Various Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Archive for the ‘Various’ Category

Check and Fix: “w32tm /query /source – The service has not been started” (Windows Time Service Error)

Thursday, February 12th, 2026

Some people are still forced to run Windows 10 due to hardware limitations on Legacy desktop PCs and Laptops as Windows 11 does not support all hardware. Hence the Windows Automatic Time Synchronization service might not have been started properly (is failing) and due to that the system clock might be slowing down or up from the actual time. This is a rare issue you might encounter but if you're physically situated on a place with very slow internet connection and / or on an 10 years+ old Gamer PC with Windows 10 you might encounter it under some specific unlucky circumstances combination, like very slow internet or using some kind of damaged windows due to failed Windows updates or due to running some unlicensed copy of Windows (which you should not!) etc.
Perhaps Windows time synchronization issues miight be caused due to BIOS / UEFI time setting misconfiguration causing the PC clock to be back in time with minutes / hours or in future mis-synchronized.
This perhaps could could happen even on more modern 356 Domain connected PCs / notebooks running on modern Windows 11?

In this article I'll give you an easy way how to resolve Windows Clock (Timing) issues by running few standard Windows commands in
Windows Administrator Prompt (elevated) cmd.exe line:

Run cmd.exe as Administartor: and try to get information on the configured time server:

sc query w32time

Usually that won't produce a good result if your clock is not properly synching with Windows Time server via the w32time service, to further debug run cmd:

w32tm /query /source

If you run the command:

and receive the error:

The following error occurred: 
The service has not been started. (0x80070426)

it means the Windows Time (W32Time) service is not running on your system.

This service is responsible for synchronizing your computer’s clock with an internet time server or domain controller. Without it, time sync will not work properly.

Why This Error Happens

The error usually appears when:

The Windows Time service is disabled
The service was stopped manually
System policies disabled time synchronization
The PC was recently restored or cloned

Below is how to fix it quickly.

Solution 1 : Start the Windows Time Service

Open Command Prompt as Administrator and run:

net start w32time

After it starts successfully, verify the time source:

 
w32tm /query /source

Solution 2: Set the Service to Start Automatically

If the problem keeps happening after reboot, set the service startup type to Automatic:

sc config w32time start= auto
net start w32time

Note: There must be a space after start= .

Solution 3: Re-register the Windows Time Service

If the service fails to start, try re-registering it:

w32tm /unregister
w32tm /register
net start w32time

Then force time synchronization:

w32tm /resync

Solution 4: Configure an NTP Server Manually

If no time source is configured, set one manually:

w32tm /config /manualpeerlist:"time.windows.com,0x8" \
/syncfromflags:manual /update
net stop w32time
net start w32time
w32tm /resync

You can also use other NTP servers such as for example:

pool.ntp.org
time.google.com

Alternative: Start the Service via Services Console services.msc

Press Win + R
Type services.msc
Find Windows Time
Set Startup type to Automatic
Click Start

Finally Check time server syncs fine

After fixing the issue, confirm everything works:

 w32tm /query /status 
w32tm /query /source

If a valid NTP server or domain controller is displayed, the issue is resolved.

Tags: Below, com, configured, domain controller, due, example, Find Windows Time, fixing, internet connection, internet time server, issue, ntp, occurred, properly, running, Services Console, system clock, time synchronization
Posted in System Administration, Various, Windows | No Comments »

Installing Freedoom, Freedoom Phase 2, and Other DOOMs on GNU / Linux

Thursday, January 29th, 2026

freedoom-game-on-linux-shot-killed-monster
You think good old DOOM game is Dead ? Think again.

From graphing calculators and printers to ATMs, traffic signs, refrigerators, and even experimental brain-computer interfaces, DOOM has proven itself less a game and more a force of nature. For decades, developers and hackers have ported it onto devices never meant for fast-paced demon slaying, simply because they could. This strange tradition says as much about DOOM’s elegant design as it does about the creativity – and stubbornness – of the open-source community. Perhaps as a mean of extension people from the free realm decide to create a a playable and free remake of it.

If you want classic DOOM action game to have fun on Linux without proprietary game data, Freedoom is the answer.
It’s free, open source, and designed to be fully compatible with the original DOOM engine ,while still delivering you a monsters to kill, shotguns, and extremely questionable life choices.

This article walks you through installing Freedoom, Phase1 Freedoom Phase 2, and running them with popular DOOM source ports on Linux such as gzdoom and chocolate-doom and freedm.

What Is Freedoom (and Why Should You Care)?

Freedoom is a free replacement for the original DOOM game data (WAD files).

Freedoom comes in two main flavors:

Freedoom (Phase 1) – Doom-compatible (monsters, maps, weapons)
Freedoom Phase 2 – Doom II – compatible (bigger maps, more enemies, more chaos)

Think of them as DOOM and DOOM II, but liberated from copyright hell.

1. Install Freedoom on Linux

On most Linux distributions, Freedoom is available directly from the package manager.

Debian / Ubuntu / Linux Mint

# apt install freedoom

This installs:

freedoom1.wad (Phase 1)
freedoom2.wad (Phase 2)

You now officially own free DOOM. Congratulations.

$ freedoom1

$ freedoom2

2. Choose a DOOM Engine (a.k.a. Source Port)

Freedoom doesn’t run by itself- you need a DOOM engine to play it. Luckily, Linux has lots of excellent options.

2.1. Chocolate Doom (Classic Experience)

Chocolate Doom aims to recreate exactly how DOOM felt in the 1990s. Same physics, same limits, same pixelated glory.

Doom engines closely-compatible with Vanilla Doom

Chocolate Doom aims to accurately reproduce the original DOS version of

Doom and other games based on the Doom engine in a form that can be

run on modern computers. Unlike most modern Doom engines, Chocolate Doom

is not derived from the Boom source port and does not inherit its

features (or bugs).

chocolate-doom package contains:

* Chocolate Doom, a port of Id Software's "Doom" (1993)

* Chocolate Heretic, a port of Raven Software's "Heretic" (1994)

* Chocolate Hexen, a port of Raven Software's "Hexen" (1995)

* Chocolate Strife, a recreation of Rogue Entertainment's "Strife" (1996)

These games are designed to behave as similar to the original DOS version as

is possible.

Chocolate Doom supports all flavors of Doom, including The Ultimate Doom, Doom

2 and Final Doom as well as Chex(R) Quest, HacX, Freedoom: Phase 1 and Phase 2

and FreeDM.

All Chocolate game engines require game data to play. For Chocolate Doom,

free game data is available in the freedoom package. Commercial game data for

all four engines can be packaged using "game-data-packager".

To install it simply run:

# apt install chocolate-doom

Run Freedoom:

$ chocolate-doom -iwad /usr/share/games/doom/freedoom1.wad

Or Doom II–style:

$ chocolate-doom -iwad /usr/share/games/doom/freedoom2.wad

2.2. PrBoom+ (Classic but Smoother)

PrBoom+ keeps the old-school feel but adds:

Better performance
Higher resolutions
Fewer headaches

To install it:

# apt install dsda-doom

Run dsda-doom:

$ dsda-doom -iwad freedoom2.wad

Best for:

Vanilla gameplay with modern comfort
Speedrunners
People who want fewer crashes than 1993 allowed

2.3. GZDoom (Modern, Fancy, Wild)

GZDoom is DOOM after drinking several energy drinks:

Hardware acceleration
Mouse look
Mods, lighting, shaders, chaos

Add necessery repository:

$ rm –f /etc/apt/trusted.gpg.d/drdteam.gpg $ rm –f /etc/apt/sources.list.d/drdteam.list
# wget -P /etc/apt/sources.list.d https://debian.drdteam.org/drdteam-$(dpkg –print-architecture).sources
# apt update # apt install gzdoom

Run Original Doom WAD:

$ gzdoom -iwad /var/www/files/doom2.wad

If you need the original doom wads check out my earlier article DOOM 1, DOOM 2, DOOM 3 game wad files for download / Playing Doom on Debian Linux via FreeDoom open source doom engine
Run Freedoom WAD:

$ gzdoom -iwad freedoom2.wad

Best for:

Mods
Modern controls
Turning DOOM into something unrecognizable (but fun)

**3. Installing Other DOOM Engines**

Once you have an engine, you can play nearly any DOOM-compatible game by pointing it at a WAD file.

