First, you must Register and License your VCF Operations instance, documentation on how to do that can be found here.Second, you must have a Unified Cloud Proxy deployed in your environment. I covered how to deploy these previously here. Be sure to confirm Log Assist is Activated on your Unified Cloud Proxy.Third, you must

vSphere Zones in VMware Cloud Foundation (VCF) 9.0 have been enhanced to offer greater flexibility in resource consumption and isolation for both vSphere Supervisor Control Plane VMs (Management), …

Introduces the benefits of running VCF virtual networking vs. a traditional hardware-vendor based solution.

The Challenge: When Granularity Is Your Only Option We were dealing with a legacy "beast" of a platform: a critical and systemic service running on traditional infrastructure, glued behind a single IP address. This IP hosted hundreds of distinct TCP ports, each representing different customers, prot

For resource constrained environments, deploying VMware Cloud Foundation (VCF) can take longer, especially when deploying on top of a Nested ESXi configuration. However, the VCF Installer does prov…

VMware Cloud Foundation 9 has brought the ⁠Virtual Private Cloud networking model⁠ front and center in the vSphere UI. Not only has it become extremely easy to provide a self-service solution for networking, but it also comes with a plethora of networking services and capabilities.

Network latency is an important factor when designing a VMware Cloud Foundation (VCF) Fleet and to assist VCF architects in understanding the various latency maximums, we have just published a new …

Recent advancements in Cloudflare Python Workers means fast cold starts, comprehensive package support, and a great developer experience. We explain how they were achieved and show how Python can be used to build serverless applications on Cloudflare.

ProxUI - Interface IA pour Proxmox VE et PBS

The Excavator Doesn't Care About Your Diversity We'd done everything right. Diverse and multiple fiber paths to our remote site.

Learn how to create and manage a multi-machine Uncloud cluster from scratch. This hands-on tutorial walks you through initializing a cluster, adding machines, managing contexts, and deploying your first containerized service.

With a Red Hat Developer Subscription (for Individuals) it’s possible to get Red Hat Enterprise Linux (RHEL) licensing valid for up to 16 systems for a home lab at no cost!

PDM 1.0 atteint le statut GA après une phase de développement d’environ douze mois, ponctuée par des versions alpha et bêta successives. Proxmox Data Center Manager se présente comme une plateforme de gestion unifiée, visant à fournir une alternative aux solutions établies comme vCenter ou Xen Orchestra pour l’administration d’infrastructures virtualisées sous Proxmox VE.

Lately, I’ve been spending a lot of time getting our company lab set up and configured with all the bells and whistles that VCF 9 brings to the table. The new SSO experience was something I was really looking forward to. Previously, you had to configure the identity provider for every single product and platform, then add in the permissions and then manage that connection seperately. The new SSO experience, powered by the all new Identity Broker, is supposed to alleviate a lot of that management overhead.

A guide on building a simple Linux distribution from scratch. Detailed guide on building the kernel and the init process. Finally, a little distribution is built with u-root that is capable of connecting to the Internet.

Bun has been acquired by Anthropic. Anthropic is betting on Bun as the infrastructure powering Claude Code, Claude Agent SDK, and future AI coding products & tools.

Today, I will play with the Offline Depot Web Server. There is an official documentation provided by BROADCOM which I followed in general. But there are some details the link does not describe deta…

PVMSS is a lightweight, self-service web portal for Proxmox Virtual Environment. It allows users to create and manage virtual machines without needing direct access to the Proxmox web UI. - julienh...

An exploration of DNS and Name-to-IP translation. This deep dive explores NSS, getaddrinfo, systemd-resolved and more!

Learn how to attach your VM to multiple Virtual Private Cloud subnets, leveraging Guest VLAN Tagging.

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

We made the switch from AWS-hosted MongoDB Atlas to a self-hosted solution on Hetzner, resulting in a 90% reduction in costs while maintaining performance and reliability.

The Grafana Stack can be an incredible powerful monitoring solution, but through my experience I found out how maintenance intensive it is and how uncertain the…

Kasm Workspaces delivers zero-trust remote browser isolation (RBI), desktop as a service (DaaS) and open-source intelligence (OSINT) workloads to the web browser.

Kasm Workspaces delivers zero-trust remote browser isolation, Desktop as a Service (DaaS), and OSINT workloads to your web browser.

💚 Secure remote browsing anywhere. . Contribute to BrowserBox/BrowserBox development by creating an account on GitHub.

BrowserBox streams a full modern browser to any client with low latency. Keep web risk off the endpoint while teams browse, automate, and embed safely.

Windows 11 now supports 1Password and Bitwarden passkeys, enabling faster, safer, and passwordless sign-ins across devices.

We saved 76% on our cloud bills while tripling our capacity by migrating to Hetzner from AWS and DigitalOcean. Digital Society is a not-for-profit cooperative helping you get your projects off the ground and realise the value of your data.

Phase 3: Role AssignmentAssign the service roles in vCenterAssign the service roles in NSXAssign the service roles in VCF OperationsAssign the service roles in VCF AutomationAssign the service role…

In VCF 9, VMware introduces a major shift in Single Sign-On (SSO) architecture via the new “Identity Broker” service. This change not only consolidates identity management across the VCF stack, but…

Adaptive systems for evolving ideas – Zensical creates scalable Open Source systems for technical writing that always keep you in the flow

Resolve the “Invalid redirect URL” error when logging into VMware Cloud Foundation (VCF) Operations with VCF Identity Broker SSO. Learn the cause and how to fix it by updating the System Access URL…

Last week I completed my VCF 9 lab, which I will explain in more detail later, including hardware and overall lab design. Now I want to deploy VCF Operations for Logs in my home lab. Deploying VCF Operations for Logs is pretty straightforward. You first need to download the binary file and then start the workflow. This is typically a […]

When users log in to a vCenter Server to manage roles and permissions within a VMware Cloud Foundation (VCF) 9.0 environment, they may notice several accounts that already have vSphere permissions …

I recently demonstrated how to automate the configuration of the VCF Automation (VCFA) Provider Portal using the new Terraform Provider for VCFA. You can also use the same provider to configure you…

Maintaining availability of data and the applications that produce or consume that data might be the most important responsibility of data center administrators. Capabilities like high performance or special data services mean very little if the applications and the data they produce or consume is not readily available. Ensuring availability is a complex topic, as … Continued

When deploying a new VMware Cloud Foundation (VCF) Fleet, users can choose from two different deployment models: Simple (one-node) or High-Availability (3-node) within the VCF Installer, which appl…

A BitTorrent Client in your Terminal. Contribute to Jagalite/superseedr development by creating an account on GitHub.

