Docker and containerd on openSUSE: reaching the limit for cgroup (and how to overcome it!)

I recently encountered a limitation during an experiment I was conducting; after some trial and error, I recognized that the limitation was due to cgroups. But let’s start from the beginning. I open sourced docker-salt, a small pet project I had in mind in order to have a full blown setup for SaltStack: a master …

Secure your SSH server against brute-force attacks with Fail2ban

The problem: SSH can be brute-forced I usually leave an SSH server on a dedicated port on every server I administer and, as you may recall, I even linked two well-written guides to properly configure and harden SSH services. Now, Internet is a notoriously bad place: scanners and exploiters have always been there, but brute-forcers …

OpenSUSE Leap 42.2: this is how I work (my setup)

Motivation I switched my distribution of choice to OpenSUSE. There are a lot of motivations behind this choice: I wanted an enterprise-grade quality of software in terms of stability, package choice, and supportability Growing interest in software non-distribution specific and/or customized, e.g. Gnome Dogfooding After nearly one year of usage, I can say that I …

ZeroTurnaround’s Java Tools and Technologies Landscape Report 2016

As of every year, ZeroTurnaround released the yearly report of their survey about Java and Java-related technologies among professional developers. I find this report very interesting, and I usually compare (or discover) existing technology solutions. For example, right now I’m currently thinking about moving to Intellij IDEA. How do you measure up against the report?

OpenVPN with multiple configurations (TCP/UDP) on the same host (with systemd)

As much more people is getting worried about their online privacy (including me), I started to use my home server as a VPN termination (with OpenVPN) when I am not at home and I need to access Internet via non-secure wired/wireless networks (e.g., hotel wireless network, airport Wi-Fi, etc.). Some overzealous network admins, though, try …