Popular options include:

FreeDM – A free deathmatch-focused DOOM experience
Heretic / Hexen – Fantasy DOOM (if you own the WADs)
User-made megawads – Thousands exist, ranging from brilliant to unhinged

Most engines let you load extra content like this:

$ gzdoom -iwad freedoom2.wad -file coolmap.wad

freedoom-exit-screen-cool-doom-text-ascii 3.1. Installing FreeDM Port

Install it with:

# apt install freedm
$ freedm

freedm-doom-linux-shot

3.2. Where Are the WAD Files located ?

Typically they are installed to:

/usr/share/games/doom/

Common files:

freedoom1.wad
freedoom2.wad
freedm.wad

You can copy them anywhere if you prefer a custom setup.

3.3. Keyboard, Mouse, and Sanity Settings

After launching:

Open Options → Controls
Enable mouse look (if using GZDoom)
Rebind keys (your pinky deserves mercy)
Increase resolution unless you’re feeling retro

Final Thoughts, DOOM A Forever Classic

Freedoom proves that DOOM isn’t just a game—it’s a platform, a culture, and for those born in the mid and beginning of 90s a travel back machine.

On Linux, you get:

Free game data
Multiple engines
Infinite mods
Zero DRM
Maximum demon destruction 🙂

Whether you want authentic 1993 vibes or modernized mayhem, Freedoom and Linux are a perfect match.
For old school fans and maniacs as well as IT tech guys with nostalgia or hard core angry system administrators this game is a real bliss
as it can be a true anti-stressor and a perfect for as a mean of anger management 🙂

Enjoy the Blast ! Happy Doom-Ing!

Tags: about, action, after, again, aims, ALL, allowed, and, angry, Chocolate Doom, data, Debian Ubuntu Linux Mint, Freedoom Phase, list, Open Options Controls, package, ports, running, these games, without
Posted in Entertainment, Games, Games Linux, Various | No Comments »

How to add Bulgarian language to GCompris Kids education software on Debian 12 GNU / Linux installing gcompris via flatpak next generation package distribution tool

Monday, January 26th, 2026

As I have a small currently 5.5 years old Kid Dimitar at home and i'm doing my best to make him learn new things and advance in different areas of life and knowledge.

Today Decided to introduce him to Linux4Kids gcompris a KDE educational set of games for small children.
Once installed with simple

# apt install gcompris-qt

It works fine and default version installable from default Debian distribution is fine, except it does not support Bulgarian.

That is again not a nice suprise, as even some pseudo languages like Belarusian are there to set but Bulgarian missing on the default installable pack:

# dpkg -l |grep -i gcompris
ii gcompris-qt 3.1-2 amd64 educational games for small children
ii gcompris-qt-data 3.1-2 all data files for gcompris-qt

After some tampering and unable to find a native .deb port of the latest release and my undesire to move from debian 12 (bookworm) Desktop Linux laptop at the moment to Debian 13 Trixie, i've finally found a way to install it via flatpak:

For those who never used snap package ecosystem or flatpak, here is a shortly synthesis on it:

Flatpak is an open-source, next-generation framework for building, distributing, and running sandboxed desktop applications on Linux.
It enables developers to package apps once and run them on any Linux distribution by including all necessary dependencies.
Flatpak improves security by isolating applications from the host system.

Flatpaks are containerized applications. They require more space because the bring along their own versions of their dependencies instead of relying on system versions.

While a single application will have greater space requirements, the base images [and potentially overlays] will get shared between them and each successive flatpak will potentially require less overhead.

The pros to using them is that flatpaks are often more current than their distribution packaged versions and they are somewhat isolated from the base system. The cons are that they're not managed with the rest of your system packages, can have slower start times, occasionally have permissions issues, and take up more space.

In some cases, flatpak is a better choice. Sometimes, it's not, and there's no way we can really determine that for you.

Tried up to my best to install the newest version of gcompris which as of time of writting this blog post is gcompris 25.1

# apt info flatpak|grep -i 'descr' -A8 -B8

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Recommends: ca-certificates, default-dbus-system-bus | dbus-system-bus, desktop-file-utils, hicolor-icon-theme, gtk-update-icon-cache, libpam-systemd, p11-kit, polkitd | policykit-1, shared-mime-info, xdg-desktop-portal (>= 1.6), xdg-desktop-portal-gtk (>= 1.6) | xdg-desktop-portal-backend, xdg-user-dirs
Suggests: avahi-daemon, malcontent-gui
Conflicts: xdg-app
Replaces: xdg-app
Homepage: https://flatpak.org/
Download-Size: 1,400 kB
APT-Manual-Installed: yes
APT-Sources: http://ftp.debian.org/debian bookworm/main amd64 Packages
Description: Application deployment framework for desktop apps
Flatpak installs, manages and runs sandboxed desktop application bundles.
Application bundles run partially isolated from the wider system, using
containerization techniques such as namespaces to prevent direct access
to system resources. Resources from outside the sandbox can be accessed
via "portal" services, which are responsible for access control; for
example, the Documents portal displays an "Open" dialog outside the
sandbox, then allows the application to access only the selected file.

# apt install flatpak

# flatpak remote-add –if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
# flatpak install flathub org.kde.gcompris
# flatpak run org.kde.gcompris

If you have sound glitches of gcompris on Older laptops install all necessery for pipewire run it like that:

# apt install pipewire pipewire-audio-client-libraries pipewire-pulse

Try to run it manually with:

# env PULSE_LATENCY_MSEC=60 ; flatpak run org.kde.gcompris

If still sound glithches are present a workaround is to tune PipeWire buffer/quantum size:

PipeWire buffer/quantum size too aggressive?

Many crackling issues come from too small quantum. Create ~/.config/pipewire/pipewire.conf.d/99-custom.conf

# vim ~/.config/pipewire/pipewire.conf.d/99-custom.conf
and add:textcontext.properties = {
default.clock.rate = 48000
default.clock.quantum = 1024
default.clock.min-quantum = 512
default.clock.max-quantum = 2048
}

#systemctl –user restart pipewire pipewire-pulse

Create a new wrapper script to run you gcompris easily

# vim /usr/local/bin/gcompris.sh

#!/bin/bash
# little hack script to make music streamed via pulseaudio to not have severe glitches when running gcompris latest release on debian 12
# through flatpak
# if not working run cmd
# systemctl –user restart pipewire
LANG=bg_BG.UTF-8
SDL_AUDIODRIVER=pulseaudio
#flatpak run –device=all –socket=pulseaudio org.kde.gcompris
flatpak override –user –env=SDL_AUDIODRIVER=pulseaudio org.kde.gcompris
flatpak override –user –filesystem=~/.config/pipewire:ro org.kde.gcompris
LANG=bg_BG.UTF-8 flatpak run –socket=pulseaudio org.kde.gcompris

# chmod +x /usr/local/bin/gcompris.sh

Hence I run the wrapper script and let the kid enjoy the nice educational stuff while I enjoyed the nice kiddish peaceful music !