As all developers, I’ve been using git since the dawn of time, since its commands were an inscrutable jumble of ill-fitting incantations, and it has remained this way until today.
Needless to say, I j

How to start really getting Ruby, especially blocks.

Claude can now use Skills to improve how it performs specific tasks. Skills are folders that include instructions, scripts, and resources that Claude can load when needed. Claude will only access a skill when it's relevant to the task at hand.

Anthropic this morning introduced Claude Skills, a new pattern for making new abilities available to their models: Claude can now use Skills to improve how it performs specific tasks. Skills …

Disaggregating Prefill and Decode: Faster First Tokens, Faster Streams

Cloudflare investigated CPU performance benchmark results for Workers, uncovering and fixing issues in infrastructure, V8 garbage collection, and OpenNext optimizations. These improvements have made Cloudflare Workers faster for all customers.

build your own minimal BSD UNIX system

I’ve usedMullvadas my VPN provider for a few years. Their service is good, they provide keys for 5 devices, rely on the Wireguard protocol, and offer alternative configurations as well. Despite that,

Penpot is the open-source free design software that connects designers and developers with no handoff drama. Prototyping, UI design and code - all in one app.

Multipath TCP (MPTCP) for Linux, an extension to TCP that enhances connection redundancy and performance by utilizing multiple underlying TCP sessions simultaneously. This site provides installation guides, debugging tools, FAQs, and a list of apps supporting MPTCP, aimed at facilitating the adoption and implementation of MPTCP for Linux users and developers.

Kuvasz is an open-source, self-hosted uptime monitoring solution that provides comprehensive monitoring capabilities for websites and services.

Distributed monitoring ting. Contribute to rippleFCL/meshmon development by creating an account on GitHub.

Check out Twingate and supercharge your security: https://bit.ly/3Y1OaZi

How to access to a DSM provisioned Postgres database using User or Client Certificates

Découvrez comment Bootc et OSTree révolutionnent le déploiement des systèmes Linux, offrant une gestion moderne, efficace et immuable.

VCF.JSON Generator release with content transfer functionality

Découvrez comment remplacer votre box Internet SFR, Free, Bouygues ou Orange par du matériel UniFi. Guide complet opérateur par opérateur.

Most organizations rely on a single Identity Provider (IdP) such as Symantec VIP AuthHub, Okta, Microsoft Entra ID, or PingFederate to provide common identity and access management. However, for so…

https://blueprints.launchpad.net/dragonflow/+spec/neutron-metadata

An hour after celebrating a successful validation in the VCF 9.0 installer and getting ready for real deployment testing (which I made a short LinkedIn post about yesterday), things went sideways. …

How we built blockdiff, an open-source tool for rapid block-level diffs and snapshots of VM disks.

The VMware Cloud Foundation (VCF) Installer (Day 0) and SDDC Manager (Day N) supports two common methods for downloading VCF software into a users environment. Connect to Broadcom's online depot (s…

Free lance Free mVPN, un VPN grand public intégré au réseau mobile et inclus dans les forfaits Free 5G et Série Free. Activation en 1 clic, session 12h, chiffrement, blocage des sites malveillants et sortie en Europe (Italie / Pays-Bas). Disponible dès aujourd’hui sur iOS et Android.

Whilst Microsoft SQL Server is still in technical preview in Data Services Manager 9.0.1, our team continues to release significant enhancements for our customers as we gravitate towards full support.

Ideas grow better together

DSM 9.0.1 aligns with RBAC features that are already in VCF Automation, specifically around multi-tenancy controls

»schneegans.de

Tackling a larger systems programming project with AI tools.

Fast, Python-based infrastructure automation. Deploy to SSH servers, Docker, and local machines. 10x faster than Ansible.

🔧 pyinfra turns Python code into shell commands and runs them on your servers. Execute ad-hoc commands and write declarative operations. Target SSH servers, local machine and Docker containers. Fas...

A free, open source, self-hosted customer feedback tool 🦊 - astuto/astuto

Contribute to poulpreben/keycloak-to-vcf-scim development by creating an account on GitHub.

I recently migrated my self-hosted services from a VPS (virtual private server) at a remote data center to a physical server at home. This change was motivated by wanting to be in control of the hardw

Over two years ago, inone of my first public talks about Ghostty,
I shared my vision forlibghostty: an embeddable library for any application
to embed their own fully functional, modern, and fast term

Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network

License management for both VMware vSphere Foundation (VVF) and VMware Cloud Foundation (VCF) 9.0 is now handled by VCF Operations, which supports keyless entitlement in both Connected and Disconne…

Akvorado 2.0 is out! It introduces a major architectural change with a new outlet service, as well as smaller changes detailed in this post.

With the release of VMware Cloud Foundation 9.0, VMware is ushering in a new era of private cloud management, where data services become an integral part of the automated platform. A key element of this transformation is VMware Data Services Manager (DSM) 9.0, an advanced Database-as-a-Service (DBaaS) tool that is now fully integrated with VCF...

While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called “Actor tokens”, and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.

News about asciinema development and new releases

Release notes for Ghostty 1.2.0, released on September 15, 2025.

This blog post provides a detailed guide for deploying VCF Instance using Terraform. It covers prerequisites, installation steps for Terraform and VCF, and necessary configurations in Terraform fil…

This is a scenario that is not covered very well in our current VCF 9.0 docs (I am working to rectify that), where a customer has more than 1 existing VCF 5.x instance and they want to move to VCF …

A brief guide to upgrading from VCF5.X to VCF9 on a brownfield site.

The Intel 285K CPU in my high-end 2025 Linux PC died again! 😡 Notably, this was the replacement CPU for the original 285K that died in March, and after reading through the reviews of Intel CPUs on my electronics store of choice, many of which (!) mention CPU replacements, I am getting the impression that Intel’s current CPUs just are not stable 😞. Therefore, I am giving up on Intel for the coming years and have bought an AMD Ryzen 9950X3D CPU instead.

