Overclocking Linux PCs: A Complete Technical Guide
MSR writes, amdgpu ppfeaturemask, Nvidia Coolbits, LACT, the AMD 3D V-Cache Optimizer driver, Ryzen X3D generational restrictions, XMP/EXPO verification, and full stability testing methodology with stress-ng, Memtest86+, MCE monitoring, and MangoHud. Where online guides disagree, this article explains which claim is correct and why -- with kernel documentation and driver release notes to back it up.
AlmaLinux Errata: What It Is, How It Works, and How to Use It
Every ALSA advisory is the end of a pipeline that starts at Red Hat's CSAF/VEX feeds, routes through the AlmaLinux Build System's sign server, and lands as a hash-prefixed updateinfo.xml.gz inside every repo. Trace the route: how ALSA, ALBA, and ALEA advisories are numbered (and why the sequence sometimes diverges from RHSA), why AlmaLinux now generates its own OVAL for version 10 after Red Hat dropped it, the four GPG fingerprints every scanner should trust, the first out-of-band ALSA in project history (CVE-2024-1086 on 30 March 2024), DNF4 versus DNF5 command renames on AlmaLinux 10, dnf-automatic timer pitfalls that override your config, ELevate repo handoffs during 8-to-9 and 9-to-10 migration, and the air-gapped reposync pattern that preserves errata metadata end-to-end. Reference-grade, with commands and URLs verified against primary sources.
SecurityMCPwn: CVE-2026-33032 nginx-ui Authentication Bypass Explained
When nginx-ui added Model Context Protocol support so AI assistants could manage server configuration directly, a missing authentication call on the /mcp_message endpoint left the entire tool surface open to the network. CVSS 9.8. Actively exploited. Two HTTP requests to full nginx control. This guide traces the flaw from source code to exploitation: the exact Go router registration that skips AuthRequired(), the fail-open whitelist that passes all traffic when empty, the companion unauthenticated backup download that leaks node_secret, and the post-exploitation path from config injection to forged admin tokens. Remediation covers patching to v2.3.6, setting IPWhiteList entries in app.ini, locking down port 9000 with nftables or iptables, and auditing configuration files for persistence indicators left behind by attackers.
SecurityAlmaLinux Cybersecurity: What Is Specific to AlmaLinux and Why It Matters
What AlmaLinux adds to the inherited RHEL security baseline: Codenotary immudb supply chain provenance with per-package SBOMs, FIPS 140-3 validated modules delivered only through TuxCare ESU (CMVP #4750 kernel, #4823 OpenSSL), the DISA STIG officially published as "CloudLinux AlmaLinux OS 9" (NIST NCP checklist 1264, V1R6 Final, 443 controls), Secure Boot keys generated on permanently air-gapped hardware with shim 16.1-4 dual-signing for Microsoft UEFI CAs 2011 and 2023, ABI compatibility that lets Zenbleed and CVE-2024-1086 patches ship before RHEL, SBAT revocation mechanics, IMA per-file signing, and post-quantum cryptography enabled by default in AlmaLinux 10.1 OpenSSL 3.5. Five interactive widgets covering compliance framework reading paths, FIPS deployment decisions, STIG ID to NIST 800-53 mapping, CMVP validation timeline, and errata advisory taxonomy.
SecurityHow to Configure AlmaLinux for Enterprise Security: SELinux, FIPS Mode, and CIS Benchmarks
A default AlmaLinux 9 installation fails more than 100 CIS Level 2 controls. This guide closes those gaps across three layers: SELinux type enforcement that blocks root-level access based on process context labels, FIPS 140-3 mode using TuxCare's CMVP-validated kernel and OpenSSL packages, and CIS Benchmark hardening covering partitioning, auditd rules, SSH configuration, PAM lockout policy, and sysctl network parameters. Addresses the "just disable SELinux" debate head-on, explains why post-install FIPS enablement is being deprecated upstream (RHEL 10 removed fips-mode-setup entirely), and includes the DISA STIG severity category model for DoD environments.
DistrosAlmaLinux: The Soul of Enterprise Linux and the Battle for the Open-Source Future
A technical examination of AlmaLinux from build pipeline to governance to release architecture. Covers the five-component ALBS build system (GPLv3, publicly auditable at build.almalinux.org), the June 2023 source code crisis and what ABI compatibility actually means at the calling-convention level, Zenbleed patches shipped before Red Hat, CERN and Fermilab adoption, post-quantum ML-KEM and ML-DSA support in AlmaLinux 10, 150+ re-enabled device drivers, x86-64-v2 EPEL baseline for legacy hardware, FIPS 140-3 via TuxCare, and the honest AlmaLinux vs Rocky Linux governance and compatibility comparison that clarifies what a Delaware PBC actually is.
KernelBambi's Guide to Linux: What Nobody Told You When You Spawned In
A ground-up walkthrough of the Linux kernel, process scheduling, the filesystem hierarchy, and systemd -- written for the person who just landed at a blinking cursor and wants to understand the machine, not just memorize commands. Covers the kernel/user-space boundary enforced by hardware privilege rings, the task_struct that represents every process and thread, how CFS virtual runtime and EEVDF virtual deadlines determine which process runs next, the everything-is-a-file-descriptor principle (and why that phrasing matters more than "everything is a file"), the GNU/Linux naming debate, inode architecture on ext4, the 12-bit permission model including SUID escalation, Unix signals and their architecture-dependent numbering, the fork-exec process creation pattern, and cgroups v2 service isolation under systemd.
KernelAdvanced Linux Command Line: What the Shell Doesn't Tell You
Beyond built-in commands and shell syntax into the kernel interfaces that actually govern process behavior. Explores /proc as a live kernel data source, namespace isolation primitives underpinning every container runtime, cgroup v2 resource accounting, strace and ltrace for real-time syscall inspection, perf for hardware-counter profiling, bpftrace for writing custom eBPF observation programs, the VFS abstraction layer connecting file descriptors to inodes, CFS scheduling decisions that override nice values, signal delivery mechanics and the reentrancy traps in signal handlers, terminal driver job control, and a repeatable diagnostic workflow for isolating root cause in production.
HardwareLinux-First Laptops: Framework, System76, TUXEDO, and ThinkPad Compared
Which laptop vendor earns the label "Linux-first" -- and what trade-offs does each one force you to make? Compares firmware openness (coreboot vs. proprietary UEFI vs. open EC), repairability ceilings, display technology range, battery life under Linux with real-world estimates, suspend behavior on S0ix vs. S3, Wayland readiness across NVIDIA hybrid configurations, and warranty geography. Includes a firmware audit script, a security hardening checklist, a five-year total-cost-of-ownership calculator, and a pre-purchase Linux compatibility workflow.
