Everyday Life Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Archive for the ‘Everyday Life’ Category

The Gospel of the Second Resurrection (John 20:19–26) Bright Monday Gospel reading interpretation

Sunday, April 12th, 2026

Christ is Risen ! Truly he is Risen !

Another year to celebrate Resurrection day, I great all my readers with the Holy and Glorious day of The Resurrection of Christ !
Happy Resurrection day, Happy Easter to All faithful Christians and all Technology Freaks out there who look for the Universal truth and meaning of life !

Happy Resurrection to those who are searching it and those who find it, as I tend to find more and more that more technological literate people came to become Christian and find the Light and truthfulness of Holy Orthodox Christian Faith !

In Orthodox Christianity, the Second Resurrection Service often called Agape Vespers is a deeply symbolic and joyful service celebrated on the afternoon or evening of Pascha, the feast of Christ’s Resurrection, an event that changed history forever and made the Time to be counted on Age before Christ and Age after him Anno Domini ( A.D. ) Christ's victory over death and importance of the Resurrection has become a turning stone for whole world and has one time forever changed the history to Bring the Light of Heaven on earth again after the fall of man in Eden's garden.
In Orthodox Christian tradition the feast of Resurrection is being celebrated Staring from the Day of Pascha (The Resurrection of Christ) towards his Ascension on the Day of Ascension on the 40th Day. Many might not today, that the first 7 days Week of Pascha is actually a whole period of celebration like a day who marks The Resurrection and the whole week in Orthodox tradition is considered as one single day. The first 3 days when the Lord Jesus Christ raised to the death after being in Hell with his soul to Save and Save all the waiting souls of prophets and old testamental times of old righteous people and those who repented (on Holy Saturday) the Next day after Crucifix (on Holy Friday) are the Most glorious and important days of the whole 40 days period of the Resurrection till time the Lord Ascended to Heaven with his Glorious Resurrectied Body.

The Paschal Church service of the Resurrection of Christ which is celebrated with serving Saint Basyl's Holy Liturgy in Orthodox Christian tradition always starts exactly at Midnight. In many traditions nowdays like also in Bulgarian tradition, the Holy Fire is brought by Plane to the Synodal Palace of the Church from hence it is distributed across local Pariches Churches to bring the Light of the Miracle of Jerusalem of Holy Fire that happen once and only for Eastern Orthodox Christians, when a Light of Heaven comes to light up the Candle of Jerusalem's Eastern Orthodox Christian patriarch as a eternal confirmation of the Truthfulness of the Resurrection of Christ (a God's sign for Unbelievers to think and study the Orthtoxy). The miracle of Holy Fire happened even this year in Jerusalem in the Holy Sepulcher Church (built on top of the Place of Resurrection of Christ). Thanks God even though humanity sinfulness (and the escalating wars) which by Miracle and God's grace and great Mercy has been temporary suspended for the World to mark the Feast of the Feast of The Resurrection. It is a clear miracle that this temporary peace in Ukraine and Russia as well as Israel and Iran happened exactly on the days of the Eastern Orthodox Christian resurrection, which is this year as most years one week later than the Roman Catholic pascha (as we at the Orthodox Church still do venerate righteously the rule of The first Church Council of Nicea.).

The reason to follow Easter differently for Eastern Orthodox Chrsitians from Western Roman Catholic Christians is often misunderstood and puts great confusion to explain especially to modern people from East and West faith that work together in corporations, thus I'll put a short explanation on why we Eastern Orthodox Christians celebrate Pascha often differently than Roman Catholics?:
There are 3 main reasons that sted from the Ecumenical council of Nicea:

Separation from Jewish Timing: The Council mandated that Christians should no longer rely on Jewish calculations for the 14th of Nisan. The Emperor Constantine, in a letter following the council, argued that it was "unworthy" for Christians to follow the custom of those who had rejected Christ.
Solar-Lunar Formula: To remain independent, the Council adopted the "Alexandrian method": Pascha must fall on the first Sunday after the first full moon occurring on or after the vernal equinox.
Biblical Sequence: While the council's surviving canons do not explicitly state "after Passover," the Orthodox Church maintains that the Nicene intent was to preserve the Biblical sequence of events. Since the Resurrection happened after the Jewish Passover in the Gospels, the Orthodox calculation ensures Pascha never precedes or coincides with the start of the Jewish festival.

On the next day after we celebrate the Feast of Resurrection (Velikden as called in Eastern tradition) is Bright Monday. The day is very special as the Night Vigil and Morning Service with Holy Liturgy ends up very late around 3, 3-30 A.M. And the service is created by Holy Fathers of the Church inspired by God as a way to experience for second time (on the same day)the Joy of the Resurrection, so the spiritual joy be even more multiplied and well undestood b the Church members.

The Bright Monday or Easter Monday in Eastern Orthodox Christian tradition is marked by what is often called the “Second Resurrection”service.

The service is a continuation of the joy of Pascha, emphasizing the universal proclamation of Christ’s victory over death.

At the heart of this celebration is the Gospel reading from John 20:19–26, which recounts Christ’s first appearances to His disciples after the Resurrection. What is unique for the service is this is the only day in year when the One and Holy Universal Eastern Orthodox Church shows its universality and union and acceptance of all languages as a mean to proclaim the Good new of Salvation way the Holy Gospel introduced for everyone who believed in the name of the Jesus Christ as a Son of God and Savior of the World by Having introduced the reading of a Gospel reading in different nation languages !

Here is a selection of the Text reading as translated in different languages, might be helpful if you belong to one of those Churches abroad, to read the text on "Second Resurrection", bright monday Service:

English (King James Version)
John 20:19–26

Then the same day at evening, being the first day of the week, when the doors were shut where the disciples were assembled for fear of the Jews, came Jesus and stood in the midst, and saith unto them, Peace be unto you.
And when he had so said, he shewed unto them his hands and his side. Then were the disciples glad, when they saw the Lord.
Then said Jesus to them again, Peace be unto you: as my Father hath sent me, even so send I you.
And when he had said this, he breathed on them, and saith unto them, Receive ye the Holy Ghost:
Whose soever sins ye remit, they are remitted unto them; and whose soever sins ye retain, they are retained.
But Thomas, one of the twelve, called Didymus, was not with them when Jesus came.
The other disciples therefore said unto him, We have seen the Lord. But he said unto them, Except I shall see in his hands the print of the nails, and put my finger into the print of the nails, and thrust my hand into his side, I will not believe.
And after eight days again his disciples were within, and Thomas with them: then came Jesus, the doors being shut, and stood in the midst, and said, Peace be unto you.

Bulgarian (Synodal translation)
Йоан 20:19–26

Вечерта в същия ден, първия на седмицата, когато вратите, дето бяха събрани учениците, бяха заключени от страх от юдеите, дойде Иисус, застана посред и им каза: Мир вам!

И като рече това, показа им ръцете и ребрата Си. Учениците се зарадваха, като видяха Господа.
Иисус пак им рече: Мир вам! Както Ме прати Отец, така и Аз ви пращам.
Като каза това, духна и им рече: Приемете Духа Светаго.
На които простите греховете, ще им се простят; на които задържите, ще се задържат.
А Тома, един от дванайсетте, наречен Близнак, не беше с тях, когато дойде Иисус.
Другите ученици му казваха: Видяхме Господа. А той им рече: Ако не видя на ръцете Му белега от гвоздеите и не туря пръста си в раните от гвоздеите и не туря ръката си в ребрата Му, няма да повярвам.
След осем дни учениците Му пак бяха вътре и Тома с тях. Дойде Иисус, когато вратите бяха заключени, застана посред и рече: Мир вам!

Russian (Synodal)
От Иоанна 20:19–26

В тот же первый день недели вечером, когда двери дома, где собирались ученики Его, были заперты из опасения от Иудеев, пришел Иисус, и стал посреди, и говорит им: мир вам!
Сказав это, Он показал им руки и ребра Свои. Ученики обрадовались, увидев Господа.
Иисус же сказал им вторично: мир вам! как послал Меня Отец, так и Я посылаю вас.
Сказав это, дунул, и говорит им: примите Духа Святаго.
Кому простите грехи, тому простятся; на ком оставите, на том останутся.
Фома же, один из двенадцати, называемый Близнец, не был тут с ними, когда приходил Иисус.
Другие ученики сказали ему: мы видели Господа. Но он сказал им: если не увижу на руках Его ран от гвоздей и не вложу перста моего в раны от гвоздей и не вложу руки моей в ребра Его, не поверю.
После восьми дней опять были в доме ученики Его, и Фома с ними. Пришел Иисус, когда двери были заперты, стал посреди их и сказал: мир вам!

Ἐκ τοῦ κατὰ Ἰωάννην ἁγίου Εὐαγγελίου τὸ ἀνάγνωσμα.
Greek (Κοινή / Patriarchal Text – Orthodox usage)

Οὔσης οὖν ὀψίας τῇ ἡμέρᾳ ἐκείνῃ τῇ μιᾷ σαββάτων, καὶ τῶν θυρῶν κεκλεισμένων ὅπου ἦσαν οἱ μαθηταὶ συνηγμένοι διὰ τὸν φόβον τῶν Ἰουδαίων, ἦλθεν ὁ Ἰησοῦς καὶ ἔστη εἰς τὸ μέσον καὶ λέγει αὐτοῖς· Εἰρήνη ὑμῖν.
καὶ τοῦτο εἰπὼν ἔδειξεν αὐτοῖς τὰς χεῖρας καὶ τὴν πλευρὰν αὐτοῦ. ἐχάρησαν οὖν οἱ μαθηταὶ ἰδόντες τὸν Κύριον.
εἶπεν οὖν αὐτοῖς πάλιν ὁ Ἰησοῦς· Εἰρήνη ὑμῖν· καθὼς ἀπέσταλκέ με ὁ Πατήρ, κἀγὼ πέμπω ὑμᾶς.
καὶ τοῦτο εἰπὼν ἐνεφύσησε καὶ λέγει αὐτοῖς· Λάβετε Πνεῦμα Ἅγιον·
ἄν τινων ἀφῆτε τὰς ἁμαρτίας, ἀφίενται αὐτοῖς· ἄν τινων κρατῆτε, κεκράτηνται.
Θωμᾶς δὲ εἷς ἐκ τῶν δώδεκα, ὁ λεγόμενος Δίδυμος, οὐκ ἦν μετ’ αὐτῶν ὅτε ἦλθεν ὁ Ἰησοῦς.
ἔλεγον οὖν αὐτῷ οἱ ἄλλοι μαθηταί· Ἑωράκαμεν τὸν Κύριον. ὁ δὲ εἶπεν αὐτοῖς· Ἐὰν μὴ ἴδω ἐν ταῖς χερσὶν αὐτοῦ τὸν τύπον τῶν ἥλων καὶ βάλω τὸν δάκτυλόν μου εἰς τὸν τύπον τῶν ἥλων καὶ βάλω τὴν χεῖρά μου εἰς τὴν πλευρὰν αὐτοῦ, οὐ μὴ πιστεύσω.
καὶ μεθ’ ἡμέρας ὀκτὼ πάλιν ἦσαν ἔσω οἱ μαθηταὶ αὐτοῦ καὶ Θωμᾶς μετ’ αὐτῶν. ἔρχεται ὁ Ἰησοῦς τῶν θυρῶν κεκλεισμένων καὶ ἔστη εἰς τὸ μέσον καὶ εἶπεν· Εἰρήνη ὑμῖν.

Serbian (Епископски / Orthodox usage)
Јован 20:19–26

А у вече тог првог дана седмице, кад су врата где беху ученици сабрани била затворена од страха од Јудејаца, дође Исус и стаде међу њих и рече им: Мир вам!
И ово рекавши, показа им руке и ребра Своја. Тада се обрадоваше ученици видевши Господа.
Тада им Исус опет рече: Мир вам! Као што је Отац послао Мене, и Ја шаљем вас.
И ово рекавши, дуну и рече им: Примите Духа Светога.
Којима опростите грехе, опраштају им се; којима задржите, задржани су.
А Тома, један од дванаесторице, звани Близанац, не беше с њима кад дође Исус.
Тада му други ученици говораху: Видели смо Господа. А он им рече: Ако не видим на рукама Његовим ране од клинова и не ставим прст свој у ране од клинова и не ставим руку своју у ребра Његова, нећу веровати.