I use Homebrew all the time. Whenever I see a new CLI that offers an npm or uv install path alongside a brew one, I choose brew every single time.
And yet, when…

WinBoat lets you run any Windows application on Linux with seamless desktop integration. Elegant interface, automated installs, filesystem integration, and native OS-level windows.

Getting Started

Some thoughts in support of simple solutions.

After publishing my long awaited Automated VMware Cloud Foundation (VCF) 9.0 Lab Deployment Script yesterday, I already had a request for a simliar solution to deploy VMware vSphere Foundation (VVF…

Image Factory generates customized Talos Linux images based on configured schematics.

Warning: Contains tongue-in-cheek language that might feel provocative if you have invested part of your identity into y…

“It’s always DNS” is a famous meme among network people. Name resolution is technically quite simple. It’s “just” translating a hostname like jan.wildeboer.net to an IP address. What could possibly go wrong? I am a radical optimist and detail-obsessed knowledge collector, so I decided to find out. As part of my goal to make my home network a little island of Digital Sovereignty, meaning that everything at home should JustWork™, even with no working internet connection, a DNS server is needed.

Note: this blog is about mapping VLAN tags to NSX segments. The same functionality is described for VPC subnets in this post. Guest VLAN Tagging alone… not great with NSX By default, a virtual machine sends traffic to its vNIC untagged. The virtual switch then receives that traffic into a single VLAN or NSX segment. … Continued

Home internet in the 90s felt simple. You plugged into [Ethernet](https://en.wikipedia.org/wiki/Ethernet), got an [IPv4](https://en.wikipedia.org/wiki/IPv4) address, and you could expose a service dir...

Go’s interfaces are very funny. Rather than being explicitly implemented, like
in Java or Rust, they are simply a collection of methods (a “method set”) that
the concrete type musthappento have. This

Claude Code is the most delightful AI agent/workflow I have used so far. Not only does it make targeted edits or vibe coding throwaway tools less annoying, ...

Datacenter-Scale Heat Management

Real-time monitoring for Proxmox, Docker, and Kubernetes with AI-powered insights, smart alerts, and a beautiful unified dashboard - rcourtman/Pulse

Just wanted to share my (successful) procedure for creating in PVE9 a VM Template for a Debian Trixie Server with Cloud-Init, which I have done in the past for previous Debian versions in PVE8. This is most useful to quickly spin up a Debian server for any purpose.

We’ve rebranded. Claudia is now Opcode. Visit opcode.sh for the latest.

On August 21, 2025, an influx of traffic directed toward clients hosted in AWS us-east-1 caused severe congestion on links between Cloudflare and us-east-1. In this post, we explain what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.

Good news here for customers who use iSCSI in their current vSphere environments and are looking to move to VCF

Bonjour à tous ! Aujourd'hui un article pour parler d'une chose simple : la configuration de la solution rsyslog sur un serveur GNU/Linux en utilisant les …

Setting up a Wake-on-LAN server you can reach from a browser, using Tailscale, a webapp, and a little Raspberry Pi.

An open source, self-hosted implementation of the Tailscale control server - juanfont/headscale

This was a tough decision, having used Gmail since 2007/2008. However, I had to draw the line and stop giving Google my data for free.
The problem with email is …

Note:`libasound2-dev`system library is required to be installed for Sampler to
play thetriggersound. Usually this library is in
place, but if not - you can install it with your

If you have a Synology NAS and want to use an iSCSI LUN with Proxmox Backup Server, check out this post for the full details.

Follow this How-to to configure a Synology NFS share for use with Proxmox Backup Server as a backup datastore. Bonus includes virtualizing PBS on your Synology NAS.

In this article I will walk you through how to install Proxmox Backup Server (PBS) 4.0 inside of a VM running on Proxmox 9.0.

This post describes how to configure Avi Load Balancer in front of of VCF Automation (VCFA) to provide more secure access to the cloud service. Usage of Avi Load Balancer for tenant IaaS services i…

If you’ve been about VMware Cloud Foundation at all, you’ve likely come across the VCF Planning & Preparation workbook developed and maintained by @cliffcahill and myself, dating as…

An evolving how-to guide for securing a Linux server. - imthenachoman/How-To-Secure-A-Linux-Server

In today’s multi-tenant cloud environments, VMware Cloud Foundation Automation (VCFA) offers a robust layered architecture that seamlessly bridges enterprise-grade infrastructure management with de…

Thulite is a Hugo and npm web framework for shipping fast, secure, SEO-friendly sites with modern tooling, integrations, and starters.

Kener is a free, open-source status page and uptime monitor. Deploy with Docker in under 2 minutes. Track 11 service types, manage incidents, schedule maintenance, and notify subscribers — all from one platform.

how to add read-write-many (RWX) volumes to a Pod in VKS which were initially created by the Volume Service

After 15 years on macOS, I made the leap to Arch Linux using Omarchy. Here's what I discovered about the trade-offs, workflow changes, and why shorter battery life and fan noise haven't sent me back to my MacBook.

The monitoring and analysis of a complex data center can be much easier with the right tools. The right tool for VMware Cloud Foundation (VCF) is VCF Operations. It gathers the extraordinary amount of metrics generated within the environment, and distills it down into meaningful and actionable information for your optimization, troubleshooting, and planning efforts. … Continued

The visual policy editor gives you a tabular view of each section of your policy file, and allows you to add, edit, and delete individual policy entries using visual forms.

On a few occasions, I have noticed that after the initial deployment of VMware Cloud Foundation (VCF) 9.0 that also includes VCF Automation (VCFA), the VCFA VM can experience a sustained CPU usage …

After years of self-hosting on a VPS in a datacenter, I’ve decided to move my services at home. But instead of just porting services, I’m using this as an opportunity to migrate to a more flexible and

Deploy VMs and LXCs using Proxmox Terraform templates. Includes cloud-init, LXC provisioning, and real-world IaC examples for automation.

Connect everything, from cloud to IoT, with the next-generation global network solution. Simple, resilient, and secure networking in minutes.

Terragrunt vs Terraform: Why I chose Terragrunt to eliminate code duplication, automate state management, orchestrate deployments, and follow pattern-level reuse.

Free, self-hosted customer support platform with shared inbox, automation, and team collaboration. Deploy with a single binary.

