Given the current situation around Lenovo firmware, it's a good time to run:

fwupdmgr refresh
fwupdmgr update

If you didn't already update using "GNOME Software" or alike.

Using tang to centralised unlock the disk encryption of your servers? Need a backup of your tang server? Tar your tang-db, base64 encode it and store it in your passwordsafe. Easy, quick and accessible. (Of course make sure sure you can access your passwordsafe without depending on the infrastructure you need to unlock)

Using the Linux desktop is a bit like being a vegetarian. Wherever you go you have to ask whether it runs on Linux, you get your stuff from "specialised shops" most of the time, but all in all, it feels a lot better and your relationship to the food/computer becomes better.

And there is the more extreme group of vegans/free-software-only users, that restrict themselves even more in everything.

Talking about DNS, I happen to have a little article published about systemd-resolved and DNSoverTLS:

If you are bored and search something fun to do, maybe try it out :)

Mhm, I thought a bit about improving the linux desktop world:

It's nothing really original but let's see where it leads. Ideas, hints, etc. are very welcome.

I just noted down my personal take on the whole disaster.

I'm not sure what else to say there. Have your read, I think I come to a similar conclusion as various other people.

Literally the most useful keyboard shortcut I learned this year is ctrl + U

It deletes a filled password field on linux. In your browser, on the bootscreen when entering your LUKS password, your login password field, in the sudo prompt, …

It's great when you have a long password and you know you hit a typo somewhere.

Try it it's awesome. And it's the worst thing, that it doesn't work on other platforms.

The DNS zone of my personal domain ( has 127 records. The entire setup runs distributed across 4 servers, everything has SSO, there is centralized logging, the setup is mostly automated (especially software updates) and I actually spend most of my screen time interacting with the outside world through my federated services.

:blobfoxlaughsweat: I can't stop thinking that it's a bit overdone. But I swear, it was an accident!

Another weekend another evening project. Today: A simple container firewall that runs in user space and therefore doesn't need CAP_NET_ADMIN.

Is it as effective as iptables? By no means. But it's most likely sufficient for the majority of use cases.

I was about to write a whole blog article about cloud gaming with and parsec on , but somehow ended up with a write style I don't like.

Therefore here just some source code for a paperspace curl CLI:

I'm sure you can figure out the rest yourself, knowing that is now available on .

:blobfoxconfused: I no longer (may I never did?) understand my system.

I have 12GB of RAM, it considers roughly 6-8GB as being used, over time ~4GB are considered cache and there are also roughly 6GB of Swap around that is entirely free. Still my system dies OOM more and more often recently 👀

I already increased the memory pressure close to maximum so the cache should go away as soon as anything is needed, but nope. Still OOM. Help?

:blobfoxthink: Is it a rather useful idea to use floating-IPs for email servers? Usually I don't care about about switching IPs, but here it might come in handy. Any thoughts on that?

I can highly recommend this talk to anyone who develops or ever compiles software from the internet:

It's a 2 hours tour through open source and free software copyright questions.

I'm not sure who thought that giving my Wayland session the same oom score as every other program would be a good idea.

Or to put it more constructive: I just wrote a systemd.timer to adjust my gdm-wayland-session's oom score, to no longer stand in line with other desktop processed to be killed. Let's see what happens :)

Sometimes you insist on knowing something but will be proven wrong. Taking that and learning form it, which makes the difference between being an old grumpy person and a learning grumpy person.

I happy that I made it yesterday to be the latter:

TL;DR: while port 465 was deprecated in 1998 for smtps, it was refused by RFC8314 for "submissions" which is most people used it for years anyway. Main difference: It's standardised now.

If you are new or inexperienced when it comes to SELinux and/or enjoy containers, this is a great talk to learn how to fix problems with it:

It becomes easy once you get things right and can help you a lot to keep everything where it belongs.

By the way, I maintain a bunch of communities on Matrix for various topics. Such as , () |s, self-hosting and an open community chat where people can just exchange.

You can find all of them with some descriptions at:

Or by using as room directory.

Mhm, anyone knows a minimalistic monitoring solution that doesn't require me to keep a zoo of daemons and services around?

(And that is agent-based so I don't need to expose an API on each of my servers for no particular reason 👀)

Show older