И после осам дана опет беху унутра ученици Његови и Тома с њима. Дође Исус кад врата беху затворена, стаде међу њих и рече: Мир вам!

Romanian (Biblia sinodală – Orthodox)
Ioan 20:19–26

Și fiind seară, în ziua aceea, cea dintâi a săptămânii, și ușile fiind încuiate unde erau ucenicii adunați de frica iudeilor, a venit Iisus și a stat în mijloc și le-a zis: Pace vouă!
Și zicând aceasta, le-a arătat mâinile și coasta Sa. Deci s-au bucurat ucenicii, văzând pe Domnul.
Și le-a zis iarăși Iisus: Pace vouă! Precum M-a trimis pe Mine Tatăl, vă trimit și Eu pe voi.
Și zicând aceasta, a suflat asupra lor și le-a zis: Luați Duh Sfânt.
Cărora veți ierta păcatele, le vor fi iertate; și cărora le veți ține, vor fi ținute.
Iar Toma, unul din cei doisprezece, numit Geamănul, nu era cu ei când a venit Iisus.
Deci ceilalți ucenici îi ziceau: Am văzut pe Domnul. Dar el le-a zis: Dacă nu voi vedea în mâinile Lui semnul cuielor și nu voi pune degetul meu în semnul cuielor și nu voi pune mâna mea în coasta Lui, nu voi crede.
Și după opt zile, ucenicii Lui erau iarăși înăuntru, și Toma împreună cu ei. A venit Iisus, ușile fiind încuiate, și a stat în mijloc și a zis: Pace vouă!

German (Luther tradition / Orthodox-used standard translation style)
Johannes 20,19–26

Und am Abend desselben ersten Tages der Woche, als die Türen verschlossen waren, wo die Jünger versammelt waren aus Furcht vor den Juden, kam Jesus und trat mitten unter sie und spricht zu ihnen: Friede sei mit euch!

Und als er das gesagt hatte, zeigte er ihnen die Hände und seine Seite. Da wurden die Jünger froh, dass sie den Herrn sahen.

Da sprach Jesus abermals zu ihnen: Friede sei mit euch! Gleichwie mich der Vater gesandt hat, so sende ich euch.

Und als er das gesagt hatte, hauchte er sie an und spricht zu ihnen: Empfangt den Heiligen Geist!

Welchen ihr die Sünden erlasst, denen sind sie erlassen; und welchen ihr sie behaltet, denen sind sie behalten.

Thomas aber, einer der Zwölf, der Zwilling genannt wird, war nicht bei ihnen, als Jesus kam.

Da sagten ihm die anderen Jünger: Wir haben den Herrn gesehen. Er aber sprach zu ihnen: Wenn ich nicht in seinen Händen die Nägelmale sehe und meinen Finger in die Nägelmale lege und meine Hand in seine Seite lege, so will ich nicht glauben.

Und nach acht Tagen waren seine Jünger abermals drinnen, und Thomas war bei ihnen. Kommt Jesus, als die Türen verschlossen waren, und tritt mitten unter sie und spricht: Friede sei mit euch!

Arabic (بطريركي / Orthodox liturgical usage)
إنجيل يوحنا 20:19–2

ولما كانت عشية ذلك اليوم، وهو أول الأسبوع، وكانت الأبواب مغلقة حيث كان التلاميذ مجتمعين خوفًا من اليهود، جاء يسوع ووقف في الوسط وقال لهم: سلام لكم.

ولما قال هذا أراهم يديه وجنبه، ففرح التلاميذ إذ رأوا الرب.

فقال لهم يسوع ثانية: سلام لكم. كما أرسلني الآب أرسلكم أنا أيضًا.

ولما قال هذا نفخ فيهم وقال لهم: اقبلوا الروح القدس.

من غفرتم خطاياه تُغفر له، ومن أمسكتم خطاياه أُمسكت.

أما توما، أحد الاثني عشر، الذي يُدعى التوأم، فلم يكن معهم حين جاء يسوع.

فقال له التلاميذ الآخرون: قد رأينا الرب. فقال لهم: إن لم أبصر في يديه أثر المسامير وأضع إصبعي في أثر المسامير وأضع يدي في جنبه لا أؤمن.

وبعد ثمانية أيام كان تلاميذه أيضًا داخلًا، وكان توما معهم. جاء يسوع والأبواب مغلقة، ووقف في الوسط وقال: سلام لكم!

Georgian (საქართველოს მართლმადიდებელი ეკლესია)
იოანე 20:19–26

და იყო მწუხრი იმ დღესა, კვირის პირველ დღეს, და კარნი დახშულნი იყვნენ, სადაც მოწაფენი იყვნენ შეკრებილნი იუდეველთა შიშისგან, მოვიდა იესო და დადგა მათ შორის და ჰრქუა მათ: მშვიდობა თქუენდა.
და ეს რომ თქვა, უჩვენა მათ ხელნი და გვერდი თვისი. და გაიხარეს მოწაფეებმა, იხილეს რა უფალი.
მაშინ კვლავ უთხრა მათ იესომ: მშვიდობა თქუენდა; როგორც მამამ მომავლინა მე, მეც თქვენ მოგავლინებთ.
და ეს რომ თქვა, შეუბერა მათ და უთხრა: მიიღეთ სული წმინდა.
ვისაც მიუტევებთ ცოდვებს, მიეტევებათ მათ; და ვისაც დაუკავებთ, დაუკავდებათ.
ხოლო თომა, ერთი თორმეტთაგანი, რომელსაც ეწოდებოდა ტყუპი, არ იყო მათთან, როცა მოვიდა იესო.
უთხრეს მას სხვა მოწაფეებმა: ვიხილეთ უფალი. ხოლო მან უთხრა მათ: თუ არ ვიხილავ მის ხელებზე ფრჩხილების ნიშანს და არ შევიტან ჩემს თითს ფრჩხილების ნიშანში და არ შევიტან ჩემს ხელს მის გვერდში, არ ვირწმუნებ.
და რვა დღის შემდეგ კვლავ იყვნენ შინ მისი მოწაფენი და თომაც მათთან. მოვიდა იესო, კარნი დახშულნი იყვნენ, დადგა მათ შორის და უთხრა: მშვიდობა თქუენდა.

Albanian (Orthodox Albanian Bible usage)
Gjoni 20:19–26

Dhe kur u bë mbrëmje në atë ditë, ditën e parë të javës, dhe dyert ishin të mbyllura ku ishin mbledhur dishepujt nga frika e judenjve, erdhi Jezusi dhe qëndroi në mes dhe u tha atyre: Paqe juve!
Dhe pasi tha këtë, u tregoi duart dhe brinjën e Tij. Atëherë dishepujt u gëzuan kur panë Zotin.
Dhe Jezusi u tha përsëri: Paqe juve! Sikurse më dërgoi Ati, ashtu ju dërgoj edhe unë juve.
Dhe pasi tha këtë, fryu mbi ta dhe u tha: Merrni Frymën e Shenjtë.
Kujt t’ia falni mëkatet, do t’u falen; kujt t’ia mbani, do t’u mbeten.
Por Thomai, një nga të dymbëdhjetët, i quajtur Binjaku, nuk ishte me ta kur erdhi Jezusi.
Dishepujt e tjerë i thoshin: E pamë Zotin. Por ai u tha: Nëse nuk shoh në duart e Tij shenjat e gozhdëve dhe nuk vë gishtin tim në shenjat e gozhdëve dhe nuk vë dorën time në brinjën e Tij, nuk do të besoj.
Dhe pas tetë ditësh, dishepujt e Tij ishin përsëri brenda dhe Thomai me ta. Erdhi Jezusi, kur dyert ishin të mbyllura, dhe qëndroi në mes dhe tha: Paqe juve!

Czech (Český ekumenický / Orthodox-used translation style)
Jan 20,19–26

Když byl večer onoho dne, prvního dne v týdnu, a dveře, kde byli učedníci shromážděni ze strachu před Židy, byly zavřeny, přišel Ježíš, postavil se doprostřed a řekl jim: Pokoj vám!

A když to řekl, ukázal jim ruce a svůj bok. Učedníci se zaradovali, když viděli Pána.
Ježíš jim znovu řekl: Pokoj vám! Jako Otec poslal mne, tak já posílám vás.
A když to řekl, dechl na ně a řekl jim: Přijměte Ducha Svatého.
Komu odpustíte hříchy, budou mu odpuštěny; komu je zadržíte, budou zadrženy.
Tomáš, jeden z dvanácti, zvaný Didymos, nebyl s nimi, když přišel Ježíš.
Ostatní učedníci mu říkali: Viděli jsme Pána. Ale on jim řekl: Jestliže neuvidím na jeho rukou jizvy po hřebech a nevložím svůj prst do jizev po hřebech a nevložím svou ruku do jeho boku, neuvěřím.
A po osmi dnech byli jeho učedníci opět uvnitř a Tomáš s nimi. Přišel Ježíš, když byly dveře zavřeny, postavil se doprostřed a řekl: Pokoj vám!

Slovak (Orthodox-used / liturgical style)
Ján 20,19–26

Keď bol večer toho prvého dňa v týždni a dvere, kde boli učeníci zhromaždení zo strachu pred Židmi, boli zavreté, prišiel Ježiš, postavil sa doprostred a povedal im: Pokoj vám!
A keď to povedal, ukázal im ruky a svoj bok. Učeníci sa zaradovali, keď videli Pána.
Ježiš im znova povedal: Pokoj vám! Ako mňa poslal Otec, aj ja posielam vás.
A keď to povedal, dýchol na nich a povedal im: Prijmite Ducha Svätého.
Komu odpustíte hriechy, budú mu odpustené; komu ich zadržíte, budú zadržané.
Tomáš, jeden z dvanástich, zvaný Didymus, nebol s nimi, keď prišiel Ježiš.
Ostatní učeníci mu hovorili: Videli sme Pána. Ale on im povedal: Ak neuvidím na jeho rukách stopy po klincoch a nevložím svoj prst do stôp po klincoch a nevložím svoju ruku do jeho boku, neuverím.
A po ôsmich dňoch boli jeho učeníci znova vnútri a Tomáš s nimi. Prišiel Ježiš, keď boli dvere zatvorené, postavil sa doprostred a povedal: Pokoj vám!

The Meaning of the Passage

This Gospel takes place on the evening of the Resurrection:

“Peace be with you.” (John 20:19)

The disciples are gathered in fear, behind closed doors. Yet Christ appears among them not as a ghost, but in His glorified body. His greeting, “Peace be with you,” is not merely comforting, it is transformative. It signals reconciliation between God and humanity.

Christ then shows His wounds, proving that the Crucified One is truly the Risen One.

The Gift of the Holy Spirit

One of the most profound moments in this passage is when Christ breathes on the disciples:

“Receive the Holy Spirit.” (John 20:22)

This act recalls the creation of Adam, when God breathed life into humanity. Here, the Risen Christ inaugurates a new creation—restoring and renewing mankind.

He also grants the apostles authority:

“If you forgive the sins of any, they are forgiven…” (John 20:23)

This becomes the foundation of the Church’s sacramental life.

The Absence of Thomas

Thomas is not present during this first appearance. His absence becomes spiritually significant, he represents all who struggle with doubt.

When told of the Resurrection, Thomas responds:

“Unless I see… I will not believe.” (John 20:25)

This honest doubt sets the stage for the next encounter (read the following Sunday), where faith is deepened through experience.

Why It Is Called the “Second Resurrection Gospel” ?