Stop vibe-coding blindly! Why reading AI-generated code is crucial in 2025. Avoid security flaws, architectural decay, and knowledge loss when using Claude Code or any other tool.

You can shell out to `cp -c` using `subprocess`, or you can make a `clonefile()` syscall using the `ctypes` library.

I recently deployed the latest release of VMware Data Services Manager (DSM) 9.0 in my VMware Cloud Foundation (VCF) 9.0 lab to explore the new integration with VCF Automation (VCFA), allowing orga…

Observable Frameworkis anopen-sourcestatic site generator for data apps, dashboards, reports, and more. Framework includes a preview server for local development, and a command-line interface for auto

In the latest release of D2 (0.7.1), we introduce ASCII outputs.

This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities i…

In this post, I will show you the steps to create a static volume via the Volume Service, and then create the appropriate manifests in your VKS cluster to make the volume available to Pods running on your cluster.

You deserve some always-on gadgets—and an easier way to access them.

After Claude Pro changed to weekly limits, I explored self-hosting Qwen3-Coder-480B with 400k context windows. Here's what I learned about costs, alternatives, and why Claude Code still dominates the landscape.

With the improvements of VCF Automation 9 it now includes a new model which supports developer consumer use cases. In context of the tenancy architecture, it provides 2 different types of organizations: VM-Apps-OrgAn organization which is almost identical to what is known from 8.x versions of Aria Automation. Its main purpose is to support VM-based… Read More »

VCF 9 services like VCF Operations now use token based service accounts to connect and integrate to VCF Automation aka VCFA. The use of token based service accounts is not limited to VCF 9 services…

It is wild to think that it has been only a handful of weeks.
Claude Code has considerably changed my relationship to writing and maintaining code at scale. I still write code at the same level of quality, but I feel like I have a new freedom of expression which is hard to fully articulate.
Claude Code has decoupled myself from writing every line of code, I still consider myself fully responsible for everything I ship to Puzzmo, but the ability to instantly create a whole scene instead of going line by line, word by word is incredibly powerful.

I have been exploring some new tools here and there. When I started watching Primeagen, I took a note of several tools that he was using and advocating for. One of them was tmux.
What is tmux? tmux is a terminal multiplexer. What that means is you can have many terminals in one. According to tmux wiki:
tmux is a program which runs in a terminal and allows multiple other terminal programs to be run inside it. Each program inside tmux gets its own terminal managed by tmux, which can be accessed from the single terminal where tmux is running - this called multiplexing and tmux is a terminal multiplexer.

When working on my homelab, I regularly need to pass credentials to my tools. A naive approach is to just store the token in clear text, but there's a better alternative. Let's see how direnv and the Bitwarden password manager's CLI can be hooked together to let me keep my infrastructure credentials safe, in a simple, sturdy setup!

This page was built using the Blowfish theme for Hugo.

How to migrate from RAIDZ1 to RAIDZ2 without a spare ZFS server or a boatload of extra disks.

Tailscale and Grafana Labs partner to provide private connectivity between data sources on tailnets and Grafana Cloud instances.

The anatomy of UNC3944's vSphere-centric attacks, and a fortified, multi-pillar defense strategy required for mitigation.

We explore the critical risks of integrating VMware vSphere with Active Directory, especially as it relates to ransomware.

VMware Cloud Foundation (VCF) 9.0 continues to support one of the most popular and powerful load balancer, VMware Avi Load Balancer. When you deploy a new VMware Avi Load Balancer within a given VC…

I’ve started writing more Python code lately (because of… AI, you know). In this post, I share the tools, libraries, configs, and other integrations I use for building production-grade Python applications following a frontend-backend architecture.

On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS.

In the DSM 9.0 Release Notes, the following item about metrics is listed in the What’s New section: You can use the VMware Data Services Manager API to publish PostgreSQL and MySQL metrics to VMware Cloud Foundation 9.0 (VCF) Operations and Prometheus [..] enabling better visibility, alerting, and performance management for all databases that VMware Data Services manages. In this post, I will show how to configure DSM 9.0 to send Postgres and MySQL database metrics to VCF 9.0 Operations. While this process is rather manual in VCF 9.0, we plan to significantly improve this overall experience for users going forward.…

A brief guide on how to switch from a VCF9 Operations instance to a central VCF Operations instance.

Octelium is a unified zero trust architecture (ZTA) that is built to be generic enough to operate as a zero-config remote access VPN, a Zero Trust Network…

Powerful SSL certificate management system with multi-DNS provider support and REST API

One of the ways how to start using VMware Cloud Foundation 9 is to convert existing vSphere environment. Let’s have a look what is the process. VCF Fleet VCF consists of a Fleet Management wi…

Bring all of your authentication into a unified platform.

Fast terminal, state-of-the-art agents, and cloud orchestration for the full software development lifecycle.

A step-by-step guide to configuring a vSAN ESA over RDMA cluster and a troubleshooting methodology.

Documentation

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

TSDProxy is a proxy for tailscale

How I built a seven-figure business with Rails

The purpose of this website is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality.
The information here can be used for educational purposes, however, the main goal is to provide a single point of reference for designing, operating and troubleshooting cluster networking solutions.
Warning This is not a generic Kubernetes learning resource. The assumption is that the reader is already familiar with basic concepts and building blocks of a Kubernetes cluster – pods, deployments, services.

The volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached.

Tailwind CSS Components Library for 2026 - Tailwind CSS components examples, Tailwind themes and Tailwind blocks for fast UI development

Sysxplore explores DevOps, Cloud, and Linux topics in a straightforward way, making complex concepts easy to grasp. Our goal is to deliver technical information and make it enjoyable to learn.

Simple. Powerful. Fast. Pick three. Release 25.5.0( What’s new?) structlog is the production-ready logging solution for Python: Simple: Everything is about functions that take and return dictionari...

Ah,Zig. I have a love-hate relationship with this one. A “new” (reading:appeared a couple years ago,
already — yes,already), language with high ambitions. Zig was made to run at low-level, with a simp

This post explains security best practices to use SSH properly and securely

Xe Iaso's personal website.

Xe Iaso's personal website.

Xe Iaso's personal website.