# /usr/local/bin/gcompris.sh

P.S. ! If you get issues with pipewire (if you're using one instead of pulseaudio as I do with my Mate desktop environment you can restart it and relaunch the gcompris nice addition to tux4kids (see my previous article Tux for Kids (Tux Math, Tux Paint, Tux Typing) 3 games to develop your children Intellect):

# systemctl –user restart pipewire

Enjoy Gcompris !

Tags: access, after, again, ALL, allows, amd64, Bulgarian, clock, config, Debian, default, Description Application, gcompris, How to, kde, org, scripts, small, software, system resources
Posted in Educational, Games Linux, Linux, Various | No Comments »

How to Easily Integrate AI Into Bash on Linux with ollama

Monday, January 12th, 2026

AI is more and more entering the Computer scene and so is also in the realm of Computer / Network management. Many proficient admins already start to get advantage to it.
AI doesn’t need a GUI, or a special cloud dashboard or fancy IDE so for console geeks Sysadmins / System engineers and Dev Ops it can be straightly integrated into the bash / zsh etc. and used to easify a bit your daily sys admin tasks.

If you live in the terminal, the most powerful place to add AI is Bash itself. With a few tools and a couple of lines of shell code, you can turn your terminal into an AI-powered assistant that writes commands, explains errors, and helps automate everyday Linux tasks.

No magic. No bloat. Just Unix philosophy with a brain.

1. AI as a Command-Line Tool

Instead of treating AI like a chatbot, treat it like any other CLI utility:

stdin → prompt
stdout → response
pipes → integration

Hardware Requirements of Ollama Server

2. Minimum VM (It runs, but you’ll hate it)

Only use this to test that things work.

vCPU: 2
RAM: 4 GB
Disk: 20 GB (SSD mandatory)
Storage type: ( HDD / network storage = bad )
Models: phi3, tinyllama

Expect:

Very slow pulls
Long startup times
Laggy responses

a. Recommended VM (Actually usable)

This is the sweet spot for Bash integration and daily CLI use.

vCPU: 4–6 (modern host CPU)
RAM: 8–12 GB
Disk: 30–50 GB local SSD
CPU type: host-passthrough (important!)
NUMA: off (for small VMs)

Models that feel okay:

phi3
mistral
llama3:8b (slow but tolerable)

b. “Feels Good” VM (CPU-only but not painful)

If you want it to feel responsive.

vCPU: 8
RAM: 16 GB
Disk: NVMe-backed storage
CPU flags: AVX2 enabled
Hugepages: optional but nice

Models:

llama3:8b
codellama:7b
mixtral (slow, but usable)

Hypervisor-Specific Advice (Important)

c. KVM / Proxmox (Best choice)

CPU type: host
Enable AES-NI, AVX, AVX2
Use virtio-scsi
Cache: writeback
IO thread: enabled

d. If running VM on VMware platform

Enable Expose hardware-assisted virtualization
Use paravirtual SCSI
Reserve memory if possible

e. VirtualBox (Not recommended)

Poor CPU feature exposure
Weak IO performance

Avoid if you can

f. Local AI With Ollama (Recommended)

If you want privacy, low latency, and no API keys, Ollama is currently the easiest way to run LLMs locally on Linux.

3. Install Ollama

# curl -fsSL https://ollama.com/install.sh | sh

Start the service:

# ollama serve

Pull a model (lightweight and fast):

# ollama pull llama3

Test it:

ollama run llama3 "Explain what the ls command does"

If that works, you’re ready to integrate.

To check whether all is properly setup after installed llama3:

root@haproxy2:~# ollama list
NAME ID SIZE MODIFIED
llama3:latest 365c0bd3c000 4.7 GB About an hour ago

root@haproxy2:~# systemctl status ollama
● ollama.service – Ollama Service
Loaded: loaded (/etc/systemd/system/ollama.service; enabled; preset: enabled)
Active: active (running) since Mon 2026-01-12 16:43:30 EET; 15min ago
Main PID: 37436 (ollama)
Tasks: 16 (limit: 6999)
Memory: 5.0G
CPU: 13min 5.264s
CGroup: /system.slice/ollama.service
├─37436 /usr/local/bin/ollama serve
└─37472 /usr/local/bin/ollama runner –model /usr/share/ollama/.ollama/models/blobs/sha256-6a0746a1ec1aef3e7ec53>

яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: Flash Attention was auto, set to enabled
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: CPU compute buffer size = 258.50 MiB
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: graph nodes = 999
яну 12 16:45:34 haproxy2 ollama[37436]: llama_context: graph splits = 1
яну 12 16:45:34 haproxy2 ollama[37436]: time=2026-01-12T16:45:34.959+02:00 level=INFO source=server.go:1376 msg="llama runner>
яну 12 16:45:34 haproxy2 ollama[37436]: time=2026-01-12T16:45:34.989+02:00 level=INFO source=sched.go:517 msg="loaded runners>
яну 12 16:45:35 haproxy2 ollama[37436]: time=2026-01-12T16:45:35.000+02:00 level=INFO source=server.go:1338 msg="waiting for >
яну 12 16:45:35 haproxy2 ollama[37436]: time=2026-01-12T16:45:35.001+02:00 level=INFO source=server.go:1376 msg="llama runner>
яну 12 16:55:58 haproxy2 ollama[37436]: [GIN] 2026/01/12 – 16:55:58 | 200 | 3.669915ms | 127.0.0.1 | HEAD "/"
яну 12 16:55:58 haproxy2 ollama[37436]: [GIN] 2026/01/12 – 16:55:58 | 200 | 42.244006ms | 127.0.0.1 | GET "/api/>
root@haproxy2:~#

4. Turning AI Into a Bash Command

Let’s create a simple AI helper command called ai.

Add this to your ~/.bashrc or ~/.bash_aliases:

ai() {

ollama run llama3 "$*"

}

Reload your shell:

$ source ~/.bashrc

Now you can do things like:

$ ai "Write a bash command to find large files"

$ ai "Explain this error: permission denied"

$ ai "Convert this sed command to awk"

At this point, AI is already a first-class CLI tool.

5. Using AI to Generate Bash Commands

One of the most useful patterns is asking AI to output only shell commands.

Example:

$ ai "Give me a bash command to recursively find .log files larger than 100MB. Output only the command."

Copy, paste, done.

You can even enforce this behavior with a wrapper:

aicmd() {

ollama run llama3 "Output ONLY a valid bash command. No explanation. Task: $*"

}

Now:

$ aicmd "list running processes using more than 1GB RAM"

Danger note: always read commands before running them. AI is smart, not trustworthy.

6. AI for Explaining Commands and Logs

This is where AI shines.

Pipe output directly into it:

$ dmesg | tail -n 50 | ai "Explain what is happening here"

Or errors:

$ make 2>&1 | ai "Explain this error and suggest a fix"

You’ve just built a terminal-native debugger.

7. Smarter Bash History Search

You can even use AI to interpret your intent instead of remembering exact commands:

aih() {

history | ai "From this bash history, find the best command for: $*"

}

Example:

$ aih "compress a directory into tar.gz"

It’s like Ctrl+R, but semantic.

8. Using AI With Shell Scripts

AI can help generate scripts inline:

$ ai "Write a bash script that monitors disk usage and sends a notification when it exceeds 90%"

You’re not replacing scripting skills – you’re accelerating them.

Think of AI as:

a junior sysadmin
a documentation search engine
a rubber duck that talks back

9. Where Ollama Stores Its Data

Depending on how it runs:

System service (most common)

Models live here:

/usr/share/ollama/.ollama/

Inside:

models/

blobs/

User-only install

~/.ollama/

Since you installed as root + systemd, use the first path.

