Docker Daemon Networking Architecture
Every container you start gets a full network stack built by the Docker daemon before your process sees its first packet. This guide goes inside that process — the Container Network Model, Linux network namespaces, veth pairs, bridge interfaces, iptables chains, VXLAN encapsulation, embedded DNS, and every daemon.json option that changes the default behavior. Covers the Docker Engine 29 nftables backend, the DOCKER-USER chain firewall bypass that exposes production databases, macvlan and ipvlan drivers, overlay network MTU calculation, and an interactive troubleshooting decision tree for the connectivity failures that actually happen in production.
Sudowheel publishes technical Linux tutorials and engineering guides covering system administration, security hardening, networking, kernel internals, and Linux gaming performance. Articles focus on practical implementation and production-grade understanding rather than introductory explanations.
MCPwn: The nginx-ui MCP Flaw That Hands Attackers Your Server
One missing middleware call in nginx-ui's Model Context Protocol integration left 12 privileged management tools completely unauthenticated. CVE-2026-33032 scores CVSS 9.8 because any host on the network can issue two HTTP requests and take full write control of nginx -- no credentials, no session, no exploit chain required. This is the complete technical account: the vulnerable Go router code, the fail-open IP whitelist default, the SSE session transport, the companion CVE-2026-27944 that hands over node_secret via an unprotected backup endpoint, and every post-exploitation capability from traffic interception to forged JWT tokens to persistent config backdoors. Includes a full MITRE ATT&CK mapping across nine techniques, working code examples, nftables and iptables firewall rules, and the correct app.ini IP allowlist syntax that most advisories omit.
KernelLearning C Programming for Linux Development
Before you can write a kernel module, you need to understand why C behaves differently at ring 0 than it does in userspace. Covers every stage of the Linux compilation pipeline from source to ELF, the stack and heap memory regions and how they interact with the kernel's slab allocator, how the syscall instruction and the rax/rdi/rsi register convention move execution from userspace into entry_64.S, and how KPTI, KASLR, and kernel lockdown mitigate attacks that exploit C's undefined behavior rules. Also walks through the Valgrind and AddressSanitizer workflow for catching memory bugs, and explains the December 2025 decision to make Rust a permanent second language in the kernel -- and which subsystems C will own for the foreseeable future.
SecurityHow to Configure AlmaLinux for Enterprise Security: SELinux, FIPS Mode, and CIS Benchmarks
Three security layers that operate at different strata of the system -- SELinux mandatory access control at the kernel, FIPS 140-3 validated cryptography constraining every handshake, and CIS Benchmark compliance closing the hundreds of configuration gaps neither covers alone. Walks through type enforcement policy, the CMVP validation lifecycle (certificates #4750 and #4823), OpenSCAP automated assessment, and the DISA STIG. Includes interactive elements: a DAC vs MAC access decision simulator, an SELinux context label decoder, a FIPS algorithm status checker, and a four-phase attack scenario showing how the layers respond together.
DistrosAlmaLinux: The Soul of Enterprise Linux and the Battle for the Open-Source Future
The full story of how a community-owned 501(c)(6) non-profit inherited the CentOS void in under four months -- and then rewrote the rules in 2023 when Red Hat cut off source access. Covers the governance architecture that keeps no single company in control, the transparent ALBS build pipeline that lets anyone audit every package, the ABI compatibility pivot, CERN adoption, post-quantum cryptography in AlmaLinux 10, and an honest comparison with Rocky Linux that addresses the governance debate most guides avoid. Includes interactive elements: animated timeline, ALBS pipeline explorer, ABI vs 1:1 compatibility explainer, distro decision tool, and ecosystem map.
KernelBambi's Guide to Linux: What Nobody Told You When You Spawned In
Not a command cheat sheet. A first-principles explanation of the Linux kernel, starting from the hardware privilege boundary and working outward through process management, the EEVDF and CFS schedulers, virtual runtime, the filesystem hierarchy standard, inode metadata architecture, the 12-bit permission model, Unix signal delivery, shell fork-exec mechanics, package management internals, and systemd's cgroup v2 service tree. Addresses the debates head-on: GNU/Linux vs. Linux, "everything is a file" vs. "everything is a file descriptor," and systemd vs. alternative init systems. Every claim sourced from docs.kernel.org, the Stoica-Abdel-Wahab 1995 EEVDF paper, LWN.net, and Torvalds' own mailing list posts.
KernelAdvanced Linux Command Line: What the Shell Doesn't Tell You
What /proc actually exposes about process state, how namespaces and cgroups partition resources at the kernel level, and why strace alone is not enough. Covers system call tracing with strace and ltrace, hardware-level profiling through the perf subsystem, writing eBPF programs with bpftrace for real-time kernel observation, VFS internals including file descriptors and inode lifecycle, CFS scheduler mechanics beyond nice values, signal handler reentrancy hazards, terminal driver job control, and a structured diagnostic methodology for tracing misbehaving processes from symptoms to root cause.
HardwareLinux-First Laptops: Framework, System76, TUXEDO, and ThinkPad Compared
Framework's modular GPU swap, System76's coreboot with disabled Intel ME, TUXEDO's EC-level power tuning, and ThinkPad's MIL-STD enterprise certification -- four fundamentally different approaches to shipping laptops for Linux. Covers firmware audit commands, the HECI vs. HAP debate around Intel ME disabling, S0ix suspend power trade-offs, NVIDIA Blackwell open kernel module requirements, five-year total cost of ownership projections, and post-purchase security hardening with Secure Boot and kernel lockdown.
Linux GamingModding Gaming Servers on Linux: A Practical Field Guide
SteamCMD, BepInEx, LinuxGSM, and systemd service hardening for dedicated game servers. Covers the full lifecycle from creating a non-root server user through deploying Unity mods with the correct Doorstop environment variables, scripting automated updates with cron, managing plugin load order via BepInEx's topological dependency sort, and writing production-grade unit files with graceful shutdown and journal logging.
SysadminHow to Write Efficient Bash Scripts on Linux: Variables, Loops, Functions, and Error Handling
Why Bash scripts silently lose variable changes inside pipelines, how the fork-and-exec process model governs every subshell, and what set -euo pipefail actually does under the hood. Covers parameter expansion as a performance tool, the local keyword's hidden exit-code masking behavior, namerefs for pass-by-reference functions, trap EXIT cleanup patterns, arithmetic expression security risks, and a complete production-grade script template with structured logging and argument parsing.