Linux GamingModding Gaming Servers on Linux: A Practical Field Guide
How to stand up and maintain a modded dedicated game server on Linux without losing your save files or your mind. Walks through SteamCMD installation and scripted updates, Steam Workshop content on headless servers, BepInEx 5 versus 6 for Unity Mono and IL2CPP titles, Metamod and CounterStrikeSharp for CS2, config management and BepInEx's dependency-driven load ordering, systemd unit files with SIGTERM graceful shutdown, firewall port configuration per game, resource planning for modded environments, and a structured troubleshooting workflow.
SysadminHow to Write Efficient Bash Scripts on Linux: Variables, Loops, Functions, and Error Handling
Bash's internal mechanics from the process model up: how fork() and exec() create the subshell trap that silently discards variable changes inside pipelines, why parameter expansion outperforms external commands by orders of magnitude in loops, how to scope function variables with local and namerefs, and how to assemble set -euo pipefail, trap EXIT, structured exit codes, and ShellCheck into scripts that fail honestly and clean up after themselves.
Linux GamingBattlEye Kicks on Linux: Fix Every "Client Not Responding" Error
BattlEye and Proton are officially compatible -- but the setup has several mandatory steps that are easy to miss. Covers every required configuration: Proton BattlEye Runtime installation, vm.max_map_count kernel parameter with per-distro defaults, PROTON_BATTLEYE_RUNTIME launch option, Proton version selection, BattlEye service file reinstallation, Steam Deck specifics, diagnostic log reading, and third-party overlay interference.
Linux GamingGetting Rid of the Snap Steam Client on Linux
Step-by-step procedure for removing the Snap-packaged Steam client on Ubuntu and Debian-based distributions and replacing it with Valve's official APT package. Covers the sandbox-in-a-sandbox conflict that triggers controller and shader issues, snapd privilege escalation risk, detection commands, game library preservation, the Flatpak alternative, and pinning rules to stop Ubuntu from reinstalling the Snap automatically.
Linux GamingLinux Gaming on Pop!_OS: The Full Picture in 2026
Pop!_OS 24.04 LTS shipped with COSMIC Epoch 1, kernel 6.17.9, Mesa 25.1.5, and NVIDIA 580 drivers on December 11, 2025. This article covers the full Proton translation pipeline from PE file execution through DXVK and VKD3D-Proton to Vulkan, the esync/fsync/NTSYNC thread synchronization stack, anti-cheat compatibility by game title, the AMDVLK-to-RADV consolidation, the Nova Rust-based NVIDIA kernel driver timeline, and COSMIC's Wayland-only implications for XWayland gaming and OBS screen capture.
KernelUnderstanding D-Bus and libdbus: How Linux Applications Communicate with Each Other
How Linux userspace services exchange messages at runtime through the system and session buses. Walks through the D-Bus wire protocol and type system, unique and well-known name registration, libdbus and sd-bus C APIs, XML security policy enforcement, the PropertiesChanged signal pattern, ObjectManager-based service discovery, practical busctl debugging workflows, and why dbus-broker has replaced dbus-daemon on Fedora and Arch.
Linux GamingMangoHud: GPU and CPU Overlay for Linux Gaming
Install, configure, and troubleshoot the performance overlay behind the Steam Deck HUD. Covers every 0.8.2 config parameter, DLSYM hooking behavior, Intel GPU sysfs profiling with a persistent udev rule, OpenGL compatibility workarounds for Crusader Kings III and Ryujinx, the GTK-4 application blacklist, Flatpak Steam sandboxing, mangohudctl socket control, and ARM platform support through Panfrost, Panthor, and Qualcomm KGSL drivers.
HardwareOverclocking Linux PCs: A Complete Technical Guide
The performance governor does not pin your CPU to max frequency on amd_pstate active. Coolbits 31 includes two dead bits removed years ago. ppfeaturemask 0xffffffff enables experimental features that can break suspend on specific GPU families. This is the overclocking reference that explains what the tools are doing at the register and sysfs level -- and addresses the points where online guides contradict each other.
Linux GamingDayZ on Linux: Proton, BattlEye, vm.max_map_count, and dayz-ctl
A complete technical reference for running DayZ on Linux through Proton. Walks through the full Wine translation stack layer by layer, explains the vm.max_map_count kernel limit that causes mid-load crashes, covers the December 2021 BattlEye Proton opt-in and what changed architecturally, and shows how dayz-ctl bypasses Bohemia's broken launcher to correctly build the -mod= argument for modded servers. Includes a performance tuning reference, PipeWire crackling fix, DXVK cache management, and an interactive troubleshooting decision tree.
KernelHow to Write Your First Linux Kernel Module in C
A ground-up technical reference for writing loadable kernel modules in C. Covers copy_to_user TOCTOU hazards, get_user/put_user, SLUB slab allocation with GFP flag selection, devm_ managed memory, KASAN, dynamic debug, lockdep, symbol namespaces, kprobes for runtime kernel instrumentation, the preempt_count context register, and RCU read-side locking. Includes complete buildable source for a /proc read/write module.
KernelLearning C Programming for Linux Development
What the C specification leaves undefined, GCC exploits for optimization -- and the Linux kernel uses specific flags like -fno-delete-null-pointer-checks and -fno-strict-aliasing to prevent it from breaking safety logic. This guide covers the full compilation pipeline from preprocessor to ELF binary, the five memory regions and what lives in each, signed integer overflow as undefined behavior, how system calls cross the ring-3 to ring-0 boundary via the syscall instruction and rax register, writing and loading kernel modules in C, and the security-critical toolchain settings the kernel itself depends on. Includes coverage of KASLR, KPTI, kernel lockdown, io_uring security controls, and the Valgrind/AddressSanitizer workflow for catching memory bugs before they reach production.
DevOpsContainer Networking Conflicts: Subnet Overlaps, Port Collisions, and DNS Failures on Linux
Docker and Podman silently claim subnets, spawn userland proxy processes, inject firewall rules into iptables raw-PREROUTING, and write their own resolv.conf -- without asking. When those decisions collide with your VPN, your corporate LAN, or systemd-resolved, the symptoms are bizarre and the root causes are invisible. Covers the ndots ceiling, the glibc three-nameserver limit, the Docker Engine 28 unpublished-port exposure that existed since Docker's first release, MTU mismatches on cloud hosts, the multi-network default-gateway rerouting trap, and why internal: true networks still reach the Docker host IP.
Hardwaredmesg Quick Reference: Read the Linux Kernel Ring Buffer
The kernel ring buffer holds every message from boot to now -- hardware detection, driver errors, OOM kills, disk failures. Here is how to read it, filter it by log level, search it with grep, check dmesg_restrict, compare it to journalctl -k, and make sense of what you find.
