Tag: sysadmin

All the articles with the tag "sysadmin".

tini vs dumb-init vs --init

tini vs dumb-init vs --init

PID 1 zombie reaping in containers — tini, dumb-init, and docker --init compared; when each one fixes your signal handling and stops your 10s shutdown tax.

RAID Is Not Backup: Rebuild Math

RAID Is Not Backup: Rebuild Math

Your RAID 5 rebuild on a modern multi-TB drive has a 40-50% chance of hitting a URE before it finishes. Here's the 2026 math and what to do about it.

Incident Response for Self-Hosters

Incident Response for Self-Hosters

You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.

Bash One-Liners Worth Remembering

Bash One-Liners Worth Remembering

Twenty powerful bash one-liners every sysadmin should know—file ops, process hunting, networking, text processing, disk analysis

Compiling on Linux With Low RAM

Compiling on Linux With Low RAM

Compile software on Raspberry Pi or cheap VPS with 512MB–2GB RAM. Swap, parallel jobs, ccache, and swappiness tuning make it work.

nftables: Modern Linux Firewalling

nftables: Modern Linux Firewalling

iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.

2FA for SSH and sudo via PAM

2FA for SSH and sudo via PAM

Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.

SSH CA: Finally Ditch authorized_keys

SSH CA: Finally Ditch authorized_keys

Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.

LUKS Full Disk Encryption on Linux

LUKS Full Disk Encryption on Linux

LUKS encrypts your drives so a stolen server is just expensive recycling. Here's how to set it up, manage keys, and unlock headless boxes remotely.