Anyone who operates an SSH server somewhere on the Internet is bound to suffer a relentless torrent of inbound connections, probably from some botnet or another, trying to log in with the myriad crede

Guide by Example. Contribute to DoTheEvo/selfhosted-apps-docker development by creating an account on GitHub.

The horizontal scaling layer for PostgreSQL, deployed as a simple proxy.Load balance queries and shard databases, without application changes.

The pitch of modern SaaS is "don't reinvent the wheel." But every wheel you bolt on comes with some friction.

RustDesk is the best open-source remote desktop software. Secure alternative to TeamViewer and AnyDesk with self-hosted servers. Cross-platform support for Windows, macOS, Linux, and Android.

Record right where you work - in a terminal.
To start, runasciinema rec demo.cast, to end pressctrl+dor typeexit.

With additional Kubernetes mode!

Miniature rack builds, for portable or compact Homelabs.

Network-wide Ad Blocking

Zero trust access to all your infrastructure, self-hosted applications, and SaaS tools. Easy to deploy and scale. Better than your existing VPN.

The cloud you own. Hardware, with the software baked in, for running infrastructure at scale.

We finished pulling seven cloud apps, including HEY, out of AWS and onto our own hardware last summer. But it took until the end of that year for all the long-term contract commitments to end, so 2024 has been the first clean year of savings, and we've been pleasantly surprised that they've been even better than originally estimated. F...

The Virus Lounge

Real-time infrastructure monitoring with per-second metrics, ML anomaly detection, and AI troubleshooting. Open source, #1 on GitHub. Cut MTTR by 80%.

Litestream is an open-source, real-time streaming replication tool that lets you safely run SQLite applications on a single node.

This year I decided to refactor my personal cloud infrastructure. Because of various nuances in m...

A self-hosted bookmarking service that is designed to be minimal, fast and easy to set up.

Use declarative language to build simpler, faster, scalable and flexible workflows

A satellite project of labs.iximiuz.com - an indie learning platform to master Linux, Containers, and Kubernetes the hands-on way 🚀

Ice is a powerful menu bar management tool. While its primary function is hiding and showing menu bar items, it aims to cover a wide variety of additional features to make it one of the most versatile menu bar tools available. - Ice - Menu Bar Manager

Learn how to build an Anycast network to optimize global traffic routing. Explore how to efficiently direct requests to the best server, regardless of location.

mise-en-place documentation

Secure access / PAM for your internal SSH, HTTPS, MySQL, Postgres and Kubernetes servers with SSO and RBAC.

Anthropic publish most of the system prompts for their chat models as part of their release notes. They recently shared the new prompts for both Claude Opus 4 and Claude …

HashiCorp Validated Designs

Harper checks your writing instantly—fast, lightweight and utterly private—so you can polish every clause without surrendering a single keystroke.

Let's Encrypt for VMware ESXi with easy installation using pre-built VIB or offline bundle. Auto-renewal of certificates. - w2c/letsencrypt-esxi

Interactive Streaming Telemetry lab with Nokia SR Linux nodes forming a Clos topology - srl-labs/srl-telemetry-lab

Contribute to srl-labs/clab-api-server development by creating an account on GitHub.

Portal is a quick and easy command-line file transfer utility from any computer to another 🌌 ✨ - SpatiumPortae/portal

Automate deployment and configuration of nested VMware Software-Defined Data Center environments including solutions like vSphere, vSAN, NSX, vSphere Kubernetes Service, Avi Load Balancer, Aria Ope...

Go-based SSH and SCP client with userspace Tailscale connectivity. Secure shell access and file transfers over Tailnet without requiring a full Tailscale daemon. - derekg/ts-ssh

A secure WireGuard VPN management system with invitation-based registration, multi-device support, QR code setup, and admin tools. Built with Next.js 15. - arashvakil/LeiaGuard

Firezone is a fast, flexible VPN replacement built on WireGuard® that eliminates tedious configuration and integrates with your identity provider.

Keeping my laptop clean by developing in a virtual machine

Discover how to design tailored multicloud connectivity scenarios with Megaport and Megaport Cloud Router (MCR). From physical layer configurations to cloud-specific connectivity options, explore resilient and scalable architectures that simplify network complexity. Gain insights into HA designs, dual data center strategies, and step-by-step guidance for building a better network.

From bare metal to cloud VMs using Docker, deploy web apps anywhere with zero downtime.

Genuine News About the Data Ecosystem

Build powerful software environments and containerized operations from modular components and simple functions. Perfect for complex software delivery and AI agents. Built by the creators of Docker.

An open-source guide to help you write better command-line programs, taking traditional UNIX principles and updating them for the modern day.

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

AI SRE and MCP server, incident management, on-call, logs, metrics, traces, and error tracking. 7,000+ happy customers. 60-day money back guarantee.

Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.

For everything that happens after you deploy. Antimetal is the AI platform to better understand, manage, and automate your infrastructure.

LazyVim is a Neovim setup powered by 💤 lazy.nvim

Nutanix Builder v1.0.0 released and good to go for EUC image builds

Introduction K8s is already a crucial part in the VMware ecosystem for many years and the level of integration in other products like NSX and AVI changed a lot in the past. That is also true for the naming like “vSphere with Tanzu”, “vSphere IaaS” and “VKS” and perhaps more changes in the future. For this blog post we will bring some spotlight to the integration for VKS with NSX VPCs, which is from my point of view a great enhancement from tenancy point of view.

A technical blog about Rust, Linux and other topics.

I’m delighted to announce that Sniffnet v1.4 is finally available! This major release brings a bunch of improvements and fixes, making Sniffnet more powerful and reliable than ever before. One of the most exciting new features is the ability to process network data from PCAP files in addition to network...

DSM is providing is the DBaaS solution for VCF. In this post, I will attempt to highlight the overall benefits of DSM. I will do this for three different personas; the VI Admin, the DBA and the end-user/developer.

A short article about VPCs in NSX 9 and VCF 9 Part 2.

I spent a month repeatedly building my website in Docker, and now have horrors to share.

Since launching the MS-01 in 2024, Minisforum has steadily gained popularity for its unique design that sets it apart from established players in the small form factor (SFF) market. Following the s…

Published onJun 25, 2025

PowerCLI has long established itself as a trusted and widely adopted automation tool across VMware environments. It remains one of the most preferred tools among our customers, and its popularity is reflected in the numbers—we estimate over 1.5 to 2 million downloads each year.

