The article explains how to use a CA (certificate authority) with SSH (secure shell) to sign host and user keys, which allows for easier authentication and management of large numbers of machines or users.

Trick learned: echo w > /proc/sysrq-trigger to show a stack trace in dmesg for tasks in uninterruptible sleep state. This is helpful to learn what the process is blocking on.

Linux server issues troubleshooting scenario game on a VM with root access. Looks fun to play. My server never finishes being created though, I guess it may have suffered from HN hug of death.

An awk trick nicely explained. Though it's a trick that I may never use. I recommend this article mostly for the extraordinary pedagogy style.

A bunch of quite useful tricks. Some I already used and other's are new. Here are the headings:

1. Forward Yubikey Agent
2. Reuse connections
3. SSH straight into tmux
4. Alias commonly used hosts
5. Do not add testing stuff to ~/.ssh/known_hosts
6. Make connections last longer
7. Canonicalize hostnames
8. Yubikey and GitHub, without touching it every time

I find it quite helpful to create a persistent connection to github. It greatly reduces my connection latency for pushing and pulling.

You could harden a Linux server by killing the init process. That would cause a kernel panic, and prevent new processes running (e.g. shells). Existing processes like Web servers would continue to function, so you could put this at the end of the boot script :)

I never thought that is possible! Kind of stupidily funny and brilliant at the same time.

Interesting summary of the evolution of Unix command line argument conventions.

Not only the answer help solved a mystery I had for weeks, it also demonstrated how to solve the same kind of problem using auditd. Great to learn about it!

The author advocates the syntax my_func() ( body ... ) over my_func() { body ... } syntax for its additional scoping benefits. I never knew bash function can be defined this way, and it's certainly a great read.

Do you know it's possible to open a shell with 'apt' command? Do you know you can upload a file just by calling 'tar'?

This website curates list of Unix binaries that can be used to bypass local security restrictions.

This article desmonstrated some fancy usage of systemd, including the followings:

• Filesystem sandboxing
• Dynamic users
• Socket
• LoadCredential

Trade security vulnerability protection for performance boost