This Gospel reading done in multiple languages during Easter Monday services, is very adequate in international Church communities such as Orthodox Church pariches in Western Europe and America where, there are church members from virtually every nationality.
Those reading is conduceted in Church Pariches by people whos native language is the language of reading or by anyone in the Church community that can speak or read the language. Thus the Church assemblyy shows clearly to the World:

1. The universality of the Resurrection for All Mankind and a reference to the Primal Language of Edem which in New Testamental times after Christ is the Language of Love and virtues as given by Christ.
2. The spreading of the Gospel to all nations (for which the apostles and every Christian has been called by the Saviour
The unity of the Church across cultures and tongues
3. The unity of the Church across cultures and tongues and the one saving truth that if practiced as prescribed will lead humanity and each individual to Christs faith and salvation.

Closing words

Hopefully this article was interseting for tech guys and some diversity from the boredom of tech stuff. I hope it shed some light love, faith, hope and peace and understanding for anyone who searches for the Truth.

I will close it with the Great and glorious and spiritually rich Paschal Sermon of Saint John Crysostom, that is being red on the Easter Service (at some Churches it is practice to read this sermon over the first three days Church services of Pasche).

The Catechetical Sermon of St. John Chrysostom reading Matins of Pascha.

The descent to Hades of Christ – Saint Ekaterina Monastery ancient of Resurrection

If any man be devout and love God, let him enjoy this fair and radiant triumphal feast.
If any man be a wise servant, let him rejoicing enter into the joy of his Lord.
If any have labored long in fasting, let him now receive his recompense.
If any have wrought from the first hour, let him today receive his just reward.
If any have come at the third hour, let him with thankfulness keep the feast.
If any have arrived at the sixth hour, let him have no misgivings; because he shall in nowise be deprived thereof.
If any have delayed until the ninth hour, let him draw near, fearing nothing.
If any have tarried even until the eleventh hour, let him, also, be not alarmed at his tardiness; for the Lord, who is jealous of his honor, will accept the last even as the first; He gives rest unto him who comes at the eleventh hour, even as unto him who has wrought from the first hour.

And He shows mercy upon the last, and cares for the first; and to the one He gives, and upon the other He bestows gifts.
And He both accepts the deeds, and welcomes the intention, and honors the acts and praises the offering.
Wherefore, enter you all into the joy of your Lord; and receive your reward, both the first, and likewise the second.
You rich and poor together, hold high festival. You sober and you heedless, honor the day.
Rejoice today, both you who have fasted and you who have disregarded the fast.
The table is full-laden; feast ye all sumptuously.
The calf is fatted; let no one go hungry away.

Enjoy ye all the feast of faith: Receive ye all the riches of loving-kindness.
Let no one bewail his poverty, for the universal kingdom has been revealed.
Let no one weep for his iniquities, for pardon has shown forth from the grave.
Let no one fear death, for the Savior’s death has set us free.
He that was held prisoner of it has annihilated it. By descending into Hell, He made Hell captive.
He embittered it when it tasted of His flesh.
And Isaiah, foretelling this, did cry: Hell, said he, was embittered, when it encountered Thee in the lower regions.
It was embittered, for it was abolished. It was embittered, for it was mocked.
It was embittered, for it was slain. It was embittered, for it was overthrown.
It was embittered, for it was fettered in chains.
It took a body, and met God face to face.
It took earth, and encountered Heaven.
It took that which was seen, and fell upon the unseen.

O Death, where is your sting? O Hell, where is your victory?
Christ is risen, and you are overthrown.
Christ is risen, and the demons are fallen.
Christ is risen, and the angels rejoice.
Christ is risen, and life reigns.
Christ is risen, and not one dead remains in the grave.
For Christ, being risen from the dead, is become the first fruits of those who have fallen asleep.
To Him be glory and dominion unto ages of ages.
Amen.

Tags: after, again, age, ALL, amen, and, anno, another, ANY, Apostles, christ is risen, death, disciples, Enjoy, holy ghost, Hopefully, lord jesus christ, Paschal Church, truthfulness, years
Posted in Christianity, Everyday Life | No Comments »

Automatically Re-plug all USB devices on system resume on Debian Linux using systemd

Thursday, March 26th, 2026

automatically-replug-all-usb-devices-on-system-resume-on-Debian-Ubuntu-Linux
Lets say you’re like me and you have an old but gold USB device like USB joystick Maxfire G-08XU (i've described how to configure Joystick / Gamepad on Debian Ubuntu easily), an USB flash drive stick or even some obscure USB keyboard model, that are not among the most compatible device on earth for linux. The result is in device plug and Sleeping the system or Hibernating it for a while (when go to bed) you end up with USB device being undetected by the system. Once you recover the Laptop / PC from being in Sleep mode / hibernate, the device becomes undetected by system, even though, even though the Linux kernel recognizes in lsusb. That weirdity continues until you do the manual hard workaround, which is to manually unplug the device cable and replug it again.
Though Linux has advanced much with this stuff over last years still this problems can occur every now and then. Thanksfully there is a quick fix to that. You can create a small script that reloads all the USB devices on PC
want the script to run automatically after your Debian laptop wakes up from suspend/hibernate. On Linux, the way to do this is using systemd sleep hooks. Here’s how to do it properly by using a small script + systemd.

1. Create a systemd sleep script

Create a new directory and file:

# mkdir -p /etc/systemd/system-sleep
# vim /etc/systemd/system-sleep/usb-replug.sh

Add this content:

#!/bin/bash
# Only run on resume (wake up)
case "$1" in
post)
# Replace '1-3' with your USB bus-port ID
echo '1-3' | tee /sys/bus/usb/drivers/usb/unbind
sleep 2
echo '1-3' | tee /sys/bus/usb/drivers/usb/bind
;;
esac
If

If you need script logging use instead this small script:

#!/bin/bash

case $1/$2 in
pre/*)
# before suspend: you can put commands here if needed
;;
post/*)
# after resume: run your USB replug commands
echo "$(date) – Running USB replug script" >> /var/log/usb-replug.log
# Example command: trigger USB rescan
for bus in /sys/bus/usb/devices/*/authorized; do
echo 0 | sudo tee $bus
echo 1 | sudo tee $bus
done
;;
esac

2. Make it executable and reload systemd services

# chmod +x /etc/systemd/system-sleep/usb-replug.sh

Once you’ve created the script in /etc/systemd/system-sleep/ and made it executable, systemd will automatically call it on suspend/resume.

To make sure everything is recognized, you can:

Reload systemd units (optional but recommended)

# systemctl daemon-reload

Test it manually by suspending and resuming your machine

# systemctl suspend

After resuming, your script should run automatically and you should see the missing devices that you had to physically unplug and plug back to normal.
Hooray ! 🙂

3. How it works (systemd respawn)

systemd runs scripts in /etc/systemd/system-sleep/ on suspend and resume.
$1 is either pre (before sleep) or post (after wake).
The script unbinds and rebinds your USB device right after the system resumes.

Tip: You can also use usbreset instead of unbind/bind if you prefer, just replace the echo lines with:

# usbreset /dev/bus/usb/001/005

Alternatively you can use one time a simple one liner script that does the job like this:

# cat replug_usbs_linux.sh
#!/bin/bash

# one liner script to replug all USB devices like you have physically replugged all USBs useful if for example some of USB devices stuck after linux computer sleep

# for example my old maxfire g-08 usb joystick does mess up and i have to physically replug it (to work around this i simply run this script

d=$(lsusb -t | grep -m1 'Driver=' | sed -E 's|.*Port ([0-9]+):.*Bus ([0-9]+).*|\2-\1|') && echo $d | sudo tee /sys/bus/usb/drivers/usb/unbind && sleep 2 && echo $d | sudo tee /sys/bus/usb/drivers/usb/bind

Tags: Automatically Re-plug, bash scripting linux, content, debian linux, debian systemd configuration, echo 1, file, linux automation, linux hardware troubleshooting, linux power management, linux resume hook, linux scripting, linux system administration, linux usb reset, scripts, sleep, suspend, suspend resume linux, system resume script, systemd, systemd service, systemd sleep hook, systemd suspend service, udev rules, usb device management, usb devices, usb devices reconnect, usb reset script, usb troubleshooting linux
Posted in Curious Facts, Educational, Everyday Life, Linux and FreeBSD Desktop, Linux multimedia, Linux on Laptops | No Comments »

Using GeoIP on Linux: Country-Based Filtering, Logging, and Traffic Control

Friday, January 16th, 2026

GeoIP is one of those technologies that quietly sits in the background of many systems, yet it can be extremely powerful when used correctly. Whether you want to block traffic from specific countries, analyze access logs, or add geographic context to security events, GeoIP can be a valuable addition to your Linux toolbox.

In this article, we’ll go deeper and look at real GeoIP usage examples for:

Log analysis
Firewalls
Apache HTTP Server
HAProxy

All examples are based on typical GNU/Linux server environments.

What Is GeoIP?

GeoIP maps an IP address to geographic data such as:

Country
City
ASN / ISP (depending on database)

Most modern systems use MaxMind GeoLite2 databases (

.mmdb

format).

Keep in Mind ! :
GeoIP data is approximate. VPNs, proxies, mobile networks, and CGNAT reduce accuracy. GeoIP should be treated as a heuristic, not a guarantee.

1. Installing GeoIP Databases on Linux deb based distro

On Debian / Ubuntu:

#

apt install geoipupdate

Configure

/etc/GeoIP.conf

with your MaxMind license key and run:

# geoipupdate

Databases are usually stored in:

/usr/share/GeoIP/

2. GeoIP for Log Analysis (to get idea of where does your traffic origins from)

GeoIP with Apache HTTP Server

Apache can use GeoIP in two main ways:

To do IP origin Logging
Do Access control based on IP origin

An altenartive GeoIP common use is to post-processing logs to find out attempts to breach your security.

Lets say you want to

Find top attacking countries against your SSHd service.

# grep "Failed password" /var/log/auth.log | \
awk '{print $(NF-3)}' | \
while read ip; do geoiplookup $ip; done |
\ sort | uniq -c | sort -nr

This command will provide you a visibility on attack sources georaphical Country origin

3. Installing Apache GeoIP Module

For legacy GeoIP (older systems):

# apt install libapache2-mod-geoip

For modern systems, GeoIP2 is preferred:

# apt install libapache2-mod-geoip2

Enable the module:

# a2enmod geoip2
# systemctl reload apache2

4. Configure GeoIP Logging in Apache (basic config)

Add country code to access logs:

LogFormat "%h %l %u %t \"%r\" %>s %b %{GEOIP_COUNTRY_CODE}e" geoip
CustomLog /var/log/apache2/access.log geoip

This allows you to analyze traffic by country later without blocking users.

5. Country-Based Filter Blocking in Apache based on IP origin

Example: allow only selected countries:

<IfModule mod_geoip2.c>
SetEnvIf GEOIP_COUNTRY_CODE ^(BG|DE)$ AllowCountry
Deny from all
Allow from env=AllowCountry
</IfModule>

Use this carefully. Blocking at the web server layer is better than firewall-level blocking, but still risky if you have global users.

6. Apply GeoIP to Apache Virtual Host

You can apply GeoIP rules per site:

<VirtualHost *:80>
ServerName example.com
<IfModule mod_geoip2.c>
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry >
Deny from env=BlockCountry
</IfModule>
</VirtualHost>

This is useful when only specific applications need filtering.

Firewall vs Application Layer GeoIP (Pros and Cons)

Layer	Pros	Cons
Firewall	Early blocking	Hard to debug
Apache	Flexible per-site rules	App overhead
HAProxy	Centralized control	Requires careful config
Logs only	Safest	No blocking

7. Apply GeoIP to HAProxy

HAProxy is an excellent place to apply GeoIP logic because:

It sits in front of applications
Rules are fast and explicit
Logging is centralized

a. Preparing GeoIP Filtering to HAProxy service

HAProxy supports GeoIP2 via Lua or native ACLs using

.mmdb

Example directory:

/usr/share/GeoIP/GeoLite2-Country.mmdb

b. GeoIP-Based Access Control Lists ( ACLs ) in HAProxy

Basic country-based blocking:

frontend http_in
bind *:80

acl from_china src -m geoip CN
acl from_russia src -m geoip RU

http-request deny if from_china
http-request deny if from_russia

default_backend web_servers

This blocks traffic early, before it hits Apache or nginx.

c. GeoIP-Based Routing across different haproxy backends

Instead of blocking, you can route traffic differently:

acl eu_users src -m geoip DE FR NL
use_backend eu_backend if eu_users
default_backend global_backend

This is useful for:

Geo-based load balancing
Regional content
Legal compliance separation

d. GeoIP Logging config for HAProxy

Add country code to logs:

log-format "%ci:%cp [%t] %ft %b %s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC"

(%CC = country code)

This makes traffic analysis extremely efficient.