Linux GamingBattlEye Kicks on Linux: Fix Every "Client Not Responding" Error
BattlEye and Proton are officially compatible -- but the setup has several mandatory steps that are easy to miss. Covers every required configuration: Proton BattlEye Runtime installation, vm.max_map_count kernel parameter with per-distro defaults, PROTON_BATTLEYE_RUNTIME launch option, Proton version selection, BattlEye service file reinstallation, Steam Deck specifics, diagnostic log reading, and third-party overlay interference.
Linux GamingGetting Rid of the Snap Steam Client on Linux
Canonical's Snap packaging of Steam layers a second sandbox on top of Steam's own runtime, causing controller failures, shader cache corruption, Proton path mismatches, and privilege escalation exposure via snapd. This guide walks through detection, clean removal, migration to Valve's official APT repository, Proton GE installation, and how to prevent Ubuntu from silently reinstalling the Snap.
KernelUnderstanding D-Bus and libdbus: How Linux Applications Communicate with Each Other
The IPC mechanism that lets systemd, NetworkManager, BlueZ, polkit, and PulseAudio talk to each other at runtime. Covers bus topology and addressing, the binary wire format, match rules, method calls versus signals, libdbus and sd-bus usage from C, introspection as a mandatory contract, XML policy files, the PropertiesChanged and ObjectManager patterns, live debugging with busctl and dbus-monitor, and the dbus-broker rewrite now shipping as default on several major distributions.
Linux GamingLinux Gaming on Pop!_OS: The Full Picture in 2026
System76 released Pop!_OS 24.04 LTS with the Rust-based COSMIC desktop, NVIDIA 580 drivers, and a kernel that includes NTSYNC support out of the box. Goes beyond setup guides to explain exactly how Proton translates Windows game code at each layer, why AMD's AMDVLK shutdown in September 2025 changes the Vulkan driver landscape, which multiplayer titles are hard-blocked by anti-cheat and which work, and how COSMIC's Wayland-only compositor affects VRR, hybrid GPU switching, and streaming workflows.
Linux GamingMangoHud: GPU and CPU Overlay for Linux Gaming
The open-source Vulkan and OpenGL performance overlay that powers the Steam Deck HUD. Version 0.8.2 config options, keyboard shortcuts, per-game overrides, Intel GPU profiling sysfs requirements, Flatpak Steam integration, mangoplot benchmarking, mangohudctl runtime control, and the Panfrost and Qualcomm KGSL hardware support that extends MangoHud beyond x86.
Linux GamingDayZ on Linux: Proton, BattlEye, vm.max_map_count, and dayz-ctl
The loading-screen crash that defeats many Linux DayZ players comes from a single kernel parameter: vm.max_map_count. This guide explains exactly why Wine/Proton exhausts the default VMA limit, how BattlEye moved to a Proton-compatible user-space model in December 2021, why the official Bohemia launcher fails to install mods under Wine, and how the community-built dayz-ctl tool solves all of it in Bash. Covers GE-Proton selection, DXVK shader cache management, PipeWire audio tuning, and the full DirectX-to-Vulkan translation stack.
KernelHow to Write Your First Linux Kernel Module in C
Cross the ring-0 boundary and inject C code into a live, running kernel — without rebooting. This guide takes you from an empty directory to a working loadable module with a /proc interface, then explains what the kernel actually does when it loads your .ko: ELF section validation, vermagic checking, relocation patching, and the moment your init function fires.
DistrosWhat Is Batocera.linux? The Retro Gaming OS That Turns Any Machine Into a Console
From its Buildroot foundations and Recalbox lineage to 200+ emulated systems, v43 Glasswing with LabWC, and the deep mechanics -- the configgen overwrite cycle, per-ROM batocera.conf syntax, the AUTO resolution chain, MangoHud integration, and the built-in AI translation feature. Covers ShadPS4 PS4 emulation, RPCS3, Xenia, hardware compatibility across every tier, and when Batocera beats every alternative.
DevOpsContainer Networking Conflicts: Subnet Overlaps, Port Collisions, and DNS Failures on Linux
You start a Compose stack and your VPN drops. A container resolves hostnames fine, then stops for no reason. A port refuses to bind even though nothing is using it. This guide traces every class of container networking conflict on Linux to its kernel-level root cause -- subnet allocation behavior, the userland-proxy throughput trap and its hidden route_localnet sysctl, Docker's default-gateway rerouting when a second network is attached, and the three-nameserver ceiling that silently breaks DNS on hosts with split-resolver configs.
NetworkingDocker Daemon Networking Architecture
What the Docker daemon actually does when it creates a container network: Linux bridge allocation, veth pair wiring, iptables DNAT and MASQUERADE chains, VXLAN tunnel endpoints for overlay networks, the embedded DNS resolver at 127.0.0.11, and the daemon.json options that change all of it. Includes the DOCKER-USER chain, nftables backend migration for Docker Engine 29, macvlan vs. ipvlan driver tradeoffs, and an interactive connectivity troubleshooter.
NetworkingTroubleshooting Container Firewall Conflicts
The root cause is architectural: Docker and Podman insert DNAT rules at prerouting, before any filter table rule runs. Covers the Netavark firewalld-driver bypass of StrictForwardPorts, Docker Engine 29 nftables backend migration and the firewall-mark requirement, DOCKER-ISOLATION chain mechanics, the bridge-nf-call-iptables silent failure mode, and kube-proxy nftables GA in Kubernetes 1.33.
Security — Network ScanningNmap with Linux: Network Scanning from the Command Line
How to install and operate Nmap 7.99 on Linux for network discovery and security auditing. Covers every scan type from SYN and TCP connect to UDP and SCTP INIT, the four-phase scanning process, service and version detection with version intensity tuning, OS fingerprinting mechanics, the Nmap Scripting Engine with 600+ scripts across 14 categories, timing templates, output formats, firewall and IDS evasion techniques, IPv6 scanning, Ndiff for tracking network changes over time, and what filtered, open|filtered, and unfiltered actually mean at the packet level.
Security — Network ScanningNmap: The Complete Guide to Network Scanning and Reconnaissance
The mechanical reality behind every scan result — what packets are sent, what responses mean, and why results look the way they do. Covers host discovery, all scan types, OS fingerprinting, 612 NSE scripts, firewall evasion, and IPv6. Commands verified against Nmap 7.98.
HardwareOverclocking Linux PCs: A Complete Technical Guide
Every overclocking guide tells you to set ppfeaturemask to 0xffffffff without explaining what the other 31 bits do. This one covers the minimal mask, the Coolbits 28 vs 31 confusion, what the performance governor label does and does not mean under amd_pstate active mode, and the AMD 3D V-Cache Optimizer driver that gives Linux a tuning surface Windows does not have.
