Tag: Linux

A terminal workspace that doesn't sacrifice simplicity for power. Features floating panes, layouts, multiplayer collaboration, plugins, and works in your browser.

Diskless Linux Boot

tar.gz files seem to include extra files starting with ._. When these are extracted on Linux, a bunch of errors are displayed.

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

Does anyone else remember when XCOPY via VAAI was released on vSphere? How cool it was to offload the copy of a VM to the array. It only got cooler as the storage vendors figured out how to not act…

Welcome to Austin’s Nerdy Things, where we spend years chasing nanoseconds that nobody asked us to chase. Five years ago, I started this blog by building a microsecond-accurate NTP server with a Raspberry Pi and PPS GPS. Then I went simpler – a $12 USB GPS for millisecond-accurate NTP because ease of use matters too. […]

We’ve all been there. We deploy an appliance and then we can’t find the password. We try to log in a few times and the accout gets locked out. For administrators managing VMware Cloud F…

Discover powerful applications such as Little Snitch Mini, Little Snitch, LaunchBar and Micro Snitch.

J.HOMMET.NET - Humain analogue dans un monde numérique.

I run Coolify on a Hetzner bare metal server to host multiple web apps I have built and the services I use to maintain them. Of course almost none of my sites have any users, but I enjoy the process, and that is not here or there (but if you

I've had my Framework 13 for a year now, but am I still enjoying it?

Introduction
Knock Knock Knock ! Connaissez-vous le port knocking ?
Le tocage à la porte, ou port-knocking, est une méthode...

Xen Orchestra install/update script. Contribute to ronivay/XenOrchestraInstallerUpdater development by creating an account on GitHub.

A beautiful, minimal desktop shell for Wayland that actually gets out of your way. Built on Quickshell with a warm lavender aesthetic.

A 5-20x faster experimental Homebrew alternative. Contribute to lucasgelfond/zerobrew development by creating an account on GitHub.

Instant Linux boxes via SSH. Create stock boxes or OCI image-backed VMs. Scale to zero and pay only for what you use.

A web accessible Virtual Machine powered by Docker, Debian, and noVNC.

Learn how terminal emulators and TUIs work through interactive demos. Explore the grid model, escape sequences, keyboard input, and more.

CLI agents like Claude Code make self-hosting dramatically easier and actually fun. This is the first time I would recommend it to normal software-literate people.

Harvest a host's real configuration and turn it into Ansible roles/playbooks. Safe-by-default, with optional SOPS encryption.

When we talk about routing, we often picture routers, firewalls, and network appliances moving traffic across large networks.

An unofficial and opinionated book for beginners

Minimal Linux container host. Contribute to vmware/photon development by creating an account on GitHub.

Learn how to create and manage a multi-machine Uncloud cluster from scratch. This hands-on tutorial walks you through initializing a cluster, adding machines, managing contexts, and deploying your first containerized service.

With a Red Hat Developer Subscription (for Individuals) it’s possible to get Red Hat Enterprise Linux (RHEL) licensing valid for up to 16 systems for a home lab at no cost!

A guide on building a simple Linux distribution from scratch. Detailed guide on building the kernel and the init process. Finally, a little distribution is built with u-root that is capable of connecting to the Internet.

Discover how to bypass the network stack for Host-to-VM communication using Linux Virtual Sockets (AF_VSOCK). This article details how to use these sockets to build a high-performance gRPC service in C++ that communicates directly over the hypervisor bus, avoiding TCP/IP overhead entirely.

Today, I will play with the Offline Depot Web Server. There is an official documentation provided by BROADCOM which I followed in general. But there are some details the link does not describe deta…

An exploration of DNS and Name-to-IP translation. This deep dive explores NSS, getaddrinfo, systemd-resolved and more!

Update - February 23, 2026 After some great feedback from the YouTube community, here's a list of additional tips and troubleshooting steps for those still experiencing issues: VMware Workstation Specific Ensure Open VM Tools is installed and running Keep the VM in full screen mode and the mouse focused Set the resolution lower than the

Updates on Tailscale's efforts to improve NAT traversal, for its client and for the web at large.

I’ve usedMullvadas my VPN provider for a few years. Their service is good, they provide keys for 5 devices, rely on the Wireguard protocol, and offer alternative configurations as well. Despite that,

Multipath TCP (MPTCP) for Linux, an extension to TCP that enhances connection redundancy and performance by utilizing multiple underlying TCP sessions simultaneously. This site provides installation guides, debugging tools, FAQs, and a list of apps supporting MPTCP, aimed at facilitating the adoption and implementation of MPTCP for Linux users and developers.

Découvrez comment Bootc et OSTree révolutionnent le déploiement des systèmes Linux, offrant une gestion moderne, efficace et immuable.

Making dwm as beautiful as possible! . Contribute to siduck/chadwm development by creating an account on GitHub.

Release notes for Ghostty 1.2.0, released on September 15, 2025.

