Working notes from years of Linux sysadmin, server setup, networking, and the occasional hardware rescue. Each walkthrough is something I hit in real work — revisited here with current context and the details I wish I'd had the first time.
Swap the lsphp binary behind the LiteSpeed SAPI App. Three-click webadmin change, plus why a hard reboot is worth the two minutes.
Convert an existing root filesystem to Btrfs without reinstalling. Includes fstab/UUID updates, rebuilding GRUB from a chroot, and optional Snapper-based automated snapshots.
A reference sysctl.d drop-in for TCP throughput: window scaling, MTU probing, TCP-Illinois congestion control, sane buffer sizes. What each knob does and when not to set it.
Let the host talk directly to VM guests on a shared subnet. QEMU bridge helper, libvirt polkit rule, virbr0 setup — and what actually needs root.
From apt install python3 to a working scraper: virtualenv, geckodriver, login flow, pagination, and the modern Selenium 4 API (which deprecated find_element_by_*).
Amazon Linux doesn't enable unattended security updates by default. A short walkthrough of yum-cron, versionlock, and why AL2023 needs the dnf variant.
A minimum-viable S3-as-a-filesystem setup on Ubuntu. When it's the right tool, when rclone mount is better, and how to make it survive a reboot.
The original Linux Teams client is long deprecated — here's what to do now (PWA / teams-for-linux), plus why pavucontrol is still the fastest fix for device-selection gremlins.
The default debugger view hides the real fields of a collection. One settings toggle reveals them — indispensable when you've written your own Map or List.
Streisand turns a raw VPS into a multi-protocol VPN in one Ansible run. How to use the sensible subset (OpenVPN + optional WireGuard) and connect a Windows client.
DISM, SFC, long-path support, Windows Store recovery, memory-compression toggle — a collection of one-shot fixes for the weirdness that accumulates in long-lived Windows installs.
When GitLab is too heavy, GitBucket is often the right fit — one .war file, JVM-native, runs happily behind an OpenLiteSpeed reverse proxy. Full setup including SSL and systemd.
When the accelerometer is mounted in an unusual orientation, GNOME ends up rotating the screen the wrong way. A hwdb drop-in with the right mount matrix fixes it for good.
Run GitLab alongside an existing OpenLiteSpeed site without fighting its bundled nginx/puma. External URL, shared Let's Encrypt cert, proxy context — the working path after two days of wrong paths.
Debian's packaged Ruby is too old for most Rails apps. rbenv + ruby-build gives you any version you want, and the OpenLiteSpeed LSAPI shim lets it serve fast without nginx in front.
For server migrations, lftp mirror over SFTP is far simpler than tar-over-SSH or rsync — it resumes, parallelizes, and handles pickup after a dropped connection. A one-page reference.
Last-resort revival for an ASUS laptop that won't POST. SOIC-8 test clip, AsProgrammer, reading an MX25L12873F, and why the vendor's official BIOS file won't work directly.
Why Windows ends up with a single boot-loader across drives, and the exact bcdboot / diskpart sequence that rebuilds it on the correct disk when things go sideways.
A sensible HSTS / CSP / X-Frame-Options / Referrer-Policy baseline applied via a vhost Context. Scores A+ on securityheaders.com and explains what each header actually defends against.
OneDrive has no official Linux client. rclone's OAuth flow, VFS cache modes, and remote-auth trick for headless servers — everything you need to get files off a dying free tier.
A four-command quickstart, plus the real reason Flatpak matters on server desktops: sandboxing, an up-to-date browser on old distros, and zero interference with the system package manager.
Keypair generation, iptables MASQUERADE, full-tunnel routing from a Windows client. Straightforward modern setup — no wg-easy, no UI, just a config file you can actually read.
A complete web-server build from a blank Debian VPS — including the vhost symlink trick, SNI-safe certbot layout, and the forced-HTTPS rewrite rule. My longest tutorial.
A misidentified touchpad, a deadlocked touchscreen, and a rotation matrix that points the wrong way. Two work-days of head-scratching condensed into a recipe that actually works.
XFCE on a VPS, multi-user VNC, an SSH tunnel so the traffic isn't clear-text — and a systemd-era rewrite of the old init.d VNC service script. Plus when to reach for X2Go instead.
The abandoned Windows IP-filter app shipped with an HTTP-only libcurl. Here's the story of rebuilding it against a modern SSL-enabled libcurl — and what to actually use in 2025.