Pipelines, deploys, on-call, and the quiet plumbing that keeps production alive.
CVE-2026-23111 is a one-character nf_tables use-after-free that escalates any unprivileged Linux user to root through user namespaces, and a public exploit is now out. Here is how I detect it, the user-namespace mitigation that matters most, the kernel patch, and a safe VM lab to reproduce it.
CVE-2026-31431 (Copy Fail) is a Linux kernel local privilege escalation that turns any unprivileged shell into root on essentially every distribution shipped since 2017. Here is how I check it, patch it, mitigate it pre-patch, and understand how the exploit actually works.
macOS ships BSD find; Linux ships GNU find. The two share a name and most of an interface, but -printf, -regextype, and the stat format strings diverge hard enough to break scripts shipped between platforms. The full divergence list, the portable subset that works on both, and how to get GNU find on a Mac.
The grep -o 'pattern' file | sort | uniq -c | sort -rn pipeline is the classic log-analysis one-liner. Why sort must come before uniq, how each stage works, worked examples for top IPs and status codes, the awk one-pass alternative for huge files, and the BSD vs GNU notes.
find walks the live filesystem every time it runs: always current, sometimes slow. locate queries a prebuilt database: instant, but stale until the next updatedb. This breaks down the locate family (mlocate, plocate, slocate), the macOS situation, and exactly when to reach for each one.
grep filters lines, awk extracts fields. The classic pipe is grep 'pattern' file | awk '{print $2}'. This covers awk field basics ($1, $NF), custom separators with -F, multi-column output, the cases grep -o and cut cover on their own, and the fact that awk's own pattern match makes the grep half optional.
rsync has no native time filter, so the standard trick is to let find pick the files and feed the list to rsync. The one-liner is find ... -print0 | rsync --files-from=- --from0, and the failure mode is always the same: the paths in the list have to be relative to the rsync source argument. The breakdown, the dry run habit, and when rsync's own filters make find unnecessary.
find locates the files, tar archives them. The safe pairing is find -print0 piped into tar reading a NUL-delimited list from stdin: no breakage on spaces or newlines. The flag breakdown, the macOS BSD tar vs GNU tar difference, the -exec append alternative, archiving by modification time, and the compression choices.
grep is on every system and searches exactly what you point it at. ripgrep (rg) is the fast Rust-based default for code search: it skips .gitignore'd, hidden, and binary files unless told otherwise. ag (the_silver_searcher) was the older fast-grep, now largely superseded by ripgrep. This breaks down speed, defaults, regex engines, and exactly when to reach for each one.
find . -type f -name '*.log' -print0 | xargs -0 -P 4 -n 1 gzip compresses every matched file four at a time. The flags that make it work: -P for parallel workers, -n 1 so each worker gets one job, -0 paired with find's -print0 for safety. When parallelism helps (CPU-bound work) and when it just thrashes the disk.
find -name takes a shell glob and matches the basename; find -regex takes a full regular expression and matches the whole path. That whole-path detail is the number one surprise: -regex '.*\.txt' works but -regex '.txt' matches nothing. The flag reference, -regextype flavors, the GNU vs BSD default-flavor drift, and when -name is the better tool.
grep does not read .gitignore, so skipping node_modules, .git, and build output is on you. The flags that do it: --exclude for filename globs, --exclude-dir for whole directories, --include for the inverse, --exclude-from to read the list from a file, plus the find -prune fallback for older macOS grep.
find -path './node_modules' -prune -o -type f -print skips a directory subtree instead of walking into it. The pattern looks strange because -prune is an action, not a test, and the trailing -print is mandatory once you write an explicit action. The breakdown, the multi-directory form, the slower -not -path alternative, and when each one is the right call.
grep -l prints the name of each file that contains a match and stops reading at the first hit, which makes it the fast answer to 'which files contain this string'. The lowercase -l, the inverted -L for files missing a pattern, the grep -rl one-liner, the NUL-safe xargs pipeline for find-and-replace, and the BSD vs GNU notes.
find / -xdev -type f -printf '%s %p\n' | sort -rn | head -20 gives you a ranked list of the biggest files on a full disk. The GNU one-liner, the BSD/macOS stat variant, why -xdev matters, human-readable output with numfmt, when to switch to du or ncdu for per-directory totals, and the mistakes that send a scan into /proc.