DistrosWhat Is Batocera.linux? The Retro Gaming OS That Turns Any Machine Into a Console
From its Buildroot foundations and Recalbox lineage to 200+ emulated systems, v43 Glasswing with LabWC, and the deep mechanics -- the configgen overwrite cycle, per-ROM batocera.conf syntax, the AUTO resolution chain, MangoHud integration, and the built-in AI translation feature. Covers ShadPS4 PS4 emulation, RPCS3, Xenia, hardware compatibility across every tier, and when Batocera beats every alternative.
NetworkingDocker Daemon Networking Architecture
A ground-up technical reference for how dockerd constructs container networks using Linux kernel primitives. Covers the Container Network Model sandbox-endpoint-network abstraction, network namespace isolation, veth pair creation, the docker0 bridge, iptables chain structure including DOCKER-USER and the ufw bypass problem, VXLAN overhead calculation for overlay networks, macvlan and ipvlan driver differences, the systemd-resolved DNS failure mode, and a step-by-step production debugging workflow.
NetworkingTroubleshooting Container Firewall Conflicts
A complete reference for diagnosing container firewall failures on Linux. Explains why DNAT at prerouting bypasses all filter rules, how to use DOCKER-USER and nftables priority chains to enforce policy, the StrictForwardPorts gap with Netavark's firewalld driver, Docker Engine 29 nftables backend specifics, and a verified step-by-step diagnostic workflow from symptom to fix.
Security — Network ScanningNmap with Linux: Network Scanning from the Command Line
How to install and operate Nmap 7.99 on Linux for network discovery and security auditing. Covers every scan type from SYN and TCP connect to UDP and SCTP INIT, the four-phase scanning process, service and version detection with version intensity tuning, OS fingerprinting mechanics, the Nmap Scripting Engine with 600+ scripts across 14 categories, timing templates, output formats, firewall and IDS evasion techniques, IPv6 scanning, Ndiff for tracking network changes over time, and what filtered, open|filtered, and unfiltered actually mean at the packet level.
Security — Network ScanningNmap: The Complete Guide to Network Scanning and Reconnaissance
From ping sweep to custom NSE scripts — a complete technical reference for Nmap 7.98. Includes every scan type, OS fingerprinting mechanics, timing templates, SCTP scanning, output format integration, and a six-phase phased assessment workflow with ready-to-run commands.
SysadminThe LAPP Stack: Linux, Apache, PostgreSQL, and PHP
The LAPP stack swaps MySQL for PostgreSQL -- and this guide explains precisely why that matters. Complete Ubuntu 24.04 installation with PHP 8.4-FPM, pg_hba.conf hardening, virtual host configuration, TLS setup, and a technical account of PostgreSQL 18's new async I/O subsystem. Includes verifiable sources throughout.
DistrosHow to Install AlmaLinux: A Complete Guide for CentOS Refugees
CentOS is gone. AlmaLinux is the answer -- ABI compatible with RHEL, community governed, and free forever. Covers why AlmaLinux exists, fresh installation with LVM partitioning, systemd, SELinux, DNF module streams, firewalld, Cockpit, Kickstart automation, container and cloud images, ELevate in-place migration from CentOS 7, and production hardening. Current through AlmaLinux 9.7 and 10.1.
DistrosWhat Is Xfce on Linux?
Xfce is a free, modular, lightweight desktop environment for Linux and Unix-like systems -- not the same as Xfe (X File Explorer). Covers all core components, the history from XForms to GTK, Xfce 4.20's experimental Wayland session, xfwl4's Rust-based compositor in development, HiDPI fixes, and RAM usage compared to GNOME and KDE Plasma.
KernelLinux GPU Tiers: AMD, NVIDIA, and Intel Ranked for Driver Support in 2026
AMD RDNA 4, NVIDIA Blackwell, and Intel Arc Battlemage ranked by driver maturity, Wayland support, kernel requirements, and real install experience. Includes distro pairing guide and verified kernel minimums.
SysadminLinux GPU Drivers: NVIDIA, AMD, and Intel Explained
NVIDIA open kernel module vs proprietary, AMD's all-in RADV stack after AMDVLK's discontinuation, Intel Xe on Battlemage and Lunar Lake, Wayland explicit sync, Secure Boot MOK enrollment, PRIME offloading, and NVK for a fully open-source NVIDIA path. Updated for the 2026 driver landscape.
KernelLinux Firmware Blobs: What They Are, Why They Exist, and How to Manage Them
What binary firmware blobs are, why the kernel needs them, how request_firmware() loads them, version mismatches, Secure Boot interactions, supply chain provenance via the WHENCE file, IMA integrity checking, GNU Linux-libre, and how to fix missing firmware on Debian, Ubuntu, Fedora, and Arch.
Security — Threat IntelligenceKadNap's Broken Kademlia: The Two Nodes That Gave Away a Botnet
KadNap hid its command-and-control infrastructure inside BitTorrent DHT traffic using a custom Kademlia implementation. Then it hardcoded two fixed relay nodes that never changed. Black Lotus Labs followed them straight to the infrastructure — and to the Doppelganger proxy service monetising 14,000 compromised ASUS routers.
Security — Threat IntelligenceNew Linux Malware in 2026: What's Targeting Your Servers Right Now
PUMAKIT, perfctl, KadNap, SSHStalker, Goldoon, NerbianRAT, GTPdoor, and KrustyLoader -- eight active families with MITRE ATT&CK TTP mappings, container security implications, attribution analysis, incident response guidance, and a prioritized defensive action list.
Linux GamingSteam Linux LD_PRELOAD Fix: The Lag Timebomb, the Overlay Tradeoff, and When to Use It
What LD_PRELOAD="" %command% does in Steam launch options on Linux, why it fixed the 2024–2025 lag timebomb, what it silently breaks, and when you should and should not use it in 2026.
Linux GamingSteam Runtime Container Library Audit: The libX11 Version Mismatch That Breaks XCheckIfEvent on Rolling-Release Distros
When the host libX11 outpaces what Steam's pressure-vessel container expects, the overlay's XCheckIfEvent hook fails in ways LD_PRELOAD="" cannot fix. How to audit the container's actual library environment and apply the right distro-specific fix.
SysadminHow to Check Linux Hardware Compatibility Before Switching (2026 Guide)
PCI IDs, firmware blobs, GPU drivers across Intel, AMD, and NVIDIA legacy branches, wireless cards, Bluetooth, audio, storage controllers, Secure Boot, and laptop peripherals -- with live USB testing commands, an interactive failure diagnosis tree, and resolution paths for every class of driver problem. Updated for kernel 6.19 and the 2025–2026 driver landscape.