See What’s Taking Space

# du -sh /usr/share/ollama/.ollama/*

Typical output:

models/ → metadata
blobs/ → the big files (GBs)

10. Remove Unused Models (Safe Way)

List models Ollama knows about:

# ollama list

Remove a model properly:

# ollama rm llama3

This removes metadata and unreferenced blobs.

Always try this first.

11. Full Manual Cleanup (Hard Reset)

If things are broken, stuck, or you want a clean slate:

Stop Ollama

# systemctl stop ollama

Delete all local models and cache

# rm -rf /usr/share/ollama/.ollama/models

# rm -rf /usr/share/ollama/.ollama/blobs

(Optional but safe)

# rm -rf /usr/share/ollama/.ollama/tmp

Start Ollama again

# systemctl start ollama

Ollama will recreate everything automatically.

Verify Cleanup Worked

# du -sh /usr/share/ollama/.ollama

# ollama list

You should see:

Very small disk usage
Empty model list

Prevent Disk Bloat (Highly Recommended)

Only pull small models on VMs

Stick to:

phi3
mistral
tinyllama

Remove models you don’t use

# ollama rm modelname

Set a custom data directory (optional)

If /usr is small, move Ollama data:

# systemctl stop ollama

# mkdir -p /opt/ollama-data

# chown -R ollama:ollama /opt/ollama-data

Edit service:

# systemctl edit ollama

Add:

[Service]

Environment=OLLAMA_HOME=/opt/ollama-data

Then:

# systemctl daemon-reload

# systemctl start ollama

Quick “Nuke It” One-Liner (Use With Care)

Deletes everything Ollama-related:

# systemctl stop ollama && rm -rf /usr/share/ollama/.ollama && systemctl start ollama

API-Based Option (Cloud Models)

If you prefer cloud models (OpenAI, Anthropic, etc.), the pattern is identical:

Use curl
Pass prompt
Parse output

Once AI returns text to stdout, Bash doesn’t care where it came from.

12. Best Practices how to use shell AI to not overload machine

Before you go wild:

Don’t auto-execute AI output
Don’t run AI as root
Treat responses as suggestions
Version-control important scripts
Keep prompts specific

AI is powerful — but Linux still assumes you know what you’re doing.

Sum it up

Adding AI to Bash isn’t about replacing skills.
It’s about removing friction.

When AI gets easy to use from the command line it is a great convenience for those who don't want to switch to browser all the time and copy / paste like crazy.
AI as a command-line tool fits perfectly into the Linux console:

composable
scriptable
optional
powerful

Once you’ve used AI from inside your shell for a few hours, going back to browser-based AI chat stuff like querying ChatGPT feels… slow and inefficient.
However keep in mind that ollama is away from perfect and has a lot of downsides and ChatGPT / Grok / DeepSeek often might give you better results, however as ollama is really isolated and non-depend on external sources your private quries will not get into a public AI historic database and you won't be tracked.
So everything has its Pros and Cons. I'm pretty sure that this tool and free AI tools like those will certainly have a good future and will be heavily used by system admins and
programmers in the coming future.
The terminal just got smarter. And it didn’t need a GUI to do it.

Tags: bashrc, brain, buffer size, copy paste, Delete, Edit, find, Flash Attention, Generate Bash Commands, graph, identical, linux?, Output, running processes, Smarter Bash History Search, Start, terminal, time, times, wrapper
Posted in AI on Linux, Automation, Educational, System Administration, Various | No Comments »

How to Optimize Debian Linux on old Computers to Get improved overall Speed, Performance and Stability

Tuesday, December 30th, 2025

How to optimize Debian version 12.12 Linux OS to work responsive on Old ThinkPad laptops like from year 2008 Thinkpad R61 with Window Maker, zram, SSD etc.

Old computers aren’t obsolete but most worthy if you dont want to spend on extra hardware.

With the right setup, Debian Linux can run smoothly on hardware that’s more than a decade old. This article walks through a real-world, proven configuration using a classic ThinkPad R61 (Core 2 Duo, 4 GB RAM, SSD), but the principles apply to many older PCs as well.

Why use Debian Linux on old hardware?

Debian Stable is ideal for old hardware because it offers:

Low baseline resource usage
Long-term stability
Minimal background activity
Excellent support for lightweight desktops
Flexible and well organized and relatively easy to tune

Paired with a minimal window manager, Debian easily outperforms many “lightweight” distros that still ship heavy defaults.

Hardware Baseline PC setup

Test system:

Laptop: ThinkPad R61
CPU: Intel Core 2 Duo
RAM: 4 GB
Storage: SATA SSD
Graphics: Intel X3100 / NVIDIA NVS 140M
Desktop: Window Maker

This is a common configuration for late-2000s business laptops.

1. Desktop Environment: Keep It Simple

Heavy desktop environments is the main factor to slow down an old PC.
Where possible dont use the Desktop environment at all and stick to console.

Recommended:

Window Maker (used by myself)
Openbox
Fluxbox
IceWM

Avoid:

GNOME
KDE Plasma
Cinnamon

Window Maker is especially effective: no compositing, no animations, minimal memory usage.

2. Terminal Choice Matters

For console-based applications (games, tools, system utilities), use a terminal that correctly reports its size. Lets say you use xterm:

$ xterm

You can force a usable terminal size like this:

$ xterm -geometry 80×32 &

This avoids common issues with console applications failing due to incorrect terminal dimensions.

Install urxvt (best choice for terminal productivity)

Open a terminal and run:

# apt update
# apt install rxvt-unicode

Optional (if you want tabbed terminal use suckless):

# sudo apt install suckless-tools

rxvt-unicode-256color → main terminal (n/a in debian) have to install third party
rxvt-unicode-256color-perl → Perl extensions (tabs, URL click, etc.) (n/a in debian, installable via third party)
suckless-tools → includes tabbed, can be used as an alternative for tabs

a. Configure .Xresources

Create or edit ~/.Xresources:

$ vim~/.Xresources

Example for beautiful setup with tabs, transparency, and fonts:

! Basic appearance
! URxvt.font: xft:FiraCode Nerd Font Mono:size=12
URxvt.background: [90]#1c1c1c
URxvt.foreground: #c0c0c0
! URxvt.cursorColor: #ff5555
! URxvt.saveLines: 10000
! URxvt.scrollBar: false
! URxvt.borderLess: true

! Enable tabs using built-in tabbed extension
URxvt.perl-ext-common: default,tabbed

! Tab colors
URxvt.tabbed.tabbar-fg: 15
URxvt.tabbed.tabbar-bg: 0
URxvt.tabbed.tab-fg: 2
URxvt.tabbed.tab-bg: 8

! Keybindings for tabs
! Ctrl+Shift+N → new tab
URxvt.keysym.Control-Shift-N: perl:tabbed:new_tab
! Ctrl+Shift+W → close tab
URxvt.keysym.Control-Shift-W: perl:tabbed:close_tab
! Ctrl+Tab → next tab
URxvt.keysym.Control-Tab: perl:tabbed:next_tab
! Ctrl+Shift+Tab → previous tab
URxvt.keysym.Control-Shift-Tab: perl:tabbed:prev_tab
! Tabs keybindings
URxvt.keysym.Control-N: perl:tabbed:new_tab
URxvt.keysym.Control-W: perl:tabbed:close_tab

b. Apply .Xresources changes

Run:

$ xrdb ~/.Xresources

Then launch urxvt:

$ rxvt

Ctrl+Shift+T → new tab
Ctrl+Shift+W → close tab

c. Optional: Make it even cooler

Install powerline fonts or Nerd Fonts (for fancy prompt icons):

# apt install fonts-firacode

Enable URL clicking and clipboard (already enabled above)
Combine with tmux for extra tabs/panes, session management, and more shortcuts.