The Intel 285K CPU in my high-end 2025 Linux PC died again! 😡 Notably, this was the replacement CPU for the original 285K that died in March, and after reading through the reviews of Intel CPUs on my electronics store of choice, many of which (!) mention CPU replacements, I am getting the impression that Intel’s current CPUs just are not stable 😞. Therefore, I am giving up on Intel for the coming years and have bought an AMD Ryzen 9950X3D CPU instead.

WinBoat lets you run any Windows application on Linux with seamless desktop integration. Elegant interface, automated installs, filesystem integration, and native OS-level windows.

Sourcing data directly from diskISfaster than caching in memory. I brought receipts.
Because hardware got wider but not faster, the old methods don't get you there. You need new tools to use what is

A Jujutsu tutorial that requires no previous experience with Git or other version control systems.

Image Factory generates customized Talos Linux images based on configured schematics.

Warning: Contains tongue-in-cheek language that might feel provocative if you have invested part of your identity into y…

Master runit Linux init system with comprehensive guide covering installation, configuration, service supervision, and practical examples for efficient system management.

Bonjour à tous ! Aujourd'hui un article pour parler d'une chose simple : la configuration de la solution rsyslog sur un serveur GNU/Linux en utilisant les …

An evolving how-to guide for securing a Linux server. - imthenachoman/How-To-Secure-A-Linux-Server

Dive deep into Kubernetes Security Contexts and learn how to manage security settings for your pods and containers.

After 15 years on macOS, I made the leap to Arch Linux using Omarchy. Here's what I discovered about the trade-offs, workflow changes, and why shorter battery life and fan noise haven't sent me back to my MacBook.

Rofi: A window switcher, application launcher and dmenu replacement - davatorium/rofi

I have been exploring some new tools here and there. When I started watching Primeagen, I took a note of several tools that he was using and advocating for. One of them was tmux.
What is tmux? tmux is a terminal multiplexer. What that means is you can have many terminals in one. According to tmux wiki:
tmux is a program which runs in a terminal and allows multiple other terminal programs to be run inside it. Each program inside tmux gets its own terminal managed by tmux, which can be accessed from the single terminal where tmux is running - this called multiplexing and tmux is a terminal multiplexer.

Sysxplore explores DevOps, Cloud, and Linux topics in a straightforward way, making complex concepts easy to grasp. Our goal is to deliver technical information and make it enjoyable to learn.

exploit NAT/firewalls to access TCP/UDP services bound to any system behind victim's NAT

Proxyman is a native, high-performance HTTP debugging proxy app for macOS, iOS, Windows, and Linux. Capture, inspect, and mock HTTP/HTTPS requests with ease. The best Charles Proxy and Fiddler alternative for developers.

This year I decided to refactor my personal cloud infrastructure. Because of various nuances in m...

A satellite project of labs.iximiuz.com - an indie learning platform to master Linux, Containers, and Kubernetes the hands-on way 🚀

The easiest way to run WireGuard VPN + Web-based Admin UI. - wg-easy/wg-easy

Interactive Streaming Telemetry lab with Nokia SR Linux nodes forming a Clos topology - srl-labs/srl-telemetry-lab

Contribute to srl-labs/clab-api-server development by creating an account on GitHub.

Firezone is a fast, flexible VPN replacement built on WireGuard® that eliminates tedious configuration and integrates with your identity provider.

A technical blog about Rust, Linux and other topics.

Recently I’ve been working on a pretty big rust project and to my surprise Icouldn’t get tests to work properly.

For one of my network storage PC builds, I was looking for an alternative to Flatcar Container Linux and tried out NixOS again (after an almost 10 year break). There are many ways to install NixOS, and in this article I will outline how I like to install NixOS on physical hardware or virtual machines: over the network and fully declaratively.

After having spent the better part of 2 weeks learning Linux’s cgroup (control group) concept, I thought I better write this down for the next brave soul. 🦸