Hardwaredmesg Quick Reference: Read the Linux Kernel Ring Buffer
The kernel ring buffer holds every message from boot to now -- hardware detection, driver errors, OOM kills, disk failures. Here is how to read it, filter it by log level, search it with grep, check dmesg_restrict, compare it to journalctl -k, and make sense of what you find.
AI / ML OpsPyTorch 2.11 on Linux: Installing, Configuring CUDA/ROCm, and Running Your First Model
A behavioral change in PyTorch 2.11 catches many people: pip install torch now pulls a CUDA 13.0 wheel from PyPI by default, not a CPU-only build. Volta GPUs were also dropped from the cu128 wheel. Covers CUDA version matching, AMD ROCm setup, virtual environments, GPU verification, and a working inference example to confirm everything is actually running on the GPU.
Linux SecurityCSV Tooling on Linux: awk, csvkit, qsv, xan, and More
From coreutils primitives to Rust-powered pipelines -- a practical guide to processing CSV files on Linux using awk, cut, csvkit, q, qsv, and xan, including security considerations for CSV data from external sources.
Linux SecurityCommercial Surveillance Vendors on Linux: Exploit Chains, Kernel Escalation, and Browser Delivery
How CSVs like NSO Group and Intellexa build three-stage exploit chains targeting Linux -- V8 renderer RCE, seccomp-bpf sandbox escape, and kernel privilege escalation via nf_tables, vsock, and OverlayFS -- with detection rules and hardening guidance.
SysadminThe LAPP Stack: Linux, Apache, PostgreSQL, and PHP
PostgreSQL where MySQL usually sits -- and that substitution carries real architectural weight. Covers the concrete differences between PostgreSQL and MySQL, full installation on Ubuntu 24.04 with PHP 8.4-FPM, pg_hba.conf hardening, TLS configuration, and what PostgreSQL 18's async I/O means for your stack in 2026.
Embedded / SysadminArduino on Linux: Serial Ports, udev Rules, and the CLI-First Workflow
Why boards show up as /dev/ttyACM0 vs /dev/ttyUSB0, how to fix permission denied with dialout and udev rules, ModemManager interference, persistent device symlinks, and how to replace the IDE with arduino-cli for a fully scriptable terminal workflow.
KernelLinux GPU Tiers: AMD, NVIDIA, and Intel Ranked for Driver Support in 2026
AMD RDNA 4 (RX 9070), NVIDIA Blackwell (RTX 50 series), and Intel Arc Battlemage (B580) ranked by driver maturity, Wayland support, kernel requirements, and real install experience. Includes verified kernel minimums, a distro pairing guide, and a step-by-step driver status check for each architecture. Updated March 2026.
DistrosWhat Is Xfce on Linux?
Xfce is a free, modular, lightweight desktop environment for Linux and Unix-like systems -- not the same as Xfe (X File Explorer). Covers all core components, the history from XForms to GTK, Xfce 4.20's experimental Wayland session, xfwl4's Rust-based compositor in development, HiDPI fixes, and RAM usage compared to GNOME and KDE Plasma.
KernelLinux GPU Tiers: AMD, NVIDIA, and Intel Ranked for Driver Support in 2026
AMD RDNA 4, NVIDIA Blackwell, and Intel Arc Battlemage ranked by driver maturity, Wayland support, kernel requirements, and real install experience. Includes distro pairing guide and verified kernel minimums.
SysadminLinux GPU Drivers: NVIDIA, AMD, and Intel Explained
NVIDIA open kernel module vs proprietary, AMD's all-in RADV stack after AMDVLK's discontinuation, Intel Xe on Battlemage and Lunar Lake, Wayland explicit sync, Secure Boot MOK enrollment, PRIME offloading, and NVK for a fully open-source NVIDIA path. Updated for the 2026 driver landscape.
Security — Threat IntelligenceKadNap's Broken Kademlia: The Two Nodes That Gave Away a Botnet
KadNap hid its command-and-control infrastructure inside BitTorrent DHT traffic using a custom Kademlia implementation. Then it hardcoded two fixed relay nodes that never changed. Black Lotus Labs followed them straight to the infrastructure — and to the Doppelganger proxy service monetising 14,000 compromised ASUS routers.
Security — Threat IntelligenceNew Linux Malware in 2026: What's Targeting Your Servers Right Now
PUMAKIT, perfctl, KadNap, SSHStalker, Goldoon, NerbianRAT, GTPdoor, and KrustyLoader -- eight active families with MITRE ATT&CK TTP mappings, container security implications, attribution analysis, incident response guidance, and a prioritized defensive action list.
SysadminHow to Check Linux Hardware Compatibility Before Switching (2026 Guide)
PCI IDs, firmware blobs, GPU drivers across Intel, AMD, and NVIDIA legacy branches, wireless cards, Bluetooth, audio, storage controllers, Secure Boot, and laptop peripherals -- with live USB testing commands, an interactive failure diagnosis tree, and resolution paths for every class of driver problem. Updated for kernel 6.19 and the 2025–2026 driver landscape.
KernelLinux Firmware Blobs: What They Are, Why They Exist, and How to Manage Them
What binary firmware blobs are, why the kernel needs them, how request_firmware() loads them, version mismatches, Secure Boot interactions, supply chain provenance via the WHENCE file, IMA integrity checking, GNU Linux-libre, and how to fix missing firmware on Debian, Ubuntu, Fedora, and Arch.
KernelNVIDIA Linux Drivers: Open Modules, GSP Firmware, and the Road to Blackwell
Open kernel modules vs proprietary, how the GPU System Processor changed everything with Turing, what moved in the R560 and R590 driver series, Wayland DRM modeset, Blackwell-only open module support, Nouveau/NVK, and the Nova Rust driver entering the upstream kernel.
Linux GamingSteam Linux LD_PRELOAD Fix: The Lag Timebomb, the Overlay Tradeoff, and When to Use It
What LD_PRELOAD="" %command% does in Steam launch options on Linux, why it fixed the 2024–2025 lag timebomb, what it silently breaks, and when you should and should not use it in 2026.
Linux GamingSteam Runtime Container Library Audit: The libX11 Version Mismatch That Breaks XCheckIfEvent on Rolling-Release Distros
When the host libX11 outpaces what Steam's pressure-vessel container expects, the overlay's XCheckIfEvent hook fails in ways LD_PRELOAD="" cannot fix. How to audit the container's actual library environment and apply the right distro-specific fix.