Grow a Google Cloud persistent disk on a live VM in three commands. Resize the disk in GCP, expand the partition with growpart, then stretch the filesystem with resize2fs or xfs_growfs. No detach, no reboot.
grep has three regex engines and the default one surprises everyone: in basic regex (BRE) the characters + ? | ( ) { } are literal text until you backslash-escape them. -E switches to extended regex (ERE) where they work bare, and -P unlocks Perl-compatible regex with lookaround and \d. The full BRE vs ERE vs PCRE comparison, the same pattern in all three, and why -P does not exist on macOS.
find -user www-data lists every file owned by a user; -group developers filters by group; -perm matches the mode bits. The subtle part is -perm -mode (all of these bits set) versus -perm /mode (any of these bits set). Plus the security-audit recipes for world-writable files and SUID/SGID binaries, the BSD vs GNU divergences, and the orphaned-file checks.
grep cat also matches category, concatenate, and scatter. grep -w cat matches only the standalone word. The whole-word flag, what grep counts as a word boundary, the regex equivalents with \b and \< \>, the stricter -x whole-line cousin, and the BSD vs GNU differences that bite on macOS.
find ... -print0 | xargs -0 grep -l 'PATTERN' finds every file containing a piece of text. The combo handles weird filenames, scales to huge trees, and replaces three other common but broken pipelines. When to use grep -r alone, when to add find as a pre-filter, and the BSD vs GNU pitfalls.
find . -type d -empty lists every empty directory; find . -type f -empty lists every empty file. The catch is what 'empty' means (a hidden file makes a directory not empty) and the -depth trap that lets find -delete collapse whole nested empty trees in one pass. The flag reference, the safe two-pass cleanup, the BSD vs GNU notes, and the mistakes that bite.
Connect to a GCP VM using plain OpenSSH, no gcloud required. Add a public key to instance metadata, fetch the external IP, and ssh in like any normal Linux box. Plus OS Login, IAP, and a Windows PuTTY path.
grep can OR several patterns three ways: -e per pattern, -E with alternation, or -f reading the list from a file. The one-liner is grep -E 'ERROR|WARN|FATAL' file. Here is when to pick each, how -F speeds up literal multi-pattern search, why grep has no single-pass AND, and the BSD vs GNU differences that bite on macOS.
find . -type f -mtime +30 lists every file NOT modified in the last 30 days. The +N sign means older than N days, the exact inverse of -N. The full reference for -mtime, -mmin, -newer markers, the -atime vs -mtime distinction and the noatime trap, plus the safe stale-file cleanup pattern.
grep -C 3 'pattern' file prints the matching line plus 3 lines on each side. The three context flags (-A after, -B before, -C both), how the -- group separator works between match blocks, asymmetric context, recursive context search, and the macOS BSD vs GNU differences that bite.
find -exec ... {} + and find -print0 | xargs -0 are roughly equivalent for batch operations on matched files. find -exec ... {} \; forks once per match and is much slower. The decision matrix: when -exec is enough, when xargs adds value, and the safety rules for filenames with spaces, newlines, and quotes.
Create a GCP persistent disk, attach it to a running VM, format it, mount it, and survive reboots with a UUID-based fstab entry. Console, gcloud, and Terraform walkthroughs.
grep -c counts matching LINES, not occurrences. A line with three hits still counts as 1. The fix is grep -o piped into wc -l, which puts every match on its own line first. Per-file counts, filtering out the :0 noise, counting non-matching lines, and the BSD vs GNU differences.
find . -type f -name '*.txt' lists every file with one extension. For many extensions you group -name tests with escaped parens and join them with -o. This covers the single one-liner, the multi-extension OR pattern, why the parens are mandatory, case-insensitive -iname, files with no extension at all, the -regex shortcut, and the BSD vs GNU divergence that bites on macOS.
find -delete removes every matched file with no confirmation and no undo. The safe pattern is to write the command with -print first, eyeball the list, then swap -print for -delete. Plus the directory-depth-first trap, when to use -exec rm instead, and the find -delete vs xargs rm -f tradeoff.
grep -i 'pattern' file matches regardless of case. The flag pairs with -r, -w, -v, and -c the way you would expect, but -i only folds ASCII case reliably. Non-ASCII case folding (accented characters, the Turkish dotted-i) depends on your locale. The combinations, the locale caveat, the PCRE per-pattern (?i) flag, and the BSD vs GNU differences.
find . -size +100M lists every file larger than 100 megabytes. The unit suffixes (c, k, M, G), the +/- sign convention, how to combine with sort to find the biggest files on disk, the BSD vs GNU divergence for printing sizes, and the wc -c trick for byte-exact thresholds.
grep -v 'pattern' file prints every line that does NOT match. The flag reference, how to exclude multiple patterns, the strip-comments-and-blank-lines pipeline, the double-negative trap where -v of an OR becomes an AND of negations, and the macOS BSD vs GNU differences.
find -mtime -7 lists every file modified in the last 7 days. The catch is the off-by-one: -7 means less than 7 days ago, +7 means more than 7 days ago, and exact-7 almost never matches what people expect. The flag reference, worked variations for hours and minutes, the BSD vs GNU rounding difference, and the safe cleanup patterns.
grep -r 'pattern' . searches every file under a directory tree. The catch is the path argument people forget, the -r vs -R symlink difference, and the unfiltered crawl into node_modules and .git. The flag reference, the --include and --exclude-dir filters, the macOS BSD vs GNU gaps, and when to reach for ripgrep or git grep instead.