2025-05-20

Lately I’ve been trying to find (and understand) the limits of time syncing between Linux systems. How accurate can you get? What does it take to get that? And what things can easily add measurable amounts of time error?
After most of a month (!), I’m starting to understand things. This is kind of a follow-on to a previous post, where I walked through my setup and goals, plus another post where I discussed time syncing in general. I’m trying to get the clocks on a bunch of Linux systems on my network synced as closely as possible so I can trust the timestamps on distributed tracing records that occur on different systems. My local network round-trip times are in the 20–30 microsecond (μs) range and I’d like clocks to be less than 1 RTT apart from each other. Ideally, they’d be within 1 μs, but 10 μs is fine.
It’s easy to fire up Chrony against a local GPSTechnically, GNSS, which covers multiple satellite-backed navigation systems, not just the US GPS system, but I’m going to keep saying “GPS” for short.
-backed time source and see it claim to be within X nanoseconds of GPS, but it’s tricky to figure out if Chrony is right or not. Especially once it’s claiming to be more accurate than the network’s round-trip time20 μs or so.
, the amount of time needed for a single CPU cache miss50-ish nanoseconds.
, or even the amount of time that light would take to span the gap between the server and the time source.About 5 ns per meter.
I’ve spent way too much time over the past month digging into time, and specifically the limits of what you can accomplish with Linux, Chrony, and GPS. I’ll walk through all of that here eventually, but let me spoil the conclusion and give some limits:
GPSes don’t return perfect time. I routinely see up to 200 ns differences between the 3 GPSes on my desk when viewing their output on an oscilloscope. The time gap between the 3 sources varies every second, and it’s rare to see all three within 20 ns of each other. Even the best GPS timing modules that I’ve seen list ~5 ns of jitter on their datasheets. I’d be surprised if you could get 3-5 GPS receivers to agree within 50 ns or so without careful management of consistent antenna cable length, etc. Even small amounts of network complexity can easily add 200-300 ns of systemic error to your measurements. Different NICs and their drivers vary widely on how good they are for sub-microsecond timing. From what I’ve seen, Intel E810 NICs are great, Intel X710s are very good, Mellanox ConnectX-5 are okay, Mellanox ConnectX-3 and ConnectX-4 are borderline, and everything from Realtek is questionable. A lot of Linux systems are terrible at low-latency work. There are a lot of causes for this, but one of the biggest is random “stalls” due to the system’s SMBIOS running to handle power management or other activities, and “pausing” the observable computer for hundreds of microseconds or longer. In general, there’s no good way to know if a given system (especially cheap systems) will be good or bad for timing without testing them. I have two cheap mini PC systems that have inexplicably bad time syncing behavior,1300-2000 ns.
and two others with inexplicably good time syncing20-50 ns
. Dedicated server hardware is generally more consistent. All in all, I’m able to sync clocks to within 500 ns or so on the bulk of the systems on my network. That’s good enough for my purposes, but it’s not as good as I’d expected to see.

Burstable VMs run on a fraction of CPU and burst to a higher level of CPU usage to support occasional usage spikes. To implement them, we leveraged Control Groups v2 (cgroups v2), a Linux kernel feature that helps manage resource usage. We thought our open-source implementation of burstable VMs might be interesting enough to write about. We also learned a lot about Linux cgroups in the process!

Tired of Annoying Ads and Privacy-Invading Trackers? Here’s How to Take Control...

Explore essential homelab services for 2025 including Plex, Jellyfin, the *arr stack, Immich, Home Assistant, Pi-hole, Grafana, and more.

An opinion on the trend of content creators promoting Tmux and Zellij for desktop environments – and why these setups may miss the point.

What are these distroless images, really? Why are they needed? What's the difference between a container image built from a distroless base and a container image built from scratch? Let's take a deeper look.

30 November 2024

Using Linux's fancy networking to keep torrent traffic private

WebVM is a full Linux environment running in the browser, client-side. It is a complete virtual machine, with support for persistent data storage, networking and, as of today’s release, Xorg and complete desktop environments.

A guy decides to show off his Neovim setup.

This video started as the answer to a simple question - how can I self-host a service for my friends and family, behind cgnat, without requiring them to install any apps (like tunnels)? This video turned into a bunch of different ways to proxy IPv4 to IPv6, so you can receive IPv6 traffic natively and bring in legacy traffic from a VPS which does have public IPv4.
While I’m giving you a lot of different examples and methods here, you can mix and match a lot of them to fit your needs.

Golden images were supposed to simplify infrastructure, but many teams still build Linux systems like it's 2009. Let's do it differently.

Finally, Podman has a Docker Compose alternative

Au final ... qu'est-ce qu'un conteneur ? Nous allons voir les bases de ce qu'est un conteneur, comment sont-ils créés et comment les utiliser. Nous verrons aussi comment utiliser LXC pour créer un conteneur.

So Linux has adopted Persistent Device Naming, which is a really great thing for most systems. Unlike the old days where we just had eth0 and eth1 and eth2 etc (which at least has no spaces unlike Local Area Connection 6 that another OS uses), whose order depended on driver initialization in the kernel. Most people just had eth0 and were happy, and most people will still just have one Ethernet interface and will still be happy.

DebianRepository est un projet basé sur Docker permettant de déployer un dépôt de paquets Debian en quelques secondes

Today I learned that, since macOS High Sierra onwards, you can move a window by starting to drag anywhere on it.

How Docker publishes container ports on the host? How to use SO_REUSEPORT to make multiple containers listening on the same port? How to use iptables to make multiple containers exposed on the same port?

What are iptables chains, rules, policies, and tables? Describe iptables in layman's terms.

VXLAN is an overlay network for L2 traffic over an existing IP network. Let's explore how to configure it on Linux.

Virtual eXtensible Local Area Network (VXLAN) is a protocol to overlay a virtualized L2 network over an existing IP network with little setup. It...