Automate your FreeBSD deployments with Rocinante!
This lightweight configuration management tool is perfect for bootstrapping new systems and managing application configurations. `pkg install rocinante` to get started.
Search results
New blog post: GeoIP-Aware Firewalling with PF on FreeBSD
Running a mail server means constant brute-force attempts. My solution: geographic filtering. SMTP stays open for global mail delivery, but client ports (IMAP, Submission, webmail) are restricted to Central European IP ranges only.
Result: ~90% reduction in attack logs, cleaner signal-to-noise ratio, smaller attack surface.
Using MaxMind GeoLite2 + PF tables with ~273k CIDR blocks.
https://blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
Solving Factorio with Terraform - YouTube https://lobste.rs/s/pk3rnu #video #devops #games
https://www.youtube.com/watch?v=uU06vKlCNXk
The TechBash 2026 Sponsor Prospectus is now available! Sponsor #techbash and meet our attendees in the Poconos in October.
#devconference #devcommunity #dotnet #cloud #javascript #python #devops #ai #appdev #nepa
I Cannot SSH Into My Server Anymore (And That’s Fine) https://lobste.rs/s/e7lpyy #devops
https://soap.coffee/~lthms/posts/i-cannot-ssh-into-my-server-anymore.html
Dew Drop Weekly Newsletter 465 - Week Ending January 9, 2026
#dewdrop #newsletter #aspnetcore #javascript #cloud #azure #dotnetmaui #cpp #windowsdev #xaml #csharp #dotnet #ai #mcp #devops #agile #python #IoT #appdev #podcasts #m365 #data #sqlserver #powershell
Fresh from the BSDCan program committee - submissions are coming in, but we can still take more!
If you have not made your submission, you have until Saturday, January 17th to get yours in!
Go to https://www.bsdcan.org/2026/papers.html to orient yourself, then submit via the submission link.
BSDCan is in Ottawa, with tutorials June 17-18, 2026, talks June 19-20, 2026
#bsdcan #conference #bsd #unix #development #freebsd #netbsd #openbsd #sysadmin #devops #freesoftware #libresoftware 
@bsdcan
Uncloud, self hosted Cloud, seen by a developer for developers https://lobste.rs/s/0lzrhf #devops #networking
https://blog.garambrogne.net/uncloud-en.html
Bueno, venga, va, nunca he hecho #presentación a pesar de que me he mudado más veces de las que puedo contar.
Soy #DevOps, #SRE o #PlatformEngineer, depende de cómo vaya el día. Mi trabajo no me define, pero me flipan los ordenadores desde lechón, así que un poco si.
Me gusta la broma y la chanza, pero si te ofendo con algún chiste, avísame para cambiarlo.
No me interesaba la política hasta que LOS PUTOS FASCISTAS me obligaron.
Para lo demás, la bio, o pregunta. 😉
Dew Drop Weekly Newsletter 464 - Week Ending January 2, 2026
https://zc.vg/POB96?m=0
#dewdrop #newsletter #aspnetcore #javascript #css #azure #xaml #windowsdev #dotnet #csharp #ai #mcp #devops #agile #python #IoT #appdev #podcasts #dotnetmaui #m365 #data #sqlserver #powershell
@xameerHoldMyType I think the list furthers
#Emacs incorporating seccomp for process isolation on capable GNU/Linux systems, while FreeBSD has its own sandboxing mechanism called Capsicum
> Process Isolation (OS-level) separates processes' memory/resources for stability; chroot (filesystem-level) changes a process's root directory for simple file access restriction (weak security); while Sandboxing (application/security-focused) uses stronger kernel features (containers, VMs, or specialized tools)
#virtualization
@xameerHoldMyType contd go without user namespace isolation to build app in Rootless container like #podman you need dynamically alloc builder uids and with it as root ( rarely with it) , without sandbox , app #testing
i ll do that on #nixos , how ll you do it onother #Linux
do you every use `sysctl -w kernel.unprivileged_userns_clone=1`?
#reliability. #devops
chroot - fs isolation
systemd nspawn container - namespace isolation
podman - hardware isolation
#Bootc #containers are designed to create bootable images from container inputs, allowing for the deployment and management of entire operating systems using container technology. #QEMU, on the other hand, is a hardware virtualization tool that can run virtual machines, including those created from bootc images, providing a way to emulate different hardware architectures.
#virtualization #isolation #container #cloud #devops #production #infrastructure
what about #incus how is this different?-- correct me if I am wrong
Containers package an application with its dependencies and run on a shared operating system, while #unikernel compile an application with only the necessary OS components, allowing them to run independently and more efficiently, especially in resource-constrained environments.
How do you secure access to your self-hosted/homelab services? https://lobste.rs/s/rmenr4 #ask #devops
New blog post: Managing FreeBSD Jails with Ansible.
I wrote jailexec - an Ansible connection plugin that lets you manage FreeBSD jails without running SSH inside each one. It connects to the jail host via SSH and uses jexec to run commands, just like you would manually.