Every form of the Bash for loop with working examples: brace-range, sequence-expression, array, glob, C-style, nested, and parallel. Plus the safe file-iteration patterns, common pitfalls, and macOS Bash 3.2 vs Linux Bash 4+ gotchas.
![Bash while loop reference: read files with while IFS= read -r, retry-with-backoff, wait-for-service polling, the subshell-scoping bug fix, the until and select siblings, plus [[ ]] vs [ ] vs (( )) test contexts.](https://images.techearl.com/bash-while-loop/bash-while-loop-1536.webp?v=2026-06-01T12%3A00%3A00Z "Bash While Loops: Syntax, read-line, Retry Patterns (2026)")
Bash while loop reference: condition-driven iteration, reading files line by line with the subshell-scoping fix, retry-with-backoff, wait-for-service-ready, until-loop sibling, and the [[ ]] vs [ ] vs (( )) test contexts.
A scannable curl reference: GET, POST, PUT, DELETE; JSON and form bodies; basic, bearer, and digest auth; redirects, retries, timeouts; --resolve overrides, SOCKS proxies; with PowerShell Invoke-WebRequest equivalents.
A scannable SSH reference: ssh-keygen, ssh-copy-id, port forwarding (-L, -R, -D), ProxyJump, ~/.ssh/config blocks, scp and rsync over SSH, with the Windows OpenSSH differences and PuTTY equivalents.
A scannable find reference: search by name, size, time, type, perms; safe pipelines with -print0 and xargs -0; -exec and -execdir; plus the macOS BSD vs GNU find divergences and Windows PowerShell equivalents.
A scannable grep reference with the flags I actually use, the GNU vs BSD differences that bite on macOS, and the Windows equivalents (Select-String, findstr) for the same patterns.
A working library of AWS IAM policy examples: S3 read-only with prefix, EC2 admin scoped to a region, Lambda execute-but-not-write, MFA-required, IP-restricted, VPC-endpoint-only, tag-based prod-vs-dev isolation, and the iam:PassRole pattern. Plus the anatomy of a policy document and how Access Analyzer narrows over-permissive Resource: "*" grants.
Bash function reference: two declaration syntaxes, positional arguments via $1/$@/$*, returning data via stdout vs return-code exit status, local variables and the global-by-default scoping trap, recursion, namerefs, and function libraries via source.
![Bash arrays reference: declaration, indexing, [@] vs [*] quoting, iteration, appending, slicing, mapfile/readarray for lines, IFS-based string splitting, plus macOS Bash 3.2 limits.](https://images.techearl.com/bash-arrays/bash-arrays-1536.webp?v=2026-02-12T14%3A18%3A00Z "Bash Arrays: Indexed, Associative, and Iteration Patterns (2026)")
Bash array reference: indexed and associative declaration, the [@] vs [*] quoting gotcha, iterating values and indexes, appending, slicing, deleting, mapfile/readarray for reading lines, and the macOS Bash 3.2 vs Linux Bash 4+ differences.
Multi-stage Docker for a static site: build with Node, ship with Nginx. The result is a ~25 MB image that serves HTML, handles SPA fallbacks, and sets cache headers correctly.
A scannable AWS S3 CLI reference: aws s3 cp, sync, mv, rm, ls; recursive uploads and downloads; --exclude / --include filters; storage classes (STANDARD_IA, GLACIER, INTELLIGENT_TIERING); SSE encryption (AES256, aws:kms); --dryrun safety; the trailing-slash gotcha; concurrency tuning via max_concurrent_requests and multipart_chunksize; cross-account profiles.
![Bash conditionals reference: if/elif/else syntax, [ ] vs [[ ]] vs (( )) test contexts, numeric, string, and file operators, the case statement, and the unquoted-variable pitfall.](https://images.techearl.com/bash-if-else/bash-if-else-1536.webp?v=2026-05-21T18%3A00%3A00Z "Bash if, else, elif: Syntax, Test Operators, and Examples (2026)")
Bash conditionals from the ground up: if/elif/else syntax, the [ ] vs [[ ]] vs (( )) test contexts, numeric and string and file operators, the case statement, and the unquoted-variable pitfall that breaks scripts on empty input.
Stop the instance, modify the instance type, start it. The exact gcloud-equivalent AWS CLI syntax, the compatibility matrix for moving between families and generations, the Nitro vs Xen gotcha, the instance-store data-loss trap, and the production sequence (snapshot AMI, scale out, replace) that gets you to a new instance type with zero downtime.
Go's static binaries are perfect for tiny Docker images. Build in a Go image, copy the single binary into FROM scratch (or distroless), and ship under 15 MB total — no shell, no runtime libraries, nothing else.
By default, processes inside Docker containers run as root, which is risky. Switch to a non-root USER, fix permissions on volumes and ports, and configure Compose and Kubernetes to refuse to run root containers.
A Dockerfile for PHP-FPM + Nginx, the Composer build step, OPcache config, and the Laravel storage/cache permission flip that catches every PHP developer once.
