A working guide to using a YubiKey for SSH on a real Linux fleet — the four knobs (resident, touch, PIN, agent), a four-mode policy for root and Ansible, software-only alternatives, and where SSH CAs fit in.
SSH punching for everyone who only knows ssh user@host — how -D replaces a corporate VPN, -R replaces a mesh VPN for NAT’d boxes, and -L forwards Unix sockets. 3 flags, 3 bonuses, 1 man page.
A post-mortem of intermittent HTTPS failures across a mobile proxy fleet: TLS 1.3 handshakes silently dying on memory-starved Android devices — large multi-packet handshake messages, inflated by post-quantum key shares, stressing proxy buffers under memory pressure.
How a frequently-restarting systemd unit with Type=exec leaked unreclaimable kernel slab memory (~60 MB/day) on Ubuntu hosts via a cgroup memory-accounting bug — and why only a full host reboot could free it.
apt-get update randomly hangs for hours on Ubuntu 24.04 LTS — known since 22.04, still not fixed. Worst part: it silently blocks unattended-upgrades, so your servers stop receiving security updates. The ‘fix’ is a cron job that kills stuck apt processes.
My ISP started upselling 10gbit XGS-PON — but how to test it without buying a 10G-capable machine? A $15 noname M.2 → PCIe expander + AQC107 NIC on an old HP G2 mini did the job. Plus the pcie_aspm=off gotcha.