By default, the VMware Cloud Foundation (VCF) 9.0 Installer requires a minimum of 3 ESXi hosts when you select vSAN (OSA or ESA) for storage or 2 ESXi hosts when you choose to use external storage …

Data Services Manager is the DBaaS for VMware Cloud Foundation (VCF), offering multi-tenanted data services to your end users on-premises, on vSphere.

Dans cet article, j’expose 3 problèmes que j’ai rencontré dans ma carrière avec le DNS sur Kubernetes. Le 3eme est d’ailleurs un bug non corrigé à ce jour sur kube-proxy en mode iptables, et impacte n

We all want to do awesome things and make an impact at work. However, what we call “work” is a relationship between employer and employee that's inherently and persistently designed to benefit the former over the latter. How do we meaningfully contribute, earn a living, and maybe even enjoy ourselves when the organization simply does not care about us?

Having the latest compatible software for one’s NVIDIA vGPU investment should be a priority. New features are added all the time, or there may be security enhancements. In this post I’ll demonstrate a new PowerShell module I’ve built that employs the NVIDIA License System (NLS) API to be able to list and download vGPU software like drivers or the NVIDIA Delegated License Service (DLS).

The latest VMware Cloud Foundation (VCF) 9 resources

Securely connect to anything on the internet with Tailscale. Built on WireGuard®️, Tailscale enables you to make finely configurable connections, secured end-to-end according to zero trust principles, between any resources on any infrastructure.

A short article about VPCs in NSX 9 and VCF 9.

VMware Cloud Foundation 9 (VCF 9) has been released and with it comes brand new Cloud Management Platform – VCF Automation (VCFA) which supercedes both Aria Automation and VMware Cloud Direct…

How to get generated passwords via Fleet Management API, and login to Automation appliance via SSH

The power of Zig's comptime code execution

Recently I’ve been working on a pretty big rust project and to my surprise Icouldn’t get tests to work properly.

The Situation I was working in our lab and ran into an issue where the hosts I wanted to use had different NIC configurations. I was building a cluster using two different types of hosts because on…

I run Claude Code with --dangerously-skip-permissions flag, giving it full system access. Let me show you a new way of approaching computers.

Hey! I'm a student and professional bug-creator. I like to explore new stuff, and share my experiences on this blog!

J.HOMMET.NET - Humain analogue dans un monde numérique.

When you read my blog articles and stuff – you may get the idea that everything I do – just happens to be right and that I succeed at every attempt. This article is here to remind you t…

An honest look at why Nix's complex but powerful approach to package management and reproducible environments is worth considering.

In this post, I demonstrate the optimal workflow for creating new Debian packages in 2025, preserving the upstream Git history. The motivation for this is to lower the barrier for sharing improvements to and from upstream, and to improve software provenance and supply-chain security by making it easy to inspect every change at any level using standard Git tooling.\nKey elements of this workflow include:\nUsing a Git fork/clone of the upstream repository as the starting point for creating Debian packaging repositories. Consistent use of the same git-buildpackage commands, with all package-specific options in gbp.conf. DEP-14 tag and branch names for an optimal Git packaging repository structure. Pristine-tar and upstream signatures for supply-chain security. Use of Files-Excluded in the debian/copyright file to filter out unwanted files in Debian. Patch queues to easily rebase and cherry-pick changes across Debian and upstream branches. Efficient use of Salsa, Debian’s GitLab instance, for both automated feedback from CI systems and human feedback from peer reviews. To make the instructions so concrete that anyone can repeat all the steps themselves on a real package, I demonstrate the steps by packaging the command-line tool Entr. It is written in C, has very few dependencies, and its final Debian source package structure is simple, yet exemplifies all the important parts that go into a complete Debian package:\n

2025-05-20

IPv4 is expensive, and moving network resources around is hard. Previously, when customers wanted to use multiple Cloudflare services, they had to bring a new address range. Now, they can use their resources more efficiently, saving space and reducing operational costs.

Lately I’ve been trying to find (and understand) the limits of time syncing between Linux systems. How accurate can you get? What does it take to get that? And what things can easily add measurable amounts of time error?
After most of a month (!), I’m starting to understand things. This is kind of a follow-on to a previous post, where I walked through my setup and goals, plus another post where I discussed time syncing in general. I’m trying to get the clocks on a bunch of Linux systems on my network synced as closely as possible so I can trust the timestamps on distributed tracing records that occur on different systems. My local network round-trip times are in the 20–30 microsecond (μs) range and I’d like clocks to be less than 1 RTT apart from each other. Ideally, they’d be within 1 μs, but 10 μs is fine.
It’s easy to fire up Chrony against a local GPSTechnically, GNSS, which covers multiple satellite-backed navigation systems, not just the US GPS system, but I’m going to keep saying “GPS” for short.
-backed time source and see it claim to be within X nanoseconds of GPS, but it’s tricky to figure out if Chrony is right or not. Especially once it’s claiming to be more accurate than the network’s round-trip time20 μs or so.
, the amount of time needed for a single CPU cache miss50-ish nanoseconds.
, or even the amount of time that light would take to span the gap between the server and the time source.About 5 ns per meter.
I’ve spent way too much time over the past month digging into time, and specifically the limits of what you can accomplish with Linux, Chrony, and GPS. I’ll walk through all of that here eventually, but let me spoil the conclusion and give some limits:
GPSes don’t return perfect time. I routinely see up to 200 ns differences between the 3 GPSes on my desk when viewing their output on an oscilloscope. The time gap between the 3 sources varies every second, and it’s rare to see all three within 20 ns of each other. Even the best GPS timing modules that I’ve seen list ~5 ns of jitter on their datasheets. I’d be surprised if you could get 3-5 GPS receivers to agree within 50 ns or so without careful management of consistent antenna cable length, etc. Even small amounts of network complexity can easily add 200-300 ns of systemic error to your measurements. Different NICs and their drivers vary widely on how good they are for sub-microsecond timing. From what I’ve seen, Intel E810 NICs are great, Intel X710s are very good, Mellanox ConnectX-5 are okay, Mellanox ConnectX-3 and ConnectX-4 are borderline, and everything from Realtek is questionable. A lot of Linux systems are terrible at low-latency work. There are a lot of causes for this, but one of the biggest is random “stalls” due to the system’s SMBIOS running to handle power management or other activities, and “pausing” the observable computer for hundreds of microseconds or longer. In general, there’s no good way to know if a given system (especially cheap systems) will be good or bad for timing without testing them. I have two cheap mini PC systems that have inexplicably bad time syncing behavior,1300-2000 ns.
and two others with inexplicably good time syncing20-50 ns
. Dedicated server hardware is generally more consistent. All in all, I’m able to sync clocks to within 500 ns or so on the bulk of the systems on my network. That’s good enough for my purposes, but it’s not as good as I’d expected to see.