DistrosHow to Install AlmaLinux: A Complete Guide for CentOS Refugees
CentOS is gone. AlmaLinux is the answer -- ABI compatible with RHEL, community governed, and free forever. Covers why AlmaLinux exists, fresh installation with LVM partitioning, systemd, SELinux, DNF module streams, firewalld, Cockpit, Kickstart automation, container and cloud images, ELevate in-place migration from CentOS 7, and production hardening. Current through AlmaLinux 9.7 and 10.1.
DistrosHow to Configure Kickstart for Automated Rocky Linux Installations at Scale
A production-grade guide to Kickstart automation for Rocky Linux: Anaconda internals, LVM partition layouts with CIS-compliant mount options, %pre disk detection, %post hardening, PXE delivery, LUKS encryption, and scalable deployment patterns that eliminate manual installs entirely.
Kernel20 Unique Things You Can Do in Linux That Will Change How You Think About Operating Systems
Twenty kernel-level capabilities -- /proc, strace, eBPF, namespaces, cgroups, live patching, capabilities, rr, auditd, perf, and more -- that expose how the Linux kernel works at a level no other mainstream OS allows.
Security — CVSS 7.8CVE-2026-3888: How Ubuntu's systemd Cleanup Timer Became a Root Escalation Path
A timing gap between snap-confine and systemd-tmpfiles hands any local user a path to full root on Ubuntu Desktop 24.04 and later. Neither component is broken in isolation -- the vulnerability lives in how they interact. Exact mechanism, CVSS vector, patched versions, auditd detection rules, and the architectural reason code review cannot catch this class of bug.
Ruby / LinuxZJIT: Inside Ruby 4.0's Next-Generation JIT Compiler on Linux
Ruby shipped a ground-up new JIT compiler on Christmas 2025. ZJIT uses SSA-based HIR and method-level compilation to target a higher performance ceiling than YJIT was ever designed to reach. Here is how its architecture works, how to enable and profile it on Linux, and what the road to Ruby 4.1 production readiness actually looks like.
Linux GamingLinux Gaming with SteamOS and HoloISO: The Full Picture
HoloISO brought SteamOS 3 to desktop hardware before Valve was ready to. The complete story: what it was, how it worked, why the original was archived in 2024, and where Linux gaming stands in 2026 with Bazzite, the Steam Machine, and official SteamOS expansion to third-party handhelds.
Linux GamingDZGUI: The Linux DayZ Server Browser and Mod Manager That Works
DayZ's BattlEye anti-cheat runs in userland under Proton -- no kernel driver on your Linux system. DZGUI is the open-source launcher that makes modded community servers reachable: Steam Web API server queries, Workshop mod diffing and staging, and a zero-trust architecture where your API key never leaves your machine. Includes Steam Deck setup, PBO mod security, and the curl-to-bash install risk model.
SysadminBash Scripting for Beginners: Automate Your Way to Efficiency
From your first script to cron-scheduled automation -- variables, loops, conditionals, functions, error handling with set -euo pipefail, security pitfalls, input validation, and real-world patterns you can use today.
SysadminUbuntu Server Management: A Practical Guide for 2026
From first-boot hardening to patch automation, Livepatch to Landscape -- a production-ready walkthrough of Ubuntu 24.04 LTS covering UFW, Fail2ban, AppArmor, unattended-upgrades, auditd, and the full Canonical toolchain.
SysadminBash vs Zsh vs Fish: Choosing the Right Shell for Your Linux Workflow
Architecture, internals, and real-world workflow implications of the three shells. The choice of shell is architectural -- it shapes how fast you move, how readable your automation is, and how deeply you understand what Linux is doing beneath the surface.
Linux GamingWorld of Warcraft on Linux: The Untold Story of a Client That Never Was
Blizzard built a Linux client during WoW's beta and shelved it before launch. Twenty years later, a community-built stack of Wine, Proton, DXVK, and GE-Proton has done the job Blizzard refused to do -- and the numbers are no longer easy to ignore.
Linux GamingWorld of Warcraft on Linux: The Real 2026 Guide
Wine 11, GE-Proton, DXVK, Lutris with umu-launcher, Warden risks, Steam Deck, MangoHud, hybrid GPU setup, WoW Classic and Hardcore, and Config.wtf tweaks -- everything you actually need to run WoW on Linux in 2026, verified and current.
NetworkingLinux GTK WiFi: nm-applet, libnma, and the Tray Icon Problem Nobody Talks About
The full architecture of Linux WiFi under GTK -- why your tray icon vanishes on Wayland, the XEmbed vs StatusNotifierItem split, how nm-applet 1.36 auto-selects SNI outside X11, wpa_supplicant vs iwd as backends, and the nmcli commands that replace the GUI entirely.
SysadminAutomating Pinggy on Linux with systemd
Running a Pinggy tunnel manually is fine for a test. Running it reliably after every reboot, with automatic restarts on failure and logs that survive across sessions -- that requires systemd. This is the complete guide to doing it right.
Sysadminsystemd-journald: Effective Configuration for Production Systems
Storage modes, disk quotas, Forward Secure Sealing, rate limiting, journal namespaces, and forwarding strategies -- with production-ready drop-in configs and defaults verified against current upstream man pages.
DistrosSwitching to Linux for Everything Online: What Actually Changes and What Doesn't
Linux desktop market share hit 4.7% globally in 2025. Here is the complete, honest picture of what switching to Linux means for your daily internet life -- browsing, streaming, banking, video calls, and the real tradeoffs most guides skip.
Linux GamingLinux Gaming with ProtonDB: What the Numbers Actually Mean in 2026
Nearly 90% of Windows games now run on Linux. That headline is real — but it hides a more interesting story about compatibility layers, crowdsourced intelligence, kernel-level anti-cheat politics, and where the remaining 10% actually live.
DistrosNobara Linux: The Patched Fedora That GloriousEggroll Built
Thomas Crider -- the engineer behind Proton-GE -- built Nobara as his own daily driver on a Fedora base. It ships the patched CachyOS kernel with BORE scheduling, falcond automatic per-game optimization, native RPM Steam, pre-installed NVIDIA drivers, and five editions including a dedicated ROG Ally handheld build. Here is how the whole system fits together.
Linux GamingBazzite vs. Nobara (2026): Which Gaming Linux Distro Should You Choose?
The two leading Fedora-based gaming distros compared across every dimension that matters: atomic rollback vs. DNF freedom, ROG Ally and Legion Go handheld integration, Secure Boot, NVIDIA driver tradeoffs, the Open Gaming Collective kernel, and which one fits your workflow.