Keep in Mind !

Use HAProxy or web server level for enforcement, and firewall GeoIP only when absolutely necessary.

8. Fail2ban + GeoIP: Smarter Bans, Better Context

Fail2ban is excellent at reacting to abusive behavior, but by default it only sees IP addresses, not where they come from. Adding GeoIP allows you to:

Tag bans with country information
Apply different ban policies per region
Detect unusual behavior patterns

a. GeoIP-Enriched Fail2ban Logs

Fail2ban itself doesn’t natively evaluate GeoIP rules, but you can enrich logs post-ban.

Example action script (

/etc/fail2ban/action.d/geoip-notify.conf

[Definition]
actionban = echo "Banned from $(geoiplookup | cut -d: -f2)" >> /var/log/fail2ban-geoip.log
Enable it in a jail:
[sshd]
enabled = true
action = iptables[name=SSH] geoip-notify

Enable it in a jail:

[sshd]

enabled = true action = iptables[name=SSH] geoip-notify

Resulting log entry:

Banned 185.220.101.1 from Germany

This provides visibility without changing ban logic — a safe first step.

b. Use GeoIP-Aware Ban Policies

You can also adjust ban times based on country.

Example strategy:

Short ban for local country
Longer ban for known high-noise regions

This is usually implemented via multiple jails and post-processing scripts rather than direct GeoIP matching inside Fail2ban.

Best practice:
Let Fail2ban do behavior detection — let GeoIP provide context, not decisions.

9. GeoIP with nftables (Linux Modern Firewall Layer)

iptables +

xt_geoip

is considered legacy. On modern systems, nftables is the preferred approach.

a. Using GeoIP Sets in nftables

nftables does not natively include GeoIP, but you can integrate GeoIP via generated IP sets.

Workflow:

Convert GeoIP country IP ranges into nftables sets
Load them dynamically

Example set definition:

table inet filter {
set geo_block {
type ipv4_addr
flags interval
}
}

Populate the set using a script:

nft add element inet filter geo_block { 1.2.3.0/24, 5.6.0.0/16 }

Then apply it:

chain input {
type filter hook input priority 0;
ip saddr @geo_block drop
}

b. Automating GeoIP -> nftables

Typical automation pipeline:

GeoLite2 → country CSV → IP ranges → nftables set

Run this daily via cron.

Warning:

Large country sets = memory usage
Firewall reloads must be atomic
Test on non-production systems first

10. GeoIP Dashboard: Turning Logs into Insight

Blocking is optional — insight is mandatory.

a. Simple GeoIP Log Dashboard (CLI-Based)

Apache example:

# awk '{print $NF}' /var/log/apache2/access.log | \
sort | uniq -c | sort -nr

Where $NF contains country code.

Sample Result:

1243 US

987 DE

422 FR

310 CN

This already tells a story.

b. Visual Dashboard with ELK / Grafana

For larger environments:

HAProxy / Apache -> JSON logs Enrich logs with GeoIP

Send to:

ELK Stack
Loki + Grafana
Graylog

Metrics you want:

Requests per country
Errors per country
Bans per country
Login failures per country

This helps distinguish:

Marketing traffic
Legit users
Background Internet noise

11. Create a Layered GeoIP Strategy

A sane, production-ready model using GeoIP would include something like:

Logging first
Apache / HAProxy logs with country codes
Behavior detection
Fail2ban reacts to abuse
Traffic shaping
HAProxy routes or rate-limits
Firewall last
nftables drops only obvious garbage

GeoIP is strongest when it supports decisions, not when it makes them alone.

12. Best Practices to consider

Prefer visibility over blocking
Avoid blanket country bans
Always log before denying

Combine GeoIP with:

Fail2ban
Rate limits
CAPTCHA or MFA
Keep GeoIP databases (regularly) updated
Test rules with real IPs before deploying

13. Common Mistakes to Avoid

Blocking entire continents Using GeoIP as authentication Applying firewall GeoIP without logs Forgetting database updates Assuming GeoIP accuracy

Close up

GeoIP is not a silver bullet against vampire attacks – but when used thoughtfully, it becomes a powerful signal enhancer and can give you a much broader understanding on what is going on inside your network traffic.

Whether you’re using it to filter out segment of evil intruders based on logs, routing traffic intelligently, or filtering obvious abusea, GeoIP fits naturally into a layered security model and is used across corporations and middle and even small sized businesses nowadays.

Used conservatively, GeoIP follows the classic Unix philosophy:

Small datasets, Simple rules, Real-world effectiveness, combined with rest of tools it gives info and ways to protect better your networks and server infra.

Tags: Apache Virtual Host, authentication, Better Context, config, country, databases, Detect, distro, find, germany, information, jail, Legal, Load, logs, network traffic, Result, run, separation, Short, site, Smarter Bans, updates, Warning
Posted in Everyday Life | No Comments »

Why Self-Hosting Still Matters in 2025: Taking Back Control in a Cloud-Centric World

Saturday, October 18th, 2025

In 2025, we live in a world where almost every service – from email and calendar to file storage and even our journals – is run by someone else, stored on someone else’s servers, governed by someone else’s terms of service. Big Tech has normalized it. Most users don't even ask where their data lives.

But among all this convenience and delegation, a quiet movement continues, the so called self-hosting.
Running your own services, on your own hardware, under your control.

Some call it old-school and waste of time. Others call it paranoid and mania. But if you ask those of us who've tried it, there’s something deeply normal in human sense about owning your digital home.
Something that inspires and gives you energy to be against the flow, feels good.
But anyways,

Why Bother Self-Hosting?

1. You Own Your Data

It’s not locked in a black-box “cloud” with no export button. When you run your own email server, Nextcloud, or RSS reader, the data lives on your disk, not theirs.

2. You Learn More About "the Stack" and get better insight on software

Spinning up a VPS and running a full LAMP/LEMP stack teaches you more than any AWS console ever will. You learn:

How DNS, SMTP, TLS actually work
Systemd, firewalls, fail2ban
Troubleshooting logs, performance, backups

You’re not clicking buttons—you’re building.

3. Privacy by Design embedded

Even with GDPR and privacy policies, hosted services scan your data, log metadata, and track usage. With self-hosted services, your metadata isn’t leaked. There’s no hidden analytics tracking when you log into your calendar.

4. Resilience & Independence in the more and more dependent world

When a cloud service goes down (remember Gmail outages? GitHub DDoS attacks?), your digital life halts.

Self-hosters can:

Access data even when offline
Control redundancy and backups
Choose their own update cycles

5. It’s a Form of Digital Homesteading

You can think of the cloud as the urban city- efficient, busy, and surveilled. Self-hosting is the countryside. It’s quieter, harder, but it's yours.

“A home server is not just a computer. It’s a statement: I choose to build, not just consume.”

What Can You Realistically Self-Host in 2025?

Thanks to maturing open source projects, you can run nearly everything yourself with minimal resources. Below some examples:

Service Type	Recommended Self-Hosted Option
Email	Mailcow, Postfix + Dovecot
Cloud Storage	Nextcloud / OwnCloud
RSS Reader	FreshRSS, Miniflux
VPN	WireGuard, PiVPN
Git Repos	Gitea, Forgejo
Notes	Joplin Server, Standard Notes
Password Manager	Vaultwarden
Monitoring	Uptime Kuma, Prometheus + Grafana
Media Server	Jellyfin

You can run most of these on:

A Raspberry Pi
A low-end VPS (~$5/month)
A home NAS or old laptop with Linux

Security: Not Optional

Let’s be honest: self-hosting adds responsibility. You become the sysadmin. That means:

Keeping software up to date
Setting up TLS with Let’s Encrypt
Hardening SSH, using fail2ban
Setting up backups—ideally offsite

But that’s not a burden—it’s a privilege. When you’re in control, you get to choose how secure, private, and robust your system is.

You’re not trusting a SaaS company’s security—you become the security.
Well of course the down side of it is things, can often become so complex and big that you cannot manage it yourself and you have to find a sysadmin buddy to help you maintain your thing
or even hire someone to help you.

A Philosophical Note: Against Digital Apathy that rules sysadmin minds

Most people have accepted a world where they can’t even host their own blog without five different cloud accounts. But it wasn’t always like this. The early internet was filled with homepages, shell accounts, FTP servers, personal IRC bots.

In that spirit, self-hosting is not just about tech—it’s about reclaiming agency.

It’s a quiet rebellion. A return to DIY computing. A form of digital asceticism that resists the consumerist mindset of “pay someone else to do everything.”

Like growing your own food, even if it’s harder, it makes you more alive.

How to Start Today

If you’re curious about self-hosting, here’s a no-fear path:

Start small – Host a local file server or wiki.
Use Docker – Tools like Portainer or Yacht simplify managing containers.
Use a domain – Get a .net or .org domain and point it to your IP.
Set up a reverse proxy – Like Nginx or Traefik, for managing HTTPS and access.
Don’t host what you don’t understand – Learn before you expose things to the internet.

Final Words

In 2025, it’s easy to feel like everything is owned, managed, and decided by corporations. But it doesn’t have to be.

Self-hosting isn’t dead—it’s rising quietly. In homelabs, in student dorms, in off-grid locations. It’s how many of us reclaim computing not just as a tool, but as a craft. Something we shape. Something we own.

Tags: backups, Below, centric, Cloud, control, domain, email server, hosting, matters, metadata, Privacy, proxy, Set, setting, someone, something, Start Today, still, sysadmin, taking
Posted in Educational, Everyday Life, Rant, Various | No Comments »

How to Run Your Own Windows Domain Authentication on Linux

Thursday, October 2nd, 2025

Run Your Own Domain Authentication on Linux

Running your own domain authentication system on Linux can significantly enhance security and manageability in your IT environment. Whether you're setting up centralized login for a small network or a more complex domain environment, Linux provides powerful tools to become your own domain controller using open-source software.

In this guide, we’ll walk you through setting up Samba as an Active Directory (AD) Domain Controller on a Linux server.
These tutorial should work fine on Debian 12 (Bookworm), though it should work with minor modifications on pretty much most of recent Debs and deb based distros.

What is Domain Authentication?

Domain authentication allows users to log in to any authorized machine within a network using the same set of credentials. It provides centralized management of:

Users and groups
Computer accounts
Group policies
File and printer sharing
Access control

Microsoft's Active Directory is the most well-known implementation, but you can achieve similar functionality using Samba on Linux.

Pre-requirements

A fresh Linux installation (Ubuntu Server 22.04 LTS or Debian 12 recommended)
Static IP address
Root or sudo access
Domain name (e.g., mydomain.local)

1. Update System and Set proper Hostname

# apt update && sudo apt upgrade -y

# hostnamectl set-hostname dc1.mydomain.local

Add the hostname to /etc/hosts:

# vim /etc/hosts

Add the local network IP the SMB Domain controller will have locally on the machine:

192.168.1.100 dc1.mydomain.local dc1

2. Install Samba and Required Packages

# apt install samba krb5-config krb5-user winbind smbclient dnsutils -y

During the installation, you may be prompted for Kerberos configuration:

Default realm: MYDOMAIN.LOCAL
KDC: dc1.mydomain.local
Admin server: dc1.mydomain.local

3. Provision Samba as a Domain Controller

First, stop any running Samba services:

# systemctl stop smbd nmbd winbind

# systemctl disable smbd nmbd winbind

Move default config:

# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Now provision the domain:

# samba-tool domain provision –use-rfc2307 –interactive

Answer prompts:

Realm: MYDOMAIN.LOCAL
Domain: MYDOMAIN
Server role: dc
DNS backend: SAMBA_INTERNAL
Admin password: (choose a strong one)

Once done, configure Kerberos using the samba krb5.conf template file:

# mv /etc/krb5.conf /etc/krb5.conf.bak

# cp /var/lib/samba/private/krb5.conf /etc/

4. Start and Enable Samba AD Services

# systemctl unmask samba-ad-dc

# systemctl enable samba-ad-dc –now

Verify it’s working by running:

# samba-tool domain level show

Check Kerberos authentication is OK:

# kinit administrator

# klist

You should see a valid Kerberos ticket.