Getting the length of a string seems simple and is something we do in our code every day. Limiting the length of a string is also extremely common in both frontend and backend code. But both of those

Manage your data science projects effectively with loguru. Track stages and control logging levels with ease.

Burstable VMs run on a fraction of CPU and burst to a higher level of CPU usage to support occasional usage spikes. To implement them, we leveraged Control Groups v2 (cgroups v2), a Linux kernel feature that helps manage resource usage. We thought our open-source implementation of burstable VMs might be interesting enough to write about. We also learned a lot about Linux cgroups in the process!

A deep dive into KubeVirt for vSphere admins. Learn VM creation, storage, networking, and operations mapped to familiar VMware concepts.

Tired of Annoying Ads and Privacy-Invading Trackers? Here’s How to Take Control...

Minimalist doesn't mean Talos isn't extensible. Let's dive into the topic of extensions to customize and adapt it to our needs.

I'm fortunate enough to live in a place where 10Gbps fiber (FTTH) is not only available but also cheap. Here's how I'm taking advantage of this.

Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features Authentik, KeyCloak, Synology SSO and Pocket ID. To add to my collection, …

Omni est un outil incroyable qui va vous permettre de gérer des machines Talos n'importe où. Laissez-moi vous présenter Omni, et comment l'interfacer avec Kubevirt pour créer des clusters Kubernetes en un claquement de doigts.

SDDC Manager oprations may not be allowed due to System Lock held by Password Manager operation in progress. A password rotation task may have failed on individual components for various reasons. S…

We all love Python’s comprehensive standard library, but let’s face it – PyPI’s wealth of packages often becomes essential. Sharing single-file, self-contained Python scripts that rely on these external tools can be a headache. Historically, we’ve relied on requirements.txt or full-fledged package managers such as Poetry or pipenv, which can be overkill for simple scripts and intimidating for newcomers. But what if there was a simpler way? That’s where uv and PEP 723 come in. This article delves into how uv harnesses PEP 723 to embed dependencies directly within scripts, making distribution and execution extremely easy.

Omnissa recently released their Ports and Protocols tool! There are listings for Horizon1, Omnissa Access and UEM at present. Customized lists can be downloaded in Excel and PDF formats. I wanted to see if I could somehow find this information JSON-formatted. The Horizon listing also includes information for App Volumes, Dynamic Environment Manager and Unified Access Gateway. ↩︎

Take an interactive journey through the history of IO devices, and learn how IO device latency affects performance.

Explore essential homelab services for 2025 including Plex, Jellyfin, the *arr stack, Immich, Home Assistant, Pi-hole, Grafana, and more.

Part 2 VCF Import Cluster with NFS and activating the overlay.

Today we’re excited to release Railpack — the next iteration of the Railway builder, developed from the ground up based on everything we’ve learned from building over 14 million apps with Nixpacks.

vCenter Server ships out of the box a number of system and custom roles, which can be used or users can create their own custom roles containing the required privileges. If you wanted to understand…

Introduction to the deploy.sh Script The deploy.sh script is a fundamental tool in the VMware Aria Automation ecosystem (formerly vRealize Automation), responsible for deploying, configuring, and managing all components of this advanced environment. Located in the /opt/scripts/ directory on the Aria Automation virtual machine, it serves as the central orchestration point for the entire system....

I want to write a post about Pitchfork, explaining where it comes from, why it is like it is, and how I see its future. But before I can get to that, I think I need to share my mental model on a few things, in this case, HTTP/2.

Much of what I do, in multiple fields, could be reduced to one skill: troubleshooting.

post Philosophy My overarching goals with writing notes are 2 fold: To help me think clearly To serve as a personal knowledge base I can reference later One of the great things about Obsidian is how it’s infinitely customizable.

We're Rivet, a new open-source, self-hostable serverless platform. We've been in the weeds with SQLite-on-the-server recently and – boy – do we have a lot of thoughts to share. Give us a star on GitHub, we'll be sharing a lot more about SQLite soon!

GitHub Actions suggests using code like echo ... >> $GITHUB_ENV, but echo ... | tee -a $GITHUB_ENV is often better.

MicroVMs need bare-metal or nested virtualisation with /dev/kvm. But what if that's not available? The PVM virtualisation framework may be the answer.

Migrate VMware to Proxmox for free using Veeam Community Edition. The steps are easy and quick for VMware to Proxmox migration

The article outlines how to automate the deployment and configuration of VMware NSX using Terraform, focusing on components like NSX Manager, Fabric, and Edge Transport Nodes. It details installati…

The introduction of VPCs (Virtual Private Cloud) at the network level provides a "self-service" for network, security and other network services in an isolated environment. Those responsible for the VPC can create networks and security rules (within their limits), thus relieving the burden on the network and security teams. It also enables the VPC owners to provide new services more quickly.

This blog post provides a detailed guide for installing VMware vSphere Supervisor using Terraform. It covers prerequisites, installation steps for Terraform and vSphere Supervisor, and necessary co…

Oracle is not a very popular cloud hosting service, but they have an unusually attractive free tier offering. You can run the following two VMs for free 24/7:

With the new Broadcom licensing changes related to NSX only the stateless firewall is included in the base VCF/NSX license while statefull firewall needs to be licensed separately. VMware Cloud Dir…

Let’s Encrypt protects a vast portion of the Web by providing TLS certificates to over 550 million websites—a figure that has grown by 42% in the last year alone. We currently issue over 340,000 certificates per hour. To manage this immense traffic and maintain responsiveness under high demand, our infrastructure relies on rate limiting. In 2015, we introduced our first rate limiting system, built on MariaDB. It evolved alongside our rapidly growing service but eventually revealed its limits: straining database servers, forcing long reset times on subscribers, and slowing down every request.