3. Retain only last 500MB from journald

Retain only the past 500 MB:

# journalctl –vacuum-size=500M

This is exteremely useful as sometimes failing services might generate ton of unnecessery logs and might flood up the old machine hard disk.

4. Reduce journal memory footprint

# vim /etc/systemd/journald.conf

Set Storage=volatile
Set RuntimeMaxUse=50M

# systemctl restart systemd-journald

5. Trim services boot times

# systemd-analyze blame
# systemd-analyze critical-chain

This tells you which services slow down your boot the most.

6. Disable Unnecessary Services

Old systems benefit massively from disabling unused background services.

Check what’s enabled:

# systemctl list-unit-files –state=enabled

Common candidates to disable (if not needed):

# systemctl disable bluetooth
# systemctl disable cups
#systemctl disable avahi-daemon
#systemctl disable ModemManager

Each disabled service saves RAM and CPU cycles.

7. Dirty Page Tuning (Reduces Freezes)

Defaults favor servers, not laptops.

Edit:

# vim /etc/sysctl.conf

Add:

vm.dirty_background_ratio=5
vm.dirty_ratio=10

This forces writeback earlier, preventing sudden stalls.

8. Memory Tuning: zram Done Right

Does zram make sense with 4 GB RAM and an SSD?

Yes it could, but only in moderation.

zram compresses memory in RAM and acts as fast swap. On a Core 2 Duo, compression overhead is small and the benefit is smoother multitasking.

Recommended zram configuration

Install zram-tools deb package:

# apt install zram-tools

Edit:

# vim /etc/default/zramswap

Set:

PERCENT=15

This creates ~600 MB of compressed swap — enough to absorb memory spikes without wasting RAM.

9. Keep Disk Swap (But Small)

Even with zram, disk swap is useful as a fallback.

Recommended:

1–2 GB swap on SSD
zram should have higher priority than disk swap

Check:

# swapon –show

10. Swappiness and Cache Pressure

Tune the kernel to prefer RAM and zram first:

# vim /etc/sysctl.conf

Add:

vm.swappiness=10
vm.vfs_cache_pressure=50

Apply:

# sysctl -p

This prevents early swapping and keeps the system responsive.

11. CPU Governor: A Hidden Performance Win

Older ThinkPads often run conservative CPU governors.

Install tools:

# apt install cpufrequtils

Set a balanced governor:

# echo 'GOVERNOR="ondemand"' | sudo tee /etc/default/cpufrequtils

# systemctl restart cpufrequtils

This allows the CPU to ramp up quickly when needed.

12. Power and Thermal Management (ThinkPad-Specific)

Install TLP:

# apt install tlp
# systemctl enable tlp
# systemctl start tlp

TLP improves:

Battery life
Thermal behavior
SSD longevity

Defaults are usually perfect – no heavy tuning required.

13. Disable Watchdogs (If You Don’t Debug Kernels)

Watchdogs waste cycles on old CPUs.

Check:

# lsmod | grep watchdog

Disable:

# vim /etc/modprobe.d/blacklist.conf

Add:

blacklist iTCO_wdt
blacklist iTCO_vendor_support

Reboot.

14. Reduce systemd Noise

systemd logs aggressively by default.

Edit:

#vim/etc/systemd/journald.conf

Set:

Storage=volatile
RuntimeMaxUse=50M

Then:

#systemctl restart systemd-journald

Less disk I/O, faster boots.

15. Use tmpfs for caching and Volatile Junk

Put garbage in RAM, not SSD.

Edit:

# vim /etc/fstab

Add:

tmpfs /tmp tmpfs noatime,nosuid,nodev,mode=1777,size=256M 0 0

Optional:

tmpfs /var/tmp tmpfs noatime,nosuid,nodev,size=128M 0 0
# mount -a

16. IRQ Balance: Disable It (might slow down machine)

On single-socket old laptops, irqbalance can hurt.

Disable:

# systemctl disable irqbalance

Test performance; re-enable if needed.

17. Reduce systemd Timeout Delays

Old laptops often wait forever on dead hardware.

Edit:

# vim /etc/systemd/system.conf

Set:

DefaultTimeoutStartSec=10s
DefaultTimeoutStopSec=10s

18. Strip Kernel Modules You Don’t Use

If you don’t use:

FireWire
Bluetooth
Webcam

Blacklist them:

# vim /etc/modprobe.d/blacklist-extra.conf

Example:

blacklist firewire_ohci
blacklist firewire_core
blacklist uvcvideo
blacklist bluetooth

Faster boot, fewer interrupts.

19. X11 Performance Tweaks (Intel Graphics)

Create:

# vim/etc/X11/xorg.conf.d/20-intel.conf

Add:

Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "TearFree" "false"
Option "AccelMethod" "sna"
EndSection

20. Disable IPv6 (if not used)

Saves a little RAM and startup time.

Edit:

# vim/etc/sysctl.conf

Add:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

21.Lower Kernel Log Level verbosity

Stop kernel spam.

# dmesg -n 3

Make permanent:

# vim/etc/sysctl.conf

Add:

kernel.printk=3 4 1 3

22.Scheduler Latency (Advanced)

For desktop interactivity:

# vim/etc/sysctl.conf

Add:

kernel.sched_autogroup_enabled=1

Helps UI responsiveness under load.

23.Kill Browser Bloat (Biggest Win)

For Firefox ESR:

Disable telemetry
Enable tab unloading

browser.sessionstore.interval = 300000

No kernel tweak beats this.

a. Enable tab unloading (automatic tab discard)

Open Firefox ESR
Type
about:config
in the address bar.
Accept the warning: “This might void your warranty.”
Search for the following preference:

browser.tabs.unloadOnLowMemory

Default: false
Set to: true

This enables Firefox to unload inactive tabs automatically when memory is low.

b. Optional tuning

Some other preferences you can tweak:

Preference	Description	Suggested value
browser.tabs.maxSuspendedTabs	Maximum number of tabs that can be suspended	10–20
browser.tabs.autoHide	Auto-hide tabs while suspended (older ESR versions)	true
browser.tabs.loadInBackground	Background tabs load in suspended state	true
browser.sessionstore.interval	How often session is saved (ms)	15000

These may vary slightly depending on ESR version.

24. Graphics Considerations

ThinkPad R61 models typically have:

Intel X3100 → works well out of the box
NVIDIA NVS 140M → use nouveau driver

Recommendations:

Avoid proprietary legacy NVIDIA drivers
No compositing
Simple themes only

25. Extremely for Geeks, Build a Custom Kernel (Optional)

Only if you have plenty of time and you have a developers background and maniacal tendencies 🙂

Benefits:

Smaller kernel
Faster boot
Fewer interrupts

Cost:

Maintenance burden

26. Application Choices Matter More Than Tweaks

Keep in mind the application choices matter more than tweeks.
Even the best-tuned system can be ruined by heavy applications.

Recommended software:

Browser: Firefox ESR
File manager: PCManFM
Terminal: xterm, rxvt
Editor: nano, geany

Limit browser tabs and disable unnecessary extensions.

27. Things Not to Do

Avoid:

Huge zram sizes (50%+)
Do not Disable swap entirely
Beware of Aggressive kernel “performance hacks”
Disable any Heavy desktop effects if choosing to run MATE or alike GUI environment

Stability beats micro-optimizations.

Final Recommended Configuration

For a ThinkPad R61 with 4 GB RAM and SSD perhaps the best Linux configuration would be:

Debian Stable
Window Maker
zram: 15%
SSD swap: 1–2 GB
swappiness: 10
TLP enabled
No compositor

This setup would deliver:

Smooth multitasking
No UI lag
Minimal CPU overhead
Long-term stability

Conclusion

Old PCs don’t need to be fast necessery, but can be made work slightly faster, though the limits if used in a proper way with the right software and without out the eye candy nonse of today, they be still fully functionally used.