Build a single image that runs on both Apple Silicon and Intel servers. Set up a buildx builder, register QEMU emulation, and push a multi-platform manifest list. With the --push vs --load gotcha.
A Dockerfile for a real Next.js app that ships an image under 200 MB. The standalone output mode, the multi-stage pattern that copies only the runtime files, and the static-assets gotcha most tutorials miss.
Grow an EBS volume on a running EC2 instance in four steps. Modify the volume, wait for the optimizing state, expand the partition with growpart, then stretch the filesystem with resize2fs or xfs_growfs. No detach, no reboot.
On macOS, all your Docker images, volumes, and containers live inside a single virtual disk image, not at host filesystem paths. Here's where that disk lives, how to inspect it, and how to compact it when it won't shrink.
Create an EBS volume, attach it to a running EC2 instance, format and mount it, and survive reboots with a UUID-based fstab entry. Console, AWS CLI, and Terraform walkthroughs plus the Nitro device-naming gotcha that trips everyone.
Docker Desktop's virtualized filesystem makes bind mounts noticeably slow on Mac and Windows. VirtioFS helps a lot, the node_modules-as-named-volume trick helps more, and moving the project into WSL2 on Windows fixes it entirely.
A Dockerfile for a real Python app: slim vs alpine, pip install with --no-cache-dir, multi-stage when you need build tools, PYTHONUNBUFFERED, and the gunicorn / uvicorn entrypoint.
You pulled an image, ran it, and got 'exec format error'. The image is built for a CPU architecture your machine doesn't speak. Here's how to spot it, force emulation, force the native architecture, and check what an image actually ships.
A Dockerfile for a real Node.js app: multi-stage build, npm ci for deterministic dependencies, the node_modules-volume trick that makes bind-mounted source fast on Mac, and the non-root user that most tutorials skip.
Connect to an EC2 instance four ways: plain SSH with a key pair, EC2 Instance Connect, Session Manager, and EC2 Instance Connect Endpoint. Default usernames, security group rules, and the troubleshooting matrix that fixes Permission denied and Connection timed out.
How to pass env vars into containers: -e, --env-file, and the Compose environment / env_file blocks. Plus the ARG vs ENV distinction (build time vs runtime), the secrets-in-image-history trap, and the precedence rules.
Adminer is a single-PHP-file database GUI that talks to MySQL, MariaDB, PostgreSQL, MongoDB, SQLite, and more. One Docker container, browser at localhost:8080, no installer, no GUI app to update.
The .dockerignore file controls what COPY . . actually ships into your image. Without it, your image gets node_modules, .git, .env, and every other thing in the project. With it, builds are faster, images smaller, and secrets stay out.
Catch and inspect emails your local app sends without bothering a real inbox. Mailpit in Docker gives you an SMTP server on 1025 and a web UI on 8025 — the modern replacement for unmaintained MailHog.
Make containers come back automatically after crashes and reboots, and tell Compose how to wait until a service is actually ready (not just started). Restart policies, HEALTHCHECK, and depends_on: condition: service_healthy.
Docker fills up your disk. The prune commands clean it: docker system prune for the everyday sweep, docker system prune -a --volumes for the nuclear option, docker builder prune for the BuildKit cache, plus the per-resource versions.
Run a single MinIO container as a local S3-compatible object store: persistent volume on /data, console on 9001, S3 API on 9000, and how to point the AWS SDK at it for free dev work.
Try a Linux distro for ten minutes without a VM or dual-boot. One docker run command gets you an interactive Ubuntu, Debian, Alpine, or Fedora shell. Walk away when you're done; nothing left behind.
How containers talk to each other and to the host. The default bridge versus user-defined bridges (and why DNS only works on user-defined ones), the host network, and host.docker.internal for reaching the host from inside a container.
WordPress and MySQL in one Compose file with TWO persistent volumes — one for the database, one for wp-content. Plus the common pitfalls (wp-content mount erasing the default theme, uploads permissions, port 80 in use).
Three ways to persist data with Docker: named volumes, bind mounts, and tmpfs. What each one actually does, where the bytes live on disk, and the right choice for databases, dev workflows, and caches.
Your container starts, then exits with code 0 (or 1, or 137) before you can do anything. The root cause is almost always one of three things: no foreground process, a crash, or OOM. Here's how to tell which.
Why your Docker image is 1.5 GB and how to get it under 100 MB. Multi-stage builds, the choice between alpine and slim, when to reach for scratch or distroless, and the docker history command for finding the bloat.
The two flavors of port conflict in Docker: another container is bound to it, or a host process is. How to find which, kill or relocate, and the -p syntax quirk that catches people.
Apache httpd in a Docker container: serve static files, mount a custom httpd.conf, enable mod_rewrite for .htaccess, and the patterns that come up most often (PHP, reverse proxy, virtual hosts).