DistrosHow to Configure Kickstart for Automated Rocky Linux Installations at Scale
A production-grade guide to Kickstart automation for Rocky Linux: Anaconda internals, LVM partition layouts with CIS-compliant mount options, %pre disk detection, %post hardening, PXE delivery, LUKS encryption, and scalable deployment patterns that eliminate manual installs entirely.
Linux GamingLinux Gaming with SteamOS and HoloISO: The Full Picture
HoloISO brought SteamOS 3 to desktop hardware before Valve was ready to. The complete story: what it was, how it worked, why the original was archived in 2024, and where Linux gaming stands in 2026 with Bazzite, the Steam Machine, and official SteamOS expansion to third-party handhelds.
NetworkingDocker Failed to Query External DNS Server: What It Means and How to Fix It
The [resolver] failed to query external DNS server message explained from the inside out -- the systemd-resolved namespace collision, cloud VM resolver traps, iptables DNAT mechanics, CVE-2024-29018, and every verified fix from daemon.json to nftables backend conflicts.
Search Command History in Linux with Ctrl+R
Press Ctrl+R, type a few characters, hit Enter. Behind that simple gesture is GNU Readline's reverse incremental search, a history file with configurable limits, cross-session sync, timestamps, bang shortcuts, and fzf fuzzy matching. The complete reference -- from keyboard shortcuts to a production-ready ~/.bashrc config.
SysadminBash Scripting for Beginners: Automate Your Way to Efficiency
From your first script to cron-scheduled automation -- variables, loops, conditionals, functions, error handling with set -euo pipefail, security pitfalls, input validation, and real-world patterns you can use today.
Sysadminerror: beginning maxstartups throttling -- What sshd Is Telling You (and How to Fix It)
When your SSH daemon drops connections with "beginning maxstartups throttling," it is doing exactly what it was designed to do. Covers the three-value syntax, the security tradeoff, diagnosing attack vs automation traffic, PerSourcePenalties in OpenSSH 9.8+, bastion tuning, and CI pipeline fixes.
Sysadminsystemd-journald: Effective Configuration for Production Systems
Storage modes, disk quotas, Forward Secure Sealing, rate limiting, journal namespaces, and forwarding strategies -- with production-ready drop-in configs and defaults verified against current upstream man pages.
Linux GamingLinux Gaming with ProtonDB: What the Numbers Actually Mean in 2026
Nearly 90% of Windows games now run on Linux. That headline is real — but it hides a more interesting story about compatibility layers, crowdsourced intelligence, kernel-level anti-cheat politics, and where the remaining 10% actually live.
DistrosUbuntu 24.04 LTS vs Every Major Ubuntu Version: What Actually Changed
From kernel 5.15 to 6.8. From GNOME 42 to 46. From five-year support to twelve. Noble Numbat is Canonical's 10th LTS and the most technically ambitious -- AppArmor 4, confidential computing, TPM 2.0 full disk encryption, and a refreshed developer toolchain. Here is how it stacks up against 20.04, 22.04, and the interim releases in between.
Kernel20 Unique Things You Can Do in Linux That Will Change How You Think About Operating Systems
Twenty kernel-level capabilities -- /proc, strace, eBPF, namespaces, cgroups, live patching, capabilities, rr, auditd, perf, and more -- that expose how the Linux kernel works at a level no other mainstream OS allows.
Security — SSH / HardeningHow to Disable Root Login for SSH on Ubuntu
One directive in sshd_config closes one of the commonly exploited SSH attack vectors. Covers PermitRootLogin, drop-in config gotchas, cryptographic algorithm hardening, Match blocks, ForceCommand, SSH key setup, FIDO2 and TOTP MFA, authorized_keys hygiene, fail2ban, and lockout recovery -- with MITRE ATT&CK mappings throughout.
Ruby / LinuxZJIT: Inside Ruby 4.0's Next-Generation JIT Compiler on Linux
Ruby shipped a ground-up new JIT compiler on Christmas 2025. ZJIT uses SSA-based HIR and method-level compilation to target a higher performance ceiling than YJIT was ever designed to reach. Here is how its architecture works, how to enable and profile it on Linux, and what the road to Ruby 4.1 production readiness actually looks like.
Security — Linux GamingDo Not Run Your Game Server as Root on Linux
Running a game server as root on Linux is not a configuration choice -- it is a security decision with concrete consequences. Covers the real attack surface of game server plugins, the Fractureiser supply chain incident, CVE-2024-1086, dedicated service accounts, hardened systemd unit files, Linux capabilities, and exactly how to verify you are protected.
SysadminLinux Neofetch: The Complete Guide to a Terminal Icon (And What Comes Next)
Neofetch defined a generation of Linux terminal aesthetics. How it works, how to configure it, why Dylan Araps archived it in 2024, and which actively maintained alternatives -- Fastfetch, HyFetch, and others -- you should be running today.
Linux GamingWorld of Warcraft on Linux: The Untold Story of a Client That Never Was
Blizzard built a Linux client during WoW's beta and shelved it before launch. Twenty years later, a community-built stack of Wine, Proton, DXVK, and GE-Proton has done the job Blizzard refused to do -- and the numbers are no longer easy to ignore.
Linux GamingBattle.net on Linux: What Actually Works in 2026
Blizzard has no plans to port Battle.net to Linux. Here is a complete, technically precise guide to running it anyway -- via Wine, GE-Proton, Lutris, Bottles, and Steam -- including ntsync explained, WINE_SIMULATE_WRITECOPY unpacked, every known error and fix, with all sources cited.
Linux GamingWorld of Warcraft on Linux: The Real 2026 Guide
Wine 11, GE-Proton, DXVK, Lutris with umu-launcher, Warden risks, Steam Deck, MangoHud, hybrid GPU setup, WoW Classic and Hardcore, and Config.wtf tweaks -- everything you actually need to run WoW on Linux in 2026, verified and current.
Linux GamingProton vs Wine: Choosing the Right Compatibility Layer
Wine is the foundation. Proton is the gaming-focused stack built on top of it. NTSYNC, Wine 11 through 11.6, DXVK in standalone Wine, DLL overrides, MangoHud, GameMode, Proton debug logging, and where Lutris, Heroic, and Bottles fit in -- everything that separates the two tools and tells you which to reach for.
Linux GamingGaming on Linux: A Practical State of the Union
The complete 2026 Linux gaming reference: Steam market share hits a record 5.33%, Proton 10 compatibility explained, anti-cheat publisher politics unpacked, Bazzite vs CachyOS vs Nobara compared, game saves and controllers covered, modding tools assessed, and a clear dual-boot decision framework for anyone making the switch.