5. Configure DNS (Optional but Recommended)

If using SAMBA_INTERNAL DNS backend:

Check DNS resolution is OK:

# host -t A dc1.mydomain.local

# host -t SRV _kerberos._udp.mydomain.local

If you want clients to resolve domain names, configure them to use the Samba DC's IP as their DNS server.

6. Add Users and Join Client Machines

Add a new user:

# samba-tool user add your.samba.user

Join a Windows client:

Go to System Properties → Computer Name → Change settings
Click Domain, enter MYDOMAIN
Authenticate with Administrator and the password you set
Reboot

7. Managing the Domain

You can manage users, groups, and policies simply via commands or GUI interface or LDAP tools:

samba-tool (CLI)
RSAT tools on Windows (for GUI management)
via LDAP tools (if you have to stick to RFC2307)

Example commands:

# samba-tool user list

# samba-tool group list

# samba-tool user setpassword your.samba.user

8. Managing Samba AD Samba Linux Domain easily with UI

You can manage a Samba domain (especially when it's running as an Active Directory Domain Controller) via a web interface — but not directly through Samba itself, since it doesn't come with a built-in web UI.

Instead, you can integrate Samba with third-party web-based tools that provide management interfaces for:

Users and groups
Computer accounts
LDAP directory entries
Domain policies (to a limited extent)

Popular Web Interfaces to Manage a Samba Domain

Here are the most reliable options:

8.1. [Cockpit + 389 Directory Server or FreeIPA (for LDAP-based domains)]

Cockpit is a modern web admin interface for Linux servers.
When paired with FreeIPA, you can manage users, groups, policies, and more.
However, this is more suited for FreeIPA-based domains, not Samba AD.

✅ Great for: Linux-native domains
❌ Not compatible with Windows-style Samba AD

8.2. [LDAP Account Manager (LAM)] – RECOMMENDED FOR SAMBA + AD

Website: https://www.ldap-account-manager.org/

LDAP Account Manager (LAM) is one of the best tools to manage a Samba domain via LDAP, especially when:

You use Samba in AD DC mode with RFC2307 extensions (for Unix attributes)
Or, you're using Samba as a member server with an external LDAP backend

Features:

Web-based GUI to manage:
- Users and groups
- Samba-specific attributes (like SID, RID, home directories)
- POSIX and Windows-compatible accounts
Can bind directly to the Samba LDAP directory

Authentication: Admin binds via LDAP (either over plain or TLS)

✅ Works with Samba AD (with some config)
✅ Handles Samba3/4 user schemas
✅ Active development and documentation

8.3. Samba Web Administration Tool (SWAT) ❌ Deprecated

SWAT was the original web interface for Samba but:

It was deprecated and removed from Samba after version 4.1
It's no longer secure or maintained
Not suitable for Samba AD DC environments

Recommendation: Do not use SWAT

8.4. Webmin (Partial Support)

Webmin is a general Linux web admin tool
It has a Samba module, but:
- Designed for traditional Samba file sharing (not AD/DC mode)
- Cannot manage Samba AD users/groups
- Doesn’t interact with samba-tool or the AD schema

✅ Works for standalone Samba file servers
❌ Not suitable for Samba AD DCs

Can You really Use RSAT Instead ?

If you want full Active Directory-style control (like Group Policy, OU structure, DNS, etc.), the best GUI tool is actually RSAT (Remote Server Administration Tools) on Windows
but for that of course you will have to have an own Windows Server setup especailly for it.

Connects to your Samba AD DC
Fully supports:
- Users and groups
- Group Policy Objects (GPO)
- DNS management (if using internal Samba DNS)

Install RSAT on a Windows machine and run dsa.msc (Active Directory Users and Computers).

✅ Officially supported
✅ Full compatibility with Samba AD
❌ Requires a Windows machine

Summary: Web UI for Samba Domain Management

Tool	Works with Samba AD DC?	Features	Notes
LDAP Account Manager (LAM)	Yes	User/group management	Best web option
Cockpit + FreeIPA	❌ No (not Samba AD)	Excellent for FreeIPA domains	Not compatible with Samba AD
Webmin	❌ Not fully	File shares only	No AD/DC management
RSAT (Windows)	✅ Yes	Full AD management	Not web-based

Recommendation

If you're running a Samba AD DC and want a web-based interface:

Use LAM (LDAP Account Manager) for basic account management
Use RSAT tools on Windows for full domain administration
Avoid SWAT and Webmin for this purpose

Security Considerations

Ensure firewall allows relevant ports (e.g., 53, 88, 389, 445, etc.) with Iptables / firewalld or whatever firewall solution you have present on the server and in the Network in which you hosted the server
Keep the system updated
Use secure passwords and rotate them regularly
Consider setting up replication if high availability is needed

Conclusion

Running your own domain authentication system on Linux using Samba is a powerful way to control user access in a centralized manner. It’s ideal for small to mid-sized networks, homelabs, or even enterprise environments looking for a cost-effective alternative to Windows Server.

With Samba acting as your domain controller, you can enjoy the benefits of centralized authentication, integrated DNS, and a high degree of compatibility with Windows clients — all while staying in the open-source ecosystem.

References

Samba Wiki: Setting up Samba as an AD Domain Controller
man samba-tool
man smb.conf

Notes and things to consider:

/var/lib/samba/private/krb5.conf file is generated only after you provision Samba as an Active Directory (AD) Domain Controller using:

# samba-tool domain provision

After provisioning, Samba creates a custom Kerberos config at:

/var/lib/samba/private/krb5.conf

This is true for both Debian and Ubuntu because it's handled by the Samba package itself, not the distro.

Why use that krb5.conf instead of Debian's default?

Well because:

The default /etc/krb5.conf on Debian isn't tailored for Samba AD.
The one Samba generates includes correct realm, KDC, and admin server settings.
It avoids subtle issues like failed kinit or broken Kerberos trust.

So you copy it over Debian’s default:

Gotchas on Debian to be aware of

Do not install samba via tasksel (like tasksel's “Samba file server” role), as it sets up a traditional SMB server, not AD.

Only use samba-tool domain provision if you're setting up AD DC.

Debian sometimes separates systemd services (e.g., samba-ad-dc might not be enabled by default). So make sure to enable samba-ad-dc instead of smbd/nmbd.

Tags: Active Directory Domain Controller, configure, Debian, DNS, LDAP, linux?, mydomain, OK, options, Start, Users
Posted in Everyday Life, Linux, Samba, System Administration, Various | No Comments »

What is oddjobd and How to Use It Instead of sudo to run limited privileged execution of scripts requiring admin

Tuesday, September 30th, 2025

oddjobd-sudoers-linux-elevate-script-running-linux

In Linux environments, managing privileged operations for unprivileged users is a critical task. Traditionally, tools like sudo have been used to allow users to execute specific commands with elevated privileges. However, in more secure or fine-tuned environments — such as enterprise networks or identity-managed systems — oddjobd offers a more controlled, D-Bus-driven alternative.

This article explains what oddjobd is, how it works, and when you might prefer it over sudo, complete with real-world examples.

What is oddjobd?

oddjobd is a system service (daemon) that runs in the background and allows limited, controlled execution of privileged tasks on behalf of unprivileged users.

Key Features:

Allows secure execution of predefined scripts or programs as root (or another user).
Communicates over D-Bus for fine-grained access control.
Uses Polkit (PolicyKit) to manage who can run which tasks.
Commonly used in FreeIPA, SSSD, and LDAP-based environments.
Configuration files live in: /etc/oddjobd.conf.d/

How It Works

System administrators define specific jobs (scripts or commands) in config files.
These jobs are exposed via D-Bus.
Unprivileged users (or applications) can request jobs to be executed.
Access is granted or denied by Polkit rules, not passwords.
No full shell or terminal access is granted — just the job.

oddjobd vs sudo

Feature	sudo	oddjobd
Control granularity	Medium (commands)	High (methods, scripts only)
Interactive shell	Yes	No
Config complexity	Simple (/etc/sudoers)	Moderate (conf.d + Polkit)
Uses system user password	Yes	Optional (can be passwordless via Polkit)
Security	Medium	High (no shell, strict policy control)
D-Bus compatible	No	Yes
Ideal for	Power users	Controlled environments (e.g., FreeIPA)

Typical Use Cases for oddjobd

1. Automatically Creating Home Directories

Problem: LDAP/FreeIPA users don’t have home directories created on login.

Solution: Enable oddjobd to create them via oddjob-mkhomedir.

# authconfig –enablemkhomedir –update

On login, PAM calls oddjobd, which creates the home directory as root.

2. Restarting a Service without sudo

Let's say you want a user to restart Apache, but not give them full sudo rights.

a. Create a script

# /usr/local/bin/restart_apache.sh

#!/bin/bash

systemctl restart apache2

echo "Apache restarted by oddjob at $(date)"

chmod +x /usr/local/bin/restart_apache.sh

b. Create Oddjob config

# /etc/oddjobd.conf.d/restart_apache.conf

[restart_apache]

program = /usr/local/bin/restart_apache.sh

user = root

c. Polkit rule

// /etc/polkit-1/rules.d/60-restart-apache.rules

polkit.addRule(function(action, subject) {

    if (action.id == "org.freedesktop.oddjob.restart_apache" &&

        subject.isInGroup("apacheadmins")) {

        return polkit.Result.YES;

    }

});

d. Add user to group

# groupadd apacheadmins

# usermod -aG apacheadmins alice

e. Restart and test

# systemctl restart oddjobd

# As user "alice":

oddjob_request restart_apache

Only the defined method runs — no sudo shell access, no arbitrary commands.

3. GUI-friendly Device Control

Use Case: A user wants to reset a USB device via a button in a GUI app.

Define the method in oddjobd.
Use Polkit for GUI D-Bus permission.
The app can call the method securely, without sudo.

Advantages of oddjobd

More Secure Than sudo:

No interactive shell or terminal.
No command-line injection risks.
Can’t “escape” to a shell like with sudo bash.

Granular Control:

Limit tasks to a specific script or even script arguments.

D-Bus and GUI Friendly:

Apps can call privileged methods without shell hacks.

Policy-Based Authorization (Polkit):

Fine-grained user/group access control.
No password prompts if not desired.

Enterprise-Ready:

Works well with LDAP, FreeIPA, and centralized login environments.

Oddjobd Limitations / Downsides

Limitation	Description
Learning Curve	More complex to set up than sudo
Configuration Overhead	Requires writing config files and Polkit rules
Debugging	Issues may be harder to trace than sudo logs
Not for Ad-hoc Commands	Only predefined jobs can be run
Not Installed by Default	Often needs to be manually installed (oddjob, oddjob-mkhomedir)

When to Use oddjobd Instead of sudo

Use oddjobd when you:

Need to allow users or apps to run very specific privileged operations.
Want to avoid giving full shell access via sudo.
Are working in a managed enterprise environment.
Need GUI or D-Bus-based privilege escalation.
Require scripted access to root tasks without exposing credentials.

Conclusion

oddjobd is a powerful tool for securely handling privileged operations in Linux, especially where tight access control and automation are required. While sudo is simple and flexible, oddjobd shines in structured, security-conscious environments — particularly those using FreeIPA, LDAP, or automated tools.

If you need a more scriptable, policy-driven, and safer alternative to sudo for specific tasks, oddjobd is well worth exploring.