Two errors that mean the same thing: the daemon isn't running, or you don't have permission to talk to its socket. How to start the daemon, add yourself to the docker group, refresh the group without rebooting, and handle the rootless case.
Serve static files, mount a custom nginx.conf, run as non-root, and the practical patterns: dev server, reverse proxy in front of an app, and the SSL gotcha most tutorials skip.
Elasticsearch in a single-node Docker container for development, with a volume on /usr/share/elasticsearch/data, the vm.max_map_count fix, the JVM heap setting, and what to do about security defaults.
Read the stdout and stderr of a running or stopped container. Follow live output, tail the last N lines, filter by time, prepend timestamps, and the cases where docker logs doesn't help because the app writes to a file instead.
MongoDB in a container with a named volume on /data/db so your collections survive restarts, an admin user from MONGO_INITDB_ROOT_*, and the replica-set caveat for transactions.
A working docker-compose.yml that runs a web app and a database together, the commands you need (up, down, logs, exec), and the V1-to-V2 change that breaks a lot of older tutorials.
Redis is non-persistent by default in the official image — every restart wipes the data. Enable AOF, mount a volume, and set a password before exposing it. The full recipe with practical usage.
Run a Postgres server in a container, give it a named volume so your data survives, set the password the right way, run pg_isready as a healthcheck, and connect from the host or another container.
MariaDB in a container with a named volume so your data survives container removal. The differences from MySQL's official image, the env-var compatibility quirk, and connecting from the host or another container.
Run a MySQL server in a container, give it a named volume so your data survives the next docker rm, set the root password the right way, and connect to it from the host or another container.
Shell into a running container, run one-off commands, drop down to root when you need to install something, and the difference between an interactive session and a single command. With the alpine sh vs bash gotcha and -u for breaking out of non-root containers.
Test code against PHP 7.4, 8.1, 8.2, 8.3, or 8.4 without installing anything. Run a one-off script, an interactive REPL, Composer, or a local PHP server, then walk away with a clean machine.
Try a database, a CLI tool, an old version of PHP, a whole Linux distro, without installing anything on your machine. One Docker command, gone when you're done, nothing left behind. Plus the per-tool recipes.
A Dockerfile that actually builds, line by line: the instructions, the order that controls layer caching, the difference between CMD and ENTRYPOINT, and the small habits that keep builds fast and images small.
Listing, stopping, starting, restarting, renaming, and removing containers without breaking anything. The commands you reach for once docker run is done and the container is sitting there doing its job.
Every docker run flag I actually use, grouped by job: detach, interactive shells, ports, volumes, environment, network, restart, resources, platform, user, and the one-shot --rm pattern.
The Docker commands I actually use, grouped by job: images, container lifecycle, run flags, exec and logs, build, networks, volumes, Compose, registry, and the prune/inspect commands for keeping a host clean.
On a WordPress site with hundreds of thousands of URLs, building the sitemap on every request is expensive. Generate static sitemap files with a WP-CLI command instead: chunked to 50,000 URLs, written to disk, and regenerated on a schedule.
Install Docker the right way for your OS: the official apt repo on Ubuntu (not the distro's docker.io), Docker Desktop on macOS and Windows, plus how to run docker without sudo on Linux and the verification commands.
Use regex in Nginx with location blocks and the rewrite directive: how location modifiers and matching priority work, why return beats rewrite for redirects, and copy-paste config for HTTPS, www, trailing slashes, 301s, clean URLs, and access blocking.
GitHub stopped accepting your account password over HTTPS on August 13, 2021. Fix the error by pushing with a personal access token, or switch the remote to SSH.
Set up branch protection rules on GitHub to require pull-request reviews, pass status checks, block force-pushes and deletions, and gate review with CODEOWNERS.
Use regex in .htaccess with Apache mod_rewrite: how RewriteRule and RewriteCond patterns work, the per-directory quirk that breaks everyone, and copy-paste rules for HTTPS, www, trailing slashes, 301s, clean URLs, and access blocking.
Git refuses to pull because your local and remote branches both have new commits. Pick how to combine them: merge or rebase. Here is the one-line fix and what each choice does.
duf is a df replacement that prints grouped, color-coded disk usage tables instead of df's raw columns. Install it, filter to the devices you care about, sort by usage, and pipe --json into scripts.
nvm vs fnm vs Volta, compared by speed, auto-switching, platform support, and pinning model. Which Node version manager to pick in 2026, with install commands, the .nvmrc vs package.json question, and honest caveats from running all three.
A pull request proposes merging one branch into another so a teammate can review it first. Here is the full flow on GitHub and GitLab: branch, push, open, review, merge.
Discard local changes in Git with restore, checkout, and clean. How to throw away edits to tracked files, delete untracked files, and reset to the last commit.
A beginner-friendly intro to CI/CD with GitHub Actions: a real workflow YAML that builds and deploys on every push to main, plus how to handle secrets safely.
Committed an API key or password? Deleting it in a new commit does not remove it. Rotate the credential first, then scrub it from all history with git filter-repo or BFG.