Linux GamingKernel-Level Anti-Cheat and Linux: Why They Don't Get Along
You picked your gaming distro, got Proton running, and then discovered Valorant, Call of Duty, and Rainbow Six Siege will not let you into a lobby. This is why: a full technical account of the Windows-only trust architecture kernel anti-cheat depends on, why Proton cannot bridge it, which games are permanently blocked and which are not, and what the EA Javelin job listing naming Linux as a future target actually means for the road ahead.
DistrosCachyOS: Performance Arch Linux With BORE Kernel and Graphical Installer
CachyOS ships Arch Linux with a BORE-tuned kernel, AutoFDO and Propeller profile-guided optimization, x86-64-v3 and v4 package repositories, live sched-ext scheduler switching via scx_loader, and a Calamares graphical installer that makes the whole stack accessible without sacrificing any of the underlying performance engineering.
Linux GamingGamer's Guide to Switching to Linux: What Happens Under the Hood
How does a Windows game actually run on Linux? This guide traces the full stack: Wine's API reimplementation, DXVK's DirectX-to-Vulkan translation, VKD3D-Proton 3.0's DXBC rewrite, NTSYNC in kernel 6.14, Syscall User Dispatch in Wine 11.5, and why kernel-level anti-cheat is an architectural wall rather than a solvable compatibility problem. Includes distro comparisons, GPU driver realities, shader stutter mechanics, and a concrete migration sequence.
Security — SSH / HardeningHow to Disable Root Login for SSH on Ubuntu
One directive in sshd_config closes one of the commonly exploited SSH attack vectors. Covers PermitRootLogin, drop-in config gotchas, cryptographic algorithm hardening, Match blocks, ForceCommand, SSH key setup, FIDO2 and TOTP MFA, authorized_keys hygiene, fail2ban, and lockout recovery -- with MITRE ATT&CK mappings throughout.
Security — SSH / CryptographyGenerate an Ed25519 SSH Key Pair with a Passphrase
Why Ed25519 replaced RSA, how bcrypt KDF protects private keys at rest, the -a flag for hardened KDF rounds, OpenSSH 10.0's post-quantum default, hardware-backed keys, sshd_config lockdown, and full key lifecycle management.
SysadminHow to Find Which Process Is Using a Port on Linux
Port conflict? lsof, ss, and fuser give you the answer in seconds. Covers MITRE ATT&CK T1049 and T1571, the attacker's use of the same tools, container namespace visibility gaps, /proc/net internals, rootkit evasion, and scripting port checks for automation.
Sysadminerror: beginning maxstartups throttling -- What sshd Is Telling You (and How to Fix It)
When your SSH daemon drops connections with "beginning maxstartups throttling," it is doing exactly what it was designed to do. Covers the three-value syntax, the security tradeoff, diagnosing attack vs automation traffic, PerSourcePenalties in OpenSSH 9.8+, bastion tuning, and CI pipeline fixes.
DistrosUbuntu 24.04 LTS vs Every Major Ubuntu Version: What Actually Changed
From kernel 5.15 to 6.8. From GNOME 42 to 46. From five-year support to twelve. Noble Numbat is Canonical's 10th LTS and the most technically ambitious -- AppArmor 4, confidential computing, TPM 2.0 full disk encryption, and a refreshed developer toolchain. Here is how it stacks up against 20.04, 22.04, and the interim releases in between.
SysadminHow to Monitor Syslog in Real Time with tail -f
The command is tail -F /var/log/syslog. The depth behind it is not simple -- from -f vs -F and log rotation behavior, to grep filtering with line buffering, journalctl on systemd systems, and the full distribution map including Amazon Linux 2023.
DistrosBest Linux for Python Development in 2026
Ubuntu, Fedora, Arch, NixOS -- each has a real case. We compare them for Python work specifically: version management, toolchain freshness, virtual environment behavior, and how each handles the "externally managed environment" problem introduced in PEP 668. Plus WSL2 on Windows, dev containers, CI/CD alignment, and where Python 3.14 lands on each distro..
SysadminLinux Neofetch: The Complete Guide to a Terminal Icon (And What Comes Next)
Neofetch defined a generation of Linux terminal aesthetics. How it works, how to configure it, why Dylan Araps archived it in 2024, and which actively maintained alternatives -- Fastfetch, HyFetch, and others -- you should be running today.
Security — Linux GamingDo Not Run Your Game Server as Root on Linux
Running a game server as root is one of the most common and consequential mistakes in self-hosted gaming infrastructure. Covers exactly what that decision costs you, how attackers exploit it, dedicated service accounts, hardened systemd unit files, Linux capabilities, and step-by-step remediation.
SysadminView Last 50 Lines of a Log File in Linux: tail -n and Everything Around It
The command is tail -n 50 /path/to/logfile. Stick around and you will also get live log following with -f vs -F, grep filtering with line buffering, multi-file tailing, log rotation awareness, and the patterns experienced sysadmins reach for every day.
SysadminSearch Command History in Linux with Ctrl+R
Press Ctrl+R, type a few characters, hit Enter. Behind that simple gesture is GNU Readline's reverse incremental search, a history file with configurable limits, cross-session sync, timestamps, bang shortcuts, and fzf fuzzy matching. The complete reference -- from keyboard shortcuts to a production-ready ~/.bashrc config.
SysadminThe Linux Wheel Group: History, Mechanics, and the Right Way to Use It
From a 1969 TENEX privilege bit to the gatekeeper of root access on every RHEL server today -- the complete story of the wheel group, how it works under the hood, and how attackers and defenders both read the same /etc/group file.
Security — SSHSSH Audit and Hardening: The Practitioner's Guide
Practitioners surveyed in the SANS ICS 2024 report on Linux server compromise patterns consistently found that SSH-related incidents traced back not to broken cryptography but to authentication failures -- stolen or unrotated private keys, absent MFA, and shared accounts -- and to misconfigured access controls that left authenticated sessions far too permissive. Cipher configuration rarely featured in the root cause.
SysadminPython for Linux System Administration: The Practical Guide
From subprocess and psutil to Fabric and Paramiko -- how to use Python to automate, monitor, and manage Linux systems at scale. We cover a few modules worth knowing, and some patterns that hold up in production, how to build scripts you can hand off, and the mistakes worth avoiding before you find them the hard way.
SysadminAutomating Pinggy Tunnels on Linux with OpenTofu
Pinggy works out of the box with a single SSH command. But when you have a fleet of machines, CI pipelines, or environments that need tunnels on every boot, you need something repeatable and auditable. This is where OpenTofu -- the open-source Terraform fork managed by the Linux Foundation -- fits in.