With Debian, a lightweight window manager, and sensible memory tuning, even 15-year-old + old hardware remains useful today for common daily tasks, and makes it not only useful but fun and different especially if you are a sysadmin or a developer who needs mostly console and a browser.

It gives you another perspective on how to do your computing in a simplier and more minimalistic way.

Of course do not expect the Old Hardware PC to be the perfect station for youtube maniacs, heavy gamers or complete newbies, who dont honor the old PC limited resources and don't want to have a bit of experimental approach to the PC.

Anyways by implementing before mentioned tweaks, they will reward you with reliability and simplicity – something modern over complicated OS and Apps often lack.

Enjoy and Happy Christmas 2025 and Happy New Year 2026 soon ! 🙂

Tags: browser, Cache Pressure, debian linux, Debian performance tweaks, Desktop Window Maker, desktops, Disable Unnecessary Services, Done Right, Enjoy, Final Recommended Configuration, Graphics Considerations, How to, Install, Lightweight Linux, Linux for old hardware, Linux performance tips, Linux system optimization, Linux terminal tabs, Low RAM Linux, nano, Noise, Old PC optimization, SSD optimization, systemctl, Systemd tuning, SysVinit vs systemd, tabs, Terminal Choice Matters, thinkpad r61, Timeout Delays, times, vim, Volatile Junk, Window Maker, xterm, zram
Posted in Linux, Linux Audio & Video, Linux on Laptops, System Administration, System Optimization, Various | No Comments »

How to Deploy Central DNS on Linux with 3 Authoritative Servers and 1 Recursive Cache

Friday, December 19th, 2025

Centralized DNS is one of those services that must be always UP, predictable, and fast. When it isn’t, everything breaks in strange and unpleasant ways.

This article describes a robust central DNS architecture for Linux environments using:

3 authoritative DNS servers
1 dedicated caching resolver
Clear separation between authoritative and recursive roles

Architecture Overview

Roles

Server	Role	Purpose
dns-auth-01	Authoritative	Primary (master)
dns-auth-02	Authoritative	Secondary (slave)
dns-auth-03	Authoritative	Secondary (slave)
dns-cache-01	Recursive / Cache	Internal resolution

Why Separate Roles?

Authoritative and recursive DNS have very different workloads:

Authoritative DNS: predictable, zone-based, read-only
Recursive DNS: bursty, cache-heavy, user-facing

Mixing them increases attack surface, complexity, and failure impact.

Software Choices

Recommended stack:

BIND9 or NSD for authoritative servers
Unbound for caching/recursive resolver

Reasons:

Mature, well-understood behavior
Clear separation of responsibilities
Excellent Linux support
Scriptable and observable

Network Layout

Example internal layout:

10.0.0.10   dns-auth-01 (master)

10.0.0.11   dns-auth-02 (slave)

10.0.0.12   dns-auth-03 (slave)

10.0.0.20   dns-cache-01 (recursive)

All Linux servers point only to dns-cache-01 as their resolver.

Authoritative DNS Configuration

Master Server (dns-auth-01)

Zones are managed only on the master.

Example BIND zone definition:

zone "example.internal" {

    type master;

    file "/etc/bind/zones/example.internal.zone";

    allow-transfer { 10.0.0.11; 10.0.0.12; };

    also-notify { 10.0.0.11; 10.0.0.12; };

};

Key points:

Zone transfers restricted by IP
NOTIFY enabled for fast propagation
No recursion enabled

Disable recursion:

options {

recursion no;

allow-query { any; };

};

Slave Servers (dns-auth-02 / dns-auth-03)

Example configuration:

zone "example.internal" {

    type slave;

    masters { 10.0.0.10; };

    file "/var/cache/bind/example.internal.zone";

};

Slaves:

Never edited manually
Automatically sync zones
Serve as HA and load distribution

Caching Resolver (dns-cache-01)

Use Unbound as a dedicated recursive resolver.

Unbound Configuration

Minimal but effective setup:

server:

    interface: 0.0.0.0

    access-control: 10.0.0.0/24 allow

    do-ip6: no

    hide-identity: yes

    hide-version: yes

    prefetch: yes

    cache-min-ttl: 300

    cache-max-ttl: 86400

Forward Internal Zones to Authoritative Servers

forward-zone:

    name: "example.internal"

    forward-addr: 10.0.0.10

    forward-addr: 10.0.0.11

    forward-addr: 10.0.0.12

External Resolution

Either:

Use root hints (recommended for independence)
Or forward to trusted upstream resolvers

Example:

forward-zone:

    name: "."

    forward-addr: 9.9.9.9

    forward-addr: 1.1.1.1

Client Configuration

All Linux servers use the caching resolver only:

/etc/resolv.conf

nameserver 10.0.0.20

Or via systemd-resolved:

# resolvectl dns eth0 10.0.0.20

Clients never query authoritative servers directly.

High Availability Considerations

Resolver Redundancy

For production environments:

Deploy two caching resolvers
Use DHCP or systemd-resolved fallback ordering

Example:

nameserver 10.0.0.20

nameserver 10.0.0.21

Zone Management

Store zone files in Git
Increment SOA serials automatically
Deploy via CI/CD or Ansible

DNS changes should be auditable, not ad-hoc.

Security Hardening

Minimum recommendations:

No recursion on authoritative servers
Firewall restricts TCP/UDP 53
TSIG for zone transfers (optional but recommended)
Disable version disclosure
Monitor query rates

Monitoring & Validation

Useful tools:

dig +trace
unbound-control stats
rndc status
Prometheus exporters for BIND/Unbound

DNS that isn’t monitored will fail silently.

Final Thoughts

This setup scales well, is easy to reason about, and avoids the most common DNS mistakes:

Mixing recursive and authoritative roles
Letting clients query everything directly
Overcomplicating zone management

DNS should be boring.
If it’s exciting, something is wrong.

Tags: /etc/resolv.conf, Bind, DNS, everything, example, file, internal, isn, nameserver, Slave Servers, type, Useful
Posted in DNS, Linux, System Administration, System Optimization, Various | No Comments »

How to keep your Linux server Healthy for Years: Hard learned lessons

Friday, November 28th, 2025

how-to-keep-your-linux-servers-healthy-every-year-doctor_tux

I’ve been running Linux servers long enough to watch hardware die, kernels panic, filesystems fill up at midnight hours, and network cards slowly burn out like old light bulbs.

Over time, you learn that keeping a server alive is less about “perfect architecture” and more about steady discipline – the small habits built to manage the machines, helps prevent big disasters.

Here are some practical, battle-tested lessons that keep my boxes running for years with minimal downtime. Most of them were learned the hard way.

1. Monitor Before You Fix – and Fix Before It Breaks

Most Linux disasters come from things we should have noticed earlier. The lack of monitoring, there is modern day saying that should become your favourite if you are a sysadmin or Dev Ops engineer.

"Monitoring everything !"

The disk that was at 89% yesterday will be at 100% tonight.
The log file that grew by 500 MB last week will explode this week.
The swap usage creeping from 1% → 5% → 20% means your next heavy task will choke.
The unseen failing BIOS CMOS battery
The RAID disks degradation etc.

You don’t need enterprise monitoring to prevent this. And even simple tools like monit or a simple zabbix-agent -> zabbix-server or any other simplistic scripted monitoring gives you a basic issues pre-warning.

