FOSSTECH Notes

Quick one-liner: All the container power, none of the root-level risk. Why This Matters When I first started with Docker, I ran everything as root. It was easy, it worked, and I didn't think twice about it. Then I learned that a container escape vulnerability could give an attacker full root access to my entire system. That's when I switched to rootless Docker — and you should too. Rootless Docker runs the Docker daemon entirely under your regular user account. No sudo required. No root privileges for container operations. If a container gets compromised, the attacker is stuck with your user's permissions — not root. You asked, I delivered: This guide was the #1 request in my LinkedIn poll (Ubuntu/Linux Mint won with 50% of votes). Planning Disk Space In rootless mode, Docker stores all images, containers, volumes, and build cache under your home directory at ~/.local/share/docker . This means your home directory needs enough space to hold every...

I never got through most technical books. Too much theory. Too many words. Not enough action. So I wrote the book I wished existed — practical, concise, and straight to the point. Just enough explanation to get things done. Why This Book? Over the past 5 years, I've worked with Docker in training rooms, client environments, and real production deployments in Singapore — teaching engineers, advising on architecture, and rolling it out on actual infrastructure. Docker comes up everywhere, and so does the same question: where do I start? The problem isn't capability. It's always the same thing: people get lost in the theory before they ever run a single container. They read about namespaces and cgroups and layer caches, and by the time they get to an actual command, they've lost the thread. So I started keeping notes — just the practical bits. The commands that actually matter. The patterns that show up again and again in real deployments. During Chinese New ...

 Super short post today. To troubleshoot syslog message you can use tcpdump. You will need to use -A option so that you can view the message # tcpdump -A -i eth0 port 601

 When the logical volume is 100% used and you try to extend the logical volume, you will likely encounter the following error.  # lvextend -L+5G /dev/mapper/vgname_lvname Couldn't create temporary archive name. Volume group "vgname" metadata archive failed. A quick way to extend even when the volume is 100% utilize is by disabling autobackup (using -An ) # lvextend -An -L+5G /dev/mapper/vgname_lvname Until next time!!!

I always enjoy performing search and replace using sed command when I need to edit the same thing over multiple files. Usually the syntax that I use is as follow: sed -i 's/search/replacement/' *.txt This will replace all the word "search" with "replacement" in all files that ended with txt.  But what if you want to replace the word "search" with "replace/ment". You just need to do minor adjustment as follow: sed -i "s|search|replace/ment|" *.txt Usually I omit the "-i" first to see the changes on the screen to make sure that the text are replaced properly before adding "-i" to perform the actual changes.  Until next time!!!  📚 Want to Learn Docker? I wrote "Levelling Up with Docker: A Practical Guide to Containers" — a hands-on guide for Linux admins who want to learn Docker without the fluff. What's inside: Rootless Docker installation (Ubuntu, RHEL, SLES) Container n...

 Recently I saw an application that run on 127.0.0.1 port 8080 on the server that I need to access from my workstation. The easiest way to access this is to use ssh tunneling.  To tunnel remote port to local machine, you can just perform the following: ssh -g -L 9999:localhost:8080 -f -N username@remoteip This will allow your local machine port 9999 to be tunneled to the remote machine application on port 8080 Launch your browser and login to http://localhost:9999 and you will be accessing the application running on the server localhost.    Until next time :)