SysadminBash vs Zsh vs Fish: Choosing the Right Shell for Your Linux Workflow
Architecture, internals, and real-world workflow implications of the three shells. The choice of shell is architectural -- it shapes how fast you move, how readable your automation is, and how deeply you understand what Linux is doing beneath the surface.
NetworkingLinux GTK WiFi: nm-applet, libnma, and the Tray Icon Problem Nobody Talks About
The full architecture of Linux WiFi under GTK -- why your tray icon vanishes on Wayland, the XEmbed vs StatusNotifierItem split, how nm-applet 1.36 auto-selects SNI outside X11, wpa_supplicant vs iwd as backends, and the nmcli commands that replace the GUI entirely.
SysadminAutomating Pinggy on Linux with systemd
Running a Pinggy tunnel manually is fine for a test. Running it reliably after every reboot, with automatic restarts on failure and logs that survive across sessions -- that requires systemd. This is the complete guide to doing it right.
DistrosSwitching to Linux for Everything Online: What Actually Changes and What Doesn't
Linux desktop market share hit 4.7% globally in 2025. Here is the complete, honest picture of what switching to Linux means for your daily internet life -- browsing, streaming, banking, video calls, and the real tradeoffs most guides skip.
Security — CVSS 7.8CVE-2026-3888: How Ubuntu's systemd Cleanup Timer Became a Root Escalation Path
A timing gap between snap-confine and systemd-tmpfiles hands any local user a path to full root on Ubuntu Desktop 24.04 and later. Neither component is broken in isolation -- the vulnerability lives in how they interact. Exact mechanism, CVSS vector, patched versions, auditd detection rules, and the architectural reason code review cannot catch this class of bug.
SysadminUbuntu Server Management: A Practical Guide for 2026
From first-boot hardening to patch automation, Livepatch to Landscape -- a production-ready walkthrough of Ubuntu 24.04 LTS covering UFW, Fail2ban, AppArmor, unattended-upgrades, auditd, and the full Canonical toolchain.
DistrosNobara Linux: The Patched Fedora That GloriousEggroll Built
Fedora does not ship NVIDIA drivers, Wine dependencies, or hardware video codecs. Nobara does -- plus a CachyOS kernel with BORE scheduling, the falcond per-game optimizer, AppArmor in place of SELinux, and a rolling release model formalized in 2025. A full technical look at what Nobara actually ships and why it makes those tradeoffs.
Linux GamingBazzite vs. Nobara (2026): Which Gaming Linux Distro Should You Choose?
Both are Fedora-based and game-ready out of the box, but their architectures could not be more different. This comparison covers the OSTree image model vs. mutable DNF, Secure Boot support, NVIDIA driver handling, handheld PC integration, kernel-level tuning, and exactly which type of user belongs on each.
DistrosCachyOS: Performance Arch Linux With BORE Kernel and Graphical Installer
What separates CachyOS from a standard Arch install: BORE scheduler tuning, AutoFDO and Propeller profile-guided compilation, x86-64-v3 and v4 optimized package repos, the sched-ext framework with runtime scheduler swapping through scx_loader, and a Calamares GUI installer. Covers kernel variants, the CachyOS-specific Proton build, and how to add the repos to an existing Arch system.
Linux GamingGamer's Guide to Switching to Linux: What Happens Under the Hood
Before you migrate, understand what you are moving into. This guide explains how Proton's Wine core, DXVK, VKD3D-Proton 3.0, and NTSYNC work together to run Windows games on Linux -- and where they hit a hard wall. Covers the anti-cheat opt-in reality per publisher, the Nvidia vs AMD driver divide, Btrfs vs NTFS for dual-boot libraries, Wayland gaming maturity, shader stutter causes and fixes, and a sixty-day migration sequence that keeps Windows available until you are ready to commit.
Linux GamingKernel-Level Anti-Cheat and Linux: Why They Don't Get Along
The definitive technical reference on why kernel-level anti-cheat is an architectural wall, not a compatibility gap. Covers ring-0 privilege mechanics, the Windows attestation chain Linux refuses to replicate, why Proton hits a call to a driver that does not exist, eBPF's trust model failure, the BYOVD comparison, DMA/FPGA hardware attacks and IOMMU enforcement, the CrowdStrike-to-Windows-Resiliency-Platform pipeline, and a full game-by-game status matrix with interactive exploration of every blocking constraint.
Security — SSH / CryptographyGenerate an Ed25519 SSH Key Pair with a Passphrase
Why Ed25519 replaced RSA, how bcrypt KDF protects private keys at rest, the -a flag for hardened KDF rounds, OpenSSH 10.0's post-quantum default, hardware-backed keys, sshd_config lockdown, and full key lifecycle management.
SysadminThe Linux Wheel Group: History, Mechanics, and the Right Way to Use It
From a 1969 TENEX privilege bit to the gatekeeper of root access on every RHEL server today -- the complete story of the wheel group, how it works under the hood, and how attackers and defenders both read the same /etc/group file.
SysadminHow to Find Which Process Is Using a Port on Linux
Port conflict? lsof, ss, and fuser give you the answer in seconds. Covers MITRE ATT&CK T1049 and T1571, the attacker's use of the same tools, container namespace visibility gaps, /proc/net internals, rootkit evasion, and scripting port checks for automation.
SysadminHow to Monitor Syslog in Real Time with tail -f
The command is tail -F /var/log/syslog. The depth behind it is not simple -- from -f vs -F and log rotation behavior, to grep filtering with line buffering, journalctl on systemd systems, and the full distribution map including Amazon Linux 2023.
NetworkingDocker and nftables: The End of the iptables Era
Docker Engine 29.0.0 was released on November 10, 2025 (blog announcement November 11). For the first time, Docker ships with an opt-in --firewall-backend=nftables flag that writes native nftables rules instead of routing through the iptables compatibility shim. It is marked experimental, overlay networks and Swarm are not yet supported, and Docker itself says behavior may change.
SysadminPython for Linux System Administration: The Practical Guide
From subprocess and psutil to Fabric and Paramiko -- how to use Python to automate, monitor, and manage Linux systems at scale. We cover a few modules worth knowing, and some patterns that hold up in production, how to build scripts you can hand off, and the mistakes worth avoiding before you find them the hard way.
SysadminAutomating Pinggy Tunnels on Linux with OpenTofu
Pinggy works out of the box with a single SSH command. But when you have a fleet of machines, CI pipelines, or environments that need tunnels on every boot, you need something repeatable and auditable. This is where OpenTofu -- the open-source Terraform fork managed by the Linux Foundation -- fits in.