Tags: access, bin, configuration files, Granular Control, jobs, Key Features, Restart, root, scripts, specific, sudo, system administrators, test, Use It Instead
Posted in Everyday Life, Linux, Security, System Administration, Various | No Comments »

Father Archimandrite Ivan of Novi Han, Protector of Poor and Homeless passed away to Christ

Tuesday, September 16th, 2025

Father Ivan with his shepherd stick

On September 14, the 80-year-old Archimandrite Joan (John) , known simply as Father Ivan from Novi Khan.
Father Ivan was well known in Bulgarian society as the only Monk father of the Fatherless. and a great benefactor who dedicated his life to the sick, poor, needy and, the homeless people in Bulgaria.

The Requiem service will be consecrated on September 16 from 12:00 pm in the church "The Holy Trinity" in Novi Khan (a Church situated in the improvised homeless shelter organized in an old Monastery (Saint Nicholas) by Father Ivan himself. by Bishop John of Branitsky, former Vicar Bishop of Patriarch Daniel.

Father Ivan Dimitrov Ivanov was born on March 31, 1945. in the Bulgarian village of Blagovo, Montana region. He received his basic and secondary education in the High Professional School "Peter Beron" in city of Sofia. Next He attended a university degree from the Theological Academy "St. Clement of Ohrid" (which was re-established in the distant year 1981) already in grown age after working different other jobs. He merried and with his wife Todorka Grigorova Ivanova had two sons – Ivaylo and Grigor. On October 19, 1981 he was ordained a deacon, and on 26 October same year – ordained for a priest by Metropolitan Filaret of Vidin. Since 1987 he was appointed as a priest at the Church "Holy Trinity" in the town of Novi Han, region of Elin Pelin. In year 2011 he has been consecrated as monk the name Ioan by the Bishop of Devol Theodosij (Theodosius). In 2015 in Montana he was promoted to archimandrite dignity by Vidin Metropolitan Dometian.

Along with his pastoral work, he devotes all his strength to caring for the poor. His selfless service remains misunderstood by many, and for a long time he does not receive support from the leadership of the Bulgarian Orthodox Church. In 2014, His Holiness Patriarch Neophyte of Bulgaria came to visit the “Holy Trinity” shelter in Novi Han. In addition to food and gifts, he also gave a sign of empathy with the great priest’s work.

Otec_Ivan_Novi-Han-s-patriarh-Neofit

Father Ivan began his work in the distanct 1993, short after the fall of Communism regime in Bulgaria when he restored the abandoned building of the monastery "Holy Trinity" in Novi Han. He revived the liturgical life in the monastery church (that was abondoned for many years due to the dictatorship regime in Bulgaria) and created the shelter "Saint Nicholas", in which he sheltered a dozen homeless people. Gradually, the orphanage expanded and it housed mainly women and children deprived of home and protection, but also found shelter for the elderly and homeless. The priest gave pregnant girls left without any financial support and shelter, the opportunity to give birth to their children and take care of them in the shelter for free. Several generations of children were born and raised under the care of Father Ivan. Today, some of them were the first to express their grief over the death of the father on social networks.

otec_Ivan-with-his-children

Even though his genuine kindness and great good deeds Father Ivan has suffered a lot from people who hate the light of Christ, being a victim of various life hardships, road incidents, and a lot of health issues, which he endevoured with stoicism. He has multiple times has shared when we met that many people being pushed by the devil has done him a lot of badness.
As a mean to finance the homeless people Father Ivan with the help of his orpans, take care about animals such as chickens, cows, sheeps.
Not on a signle occasion animals belonging to him and his shelter has been stolen.
He fought many battles in his life time but never lost hope neither he fall in spirit always counting on the help of the Almighty, like the ancient saints.
Father Ivans deed for that hard times can be compared to the great deeds of the ancients and for the Bulgarian society his meaning and inspiration was similar
to the old testamental important of Moses who led the people.
His servence of a priest was always given for the good example and people respected him and loved him for his deeds in Bulgaria over the last 40 years.

Otec_Ivan-stuck-with-a-knife

In 2013, the father bought several houses in the Montana village of Yakimovo, where he housed also homeless families and their children (the houses hosting homless families reached about 80+ houses ! which accomodated about 180 people, together with the people in the orphanage in Novi Han they were more than 250+ people).

The last years of his life he spend living in his small living Room (monastic Cell) in the Saint Nicolas Monastery in prayer and last spiritual cares for his many children.

Father Ivan of Novi Han and his son Grigorij

The priest's work is continued by his son (who also took the path of his father) Fr. Grigoriy, who now takes care of the orphanages. Fr. Ivan remains in our recent church history as an example of complete dedication to the service of his neighbors, without seeking reward or gratitude. Something unique and unrepeatable fhat inspired many to be more merciful and benevolent for the poor and needy and by this he incarnated the example of Christ who teached us to always have the poor and needy with us and in our hearts. Generous to the life's misfortunes of his "children", Fr. Ivan set an example of a servant of Christ, whose love "does not seek its own… bears all things, believes all things, hopes all things, endures all things" (1 Cor. 13:5-7).

I had the blessing to meet father Ivan of Novi Han a couple of times together with Bishop Ierotey Agathopolski (who used to be in the past under the spiritual guidance of Father Ivan). And my personal impressions are that father Ivan was a highly spiritual person and true monk. I had the chance one time in the distant 2011 to meet him in Novi Khan afer a pilgrimage to Holy Mount Athos we have been guests to Father Ivan in the monastery for a night and even had the chance to be and serve as a ipodeacon on a Holy Liturgy led by Father Ivan. I still remember how much he worried about the children God has sent him for care and how much he worried if financially he can make it to give a good life to all the new inhabitants who recently come to his shelter.

The Children and old homeless people for whom Father Ivan of Novi Han took care

I remember he had to buy some food for the shelter and I wanted to help him to carry the stuff and we were to the SuperMarket together to buy food and goods for the children.
Father Ivan had a great temper and a great sense of humor even though he has been already aging and his spirit was lifted even though the hardships both with suffering heavy form of diabetes and other multitude of physical infirmity.

Film Sparks (Movie about the Shleter of Saint Nicolas created by Father Ivan of Novi Han)

Father Ivan and his Children an Interview Movie by Fr Ivan

Movie about The Life Story hardships of Father Ivan of Novi Khan and what made him decide to serve the sick, the poor and the lonely

Father Archimandrite Ivan one worthy Bulgarian

In above interview, father Ivan talks about how he decided to become a priest and how he promised God that he will make an orphanage home. He was accused during the communistic times in Bulgaria for being a priest only to serve as a spy for the West. He was kept in Montana Police station interrogated for 7 months in a small dark police carcer (small police room for prisoners), trying and the police tried to brain wash him that he is guilty for things he is not for all the time being asked the same questions again and again with a light lamp infront of his eye sight. He tells in short in the interview, how he managed to restore the Holy Trinity monastery, after a lot of hardships and miracles of God who helped me to do so. On multiple times his orphanage house has been tried to be (closed) and even destroyed by the local people of Novi Han unsuccesful. He has a lot of abusers who tried to run the deeds of his life the oprphanage but God by his great grace and his powers did not allow this to happen! But right on the contrary helped him and the children and provided him everything he needs to fulfill the dead of his life to help the salvation of tens of thousands to find his path to God and multitudes of people to physically survive a life of horror for years. He put a multitude of lost souls for whom noone cared back on the track of life and by his mercifulness he preached the Gospel not only words but in deeds.

Let God forgive him, Have mercy on his Soul and Forgive him if he sinned as a man and Receive him in his heavenly kingdom ! And Let us have his prayers to Christ ! Amen

Tags: about, after, age, ALL, amen, ancients, and, animals, ANY, are, basic, being, birth, bishop, blessing, Bought, building, bulgaria, Bulgarian, bulgarian orthodox church
Posted in Christianity, Curious Facts, Everyday Life | No Comments »

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

Thursday, July 24th, 2025

fix-Update-KB5060999-Not_Installing_On_Windows_11_Version_23H2_22H2-howto-update-screenshot

Recently I've stumbled across a very annoying issue on my work Laptop. Suddenly windows stopped being upadted it took me really long time of hours of researching to find out how to resolve the error:

Fix Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 / Fix windows Update failed

After a lot of catch / tries I can manage to Find a fix Thanks God!

Here are the few steps I took to resolve it, first I've taken all the steps pointed at the Complete Guide Windows Problems it took really long time but even thouigh I did not manage to resolve the issue it give a lot of understanding on different ways of how windows components stick together and how to debug and solve errors if such ones occurs. Thus I warmly recommend it to anyone working as HelpDesk support admin within corporation or if you are a Windows specialist who makes a living from resolving weird unexpected Windows errors for some little money.

Once I went through a lot of underwater stones and nothing word finally I managed to solve it by following these concrete steps:

1. Check logs and find error message / problems in CBS.log

C:\> notepad c:\windows\Logs\CBS\CBS.log

The root of the issue I found there as a repeating error messages is:

"InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~amd64~~6.4.1.0 [HRESULT = 0x800f0805 – CBS_E_INVALID_PACKAGE]"

2. Download from Windows catalog the Update

windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7.msu to C:\User\myuser\Downloads

3. Use Winrar or 7Zip to extract the msu in local Directory

E.g.open Administrator command line cmd.exe extract in lets say in \Users\Username\Downloads\
windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7

C:\Users/a768839/Downloads/windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7 > dir
WSUSSCAN.cab

4. Remove old package existing on the Windows 11 OS with the same name using DISM tool with /online /remove-package options

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /remove-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Removing package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%================]
The operation completed successfully.

5. Use DISM /online /add-package to manually insatall windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab

Assuming you have already downloaded previously and exctracted the .msu file and you have the .cab file at hand run again as cmd.exe Admin

C:\Users\myuser\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7>DISM /online /add-package /packagepath:C:\Users\a768839\Downloads\windows11.0-kb5049624-x64-ndp481_6990e824379adc100fd7895adb30e692697381d7\Windows11.0-KB5049624-x64-NDP481.cab Deployment Image Servicing and Management tool Version: 10.0.22621.2792 Image Version: 10.0.22631.5335 Processing 1 of 1 – Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9294.1 [==========================100.0%==========================] The operation completed successfully.

The idea to remove and install the failing package found in the CBS.log was initially found on
http://datadump.ru/windows-update-error-800f0831/

6. Force a Windows chkdsk (Check disk on next restart) to make sure no physical hard drive or some other inode Windows Filesystem errors are there

Within same Admin cmd.exe

C:\Users\myuser\> chkdsk /f C:\

Once command executes reboot the PC and wait for the chkdsk scan to complete and PC to Boot as usual

7. Stop / start wuauserv and do sfc /scannow to refresh some Windows update components

Run following set of commands within Admin cmd

C:\> net stop wuauserv
C:\> command prompt in admin mode
C:\> dism /online /cleanup-image /startcomponentcleanup
C:\> sfc /scannow
C:\> restart
C:\> sfc /scannow
C:\> net start wuauserv

8. Download Manually failing update from Windows catalog download site:

As of time of writting this article the URL to download is https://catalog.update.microsoft.com/Search.aspx?q=KB5049624%20%20

C:\Users\myuser\Downloads> dir *.msu
windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

9. Run Manually again failing Update from command line

Run cmd as Administrator and exec the file:

C:\Users\myuser\Downloads\windows11.0-kb5060999-x64_99e39c1cf8a8976d9b3313efb38069876c417f70.msu

Wait for the install to complete The computer will need to restart

10. Resync the device to the Computer Domain (mandatory step) only if your PC is part of large organizational Domain

Open Microsoft Store / Company Portal and Sync the device (if necessery)

Settings -> Sync

11. Force the PC to sync itself with remote Global Domain policies (mandatory only if PC is part of Domain)

C:\Users\myuser> gpupdate /force
C:\Users\myuser> repadmin /showrepl

Wait for Synchronization and wait for some time for computer compliancy to get back to normal (Computer compliancy might not be an issue if this is a Personal Windows installation) but for computers part of Larger Windows Domains, where a Domain policy requires a compliancy to set of rules)

To come up with this guide and better understand what is going on to resolve it I have to thank my colleague Eduard for assisting me to read the CBS.log and analyze it and also the following forum thread reading explaining what causes the mysterious windows update Update KB5060999 Not Installing On Windows 11 Version 23H2/22H2 to fail.