How to configure GitHub Actions setup-node properly: the minimal workflow, dependency caching, a version matrix across LTS lines, reading .nvmrc so CI matches local dev, private registry auth, and the version-drift and cache mistakes that bite in real pipelines.
Swap GitHub's default identicon for a real avatar in under a minute: where the setting lives, the crop step, the size and format that work, and the gotcha that trips people up.
A good Git commit message uses a short imperative subject under 50 characters, a blank line, then a wrapped body that explains why. Here is the whole convention.
How to register a custom WP-CLI command: guard it with defined('WP_CLI'), wire it up with WP_CLI::add_command(), turn class methods into subcommands, document args with @synopsis, and show progress with make_progress_bar().
What a Git branch actually is, how HEAD points at your current spot, and the commands to create, switch, list, rename, and delete branches with confidence.
A curated set of git aliases worth keeping: st, lg, last, unstage, amend, undo. How to set them with git config, where they live in ~/.gitconfig, and when you need a shell alias (the ! prefix) instead of a plain one.
An interactive crontab builder and explainer: pick a schedule to generate a valid cron expression, or paste an expression like 0 9 * * 1 to read it back in plain English.
GitHub rejected your push because a file is over 100 MB. Here is what the warning and the hard limit mean, and how to purge the file from history so the push goes through.
Move changes between Git repos as patch files. git diff plus git apply for a quick change transfer, or git format-patch plus git am to recreate the commits with their author, date, and message intact.
An interactive chmod calculator: tick the read/write/execute boxes for owner, group, and other to get the octal and the exact chmod command, or type 644 to see what it grants.
How to schedule a recurring task in WordPress with wp_schedule_event(), add a custom interval via the cron_schedules filter, guard it with wp_next_scheduled(), and when to ditch WP-Cron for a real system cron.
The 'pre-receive hook declined' error means the server rejected your push. Here is how to tell which rule blocked you (branch protection, file size, secret scan) and fix it.
Git hooks run your scripts automatically on commit, push, and checkout. Where the native hooks live, the common ones, why .git/hooks is not shared, how core.hooksPath fixes that, and the husky v9 setup for JS projects.
How to put a WordPress project under Git: what to track vs ignore, a ready .gitignore, version-controlling just your theme or plugin, and deploy options.
nvtop is an htop-style GPU monitor for Linux. One install (sudo apt install nvtop), one command, and you get live per-GPU utilization, memory, temperature, and a sortable per-process list across NVIDIA, AMD, and Intel cards.
How .nvmrc node version pinning actually works, plus .node-version, package.json engines, and Volta. Which file each tool reads, how to make installs fail on a mismatch, and how to keep CI on the same version as local dev.
List the files changed in git: working tree, staged, the last commit, between branches, or since N commits. Then pipe the list straight into a linter so you only check what changed.
Bring an existing or legacy codebase under version control cleanly. Init the repo, write .gitignore first so you skip the junk, make the initial commit, and push to a new remote.
bat is a cat command replacement that adds syntax highlighting, line numbers, and Git change markers. Install it, alias cat to it carefully, and know the --plain, --style, --paging, and --diff flags that make it behave well in scripts and pipes.
Git says 'refusing to merge unrelated histories' when your local repo and the remote have no shared commit. The one-line fix and what it actually means.
The NODE_MODULE_VERSION mismatch error means a native addon was compiled against a different Node ABI than the one now running it. Here is what the numbers mean, the one-line fix, and the Electron, Docker, and CI variants that catch people out.
Your fork falls behind the original project the moment someone else merges a change. Add an upstream remote, fetch it, then merge or rebase to catch up before you open a PR.
Create, push, list, and delete git tags from the command line. When to use an annotated tag over a lightweight one, why git push leaves your tags behind, and how to delete a tag on the remote.
exa was the modern ls replacement with color, a git column, and a tree view in one binary; it is now unmaintained and eza is the drop-in fork to install instead. The flags, the eza migration, and when plain ls is still the right call.
Git stops a pull when uncommitted edits would be clobbered. Fix it by committing your work, or by stashing it, pulling, then popping the stash back.
Ansible getting started: install it, write an inventory and your first playbook, and run it against a remote host over SSH. No agent, no daemon, just Python and a YAML file.
When you need to force push in Git, plain --force can silently clobber a teammate's commits. Use --force-with-lease (and --force-if-includes) so the push refuses if the remote moved.
Back up PuTTY sessions, host keys, and global settings from the Windows registry with a single regedit or PowerShell command. Restore on a new machine, transfer between user accounts, and troubleshoot the common Access Denied error.
A Git branching strategy is the rule for how your team makes and merges branches. GitHub Flow, Git Flow, and trunk-based development compared, and how to pick one for a small team.
SSH and HTTPS are two ways to connect Git to a remote like GitHub. Here is how each authenticates, when to pick which, and how to switch with git remote set-url.