Even a simple cronjob shell one liner can save you hours of further sh!t :

#!/bin/bash

df -h / | awk 'NR==2 { if($5+0 > 85) print "Disk Alert: / is at " $5 }' \
| mail -s "Disk Warning on $(hostname)" admin@example.com

2. Treat /etc directory as Sacred – Treat It Like an expensive gem

Every sysadmin eventually faces the nightmare of a broken config overwritten by a package update or a hasty command at 2 AM.

To avoid crying later, archive /etc automatically:

# tar czf /root/etc-$(date +%Y-%m-%d).tar.gz /etc

If you prefer the backup to be more sophisticated you can use my clone of the dirs_backup.sh (an old script I wrote for easifying backup of specific directories on the filesystem ) the etc_backup.sh you can get here.
Run it weekly via cron.
This little trick has saved me more times than I can count — especially when migrating between Debian releases or recovering from accidental edits.

3. Automate everything what you have to repeatevely do

If you find yourself doing something manually more than twice, script it and forget it.

Examples:

rotating logs for misbehaving apps
restarting services that occasionally get “stuck”
syncing backups between machines
cleaning temp directories

Here’s a small example I still use today:

#!/bin/bash

# Kill zombie PHP-FPM children that keep leaking memory

ps aux | grep php-fpm | awk '{if($6 > 300000) print $2}' | xargs -r kill -9

Dirty way to get rid of misfunctioning php-fpm ?
Yes. But it works.

4. Backups Don’t Exist Unless You Test Them

It’s easy to feel proud when you write a backup script.
It’s harder – and far more important – to test the restore.

Once a month or at least once in a few months, try restore a random backup to a dummy VM.
Sometimes backup might fails, or you might get something different from what you originally expected and by doing so
you can guarantee you will not cry later helplessly.

A broken backup doesn’t fail quietly – it fails on the day you need it most.

5. Don’t Ignore Hardware – It Ages like Everything Else

Linux might run forever, but hardware doesn’t.

Signs of impending doom:

dmesg spam with I/O errors
slow SSD response
increasing SMART reallocated sectors
random freezes without logs
sudden network flakiness

Run this monthly:

6. Document Everything (Future You Will Thank Past You)

There are moments when you ask yourself:

“Why did I configure this machine like this?”

If you don’t document your decisions, you’ll have no idea one year later.

A simple markdown file inside /root/notes.txt or /root/README.md is enough.

Document:

installed software
custom scripts
non-standard configs
firewall rules
weird hacks you probably forgot already

This turns chaos into something you can actually maintain.

7. Keep Things Simple – Complexity Is the Enemy of Uptime

The longer I work with servers, the more I strip away:

fewer moving parts
fewer services
fewer custom patches
fewer “temporary” hacks that become permanent

A simple system is a reliable system.
A complex one dies at the worst possible moment.

8. Accept That Failure Will Still Happen

No matter how careful you are, servers will surely:

crash
corrupt filesystems
lose network connectivity
inexplicably freeze
reboot after a kernel panic

Don’t aim for perfection.Aim for resilience.

If you can restore the machine in under an hour, you're winning and in the white.

Final Thoughts

Linux is powerful – but it rewards those who treat it with respect and perseverance.
Over many years, I’ve realized that maintaining servers is less about brilliance and more about humble, consistent care and hard work persistence.

I hope this article helps some sysamdmin to rethink and rebundle servers maintenance strategy in a way that will avoid a server meltdown at night hours like 3 AM.

Cheers !

Tags: doesn, doom, hardware, How to, machines, need, restore, running, scripts, servers, services, simple, something, today, years
Posted in Linux, System Administration, Various | No Comments »

Generate and Use WiFi passwords via QR code on Linux

Monday, November 17th, 2025

If you’re running a WiFi network for a guest house / AirBNB, a small hotel or an office / home network and you’re tired of telling / dictating guests your long, complicated Wi-Fi password every time they visit, there’s a simple and secure way to share the WiFi name and password by putting the info in a WiFi authentication QR code. With a simple scan from their phone via a QR reader (which iPhones and all modern smartphones have), they can join your network instantly with zero typing.

In short — Why use a QR Code for Wi-Fi?

Convenience for guests: No more reading or spelling out your SSID and password.
Better security practice: Keep a strong password while still making access easy.
Works on most devices: Android and iOS both support Wi-Fi QR codes.

The Wi-Fi QR Code Standard Format

Smartphones understand Wi-Fi QR codes using this format:

WIFI:S:;T:;P:;;

S: your Wi-Fi network name (SSID)
T: encryption type (WPA, WEP, or nopass)
P: your Wi-Fi password
Everything ends with ;;

If your SSID or password contains special characters such as ; or \, they must be escaped using a backslash \.

Example:

SSID = WifiNetworkName
Password = @ss;word45123P4?#$!
Type = WPA

The final string becomes:

WIFI:S:WifiNetworkName;T:WPA;P:@ss\;word45123P4?#$!;;

How to Generate the QR Code Locally on Linux

You can generate the QR code locally using qrencode instead of uploading credentials online.

Install qrencode (Debian/Ubuntu):

# apt update # apt install qrencode
Generate the QR code:

# qrencode -o wifi-qr.png 'WIFI:S:WifiNetwork;T:WPA;P:P@ss\;word!;;'

Example with colors and SVG output:

# qrencode -t svg –foreground=FFFFFF –background=000000 \ -o qr-code.svg –inline –rle -s 10 \ "WIFI:S:MyWiFI;T:WPA;P:<Secret_Pass>;;"

Use -s to increase size, e.g. -s 10.
Print or share the generated wifi-qr.png.

Alternative: GUI / Desktop Approach

On GNOME-based systems (Ubuntu, Fedora), install the WiFi QR Code GNOME extension.

Open quick settings → Wi-Fi → “Show QR Code”
Right-click to copy or save for printing

Advanced: Using wifi-qr Tool

The wifi-qr tool provides CLI and GUI Wi-Fi QR generation.

# terminal interface to generate QR
# wifi-qr -t

This command prints your current Wi-Fi SSID, encryption type, and password in clear text.

Security Tips

Limit where you display the QR
Rotate the password when needed
Use a guest network instead of your main one
Prefer WPA2/WPA3
Store QR images safely

How Guests Use the QR Code

Open the phone camera (iOS/Android)
Point it at the QR
Tap “Join” when the Wi-Fi prompt appears

Final Thoughts

Generating a Wi-Fi QR code blends security with usability. Whether using qrencode, a GUI extension, or a website, guests connect instantly with a quick scan – no typing required.

Tags: Advanced Using, better security, cmd, Install, network, Open, Open User, password, phone, png, QR, Secure, share, Usage, WiFi
Posted in Linux, Linux and FreeBSD Desktop, Linux on Laptops, Networking, Various | No Comments »

How to Restrict a Program to Use Only a Specific Port Range for Outgoing Connections (Linux)

Wednesday, October 22nd, 2025

In some advanced system administration and security scenarios, you might want to restrict a specific program (or a user) to only use a specific range of source ports when making outbound connections. This can be important for:

Securing network access per service
Enforcing port-based identity
Making firewall rules easier to manage
Avoiding source port collisions in NAT environments

This article explains how to achieve this using iptables, cgroups, and kernel-level ephemeral port controls, with practical, copy-paste-ready examples.

What meant by "Port Range Restriction"?

When a program connects to an external server (e.g., with curl or a custom app), the kernel assigns a source port — typically from a dynamic range like 32768–60999. If you want to limit a specific app or user to only use, say, source ports 50000–51000 for all its outbound connections, you have to implement that at the firewall or kernel level.

Option 1: Using iptables with the owner Module (Per-User Limiting)

This is the most straightforward way if the program runs as a known user or UID.