SecurityWhy Security-Conscious Gamers Play Minecraft on Linux
A technical look at telemetry architecture, kernel security primitives, JVM sandboxing changes, and network controls that make Linux the more defensible platform for running Minecraft -- from the Snooper's removal and return to Fractureiser's real-world blast radius and what the loss of the JVM SecurityManager actually means for mod safety.
Linux GamingBattle.net on Linux: What Actually Works in 2026
Blizzard has no plans to port Battle.net to Linux. Here is a complete, technically precise guide to running it anyway -- via Wine, GE-Proton, Lutris, Bottles, and Steam -- including ntsync explained, WINE_SIMULATE_WRITECOPY unpacked, every known error and fix, with all sources cited.
Linux Gaming / SecurityBlocking Cheaters on Your DayZ Server Running Linux
BattlEye configuration, RCON integration, firewall hardening, log analysis, spoofer threat modeling, DDoS resilience, automated crash recovery, mod supply chain risk, VPN detection, player reporting infrastructure, ban data privacy, community anti-cheat mods, and community ban strategy -- a technical guide for DayZ dedicated server administrators running Ubuntu 22.04 or 24.04 LTS that goes further than anything else you will find.
SecurityCVE-2026-27944: How a Missing Middleware Line in Nginx UI Turned Your Backups Into a Free Download
One unregistered route and one HTTP response header that shouldn't exist handed any unauthenticated attacker a fully decryptable backup of your Nginx server. Root cause analysis, exploitation mechanics, forensic indicators, and full remediation for Linux sysadmins.
Linux GamingHow to Optimize Fedora for Gaming with Steam, Lutris, and GPU Drivers
A layered technical examination of the Linux gaming stack -- Proton, DXVK, VKD3D-Proton, GPU drivers, GameMode, MangoHud, and kernel tuning -- built on one of the most technically sound foundations available.
Linux GamingSwitching to Linux for Gaming: A Practical Tinkering Guide with Real Walkthroughs
Driver setup, Proton configuration, GE-Proton installs, launch option flags, anti-cheat realities, and game-specific walkthroughs -- everything that actually matters when you move your gaming rig to Linux in 2025 and 2026.
Linux GamingProton vs Wine: Choosing the Right Compatibility Layer
Wine is the foundation. Proton is the gaming-focused stack built on top of it. NTSYNC, Wine 11 through 11.6, DXVK in standalone Wine, DLL overrides, MangoHud, GameMode, Proton debug logging, and where Lutris, Heroic, and Bottles fit in -- everything that separates the two tools and tells you which to reach for.
Linux GamingGaming on Linux: A Practical State of the Union
Linux gaming hit a record 5.33% Steam market share in March 2026 and Proton 10 now runs close to 90% of Windows titles. This is the complete practical reference: how Proton and DXVK work, which distro to choose, what anti-cheat actually blocks and why publishers refuse, GPU driver realities, game saves, controller setup, modding tools, Battle.net via Lutris, and a dual-boot decision framework.
SysadminBinary and Linux: The Invisible Language Beneath the System
Every file, process, and system call ultimately resolves to binary. This exploration traces the invisible thread connecting ones and zeros to the Linux system you run every day -- from ELF headers, DWARF debug information, and the vDSO to kernel data structures, seccomp-BPF syscall filtering, and hands-on exercises that let you build, patch, and inspect binaries yourself.
SysadminAutomating Linux Server Tasks with Cron Jobs and Shell Scripts
From one-liner crontab entries to production-grade Bash scripts -- learn to automate backups, monitoring, log rotation, and routine maintenance tasks that keep your servers running without constant manual intervention.
DistrosChoosing a Linux Distribution: The Definitive Decision Framework
From package managers to release models, desktop environments to security posture -- a practical, opinionated guide to picking the right distribution for your workflow instead of drowning in the paradox of choice. Includes what each distro's failure modes actually look like in practice -- the part other guides leave out.
Networkingip vs ifconfig: Why You Should Switch and How to Do It
net-tools saw its last significant development in 2001 and went dormant for nearly two decades. iproute2 uses a fundamentally different kernel interface, supports features net-tools cannot reach, and is what the rest of the Linux networking ecosystem runs on. Here is the full picture.
Linux GamingLinux Arma 3 Performance Tuning: Going Deep Under the Hood
A technical guide for players who want to stop guessing and start understanding exactly why every frame matters when running Arma 3 under Proton.
DistrosFedora Linux: Under the Hood, At the Frontier
From a University of Hawaii side project to the daily driver of the Linux kernel's own creator -- what Fedora actually is, how it works under the hood, and why it occupies a position in the Linux ecosystem that no other distribution can honestly claim.
DevOpsGitOps with Flux: Stop SSHing Into Your Servers
An intro to Flux CD for teams tired of manual deploys. Covers the reconciliation loop, Kustomization vs HelmRelease, repo structure, secrets, multi-tenancy, what breaks first in production, an honest comparison with Argo CD, and how to debug when things go sideways.
KernelUnderstanding the Linux Kernel Memory Model
Why your code can read stale values on one CPU while another CPU has already written the update -- and how the LKMM gives kernel developers a formal framework to reason about it, prevent it, and prove correctness.
DevOpsDocker Networking Without the Guesswork
Demystifying bridge, host, and overlay networks with real troubleshooting scenarios. Covers how containers actually resolve DNS, what happens inside the Linux kernel when a packet leaves a container, a systematic playbook for debugging connectivity failures between services, and the chain restructuring introduced in Docker Engine 28 and 29 that invalidates a large portion of older iptables documentation.
NetworkingDocker Failed to Query External DNS Server: What It Means and How to Fix It
The [resolver] failed to query external DNS server message explained from the inside out -- the systemd-resolved namespace collision, cloud VM resolver traps, iptables DNAT mechanics, CVE-2024-29018, and every verified fix from daemon.json to nftables backend conflicts.
Arma 3 and Arma Reforger: A Deep Technical Comparison of Windows vs. Linux Performance
A technical examination of two fundamentally different games, two different engines, and two different relationships with Linux -- covering client gaming, dedicated servers, and the architecture that explains everything.
NetworkingUnderstanding Linux Routing Tables
Every packet that leaves your machine passes through the kernel's routing subsystem. Here is exactly how that works -- from the FIB trie data structure to policy routing rules, static routes, and the RPDB -- with the commands to read, manipulate, and debug it all.
SecurityLinux and Quantum Computing: What Professionals Should Know Now
From post-quantum cryptography migration to open-source quantum development toolkits -- the quantum era is not a distant future. Here is what Linux administrators, developers, and security teams need to understand and act on today.