Joining a team and need to start contributing to an existing Git repo? Here is the exact path: clone, install, branch off main, commit, push, and open a pull request.
Switch to TCP BBR congestion control with two sysctl lines and a reboot-safe config file. The throughput it buys you on lossy long-haul links, the fq qdisc it needs, the kernel version that ships it, and when CUBIC is still the right default.
What 'LF will be replaced by CRLF' means, why it is only a warning, how core.autocrlf works, and how a .gitattributes file settles line endings for a whole team.
Think you lost work to a bad reset, rebase, or deleted branch? You almost certainly did not. git reflog is Git's safety net, and here is how to use it to get your commits back.
Interactive rebase lets you squash, reword, and reorder commits before a pull request. Here is how git rebase -i works, the pick/squash/fixup/reword actions, and how to bail out safely.
Git says your branch has no upstream branch when you push a brand-new local branch. Fix it with git push -u origin <branch>, and the -u flag means plain git push works next time.
How to uninstall Node.js cleanly on Linux, macOS, and Windows: version managers (nvm, fnm, Volta, n), the official installer, apt/dnf/brew/winget/choco, Docker, plus the leftover npm/cache/PATH files everyone forgets to delete.
Fork copies a repo into your own account so you can contribute to a project you cannot push to. Clone downloads any repo to your machine. Here is when to use each.
Squash Git commits into one with interactive rebase: change pick to squash or fixup, fold into the line above, abort cleanly, or flatten a whole branch with git merge --squash. The whole workflow, including the force-push step you cannot skip.
Push-to-deploy to your own server with a bare Git repo and a post-receive hook. No CI vendor, no SSH-in-and-pull dance. Set it up once, then deploy with git push.
The git branch commands I reach for daily: print the current branch, find a remote's default branch, jump to the previous branch, rename, and delete a branch locally and on the remote. Modern git switch syntax throughout.
git merge keeps the true history and adds a merge commit; git rebase rewrites your commits onto a new base for a clean, linear log. Here is when each fits.
Set up Git for a new project the right way: git init, a starter .gitignore, your first commit, creating the remote, pushing, and turning on branch protection.
ShellCheck is a static analysis linter for Bash and POSIX sh: install it, run it on a script, read the SC codes, suppress false positives with disable directives, and wire it into CI.
The 'Permission denied (publickey)' error means SSH could not prove who you are to GitHub. Here is the ordered checklist that fixes it: key, agent, GitHub, test.
A merge conflict means Git found two changes to the same lines and needs you to pick. Here is how to read the conflict markers, fix them by hand or with a mergetool, and commit.
The 'src refspec main does not match any' error almost always means you have not committed yet, or you are pushing a branch name that does not exist. Here is the fix.
Set up a global .gitignore so .DS_Store, editor folders, and swap files stay out of every repo you touch, without editing each project's .gitignore. The one path mistake that makes it silently do nothing, and how to verify it.
Node LTS vs Current explained: what the even/odd version lines mean, the 30-month support window, when Current is worth it, and how to pick the right line for production, libraries, and CI.
What Git hooks are, where they live, and how to write a pre-commit hook that runs your linter before code can be committed. Plus husky and lint-staged for sharing hooks across a team.
fzf is a fuzzy finder that turns any line-based list into an interactive picker. Install it, pipe a list into it, and select with type-as-you-go matching.
git reset rewrites history; git revert records a new undo commit. Here is the conceptual split, the three reset modes, and why revert is safe on shared branches.
Stop Git tracking a file while keeping it on disk with git rm --cached. Fix a file you committed by accident, then add it to .gitignore so it never comes back.
A by-situation map for undoing things in git: discard a change, unstage a file, undo a commit, undo a pushed commit safely, delete untracked files, and recover with reflog. Modern restore and switch, not just checkout and reset.
Schedule a recurring task on Linux with cron: open your crontab, write the five-field schedule, point it at a command, and avoid the environment and day-of-week traps that make jobs run at the wrong time.
The ordered checklist for SSH Permission denied (publickey): is the key loaded, is it the right key, is the public half on the server, and are the server-side permissions sane.
Git says 'fatal: remote origin already exists' when you add a remote that is already set. Fix it by updating the URL with git remote set-url, or remove and re-add.
sudo iotop -o sorts running processes by live disk I/O so you can see which one is hammering the drive, with the flags for batch mode, accumulated totals, and the read/write split.
git fetch downloads new commits from the remote without touching your working files. git pull does the same fetch and then merges them straight into your branch.
Run separate SSH keys for work, personal, and GitHub by binding each to its host in ~/.ssh/config with IdentityFile and IdentitiesOnly, so the right key is always offered.
How to use git stash to set work aside without committing. Save, list, pop, apply, and drop stashes, stash untracked files, do a partial stash, and switch branches cleanly.
How to rotate Tor circuits programmatically using the NEWNYM control signal — torrc setup with CookieAuthentication or HashedControlPassword, raw socket script, Python stem, and the rate limit that bites everyone.