Exploring how to break up a system architecture diagram to make it more readable and informative

Live Migration of Workloads with VMware HCX: A Customer Story

Build reproducibility is often considered as a de facto feature provided by functional package managers like Nix. Although the functional package manager model...

Why the OAuth2 protocol was designed the way it is and how it works.

When you deploy a component using VMware Aria Suite Lifecycle, it stores the credentials in it’s locker. If you need to SSH to a VCF Operations appliance and you dont know the root password, …

What are these distroless images, really? Why are they needed? What's the difference between a container image built from a distroless base and a container image built from scratch? Let's take a deeper look.

My tools and how I use them.

Todays post is about configuring Jumbo frames in NSX for VM to VM communication (East / West) and for upstream connectivity (North / South). NSX supports switching and routing of Jumbo frames. We’re t

When it comes to infrastructure engineering, building a data center is probably closer to building a house than to deploying a Terraform stack.

the latest version of Data Services Manger (DSM) is now available. Version 2.2 has a wealth of new features

While answering a recent question on the VMware Reddit Community, I came to learn about Authentik, an open source identity provider (IdP), which is pretty feature rich and best of all, you can self…

In light of the above tweet, and Ned Beauman'sHow ‘Factorio’ seduced Silicon Valley — and me(permalink),
I wanted to approximate the magnitude of damage you could inflict with a Mass Steam Gifti

Introduction Some of you are using NSX for many years already and are aware of the different changes and improvements implemented in the last years. I personally started with NSX in version 2.3 and one of the first important improvements I recognized is “MultiTEP” for edge nodes from type VM. It was released with NSX 2.5 and officially added to the reference design guide.
By the way: The reference design guide is still a great resource to learn the design pricipals for NSX implementaions. This is especially interesting for those who might be new to NSX.

Change your tools and change your life in 2025.

Some of the interesting and insane facts I learned about SQLite

Abstract Now that we have a Vault, with a TLS Issuing CA, and some idea of how to get certs out of it, lets look at how we can use this in a “real” world scenario to put a valid TLS profile onto a Network Appliance (fancy word for a switch I guess).
Why did I say appliance, and not Router or Switch? Weeeeeell, think about it. You manage a lot of network stuff over HTTPS protocols these days, even when its not actually a web interface you are using to do it.

How I connected Kubernetes clusters across 4 countries with my own ASN, BGP peering, and perhaps too many IPsec tunnels

Hola,
Recently, I have made several changes to the AsBuiltReport.Veeam.VBR script, so I will summarize here all the new capabilities added.
Here is the link to the most recent report in HTML format: Report The first change I will discuss is the support for Microsoft Entra ID. In this case the Veeam Backup & Replication (VBR) Powershell module allows extracting the information of the Tenants that are configured in the VBR infrastructure.

30 November 2024

Mac's Tech Blog

WebVM is a full Linux environment running in the browser, client-side. It is a complete virtual machine, with support for persistent data storage, networking and, as of today’s release, Xorg and complete desktop environments.

In a previous post, I covered a method to automatically generate DNS zones from an embedded YAML list.
This wasn't the most useful on its own, only ensuring …

Deploying modern web apps – with all the provisions needed to be fast and secure while easily updateable – has become so hard that many developers don’t dare do it without a PaaS (platform-as-a-service). But that’s ridiculous. Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable. That’s a job for open source, and Rails 8 is ready to solve it. So it’s with great pleasure that we are now ready with the final version of Rails 8.0, after a successful beta release and several release candidates!

Let's walk through a common scenario.

Sample Dashboard Designs to review first thing in the morning while drinking your Coffee or Energy Drink.

In this new version, we’ve added the “official” support for the newvSphere and vSAN 8.3 APIsand Veeam Backup & Replication v12.

You've been lied to. You don't need the cloud – you can just run servers and save 10x your AWS costs. It's not that difficult.

Bare metal to production ready in mins; imagine fly.io on your VPS
Sidekick is made to make your life easy as you deploy your applications. It’s meant for people who care about shipping as fast as possible while doing things the right way. Sidekick is designed to allow you to host multiple applications on a single VPS and take care of making them production ready. If you get enough traction, scale up your VPS and call it a day!

A rant about caring

transhumanist and high functioning loser; instantiated simulation, statically stuck in superposition, calculated computationally complex, technomancer at will

Hola,
Today I am going to share the improvements I have made to the Veeam Backup & Replication infrastructure diagramming tool. This tool uses Graphviz as the engine to draw the diagram and the PSGraph module to generate the code from PowerShell. Here is the link to the project on GitHub:
https://github.com/rebelinux/Veeam.Diagrammer In version 0.6.8 information about SureBackup was added to the infrastructure diagram. In particular, the ability to diagram Application Groups and Virtual Labs has been added.

Découvrons NATS de A à Y. Ensemble, nous développerons un projet à base de micro-services en Golang pour tester les particularités de NATS et fiabiliser les échanges entre nos applications.

Extension du lab à l ecosystème Xen via XCP-ng et Xen Orchestrator. Installation des solutions et principes de base

Ça fait un moment que j’utilise Github comme support OAuth2 pour m’authentifier sur des applications. Toutefois, je me suis toujours contenté de suivre une documentation sans réellement chercher à comprendre ce qu’il se passait sous mes yeux chaque fois que je voulais m’authentifier.
De ce fait, je me suis motivé à écrire cet article à propos du SSO. L’objectif est de découvrir les mécanismes disponibles pour gérer une grande quantité d’utilisateurs et leurs accès aux applications de l’infrastructure.

After having automated the downloading of bundles for an offline depot in my lab I got the idea of experimenting with hosting it using a containerized nginx instance.

In this post I will demonstrate how one can automate the downloading of VMware Cloud Foundation bundles with Ansible, for later use with the offline depot functionality, which promises to relieve laborious bundle uploads to SDDC Manager.

While I was testing the new Release 8.0.3 from Broadcom, I ran into a few problems getting my nested lab...

Créer une infrastructure VPN hybride avec Headscale pour connecter des serveurs locaux et distants.

Posted:2024-05-25

Golden images were supposed to simplify infrastructure, but many teams still build Linux systems like it's 2009. Let's do it differently.