Tags: amd64, aspx, cmd, command, command prompt, download, exec, forum thread, hard drive, issue, log, logs, long time, lot, make, Management, net, online, OS, Pc, refresh, resolve, run, sync, update, Users Username Downloads, wait, Windows
Posted in Everyday Life, Hacks, System Administration, Windows | No Comments »

How to Fix Windows Update Problems: A Complete Guide

Friday, July 11th, 2025

Windows Update is essential for keeping your Windows system secure, stable, and up to date to be on track with latest security patches and (for those working in large corporations) for the PC to be compliant to Company / Corporation / Domain security defined policies and standards. However, users often encounter issues like updates failing to install, being stuck at a certain percentage, or causing error messages. Whether you're using Windows 10 or Windows 11, this guide walks you through proven steps to fix Windows Update problems.

Common Symptoms of Windows Update Issues

Before diving into the solutions, it helps to identify typical signs of update problems:

Updates stuck at 0%, 35%, or 100%
Update error codes like 0x80070002, 0x800f081f, or 0x8024a105
"Windows Update Failed" or "There were problems installing updates"
PC crashes or slowdowns after an update
Restart loops or repeated update attempts

Step-by-Step Guide to Fix Windows Update Problems

1. Restart Your PC and rerun updates

Sometimes (very rarely) a simple reboot clears temporary glitches in the update process.

Steps:

Click Start > Power > Restart
Try running Windows Update again

2. Run the Windows Update Troubleshooter

Windows includes a built-in tool that can automatically detect and fix common update problems.

Steps:

Open Settings > System > Troubleshoot > Other troubleshooters
Find Windows Update and click Run
Follow the prompts and apply any fixes it suggests

3. Check Your Internet Connection

A slow or intermittent connection can prevent updates from downloading or installing.

Tips:

Ensure a stable connection
Avoid using mobile hotspots during large updates
Try a wired Ethernet connection if possible

4. Free Up Disk Space

Windows Update needs adequate space to download and install updates.

To free space:

Open Settings > System > Storage
Use Storage Sense or manually delete:
- Temporary files
- Old downloads
- Unused programs

5. Manually Restart Windows Update Services

Windows Update relies on several background services. Restarting them can resolve stuck updates.

Steps:

Press

Windows + R

, type

services.msc

and press Enter
Find and restart the following:
- Windows Update
- Background Intelligent Transfer Service (BITS)
- Cryptographic Services
Right-click each > Restart

6. Clear the Windows Update Cache (SoftwareDistribution Folder)

Corrupted update files in the SoftwareDistribution folder can cause problems.

Steps:

Press

Windows + R (key)

type

Right-click > Run as Administrator
Stop update services:

net stop wuauserv
net stop bits
Delete the update cache:

Cmd line

del /f /s /q %windir%\SoftwareDistribution\
Restart services:

net start wuauserv net start bits
Try updating again

7. Use the System File Checker (SFC) and DISM Tools

Corrupt system files can interfere with updates.

Steps:

Open Command Prompt as Administrator
Run SFC from cmd line:

sfc /scannow
After it completes, run DISM:

DISM /Online /Cleanup-Image /RestoreHealth

These commands check for system corruption and repair it.

8. Install Updates Manually via Microsoft Update Catalog

If a specific update keeps failing, download and install it manually.

Steps:

Go to: https://www.catalog.update.microsoft.com/
Search the KB number of the failed update
Download the correct version for your system
Run the installer

9. Pause and Resume Updates

This can force Windows to reattempt updates cleanly.

Steps:

Open Settings > Windows Update
Click Pause updates for 1 week
Restart your PC
Go back and click Resume updates

10. Perform an In-Place Upgrade (Repair Install)

If nothing else works, a repair install reinstalls Windows while keeping your files and apps.

Steps:

Download the Media Creation Tool from Microsoft
Choose Upgrade this PC now
Follow prompts and select Keep personal files and apps

This replaces system files and refreshes Windows Update components.

11. Use WuFix.bat script that refreshes services

wufix.bat

SC config trustedinstaller start=auto
net stop bits
net stop wuauserv
net stop msiserver
net stop cryptsvc
net stop appidsvc
Ren %Systemroot%\SoftwareDistribution SoftwareDistribution.old
Ren %Systemroot%\System32\catroot2 catroot2.old
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
netsh winsock reset
netsh winsock reset proxy
rundll32.exe pnpclean.dll,RunDLL_PnpClean /DRIVERS /MAXCLEAN
dism /Online /Cleanup-image /ScanHealth
dism /Online /Cleanup-image /CheckHealth
dism /Online /Cleanup-image /RestoreHealth
dism /Online /Cleanup-image /StartComponentCleanup
Sfc /ScanNow
net start bits
net start wuauserv
net start msiserver
net start cryptsvc
net start appidsvc

12. Contact Microsoft or other tech guru Help

If problems persist even after trying the above methods, consider:

Contacting Microsoft Support
Consulting with a local technician
Performing a clean install (as a last resort)

13. Few Final Tips for Smooth Windows Updates

Always back up important data before major updates
Keep drivers and antivirus software up to date
Avoid interrupting the PC during updates
Check for known issues on Microsoft’s support site before installing major feature updates

14. Advanced Commands and Additional Ways to Fix Windows Update Problems

These methods go deeper into system-level repairs and are ideal when the basic fixes fail.

14.1. Reset Windows Update Components Manually (Full Command Script)

Instead of just clearing the cache, reset all update-related services and components.

Steps:

Open Command Prompt as Administrator, and run these commands one at a time:

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver

Rename update-related folders:

ren C:/\Windows/\SoftwareDistribution SoftwareDistribution.old ren C:/\Windows/\System32/\catroot2 catroot2.old

Restart the services:

net start wuauserv
net start cryptSvc
net start bits
net start msiserver

This fully resets the update components.

14.2. Use PowerShell to Re-register Update DLLs

Sometimes DLLs (Dynamic Link Libraries) related to updates become unregistered.

Run this in PowerShell (Admin):

regsvr32 wuaueng.dll regsvr32 wups.dll regsvr32 wups2.dll regsvr32 wuwebv.dll regsvr32 wucltui.dll

14.3. Use PowerShell to Force Update Scan and Install

Open PowerShell as Administrator, and run:

Install-Module PSWindowsUpdate -Force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -AutoReboot

You may be prompted to install NuGet or trust the repository—accept these prompts.

14.4. Enable Update Services via Registry Editor (Caution)

If your update services are being disabled by group policy or a third-party app, you can reset the registry settings.

Steps:

Press

Win + R

→ type

regedit

→ Enter
Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Delete values like NoAutoUpdate, AUOptions, etc.
Also check:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
- Ensure Start is set to 2 (automatic)

Always back up your registry before editing!

14.5. Check Group Policy Settings (Windows Pro or Enterprise)

Group Policy can block updates.

Steps:

Press

Win + R

→ type

gpedit.msc

→ Enter
Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Windows Update
Check and disable any restrictive settings like:
- No auto-restart with logged on users
- Configure Automatic Updates
- Do not connect to any Windows Update Internet locations

14.6. Use the Windows Update Assistant

Download the latest Windows Update Assistant from the Microsoft website or Windows 11 equivalent.

This tool bypasses built-in update problems
It can force the latest feature update or build version

14.7. Delete Windows Update Pending.xml File

Sometimes updates fail due to a corrupted

Pending.xml

file.

Steps:

Open Command Prompt as Administrator
Run:

del %windir%\winsxs\pending.xml

This is advanced; use only if you're stuck with a failed update loop.

14.8. Use Event Viewer to Identify Update Errors

Event Viewer can show exactly which update or process is failing.

Steps:

Press

Win + X

→ Event Viewer
Navigate to:

Windows Logs > System
Filter by Error and Warning
Look for sources like:
- WindowsUpdateClient
- CBS (Component-Based Servicing)
- WUSA

Note any error codes or update KB numbers.

14.9. Use Deployment Image Servicing and Management (DISM) from ISO

DISM can be more powerful when pointed to a known good source like an ISO image.

Steps:

Mount a Windows ISO (right-click > Mount)
Note the drive letter (e.g., D:)
Run in CMD (Admin):

cmd.exe

DISM /Online /Cleanup-Image /RestoreHealth /Source:D:\Sources\install.wim /LimitAccess

Replace

D:\

with the correct drive.

14.10. Revert Problematic Updates Using Recovery or Uninstall

If an update caused system problems:

Option A: Uninstall via Settings

Go to Settings > Windows Update > Update History > Uninstall updates

Option B: From Advanced Startup

Hold

while clicking Restart
Go to Troubleshoot > Advanced Options > Uninstall Updates

15.How to install Windows 11 without losing files (Re-install windows with keeping All stored files)

15.1. Download and Use the Media Creation Tool:

Download the Media Creation Tool from Microsoft's website.

a) Go to this website:
www.microsoft.com/en-us/software-download/windows11

b) Click Download Now.

c) Open the file you downloaded.
Double-click it.

d) Accept everything.
Click Accept and Install.

e) Important:
When it asks about keeping files, select:

f) Keep personal files and apps

Wait until it finishes.

Your PC will restart many times.

g) After install:
Your files and programs will still be there.
Run the tool and choose to create installation media for another PC.
Select your language, architecture, and edition of Windows.
Choose to create either a USB flash drive or an ISO file.
Follow the on-screen instructions to complete the process.

15.2 Perform a Clean Install or In-place Upgrade:

Clean Install: This will erase all your personal files, apps, and settings, so be sure to back up your data if you choose this option.
In-place Upgrade: This will keep your files, apps, and settings while reinstalling Windows. This is a good option if you want to try and preserve your existing setup.
To perform an in-place upgrade, boot from the installation media and choose the "Upgrade" option, according to Microsoft Support.

1️⃣ Go to this website:
https://www.microsoft.com/en-us/software-download/windows11

2️⃣ Download “Installation Assistant.”
Click Download Now.

3️⃣ Open the file you downloaded.
Double-click it.

4️⃣ Accept everything.
Click Accept and Install.

5️⃣ Important:
When it asks about keeping files, select:
✅ Keep personal files and apps

6️⃣ Wait until it finishes.

Your PC will restart many times.

It can take 1–2 hours.

After install, Your files and programs will still be there. But anyways just in case don't forget to create a full backup of everything important before you started.

Summary of Useful Commands

Purpose	Command or Tool
Stop Update Services	`net stop wuauserv etc.`
Delete Update Cache	*`del %windir%\SoftwareDistribution\.* /s /q`**
Run SFC	`sfc /scannow`
Run DISM	`DISM /Online /Cleanup-Image /RestoreHealth`
PowerShell Update Module	`Install-Module PSWindowsUpdate`
Force Install Updates	`Install-WindowsUpdate -AcceptAll`
Reset Update Components (Full)	See above command sequence
Manual Update via Catalog

Conclusion

Windows Update problems can be frustrating, but they’re usually fixable with a methodical approach. From restarting services to clearing cache and running built-in tools, this guide covers all essential fixes. Staying updated ensures your PC remains secure, efficient, and compatible with the latest software.