Networkingtc and Traffic Shaping: A Practical Guide
tc is one of the most powerful tools in the Linux networking stack -- and one of the least understood. This guide cuts through the qdisc confusion, explains HTB properly, and gets you shaping traffic in ways that actually work in production.
Linux GamingLinux Reforger Performance Tuning: A Deep Technical Guide
From CPU governors to VKD3D-Proton heap workarounds -- everything you need to get stable, low-variance frame times running Arma Reforger on Linux. This guide goes under the hood on the Enfusion engine's translation pipeline, kernel scheduler tuning, and dedicated server configuration.
DevOpsSystemd Units You Should Know
A practical breakdown of writing and managing systemd services, timers, and targets from scratch. Covers common failure modes, journald integration, and dependency ordering -- the parts most tutorials skip.
Linux GamingRunning Arma Reforger on Steam Deck: A Deep Technical Guide for Linux
The war simulator that shouldn't run on a handheld — but does. A complete technical account of why, how, and what's happening under the hood when it does: VKD3D-Proton, Gamescope, UMA memory, and the Zen 2 simulation bottleneck.
SecurityWireshark with a Remote Linux Capture: tcpdump + SSH Piping
How to pipe a live kernel-resident packet stream from any headless Linux server directly into Wireshark's dissector engine -- using nothing but tcpdump, SSH, and BPF. Covers the libpcap wire format, mandatory flags, three capture methods, SSH performance tuning, and privilege hardening.
SysadminInside Nginx: Architecture, Internals, and Production Craft
How Nginx actually works: the module system and ngx_module_t, memory pools per connection and per request, the 11-phase request pipeline, epoll and the event loop, HTTP/3 over QUIC, the upstream state machine, Brotli, TLS hardening, and production configuration throughout.
SecurityWireGuard on Linux: Setting Up a Minimal, Modern VPN
On modern Linux systems, WireGuard runs as an in-kernel module, spans roughly 4,000 lines of C, and is built on the formally analyzed Noise protocol framework. Learn how it actually works -- and how to deploy it correctly.
NetworkingExample nftables Rules: Filtering, NAT, Rate Limiting, and Sets
Practical, copy-ready nftables configurations using the inet family for dual-stack IPv4 and IPv6 coverage. Covers stateful filtering, named and interval sets, verdict maps, masquerade and DNAT, per-source SSH throttling with dynamic sets, and a complete production ruleset with blocklist, logging, and counters.
Scripting & AutomationPerl on Linux: A Technical Exploration
From regex to /proc, file I/O to process management -- a comprehensive look at Perl as a deeply native Linux scripting language. We cover the full stack: the environment, data types, regular expressions, system integration, networking, modules, and production-grade automation patterns.
KernelKernel-Level I/O Events in Linux: From Syscall to DMA
From VFS and the page cache to epoll and io_uring -- a ground-up exploration of how the Linux kernel originates, tracks, dispatches, and completes I/O events, and the internals that make high-performance I/O possible.
Scripting & AutomationRuby on Linux: A Field Manual
From sockets to /proc, file I/O to process forking -- a comprehensive look at Ruby as a first-class Linux scripting and automation language. We cover the full stack: version management, OOP, regex, networking, concurrency, and production-grade system tooling.
SysadminLinux Servers vs. Windows Servers for WordPress
Every layer of the WordPress stack -- PHP, MySQL, Nginx, Redis, Varnish -- was designed and optimized for Linux. We break down exactly why, from kernel-level I/O primitives and process models to security architecture and total cost of ownership.
SysadminPython with Linux: A Comprehensive Guide
From shell automation to kernel interfaces, networking to security tooling -- everything you need to use Python effectively on Linux systems.
SecurityRecovering X-Forwarded-For Pivot Chains from Linux Web Server Process Memory
How to extract and validate multi-hop XFF chains from Apache, Nginx, and PHP-FPM heap artifacts on Linux -- using gcore, LiME, and process-aware scanning to reconstruct attacker pivot paths after disk logs are gone.
DistrosArch Linux: History, Culture, and Legacy
From a Canadian sysadmin's frustration with RedHat in 2001 to the "I use Arch btw" era -- how a minimalist distro built on simplicity, user control, and a rolling-release philosophy reshaped the Linux landscape and spawned an entire family of derivatives.
SysadminUnderstanding pacman: Arch Linux's Package Manager in Depth
From dependency resolution to repository management, parallel downloads to package signing -- a complete technical walkthrough of the package manager at the heart of Arch Linux and its derivatives.
SecurityZero-Trust Security on Linux: A Practical Implementation Guide
Translate NIST SP 800-207 into concrete Linux configurations -- from SSH hardening and SELinux enforcement to nftables microsegmentation, systemd sandboxing, kernel sysctl tuning, and continuous audit logging.
SecurityAudit Linux User Permissions: Spot Risky sudoers, SUID/SGID, and Group Misconfigurations
A practical permissions-audit workflow to find privileged users, dangerous sudo rules, SUID/SGID binaries, writable paths, and ACL pitfalls — with commands you can run in minutes.
SysadminHow to Set Up Arch Linux as a Home Server: SSH, Samba, and Docker
Build a hardened Arch Linux home server with SSH hardening, nftables, Samba (SMB3), Docker (rootless options), and operational hardening — with practical configs you can deploy.
SysadminHow to Install Arch Linux from Scratch: A Complete Step-by-Step Guide
From partitioning to desktop environment -- a hands-on walkthrough of installing Arch Linux the right way, with every command explained.
AI / ML OpsRunning AI Workloads on Linux: A Beginner's Setup Guide
From GPU drivers to containerized inference -- a practical walkthrough for getting your first machine learning environment running on Linux.
SysadminHow to Install and Configure a Desktop Environment on Arch Linux (GNOME, KDE, and XFCE)
Step-by-step guide to installing GNOME, KDE Plasma, and XFCE desktop environments on Arch Linux -- from package selection and display managers to Wayland configuration and post-install tuning.
SysadminUnderstanding the Differences Between Linux and Windows Servers: A Technical User Guide
A deep technical reference covering file system architecture, user and access management, networking, security models, remote administration, and logging -- across both platforms.
SysadmineBPF for System Administrators: Tracing Without the Overhead
How eBPF replaced strace, SystemTap, and brute-force kernel modules with safe, production-grade tracing that runs directly inside the kernel.
SecurityParamiko: A Deep Technical Reference for Python SSH Automation
From the SSH handshake to SFTP internals, port forwarding to connection pooling -- everything you need to master Python's most powerful SSH library.
SecurityHardening SSH: Beyond the Basics
Certificate-based authentication, jump hosts, port knocking, and fail2ban configurations that actually make a difference in production.
