The systemd project was and is a *huge* leap forward for Linux. I can't imagine doing sysops without it.

https://blog.tjll.net/the-systemd-revolution-has-been-a-success/

Update: suspected "AI" usage for the images in the post, in case you want to avoid this.

Story of my life.

I finally figured out how to automate a certificate request on #Windows that also requires the csr to be signed by a user certificate. Man alive, it should not be that difficult.

As far as I can tell, certreq has no ability to do this natively, so I ended up using certreq to generate the initial csr, then leveraging the COM object to sign it, then back to certreq again for the actual submission/ acceptance.

If you know of a way to do this easier, please let me know!

What looked like a bit of background noise turned out to be a DDoS attack against the ScummVM website.

Anubis truly saved the day. Read the full story here:

https://fabulous.systems/posts/2025/05/anubis-saved-our-websites-from-a-ddos-attack/

Been doing good shit lately - building clustered server stacks for some of the world's greatest corporations.

I've been doing Bash programming for over 20 years, long before Puppet and Ansible came along, so I never really got into those technologies. I gave them a chance, but I prefer having full control, access to sources, and flexibility in my work. That's why I'm not a fan of the previously mentioned tools - or things like Tailwind and Docker. I love building my own tools and frameworks.

DevOps Engineer (8 month contract) | FreeBSD Foundation
https://freebsdfoundation.org/open-positions/devops-engineer-8-month-contract/

latest "monthly module monday" blog post :) https://cfengine.com/blog/2025/masterfiles-module/ (masterfiles(mfp) as the o.g. build module) #cfengine #configurationmanagement #unix #sysops

If it's code or executables, put it in the image. If it's persistent, put it in a volume. If it's configuration, put it in an environment variable or an environment variable file, or bind mount the configuration file if needed.

Don't bind mount Git directories with code or data into the container. It may be convenient during development, but it makes it very messy for whoever needs to deploy it later (they should ideally not even have to clone a repository).

Something in the Managed Cloud hosting has always bugged me as a DIY dedicated hardware sysop guy. However, times change and currently I'm looking for one or setting up one myself for a site that has insane amount of requests per second.

WP Engine, Pressidium, Pressable, Kinsta, WordPress VIP or custom AWS or what? What do you recommend, specifically for Enterprise WordPress?

A while back I was super tired and had too many command line windows open. I typed in the wrong command on the wrong server. This caused system being partly broken, because I accidentally upgraded a held-back package. Eventually got it fixed by recompiling that certain package, but it contained a module compiled by an external party, so had to wait and not restart any services for 24 hours.

Happens to all of us sometimes.

However, what I learned is I should finally really change the color of each prompt for every single server I have. I have dozens of them. I'm lazy that way, I just customize my local prompt but rarely do it on production servers, despite how easy it is.

For Mastodon my prompt is deep purple, like it should.

```bash
PS1="\[\e[38;5;141m\]\u@\h:\w\$ \[\e[0m\]"
```

Here are my other prompts, feel free to use these colors in your .bashrc:

```bash
PS1="\[\e[38;5;99m\]\u@\h:\w\$ \[\e[0m\]" # Light Purple
PS1="\[\e[38;5;141m\]\u@\h:\w\$ \[\e[0m\]" # Pastel Purple
PS1="\[\e[38;5;183m\]\u@\h:\w\$ \[\e[0m\]" # Lavender
PS1="\[\e[38;5;217m\]\u@\h:\w\$ \[\e[0m\]" # Light Pink
PS1="\[\e[38;5;216m\]\u@\h:\w\$ \[\e[0m\]" # Peach
PS1="\[\e[38;5;117m\]\u@\h:\w\$ \[\e[0m\]" # Sky Blue
PS1="\[\e[38;5;159m\]\u@\h:\w\$ \[\e[0m\]" # Soft Cyan
PS1="\[\e[38;5;121m\]\u@\h:\w\$ \[\e[0m\]" # Mint Green
PS1="\[\e[38;5;229m\]\u@\h:\w\$ \[\e[0m\]" # Soft Yellow
PS1="\[\e[38;5;210m\]\u@\h:\w\$ \[\e[0m\]" # Light Coral
```

Despite user growth being +1858% the database and media storage been very, very stable. I'm glad there are enterprise things like S3. I'm feeling more and more confident in my server stack skills.

Over the weekend, I wrote a script that parses my entire website and submits all URLs to the Internet Archive’s Wayback Machine, including all outgoing links.

https://fabulous.systems/posts/2025/01/bts1-submitting-entire-websites-to-archive-org/

#lispyGopherClimate
Recorded live #interview with @corwin
https://communitymedia.video/w/6wYk9SWR22YzKkgBDijrbC
January 8 #2025 0UTC Wednesday: Archive backup of the episode.

#FSF #sysops #emacs #pedagogy #gamedev #ttrpg #elisp #lisp #programming #lambdaMOO #dungeon

I was personally out-of-it this episode, but Corwin really shines!

From Corwin:
The FSF link for the fund-raiser is https://my.fsf.org/join

There's a page about dungeon here: https://directory.fsf.org/wiki/Dungeon-mode

Here's the project on Savannah: https://savannah.nongnu.org/p/dungeon

Just spent 6 hours trying find out and solve why my Matrix instance is showing: {"errcode":"M_NOT_FOUND","error":"Not found"} when trying to access images. I did not notice this problem before, because Matrix/Element caches images locally using blobs, but realized this after uploading images to IRC via heisenbridge.

I first thought I had messed up my S3 Object Storage. Then thought I messed up my filesystem. Then I thought I made a mistake in yaml configs. But it was none of that.

It's a while since I installed my Matrix server and completely forgot on how I set up my S3 Object Storage. It seems it is literally not documented. Like at all. Just like the half of Matrix and Synapse.

I ended up debugging literally anything and everything without any solution. After turning all stones I even asked ChatGPT and it started to run in loops in despair. Finally ended up reading synapse changelog here one bit by bit: https://element-hq.github.io/synapse/latest/upgrade.html#authenticated-media-is-now-enforced-by-default

It seems, I have upgraded in some point. And wow, in between of upgrades the whole thing has broken. I mean it runs without erros, but it's broken. No deprecated warnings in the log, no warnings in release logs. Left a comment here: https://github.com/element-hq/synapse/pull/17889#issuecomment-2564520513

My solution was to add in homeserver.yaml:
enable_authenticated_media: false

What I hate about Matrix is:

- Nothing is documented
- Nothing is explained
- Everything is complicated to set up

Each upgrade and extension is like building and tinkering for hours and hours and hoping for the best.

I don't know why I keep using Matrix. Guess I like being hurt all the time.

The FSF SysOps team has been hard at work over the past six months on quite a few major projects, and needs your help! https://u.fsf.org/44z #SysOps #FSF

Throughout my entire professional life, as #SysOps #DevOps #SRE, you call it, there have been two technologies that always seem to pursue me: #OpenLDAP and #PostgreSQL and believe me, I have put all my effort into avoiding them, well at least OpenLDAP, after all I love PostgreSQL, and definetelly I'm doing it really bad

A Client has requested SSH access to one of their servers (that we manage for them) for a 3rd party.

I'm thinking of setting up some sort of jail.

There appear to be a few options out there.

Anyone have opinions on the best way to do this?