Features:
• Single Python file, easy install
• Supports doas and sudo
• Secure two-stage file transfers
• Works with any jail manager
Blog: https://blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
Git's HTTP server side design does not scale via 
@archArch 
https://lobste.rs/s/dythih #devops
https://xeiaso.net/notes/2025/distributed-git-ddos
Hi everyone! My name is Cenk, I'm interested in platform engineering and an enthusiast of all things related to building secure and reliable systems.
Recently also tinkering around with #nix.
When not working, you can find me doing endurance sports, like riding on #Zwift.
Feel free to reach out and connect with me about all things platform engineering or endurance sports.
I'm always looking to learn and connect with others!
Little bonus:
Want to see ONLY Jail processes, sorted by CPU%?
This command filters out the host system (JID 0) and sorts the rest by Jail ID and CPU usage:
ps -ax -o jid,jail,pid,user,%cpu,%mem,command | awk 'NR==1 {print; next} $1!=0 {print | "sort -k1n -k5rn"}'
Server Radar - Track Hetzner Server Prices & Receive Email Alerts https://lobste.rs/s/vngrsv #devops
https://radar.iodev.org/
Building a Multi-Site Kubernetes Cluster with BGP Anycast https://lobste.rs/s/qwty2k #devops
https://kyriakos.papadopoulos.tech/posts/multi-site-kubernetes-bgp/
Dew Drop Weekly Newsletter 462 - Week Ending December 26, 2025
#dewdrop #newsletter #aspnetcore #azure #javascript #dotnetmaui #appdev #mobiledev #xaml #windowsdev #csharp #dotnet #ai #mcp #agile #devops #python #podcasts #m365 #data #sqlserver #powershell
Automating What Backblaze Lifecycle Rules Don't Do Instantly https://lobste.rs/s/abglcr #devops #linux #nix #systemd
https://blog.tymscar.com/posts/backblazeb2cleanup/
@Interactively visualize GitHub Actions Matrix configurations via 
@moritzMoritz Sanft https://lobste.rs/s/gqhmvm #devops
https://katexochen.github.io/github-matrix-parser/
Web engine CI on a shoestring budget via 
@PolyWolf https://lobste.rs/s/ymlyce #video #devops
https://youtu.be/-W1mSXdlRqA
Operating Rails: what about after you deploy? https://lobste.rs/s/sokkpl #devops #practices #ruby
https://andre.arko.net/2025/11/20/operating-rails/
.NET 10 LTS는 이제 진정한 **'유비쿼터스 패키지'**입니다. 더 이상 복잡한 피드 구독이나 리포지토리 설정에 시간을 허비할 필요가 없습니다.
Windows, macOS, Linux, 그리고 Container까지. 각 OS의 기본 패키지 매니저에서 명령어 한 줄이면 즉시 개발 환경이 완성됩니다.
특히 Ubuntu 24.04 (Noble Numbat) 사용자분들, 2026년 1월 정식 배포를 기대해 주세요.
설정의 시대는 가고, 즉시 실행의 시대가 왔습니다. .NET 10으로 바로 시작하세요!
🔗 자세한 설치 정보 확인하기: https://forum.dotnetdev.kr/t/os-net-10/14006
#dotnet #LTS #OneLineInstall #개발생산성 #닷넷 #DevOps #dotneteverywhere
The atomic time scale at NIST Boulder has failed https://lobste.rs/s/rgpalc #devops #networking
https://journa.host/@w7voa/115754351058263109
Reminder for #DevOps, #SRE, and other programming types. You have now passed the last point to push to production for 2025. Pushing to production now means you risk debugging your fixes next week sat in your childhood bedroom, on dodgy WiFi, while your uncle makes rude and sexist remarks with your partner downstairs. Don't risk it. Your changes can wait until 2026.
Dew Drop Weekly Newsletter #462 - Week Ending December 19, 2025
#dewdrop #newsletter #javascript #aspnetcore #xaml #dotnet #csharp #ai #mcp #devops #agile #IoT #appdev #podcasts #python #sqlserver #data #m365 #powershell #devtools #dewdrop
Have you worked with tags on your jails yet?
One nice benefit of using tags is that you can also TARGET by tag name, meaning you can group like systems and maintain those separate from others.
`bastille tags help`
Usage:
bastille tags TARGET [add|delete] tag1,tag2
bastille tags TARGET list [TAG]
I got hacked, my server started mining Monero this morning https://lobste.rs/s/v139bi #devops #security
https://blog.jakesaunders.dev/my-server-started-mining-monero-this-morning/
Log level 'error' should mean that something needs to be fixed https://lobste.rs/s/2lnu5u #devops
https://utcc.utoronto.ca/~cks/space/blog/programming/ErrorsShouldRequireFixing
gh-actions-lockfile: generate and verify lockfiles for GitHub Actions https://lobste.rs/s/csqubi #devops #nodejs #release #security
https://gh-actions-lockfile.net
global known_hosts for ssh services https://lobste.rs/s/hkkb61 #cryptography #devops
https://knownhosts.net/
Ran into a problem in prod?
Just generate a fake cloudflare error page and blame it on them - gives you time to fix.