Example: Allow only source ports 50000–51000 for myuser

# Block all outgoing TCP traffic from 'myuser' outside the port range

# iptables -A OUTPUT -p tcp -m owner –uid-owner myuser ! –sport 50000:51000 -j DROP

# Optional: for UDP

# iptables -A OUTPUT -p udp -m owner –uid-owner myuser ! –sport 50000:51000 -j DROP

Note: This will not stop the application from running — it just ensures the kernel drops packets that don't meet your policy.

Option 2: Using cgroups with net_cls + iptables (Per-Process Control)

For more precise control, especially in multi-user systems or containers, you can use Linux cgroups to classify traffic per process.

Step-by-step:

Create a net_cls cgroup:

# mkdir -p /sys/fs/cgroup/net_cls/myapp

# echo 0x100001 | sudo tee /sys/fs/cgroup/net_cls/myapp/net_cls.classid

Assign your process to the cgroup:

# Replace <PID> with the actual process ID

# echo <PID> | sudo tee /sys/fs/cgroup/net_cls/myapp/tasks

Add iptables rule:

# iptables -A OUTPUT -m cgroup –cgroup 0x100001 -p tcp ! –sport 50000:51000 -j DROP

This gives you fine-grained per-process port restrictions.

Optional: Set Ephemeral Port Range (Globally or Per Namespace)

Linux picks ephemeral ports from a default system-wide range (32768–60999). You can limit this globally (not recommended in shared systems) or within a network namespace.

To view the current range:

# cat /proc/sys/net/ipv4/ip_local_port_range

To change the range:

# echo "50000 51000" | sudo tee /proc/sys/net/ipv4/ip_local_port_range

Warning: This affects all processes. Better used inside isolated environments (e.g., containers or netns).

Run the App with Explicit bind() to Source Port

If you control the source code of the app, the cleanest method is to explicitly bind to the desired source port(s) before making the connection.

Python Example:

import socket

s = socket.socket()

s.bind(('', 50001)) # bind to specific source port

s.connect(('example.com', 443))

Many apps and libraries (like curl, wget, netcat, python requests, etc.) don't expose source port binding — in those cases, control must be done externally.

Logging Violations

To log connection attempts from disallowed source ports:

# iptables -A OUTPUT -p tcp -m owner –uid-owner myuser ! –sport 50000:51000 \

-j LOG –log-prefix "PORT VIOLATION: " –log-level 4

Containerized or Isolated Environments: Use Namespaces or Docker

For Docker or custom network namespaces, you can:

Use a private ephemeral port range
Use iptables inside the namespace
Isolate the entire network stack for maximum safety

Docker Example:

# docker run -d –name limited_app –net=custom_net -p 50000-51000:50000-51000 myimage

Then configure the app inside the container to bind or use that port range.

Important Limitations

iptables owner match works only for UIDs, not process names.
If the app doesn’t bind explicitly, the kernel still picks a port — make sure the global range or netns is set correctly.
Some apps (e.g. Java, browsers) may use multiple ephemeral ports simultaneously — test carefully.
Not all programs allow setting source port via command line.

Recommended Best Practices

Let’s say you want to allow only ports 50000–51000 for a service called myapp:

Create a dedicated system user:

# sudo useradd -r -s /sbin/nologin myapp

Run the program as this user:

# sudo -u myapp /path/to/myapp

Set the desired port range system-wide (optional):

# echo "50000 51000" | sudo tee /proc/sys/net/ipv4/ip_local_port_range

Add iptables rule:

# iptables -A OUTPUT -p tcp -m owner –uid-owner myapp ! –sport 50000:51000 -j DROP

(Optional) Add logging:

# iptables -A OUTPUT -p tcp -m owner –uid-owner myapp ! –sport 50000:51000 -j LOG –log-prefix "MYAPP PORT BLOCKED: "

Make sure the app binds or connects correctly from that range.

Final Thoughts

Restricting outbound source port ranges per application or user is an underused but powerful technique to lock down systems, especially in:

High-security environments
Multi-tenant servers
NAT/firewall-managed networks
IDS/IPS-aware setups

You can start with simple iptables rules for users, and later adopt cgroups or container namespaces for deeper isolation.

Force specific source ports for a app like curl

To force specific source ports in general-purpose tools like curl or nc, try using iptables SNAT (with care), or consider writing wrappers/scripts that handle binding via LD_PRELOAD or custom socket logic.

Tags: Docker Example, iptables, network stack, ports, program, Python Example, range, setting, source port, specific, use, Warning
Posted in Firewall, Linux, Security, System Administration, Various | No Comments »

How to boost Linux Server Speed with tmpfs and few smart Optimization tweaks

Monday, October 20th, 2025

speed-up-accelerate-wordpress-joomla-drupal-cms-and-mysql-server-with-tmpfs_ramfs_decrease-pageload-times-with-ram-caching.png

If you’ve ever managed a busy Linux server, you’ve probably noticed how I/O bottlenecks can make your system feel sluggish – even when CPU and memory usage look fine. I recently faced this problem on a Debian box running Nginx, PHP-FPM, and MySQL / MariaDB. The fix turned out to be surprisingly simple: using tmpfs for temporary directories and tweaking a few kernel parameters.

1. Identify the resource issue Bottleneck

Running iostat -x 1 showed my /var/lib/mysql drive constantly pegged at 100% utilization, while CPU load stayed low. Classic disk-bound performance issue.

I checked swap usage:

# swapon –show

# free -h

The system was swapping occasionally — not good for performance-critical workloads.

2. Use tmpfs for Cache and Temporary Files

Linux allows you to use part of your RAM as a fast, volatile filesystem. Perfect for things like cache and sessions.

I edited /etc/fstab and added:

tmpfs /tmp tmpfs defaults,noatime,mode=1777,size=1G 0 0

tmpfs /var/cache/nginx tmpfs defaults,noatime,mode=0755,size=512M 0 0

Then:

# mount -a

Immediately, I noticed fewer disk I/O spikes. Nginx’s cache hits were lightning-fast, and PHP temporary files were written in memory instead of SSD.

3. Tune Kernel Parameters

Adding these lines to /etc/sysctl.conf helped reduce swapping and improve responsiveness:

vm.swappiness=10

vm.vfs_cache_pressure=50

Then apply:

# sysctl -p

4. Use tmpfs for MySQL / MariaDB tmpdir (Optional)

If you have enough RAM, move MySQL’s temporary directory to tmpfs:

# mkdir -p /mnt/mysqltmp

# mount -t tmpfs -o size=512M tmpfs /mnt/mysqltmp

# chown mysql:mysql /mnt/mysqltmp

Then set in /etc/mysql/my.cnf: / /etc/mysql/mariadb.cnf

tmpdir = /mnt/mysqltmp

This dramatically speeds up large sorts and temporary table creation.

5. Monitor the Effects and tune up if necessery

After applying these changes, iostat showed disk utilization dropping from 95% to under 20% under the same workload.
Average response times from Nginx dropped by around 30–40%, and the server felt much more responsive.
However other cases might be different so it is a good idea to play around with tmpfs side according to your CPU / Memory system parameters etc. and find out the best values that would fit your Linux setup best.

Short rephrasal

tmpfs is one of those underused Linux features that can make a real-world difference for sysadmins and self-hosters. Just remember that data in tmpfs disappears after reboot, so only use it for volatile data (cache, temp files, etc.).

If you’re running a VPS or small dedicated box and looking for a quick, low-cost performance boost — give tmpfs a try. You might be surprised how much smoother your system feels.

Tags: cnf, data, filesystem, How to, Linux Server Speed, mnt, response times, Short, tmpfs, use
Posted in Linux, Linux and FreeBSD Desktop, MySQL, Performance Tuning, Various | No Comments »