Security — SSHSSH Audit and Hardening: The Practitioner's Guide
SSH hardening is not just about disabling password authentication -- that's table stakes, not a hardening posture. The real attack surface spans four distinct areas: the negotiation phase (what algorithms and ciphers the server will accept), the authentication phase (who can authenticate and how), the session phase (what authenticated users can do), and the operational posture (logging, access controls, and host key management). Each area has its own failure modes and its own mitigations.
Security — CVSS 9.8CVE-2026-27944: How a Missing Middleware Line in Nginx UI Turned Your Backups Into a Free Download
One unregistered route and one HTTP response header that shouldn't exist handed any unauthenticated attacker a fully decryptable backup of your Nginx server. Root cause analysis, exploitation mechanics, forensic indicators, and full remediation for Linux sysadmins.
Security / Linux GamingBlocking Cheaters on Your DayZ Server Running Linux
BattlEye configuration, RCON integration, firewall hardening, log analysis, spoofer threat modeling, DDoS resilience, automated crash recovery, mod supply chain risk, VPN detection, player reporting infrastructure, ban data privacy, community anti-cheat mods, and community ban strategy -- a technical guide for DayZ dedicated server administrators running Ubuntu 22.04 or 24.04 LTS that goes further than anything else you will find.
Linux GamingHow to Optimize Fedora for Gaming with Steam, Lutris, and GPU Drivers
A layered technical examination of the Linux gaming stack -- Proton, DXVK, VKD3D-Proton, GPU drivers, GameMode, MangoHud, and kernel tuning -- built on one of the most technically sound foundations available.
Linux GamingSwitching to Linux for Gaming: A Practical Tinkering Guide with Real Walkthroughs
Driver setup, Proton configuration, GE-Proton installs, launch option flags, anti-cheat realities, and game-specific walkthroughs -- everything that actually matters when you move your gaming rig to Linux in 2025 and 2026.
SysadminBinary and Linux: The Invisible Language Beneath the System
Every file, process, and system call ultimately resolves to binary. This exploration traces the invisible thread connecting ones and zeros to the Linux system you run every day -- from ELF headers, DWARF debug information, and the vDSO to kernel data structures, seccomp-BPF syscall filtering, and hands-on exercises that let you build, patch, and inspect binaries yourself.
SysadminAutomating Linux Server Tasks with Cron Jobs and Shell Scripts
From one-liner crontab entries to production-grade Bash scripts -- learn to automate backups, monitoring, log rotation, and routine maintenance tasks that keep your servers running without constant manual intervention.
Linux DistrosChoosing a Linux Distribution: The Definitive Decision Framework
From package managers to release models, desktop environments to security posture -- a practical, opinionated guide to picking the right distribution for your workflow instead of drowning in the paradox of choice. Includes what each distro's failure modes actually look like in practice.
Linux GamingLinux Arma 3 Performance Tuning: Going Deep Under the Hood
A technical guide for players who want to stop guessing and start understanding exactly why every frame matters when running Arma 3 under Proton.
DistrosFedora Linux: Under the Hood, At the Frontier
From a University of Hawaii side project to the daily driver of the Linux kernel's own creator -- what Fedora actually is, how it works under the hood, and why it occupies a position in the Linux ecosystem that no other distribution can honestly claim.
DevOpsGitOps with Flux: Stop SSHing Into Your Servers
An intro to Flux CD for teams tired of manual deploys. Covers the reconciliation loop, Kustomization vs HelmRelease, repo structure, secrets, multi-tenancy, what breaks first in production, an honest comparison with Argo CD, and how to debug when things go sideways.
DevOps / NetworkingDocker Networking Without the Guesswork
Demystifying bridge, host, and overlay networks with real troubleshooting scenarios. Covers how containers actually resolve DNS, what happens inside the Linux kernel when a packet leaves a container, and the chain restructuring introduced in Docker Engine 28 and 29 that invalidates a large portion of older iptables documentation.
Linux GamingArma 3 and Arma Reforger: A Deep Technical Comparison of Windows vs. Linux Performance
A technical examination of two fundamentally different games, two different engines, and two different relationships with Linux -- covering client gaming, dedicated servers, and the architecture that explains everything.
Linux GamingLinux Reforger Performance Tuning: A Deep Technical Guide
From CPU governors to VKD3D-Proton heap workarounds -- everything you need to get stable, low-variance frame times running Arma Reforger on Linux. Goes under the hood on the Enfusion engine's translation pipeline, kernel scheduler tuning, and dedicated server configuration.
DevOpsSystemd Units You Should Know
A practical walkthrough of writing and managing systemd services, timers, and targets from scratch. Covers common failure modes, journald integration, and dependency ordering -- the parts tutorials skip.
Linux GamingRunning Arma Reforger on Steam Deck: A Deep Technical Guide for Linux
The war simulator that shouldn't run on a handheld -- but does. A complete technical account of why, how, and what's happening under the hood when it does: VKD3D-Proton, Gamescope, UMA memory, and the Zen 2 simulation bottleneck.
SecurityWhy Security-Conscious Gamers Play Minecraft on Linux
A technical look at telemetry architecture, kernel security primitives, JVM sandboxing changes, and network controls that make Linux the more defensible platform for running Minecraft — from the Snooper's removal and return to Fractureiser's real-world blast radius and what the loss of the JVM SecurityManager actually means for mod safety.
KernelUnderstanding the Linux Kernel Memory Model
Why your code can read stale values on one CPU while another CPU has already written the update -- and how the LKMM gives kernel developers a formal framework to reason about it, prevent it, and prove correctness.
Networkingip vs ifconfig: Why You Should Switch and How to Do It
net-tools saw its last significant development in 2001 and went dormant for nearly two decades. iproute2 uses a fundamentally different kernel interface, supports features net-tools cannot reach, and is what the rest of the Linux networking ecosystem runs on. Here is the full picture.
SecurityLinux and Quantum Computing: What Professionals Should Know Now
From post-quantum cryptography migration to open-source quantum development toolkits -- the quantum era is not a distant future. Here is what Linux administrators, developers, and security teams need to understand and act on today.
NetworkingUnderstanding Linux Routing Tables
Every packet that leaves your machine passes through the kernel's routing subsystem. Here is exactly how that works -- from the FIB trie data structure to policy routing rules, static routes, and the RPDB -- with the commands to read, manipulate, and debug it all.
SecurityZero-Trust Security on Linux: A Practical Implementation Guide
Translate NIST SP 800-207 into concrete Linux configurations -- from SSH hardening and SELinux enforcement to nftables microsegmentation, systemd sandboxing, kernel sysctl tuning, and continuous audit logging.
Networkingtc and Traffic Shaping: A Practical Guide
tc is one of the most powerful tools in the Linux networking stack -- and one of the least understood. This guide cuts through the qdisc confusion, explains HTB properly, and gets you shaping traffic in ways that actually work in production.