Every torrc directive worth knowing in 2026, grouped by what you're trying to do: SOCKS and control ports, circuit construction, country pinning, hidden services, bridges, logging, and performance tuning.
End-to-end setup for a v3 .onion hidden service — torrc HiddenServiceDir and HiddenServicePort, key backup, permissions, onion-location header, single-onion mode, and the operational mistakes that get addresses leaked or lost.
which vs type vs command -v for finding where a command lives: which is an external program with portability problems, command -v is the POSIX-standard choice for scripts, and type tells you the most.
How umask subtracts from 666 and 777 to set the permissions new files and directories are born with, how to read it, and how to change it for a session or for good.
Git refused your push because the remote has commits you do not have. Pull with rebase first, then push. Here is exactly why it happens and how to fix it safely.
Route a single command, script, or HTTP client through Tor's SOCKS5 proxy — curl with --socks5-hostname, Python requests with socks5h://, Node with socks-proxy-agent — and avoid the DNS leak that catches everyone first time.
Paste your SSH public key into GitHub or GitLab, then confirm it works with ssh -T. The whole flow, with no password or token prompts on git push after.
Undo your last Git commit without losing work. When to use amend, reset --soft, reset --mixed, reset --hard, and revert, plus the rule for commits you already pushed.
When your ISP or country blocks Tor, bridges and pluggable transports keep you connected. Compares obfs4, Snowflake, and meek, how to add each to torrc, and how to get fresh bridge lines from bridges.torproject.org or by email.
The pidstat command samples per-process CPU, memory, and disk I/O at a fixed interval. pidstat -u 2, pidstat -r 2, pidstat -d 2, scoping to one PID with -p, threads with -t, and where it beats top.
The 'fatal: not a git repository' error means you ran a Git command outside a repo. Fix it by cd-ing into the project, running git init, or cloning.
The full Tor country code list (ISO 3166-1 alpha-2) and how to set exit nodes by country in torrc: ExitNodes, ExcludeNodes, EntryNodes, ready-to-paste Five/Nine/14 Eyes blocks, torify and torsocks examples, and the StrictNodes pitfall.
Git refuses your first commit with 'Please tell me who you are' because it has no name or email to author the commit. Set both with git config and you are done.
Change a user's default login shell with chsh or usermod, check the valid shells in /etc/shells, and see the current shell from /etc/passwd.
A practical guide to .gitignore: pattern syntax, per-repo vs global ignore, ready-made templates, and the gotcha that trips everyone up - already-tracked files keep showing up.
Bash job control reference: suspend with Ctrl-Z, resume in foreground with fg or background with bg, list with jobs, target jobs by %1/%+/%-, and keep a process alive past logout with nohup, disown, or setsid.
Create an SSH key in one ssh-keygen command. Which key type to pick in 2026 (Ed25519 vs RSA), whether to set a passphrase, and the file permissions SSH needs, on Linux, macOS and Windows.
Change ownership with chown user:group, do it recursively, change only the group, and why changing an owner needs root while chgrp sometimes does not.
Apply permissions down a whole tree with chmod -R, and the capital-X trick that sets execute on directories but leaves regular files alone.
The Git staging area (the index) is the in-between layer where you assemble exactly what goes into your next commit. Here is what git add really does, and why it exists.
List every user and group from /etc/passwd and /etc/group with getent, tell human accounts from system ones by UID, and see which groups a user belongs to.
How to install Node.js the right way on Linux, macOS, and Windows. Covers nvm, fnm, Volta, the official nodejs.org installer, apt/dnf via NodeSource, Homebrew, winget, Chocolatey, Docker, and how to verify the install.
A practical, no-jargon introduction to Git: the mental model, installing it, your first config and commit, pushing to GitHub, and where to go next.
Run node --version and npm --version to see what you have installed. This covers every way to check Node and npm, finding which install is on PATH, reading the version inside a script, and the gotchas with version managers and multiple installs.
Copy your public key to a server with ssh-copy-id, or append it to authorized_keys by hand, then log in without a password. Linux, macOS, and Windows.
Make a script runnable with chmod +x, why the shebang line matters, and how to run it with ./ once the execute bit is set.
Add a user to a group with usermod -aG without wiping their existing groups, why the -a matters, and how to confirm membership took effect.
Create a group with groupadd, add users to it, and understand the difference between a user's primary group and the secondary groups that grant shared access.
Create a Linux user with useradd or adduser, give it a home directory, shell, and password, and understand the difference between the low-level and friendly commands.
Set up Apache virtual hosts on WAMP Server 3.3+, map mysite.local to a project folder, fix the port-80 conflicts that ruin Friday afternoons, and enable HTTPS on localhost with mkcert. Plus when to ditch WAMP for XAMPP, Valet, or Docker.
Read and set rwx permissions, the octal numbers behind 644 and 755, the difference between files and directories, and symbolic vs numeric chmod.