Tags: apps, cause, cmd, cmd line, code, Configure Automatic Updates, copy, Cryptographic Services, Delete Windows Update Pending, Download Installation Assistant, downloads, exe, How to, Install Updates Manually, Manually Restart Windows Update Services, Media Creation Tool, Microsoft Update Catalog, Navigate, net, Open Settings System Storage, Pc, Rename, running, Settings Windows Update Update History Uninstall, times, type, Useful Commands, Warning, Windows Update Internet, WUSA
Posted in Everyday Life, Windows | No Comments »

Life of the Holy Martyr Confessor Acacius Serski (of Asvestochori, Thessaloniki) The Bulgarian

Wednesday, July 9th, 2025

1-ви май свети преподобномъченик Акакий Серски | Facebook

Short Biography of Saint Acacius Serski (of Asvestochori, Thessaloniki)

He was born with the name Atanas in 1792 in the Bulgarian village of Novo Selo near Thessaloniki.
When he was nine years old, his family moved with him to the town of Syar,[1] where he was taken as a foster child by the local bey as an infant and became a Muslim.
His parents, embittered, returned and settled in Thessaloniki.[5] Slandered by his stepmother for wanting to rape her, Atanas was expelled by the bey at the age of 18 and went to live with his parents.
Realizing the sin of his apostasy, he repented and was tonsured a monk at the Hilendar Monastery on Mount Athos, where he was accepted back into the bosom of the church.
After a year, he withdrew to the Iveron Monastery, where the monks Euthymius and Ignatius had recently suffered. Upon learning of their martyrdom, Akakiy decided to follow their example and publicly declare his renunciation of Islam, even though he knew that he would be sentenced to death for it.

On April 1, he departed by ship from Mount Athos and arrived in Galata, a district of the capital Constantinople, on April 23. On April 29, Saturday, Akakiy appeared before the Turkish court, recounted his renunciation, and publicly cursed Muhammad, calling him a false prophet.
The Ottomans began to try to persuade him to remain in Islam with exhortations and torture, but Akakiy refused and was condemned. On May 1, 1816, he was beheaded at the place of his forehead called Parmak Kapi.[10] His body was bought for 800 groschen and taken to Mount Athos.

His holy relics were placed first in his cell, and then in the newly built church in honor of the martyrs Euthymius and Ignatius who had suffered before him. The head of Saint Akakiy is today in the Russian Athos monastery "Saint Panteleimon".

The Bulgarian saint Akakiy of Sersky is commemorated on Mount Athos on the day of his martyrdom, May 1, together with the martyrs Euthymius (March 21) and Ignatius (October 8), for which a common service of the three saints was composed.

Sant Acacius is not to be mistaken with Sant Acacious of Byzantium.
Saint Acacius (Greek: Ἅγιος Ἀκάκιος; died 303), also known as Agathius of Byzantium, Achatius, or Agathonas to Christian tradition, was a Cappadocian Greek centurion of the imperial army, martyred around 304.)

Biography Source:
https://bg.wikipedia.org/wiki/
%D0%90%D0%BA%D0%B0%D0%BA%D0%B8%D0%B9_%D0%A1%D0%B5%D1%80%D1%81%D0%BA%D0%B8

Life of the Holy Martyr Akakiy (Syarsky) according to Living of Saints

The Holy Martyr Akakiy (Acacius), in holy baptism Athanasius, was born in the Bulgarian village of Novo Selo (Greek: Neochori) nowadays Asvestochori, Thessaloniki near the city of Thessaloniki.
Due to poverty, his parents moved to the city of Serres.
When he was nine years old, they send him to learn the trade from a shoemaker.

But the shoemaker beat the boy so severely every day that once, on Good Friday, he could not stand it and ran away in tears into the street.
Unfortunately, two Turkish women met him, flattered him, took him into their home, fed him, and so bewitched him with their beautiful words that they convinced him to renounce Christ.
Then the city bey (local area governor) took him to himself, performed the rite of Mohammedan circumcision over him, adopted him, and loved him and his wife as his own son.

After Athanasius had lived in the Bey's house for nine years and had already grown to manhood, the Bey's mistress changed her love for him from maternal to carnal and – like Potiphar's wife – tried to entice him into sin.
The chaste youth – like the wonderful biblical Joseph – fled from her, but she, embittered, slandered him through her husband that he allegedly wanted to defile herself with her.
Believing his wife false accusations, the Bey expelled him from his home and granted him complete freedom to go wherever he wanted.

He went to his parents, who after his renunciation returned to Thessaloniki. They were very happy about his return and especially about his desire to return to the Church of Christ.
But his wise mother warned him that he who voluntarily renounced Christ must wash away the sin of his renunciation with his own blood. He took his mother's advice deeply to heart, withdrew to the Hilendar Monastery on Mount Athos, confessed to the priest of the Xenophon Skete, and was restored to Christianity through chrism. Hearing of the exploits of the recently martyred Athonite holy martyrs Euthymius and Ignatius, he went to their former mentor, Hieromonk Nicephorus, with a request to prepare him for martyrdom. The priest explained to Athanasius all the difficulty of this feat, but he agreed to take him under his guidance.

After a little hesitation, Athanasius quickly advanced in the spiritual life – he labored with love, and his eyes, from heartfelt tenderness, became springs of incessant tears.
Seeing his perfection in virtue and steadfastness in thought, the clergyman tonsured him into monasticism with the name Akakiy ( Acacius ) and after some time blessed him to set out on a martyr's journey, for which he gave him as a companion the same elder Gregory, who at one time accompanied the venerable martyrs Euthymius and Ignatius.

Soon after that, they left the Holy Mountain and went to Constantinople.
On the day of the journey itself, Akakiy partook of the Holy Mysteries of Christ, dressed as a Turk and, shedding tears, accepted the last blessing of the venerable Gregory for martyrdom.

Having arrived at the High Ottoman Gate, he threw off his green turban from his (a sign for belonging to Islamic faith) head and began to trample it with his feet, confessed Christ and cursed Muhammad.
Having failed to persuade him to remain a Mohammedan with exhortations, the judges ordered him to be beaten and thrown into prison.
The next day, Akakiy was brought before the vizier himself, but this also proved to be useless, which is why the sentence of beheading followed.
On the eve of the execution of the sentence, the holy martyr communed with the Holy Mysteries.

saint_Akakius-the-Bulgarian-of-Asveotochy-village-near-Thessaloniki

On May 1, 1816, the Turks beheaded the holy martyr Akakiy in a place called Parmak-kapi.
With money collected by Christians, the monk Gregory bought the body of the holy martyr from the soldiers-guards and took it to Mount Athos.
His holy relics were first placed in his cell, and then he was buried in the newly built church in honor of the holy martyrs Euthymius and Ignatius, who had suffered before him.
The head of Saint Akakiy is now in the Russian Athonite monastery “St. Panteleimon” on Holy Mount Athos.

On the day of his martyrdom, his memory on Mount Athos is honored together with that of the venerable martyrs Euthymius (March 21) and Ignatius (October 8), because a common service has been composed for the three saints, and there is no separate service for St. Acacius.

Source:
© Lives of the Saints. Synodal Publishing House, Sofia, 1991, edited by Parthenius, Bishop of Levkiy and Archimandrite Dr. Athanasius (Bonchev).

Let by the Holy Prayers of Saint Akakiy Serski God have mercy on everyone !

Tags: Atanas, Christianity, church, city, home, Islam, journey, martyrdom, mother, mount athos, one time, priest, spiritual life, today, years
Posted in Christianity, Educational, Everyday Life | No Comments »

Archive for the ‘Everyday Life’ Category

English (King James Version) John 20:19–26

Bulgarian (Synodal translation) Йоан 20:19–26

Russian (Synodal) От Иоанна 20:19–26

Ἐκ τοῦ κατὰ Ἰωάννην ἁγίου Εὐαγγελίου τὸ ἀνάγνωσμα. Greek (Κοινή / Patriarchal Text – Orthodox usage)

Serbian (Епископски / Orthodox usage) Јован 20:19–26

Romanian (Biblia sinodală – Orthodox) Ioan 20:19–26

German (Luther tradition / Orthodox-used standard translation style) Johannes 20,19–26

Arabic (بطريركي / Orthodox liturgical usage) إنجيل يوحنا 20:19–2

Georgian (საქართველოს მართლმადიდებელი ეკლესია) იოანე 20:19–26

Albanian (Orthodox Albanian Bible usage) Gjoni 20:19–26

Czech (Český ekumenický / Orthodox-used translation style) Jan 20,19–26

Slovak (Orthodox-used / liturgical style) Ján 20,19–26

The Meaning of the Passage

The Absence of Thomas

Why It Is Called the “Second Resurrection Gospel” ?

Closing words

The Catechetical Sermon of St. John Chrysostom reading Matins of Pascha.

1. Create a systemd sleep script

If you need script logging use instead this small script:

2. Make it executable and reload systemd services

3. How it works (systemd respawn)

What Is GeoIP?

1. Installing GeoIP Databases on Linux deb based distro

2. GeoIP for Log Analysis (to get idea of where does your traffic origins from)

Find top attacking countries against your SSHd service.

3. Installing Apache GeoIP Module

4. Configure GeoIP Logging in Apache (basic config)

5. Country-Based Filter Blocking in Apache based on IP origin

6. Apply GeoIP to Apache Virtual Host

Firewall vs Application Layer GeoIP (Pros and Cons)

7. Apply GeoIP to HAProxy

a. Preparing GeoIP Filtering to HAProxy service

b. GeoIP-Based Access Control Lists ( ACLs ) in HAProxy

c. GeoIP-Based Routing across different haproxy backends

d. GeoIP Logging config for HAProxy

Keep in Mind !

8. Fail2ban + GeoIP: Smarter Bans, Better Context

a. GeoIP-Enriched Fail2ban Logs

b. Use GeoIP-Aware Ban Policies

9. GeoIP with nftables (Linux Modern Firewall Layer)

a. Using GeoIP Sets in nftables

b. Automating GeoIP -> nftables

10. GeoIP Dashboard: Turning Logs into Insight

a. Simple GeoIP Log Dashboard (CLI-Based)

b. Visual Dashboard with ELK / Grafana

11. Create a Layered GeoIP Strategy

12. Best Practices to consider

13. Common Mistakes to Avoid

Close up

Why Bother Self-Hosting?

1. You Own Your Data

2. You Learn More About "the Stack" and get better insight on software

3. Privacy by Design embedded

4. Resilience & Independence in the more and more dependent world

5. It’s a Form of Digital Homesteading

What Can You Realistically Self-Host in 2025?

Security: Not Optional

A Philosophical Note: Against Digital Apathy that rules sysadmin minds

How to Start Today

Final Words

What is Domain Authentication?

1. Update System and Set proper Hostname

2. Install Samba and Required Packages

5. Configure DNS (Optional but Recommended)

6. Add Users and Join Client Machines

7. Managing the Domain

8. Managing Samba AD Samba Linux Domain easily with UI

8.1. [Cockpit + 389 Directory Server or FreeIPA (for LDAP-based domains)]

8.2. [LDAP Account Manager (LAM)] – RECOMMENDED FOR SAMBA + AD

8.3. Samba Web Administration Tool (SWAT) ❌ Deprecated

8.4. Webmin (Partial Support)

Can You really Use RSAT Instead ?

Summary: Web UI for Samba Domain Management

Security Considerations

Conclusion

References

Gotchas on Debian to be aware of

1. Automatically Creating Home Directories

2. Restarting a Service without sudo

English (King James Version)
John 20:19–26

Bulgarian (Synodal translation)
Йоан 20:19–26

Russian (Synodal)
От Иоанна 20:19–26

Ἐκ τοῦ κατὰ Ἰωάννην ἁγίου Εὐαγγελίου τὸ ἀνάγνωσμα.
Greek (Κοινή / Patriarchal Text – Orthodox usage)

Serbian (Епископски / Orthodox usage)
Јован 20:19–26

Romanian (Biblia sinodală – Orthodox)
Ioan 20:19–26

German (Luther tradition / Orthodox-used standard translation style)
Johannes 20,19–26

Arabic (بطريركي / Orthodox liturgical usage)
إنجيل يوحنا 20:19–2

Georgian (საქართველოს მართლმადიდებელი ეკლესია)
იოანე 20:19–26

Albanian (Orthodox Albanian Bible usage)
Gjoni 20:19–26

Czech (Český ekumenický / Orthodox-used translation style)
Jan 20,19–26

Slovak (Orthodox-used / liturgical style)
Ján 20,19–26