KernelLinux Kernel Tuning for High-Traffic Servers
Sysctl parameters, network stack tuning, and memory management settings that can dramatically improve throughput under load.
SysadminBtrfs Snapshots and Rollbacks in Practice
A practical walkthrough of snapshot management, automated backup strategies, and how to recover from a botched upgrade in minutes.
NetworkingDeep Dive into nftables: The iptables Successor
Why nftables replaced iptables, how to write rulesets, and a migration guide for anyone still running legacy firewall configurations.
NetworkingHow nftables Changes the Model
iptables evaluated rules sequentially -- nftables replaced the entire engine with a kernel virtual machine that runs compiled bytecode. That architectural shift is why set lookups are O(1) regardless of element count, why ruleset updates are fully atomic with no window between old and new state, and why the inet family can handle IPv4 and IPv6 in a single ruleset. Covers the VM instruction set, Netlink batch transaction mechanics, flowtable forwarding fastpath and its GC behavior, conntrack zone assignment for asymmetric routing, and why nftables accept verdicts differ from iptables ACCEPT in multi-table environments.
DevOpsAnsible Roles That Actually Scale
Patterns for writing reusable, testable Ansible roles. Includes molecule testing, variable precedence traps, and handler strategies.
DistrosNixOS in Production: Smooth the Path
Lessons learned running NixOS on bare metal servers. Reproducible builds, rollback stories, and the sharp edges you may hit along the way.
SysadminUnderstanding systemd: A Comprehensive Guide to Modern Linux Init Systems
From unit files to timers, targets to journal logging -- everything you need to master the init system that runs your servers.
Sysadmin20 Linux Commands Every Beginner Must Know
A practical walkthrough of the 20 essential Linux commands that will take you from lost at the terminal to confidently navigating, managing files, and controlling your system.
Sysadmin12 Things to Do Immediately After Installing Linux
Just installed Linux? Here are the twelve essential steps to secure, optimize, and customize your fresh system before you do anything else.
SecurityLinux Trojans: How Attackers Compromise the OS the World Trusts
BPFDoor, Symbiote, XorDDoS, OrBit, Syslogk -- how Linux trojans get in, how they hide, how they persist, and how to find them. Includes a defense coverage matrix, detection commands, and a live incident classification quiz.
Security — T1053.003Unauthorized Crontab Modification: How Attackers Abuse Linux Scheduling for Persistence
perfctl replaced the crontab binary itself so administrators couldn't see their own scheduled jobs. CronRAT hid its payload on February 31st -- a date that never comes. Koske, an AI-assisted cryptominer, layered cron with systemd and RC scripts to survive any single cleanup. This is the full threat model: every file location attackers target, real campaign analysis, auditd rules, and the binary integrity check that catches what crontab -l won't show you.
DevOpsDocker's iptables Compatibility Layer: How Container Networking Actually Touches Netfilter
A kernel-level account of what Docker actually does to your firewall: the nat table PREROUTING rewrite that bypasses INPUT, the DOCKER-USER chain ordering, the iptables-nft compatibility layer translating Docker's rules into nftables on modern distributions, the split-brain hazard when backends are mixed, and the architectural shifts introduced by Docker 29's experimental native nftables mode.
DevOpsDocker Bypassing nftables Rules: Why Your Firewall Is Not Filtering Container Traffic
You wrote the drop rule, reloaded the ruleset, and the port is still open. Docker's DNAT rewrites packet destinations in the prerouting hook before your filter chains evaluate them, and its nftables chains at priority -100 accept traffic before your priority 0 rules fire. This guide traces the full Netfilter pipeline, covers four production fixes (priority chains, conntrack original destination, chain injection, and the --bridge-accept-fwmark mechanism), and includes a default-drop ruleset for compliance environments.
Networkingiptables-nft Compatibility Problems: Why Your Firewall Rules Disappear on Modern Linux
Two firewall tools writing to the same kernel subsystem with incompatible assumptions about what that subsystem should look like. This is the guide to every failure mode that produces: the incompatible table error, split-brain rulesets invisible to either iptables or nft, Docker and libvirt backend mismatches, chain priority collisions where accepted packets still get dropped, and the RHEL 9 deprecation timeline that makes migration unavoidable.
AI / ML OpsSetting Up a Local AI Stack on Linux: Ollama + Open WebUI + Docker
The single networking mistake that breaks every local AI setup: containers cannot reach localhost on the host, so Ollama's default 127.0.0.1 binding silently blocks Open WebUI before you've typed a single prompt. This guide solves that with the correct systemd override, the host.docker.internal bridge configuration, NVIDIA Container Toolkit GPU passthrough, and a Docker Compose file that survives updates without losing conversation history.
AI / ML OpsLinux GPU Acceleration for AI: CUDA vs ROCm — What You Need to Know in 2026
NVIDIA hardware costs a premium, but CUDA's ecosystem advantage is real. AMD hardware is cheaper, but ROCm will silently run your model on CPU without telling you why. This guide explains exactly where each stack stands in 2026 — driver setup, PyTorch compatibility, Flash Attention 2, TensorRT, the HSA override workaround for unofficially supported GPUs, and the specific workloads where an AMD card at the same price point is genuinely the better call.
AI / ML OpsHow to Run LLMs Locally on Linux with Ollama (NVIDIA and AMD GPU Setup)
Ollama brings local LLM inference to Linux without requiring a cloud API key or a PhD in GPU driver management. This guide covers every GPU backend the tool supports -- NVIDIA CUDA (compute capability 5.0+), AMD ROCm v7, and the Vulkan path for hardware that both reject -- plus model quantization trade-offs, VRAM budget planning, and the HSA_OVERRIDE_GFX_VERSION workaround that unlocks unofficially supported AMD GPUs. Updated for Ollama v0.20+.
AI / ML OpsBest Linux Distros for AI and ML Work in 2026
Ubuntu, Fedora 43, Pop!_OS, or Arch -- the distro you pick determines how much setup friction stands between you and a working GPU. This comparison cuts through the feature-list noise and focuses on what actually matters: how many steps from fresh install to nvidia-smi or rocminfo, how quickly Python versions and AI libraries land, and how often a routine update silently breaks a working CUDA or ROCm stack.
NetworkingConfiguring nftables with Docker
Docker Engine 29 introduced a native nftables firewall backend that replaces the iptables compatibility shim. One key in daemon.json enables it, but the real complexity is in how Docker's auto-generated tables interact with your custom rules. Covers the accept-is-not-final verdict model, the DOCKER-USER migration path, flush-safe persistence patterns, firewall mark overrides, and a production-ready nftables configuration for Docker hosts.