SysadminInside Nginx: Architecture, Internals, and Production Craft
How Nginx actually works: the module system and ngx_module_t, memory pools per connection and per request, the 11-phase request pipeline, epoll and the event loop, HTTP/3 over QUIC, the upstream state machine, Brotli, TLS hardening, and production configuration throughout.
SecurityWireGuard on Linux: Setting Up a Minimal, Modern VPN
On modern Linux systems, WireGuard runs as an in-kernel module, spans roughly 4,000 lines of C, and is built on the formally analyzed Noise protocol framework. Learn how it actually works -- and how to deploy it correctly.
NetworkingExample nftables Rules: Filtering, NAT, Rate Limiting, and Sets
Concrete nftables rule examples for every scenario you will actually encounter: workstation and server firewalls, IP blocklists with interval sets, verdict maps and concatenated sets for fine-grained access control, masquerade and DNAT gateways, connection count limits, ulogd2 structured logging, and packet tracing with meta nftrace.
Scripting & AutomationRuby on Linux: A Field Manual
From sockets to /proc, file I/O to process forking -- a comprehensive look at Ruby as a first-class Linux scripting and automation language. We cover the full stack: version management, OOP, regex, networking, concurrency, and production-grade system tooling.
SysadminLinux Servers vs. Windows Servers for WordPress
Every layer of the WordPress stack -- PHP, MySQL, Nginx, Redis, Varnish -- was designed and optimized for Linux. We break down exactly why, from kernel-level I/O primitives and process models to security architecture and total cost of ownership.
Scripting & AutomationPerl on Linux: A Technical Exploration
From regex to /proc, file I/O to process management -- a comprehensive look at Perl as a deeply native Linux scripting language. We cover the full stack: the environment, data types, regular expressions, system integration, networking, modules, and production-grade automation patterns.
KernelKernel-Level I/O Events in Linux: From Syscall to DMA
From VFS and the page cache to epoll and io_uring -- a ground-up exploration of how the Linux kernel originates, tracks, dispatches, and completes I/O events, and the internals that make high-performance I/O possible.
DistrosArch Linux:History, Culture, and Legacy
From a Canadian sysadmin's frustration with RedHat in 2001 to the "I use Arch btw" era -- how a minimalist distro built on simplicity, user control, and a rolling-release philosophy reshaped the Linux landscape and spawned an entire family of derivatives.
SysadminPython with Linux: A Comprehensive Guide
From shell automation to kernel interfaces, networking to security tooling -- everything you need to use Python effectively on Linux systems.
SecurityWireshark with a Remote Linux Capture: tcpdump + SSH Piping
How to pipe a live kernel-resident packet stream from any headless Linux server directly into Wireshark's dissector engine -- using nothing but tcpdump, SSH, and BPF. Covers the libpcap wire format, mandatory flags, three capture methods, SSH performance tuning, and privilege hardening.
SysadminUnderstanding pacman: Arch Linux's Package Manager in Depth
From dependency resolution to repository management, parallel downloads to package signing -- a complete technical walkthrough of the package manager at the heart of Arch Linux and its derivatives.
SecurityRecovering X-Forwarded-For Pivot Chains from Linux Web Server Process Memory
How to extract and validate multi-hop XFF chains from Apache, Nginx, and PHP-FPM heap artifacts on Linux -- using gcore, LiME, and process-aware scanning.
SecurityLinux Trojans: How Attackers Compromise the OS the World Trusts
BPFDoor, Symbiote, XorDDoS, OrBit, Syslogk -- how Linux trojans get in, how they hide, how they persist, and how to find them. Includes a defense coverage matrix, detection commands, and a live incident classification quiz.
SysadminHow to Set Up Arch Linux as a Home Server: SSH, Samba, and Docker
Build a hardened Arch Linux home server with SSH hardening, nftables, Samba (SMB3), Docker (rootless options), Btrfs snapshots, and layered security controls — with production-ready configurations.
SecurityHow to Audit Linux User Permissions and Find Security Gaps
A comprehensive methodology for auditing Linux user permissions -- covering the tools available, the specific checks to run, what to look for, and how to document and remediate what you find.
SysadminHow to Install Arch Linux from Scratch: A Complete Step-by-Step Guide
From partitioning to desktop environment -- a hands-on walkthrough of installing Arch Linux the right way, with every command explained.
AI / ML OpsPyTorch 2.11 on Linux: Installing, Configuring CUDA/ROCm, and Running Your First Model
pip install torch installs a CUDA 13.0 wheel by default as of PyTorch 2.11 -- no longer CPU-only. Volta (V100) support was dropped from the cu128 builds. This is the complete guide to picking the right wheel for your GPU generation, handling CUDA version mismatches, installing the AMD ROCm path, and verifying GPU detection before you write a single line of model code.
AI / ML OpsRunning AI Workloads on Linux: A Beginner's Setup Guide
The orientation guide for ML on Linux: what GPU driver state your system needs before installing any framework, how CUDA and ROCm fit into the stack, when to use containers vs. bare-metal installs, and the common first-timer mistakes that produce confusing errors with no clear fix.
SysadminHow to Install and Configure a Desktop Environment on Arch Linux (GNOME, KDE, and XFCE)
Step-by-step guide to installing GNOME, KDE Plasma, and XFCE desktop environments on Arch Linux -- from package selection and display managers to Wayland configuration and post-install tuning.
SysadminUnderstanding the Differences Between Linux and Windows Servers: A Technical User Guide
A deep technical reference covering file system architecture, user and access management, networking, security models, remote administration, and logging -- across both platforms.
Sysadmin20 Linux Commands Every Beginner Must Know
A practical walkthrough of the 20 essential Linux commands that will take you from lost at the terminal to confidently navigating, managing files, and controlling your system.
Sysadmin12 Things to Do Immediately After Installing Linux
Just installed Linux? Here are the twelve essential steps to secure, optimize, and customize your fresh system before you do anything else.
SecurityParamiko: A Deep Technical Reference for Python SSH Automation
From the SSH handshake to SFTP internals, port forwarding to connection pooling -- everything you need to master Python's most powerful SSH library.
SysadmineBPF for System Administrators: Tracing Without the Overhead
How eBPF replaced strace, SystemTap, and brute-force kernel modules with safe, production-grade tracing that runs directly inside the kernel.
SysadminUnderstanding systemd: A Comprehensive Guide to Modern Linux Init Systems
From unit files to timers, targets to journal logging -- everything you need to master the init system that runs your servers.
SecurityHardening SSH: Beyond the Basics
Certificate-based authentication, jump hosts, port knocking, and fail2ban configurations that actually make a difference in production.
