Linux boxes via SSH: suspended when disconected
#HackerNews #Linux #SSH #LinuxBoxes #Disconnected #Technology #DevOps
I Hate GitHub Actions with Passion
https://xlii.space/eng/i-hate-github-actions-with-passion/
#HackerNews #I #Hate #GitHub #Actions #with #Passion #GitHub #Actions #DevOps #SoftwareDevelopment #CodingFrustrations
Handling secrets (somewhat) securely in shells
https://linus.schreibt.jetzt/posts/shell-secrets.html
#HackerNews #HandlingSecrets #SecureShells #ShellSecurity #Cybersecurity #DevOps
Michael Dexter
and 1 other
boosted
New blog post: GeoIP-Aware Firewalling with PF on FreeBSD
Running a mail server means constant brute-force attempts. My solution: geographic filtering. SMTP stays open for global mail delivery, but client ports (IMAP, Submission, webmail) are restricted to Central European IP ranges only.
Result: ~90% reduction in attack logs, cleaner signal-to-noise ratio, smaller attack surface.
Using MaxMind GeoLite2 + PF tables with ~273k CIDR blocks.
https://blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
New blog post: GeoIP-Aware Firewalling with PF on FreeBSD
Running a mail server means constant brute-force attempts. My solution: geographic filtering. SMTP stays open for global mail delivery, but client ports (IMAP, Submission, webmail) are restricted to Central European IP ranges only.
Result: ~90% reduction in attack logs, cleaner signal-to-noise ratio, smaller attack surface.
Using MaxMind GeoLite2 + PF tables with ~273k CIDR blocks.
https://blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
From an operator perspective, how would you like clustering of your #DNSSEC signing solution to work? #OpenSource #Community #DevOps
https://community.nlnetlabs.nl/t/some-thoughts-on-clustering/59
Launch a Debugging Terminal into GitHub Actions
https://blog.gripdev.xyz/2026/01/10/actions-terminal-on-failure-for-debugging/
#HackerNews #LaunchDebuggingTerminal #GitHubActions #DevOps #Debugging #CI/CD
pvergain (framapiaf)
boosted
The era of the "Specialized Vector Database" might be ending. 🐘
While everyone is chasing the latest AI tools, smart engineering teams are consolidating. The reality? pgvector is enough for 95% of RAG use cases.
Why introduce network latency and data egress fees when your embeddings can live right next to your relational data?
Simplicity scales better than complexity.
🎥 The full breakdown: https://youtube.com/shorts/-AUsHSjDLgg?feature=share
Pyinfra: Turns Python code into shell commands and runs them on your servers
https://github.com/pyinfra-dev/pyinfra
#HackerNews #Pyinfra #Python #ShellCommands #DevOps #Automation
Hosting 100 Linux dev environments on one VM using LXC
https://github.com/FootprintAI/Containarium
#HackerNews #Linux #Dev #Environments #LXC #Virtualization #Containarium #DevOps
dch :flantifa: :flan_hacker:
and 1 other
boosted
Here’s to the DevOps who plan so nothing goes bang.
Here’s to the engineers who make reliability boring.
Quiet systems aren’t accidents.
They’re the result of careful design, hard choices, and work done before the lights ever flicker.
Here’s to the DevOps who plan so nothing goes bang.
Here’s to the engineers who make reliability boring.
Quiet systems aren’t accidents.
They’re the result of careful design, hard choices, and work done before the lights ever flicker.
alcinnz
boosted
How to do zero-downtime deploys using systemd.
systemd has a socket-activation feature that's associated with starting services on demand, often paired with shutting them down they are idle.
But today I confirmed they have a great value for always-on services-- zero-downtime deploys for web services!
What happens is that systemd owns the listening socket and never stops listening during the restart. Connections are queued and succeed when the service up.
How to do zero-downtime deploys using systemd.
systemd has a socket-activation feature that's associated with starting services on demand, often paired with shutting them down they are idle.
But today I confirmed they have a great value for always-on services-- zero-downtime deploys for web services!
What happens is that systemd owns the listening socket and never stops listening during the restart. Connections are queued and succeed when the service up.
Ben Ramsey
boosted
New blog post: "Why I Built a Kubernetes Deployment Tool for PHP Developers"
After 15+ years of production PHP and watching teams burn weeks on K8s adoption, I finally built the tool I wished existed.
The premise: the gap between docker-compose and production shouldn't require a platform team.
https://eric.mann.blog/why-i-built-a-kubernetes-deployment-tool/
The era of the "Specialized Vector Database" might be ending. 🐘
While everyone is chasing the latest AI tools, smart engineering teams are consolidating. The reality? pgvector is enough for 95% of RAG use cases.
Why introduce network latency and data egress fees when your embeddings can live right next to your relational data?
Simplicity scales better than complexity.
🎥 The full breakdown: https://youtube.com/shorts/-AUsHSjDLgg?feature=share
New blog post: "Why I Built a Kubernetes Deployment Tool for PHP Developers"
After 15+ years of production PHP and watching teams burn weeks on K8s adoption, I finally built the tool I wished existed.
The premise: the gap between docker-compose and production shouldn't require a platform team.
https://eric.mann.blog/why-i-built-a-kubernetes-deployment-tool/