KernelLinux Kernel Tuning for High-Traffic Servers
Sysctl parameters, network stack tuning, and memory management settings that can dramatically improve throughput under load.
SysadminBtrfs Snapshots and Rollbacks in Practice
A practical walkthrough of snapshot management, automated backup strategies, and how to recover from a botched upgrade in minutes.
NetworkingDeep Dive into nftables: The iptables Successor
Why nftables replaced iptables, how to write rulesets, and a migration guide for anyone still running legacy firewall configurations.
NetworkingHow nftables Changes the Model
A production-focused reference for how nftables actually behaves once you move beyond basic rulesets. Covers named sets and verdict maps for O(1) bulk matching, dynamic sets with automatic timeout expiry as an ipset replacement, per-source meter statements for stateful rate limiting without cron jobs, conntrack zone assignment to fix asymmetric routing INVALID state misclassification, flowtable hardware offload and its NAT mapping cache implications, and the at-based rollback technique for testing firewall changes safely over SSH. Includes the nft list hooks workflow for auditing priority ordering when Docker, Kubernetes, or libvirt is also writing rules.
DevOpsDocker's iptables Compatibility Layer: How Container Networking Actually Touches Netfilter
Docker's DNAT rules run before your iptables INPUT chain sees a single packet -- which is why the rules you write don't protect containers. This guide traces every netfilter hook Docker uses, explains the iptables-nft translation layer that modern distros interpose, covers the DOCKER-USER chain and conntrack-based filtering, and documents the behavioral differences in Docker 29's native nftables backend.
DevOpsDocker Bypassing nftables Rules: Why Your Firewall Is Not Filtering Container Traffic
The packet you are trying to drop no longer exists by the time your rule runs. Docker's prerouting DNAT rewrites the destination before any forward-hook chain evaluates it, and the native nftables backend creates accept rules at priority -100 that fire before your standard filter at priority 0. Covers conntrack original-destination matching, the --bridge-accept-fwmark override, default-drop rulesets for PCI DSS and SOC 2 environments, nftables meter-based rate limiting, and the IPv6 exposure gap that catches administrators who only locked down IPv4.
Networkingiptables-nft Compatibility Problems: Why Your Firewall Rules Disappear on Modern Linux
Your iptables rules executed without errors, your nft commands returned clean output, and your firewall is broken anyway. This is the field guide to the collision between iptables-nft and native nftables: how two correct operations applied to the same kernel object produce the incompatible table error, why containers running iptables-legacy inject rules the host kernel ignores, the service start-order traps that make failures appear intermittent, and the tested procedures for consolidating to a single backend.
DevOpsAnsible Roles That Actually Scale
Patterns for writing reusable, testable Ansible roles. Includes molecule testing, variable precedence traps, and handler strategies.
DistrosNixOS in Production: Smooth the Path
Lessons learned running NixOS on bare metal servers. Reproducible builds, rollback stories, and the sharp edges you may hit along the way.
Linux SecurityCSV Tooling on Linux: awk, csvkit, qsv, xan, and More
From coreutils primitives to Rust-powered pipelines -- a practical guide to processing CSV files on Linux using awk, cut, csvkit, q, qsv, and xan, including security considerations for CSV data from external sources.
Linux SecurityCommercial Surveillance Vendors on Linux: Exploit Chains, Kernel Escalation, and Browser Delivery
How CSVs like NSO Group and Intellexa build three-stage exploit chains targeting Linux -- V8 renderer RCE, seccomp-bpf sandbox escape, and kernel privilege escalation via nf_tables, vsock, and OverlayFS -- with detection rules and hardening guidance.
Linux Security — PersistenceUnauthorized Crontab Modification: How Attackers Abuse Linux Scheduling for Persistence
The files cron reads, the spool paths attackers write to, and why running crontab -l gives you a false sense of security when the binary has been replaced. Covers every documented injection method, the full audit enumeration workflow to run right now, auditd watch rules for all cron locations, inotifywait monitoring, cron.allow hardening, and incident response steps -- including why you should never reboot before enumerating all persistence mechanisms.
AI / ML OpsHow to Run LLMs Locally on Linux with Ollama (NVIDIA and AMD GPU Setup)
A step-by-step guide to running large language models locally on Linux with Ollama. Covers NVIDIA CUDA setup from Pascal through Blackwell, AMD ROCm v7 with the full supported GPU list, Vulkan as a backend for Intel and unsupported AMD cards, quantization selection from Q4_K_M through Q8_0, and context length tuning. Includes the HSA override for RDNA GPUs not on AMD's official list and the exact commands to confirm GPU inference is actually running. Updated for Ollama v0.20+.
AI / ML OpsSetting Up a Local AI Stack on Linux: Ollama + Open WebUI + Docker
Run your own private AI assistant on Linux without sending a single token to a cloud API. Ollama handles inference as a native systemd service with direct GPU access, Open WebUI gives you a full browser interface with conversation history and file uploads, and Docker Compose ties it together in a stack that auto-starts on boot. Covers NVIDIA Container Toolkit GPU passthrough, named volume data persistence, and a patched CVE that affected Open WebUI versions 0.6.34 and older.
AI / ML OpsLinux GPU Acceleration for AI: CUDA vs ROCm — What You Need to Know in 2026
Which GPU stack you choose determines how much time you spend in driver maintenance versus actual AI work. Covers the architectural difference between CUDA and ROCm, every officially supported AMD Radeon GPU as of ROCm 7.2.1, a verified GFX override table for RDNA 2 and 3 cards not on the official list, the Ubuntu version requirement that trips up fresh installs, and a unified verification workflow that confirms end-to-end GPU acceleration is actually running.
AI / ML OpsBest Linux Distros for AI and ML Work in 2026
A technical comparison of Ubuntu 24.04 LTS, Fedora 43, Pop!_OS 24.04 LTS, and Arch Linux for AI and ML workloads. Covers GPU driver setup for NVIDIA (including the Blackwell open kernel module requirement), AMD ROCm 7.2.1 known issues, Secure Boot behavior per distro, apt pinning and dnf versionlock for protecting working driver stacks, container GPU passthrough, and the details that typical distro comparisons skip entirely.
NetworkingConfiguring nftables with Docker
Why an accept verdict in Docker's nftables chains does not protect a packet from your drop rules, but a drop verdict in Docker's chains is final and cannot be reversed. Walks through the Netfilter hook function mechanics behind this asymmetry, how to migrate DOCKER-USER iptables rules to separate nftables tables with chain priority control, the ct original proto-dst technique for matching pre-DNAT ports, and a systemd-integrated persistence strategy that survives both nftables reloads and Docker restarts.