{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "Christian Lehnert — Linux, Hacking \u0026 Faith",
  "home_page_url": "https://blog.c0xl.ch/rss",
  "description": "Personal blog of Christian Lehnert (c0xl) — long-form writing on Linux system administration, homelab infrastructure, cybersecurity research, eBPF, Debian, self-hosting, and reflections on philosophy, Nietzsche and Jewish thought.",
  "author": {
    "name": "Christian Lehnert — Linux, Hacking \u0026 Faith"
  },
  "authors": [
    {
      "name": "Christian Lehnert — Linux, Hacking \u0026 Faith"
    }
  ],
  "items": [
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/fairphone-as-a-desktop",
      "title": "Ubuntu Touch Convergence - The Fairphone as a Desktop",
      "summary": "The follow-up to running Ubuntu Touch on a Fairphone 4 is the feature that actually distinguishes it from every mainstream phone. Plug the phone into a monitor over USB-C, pair a Bluetooth keyboard, and the phone becomes a desktop computer. The phone's own touchscreen then works as the trackpad. This is convergence, and once it works, it changes what the phone is for.\n",
      "date_published": "2026-07-09T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/perf-beyond-top",
      "title": "perf Beyond top - Profiling CPU, Memory, and I/O Properly",
      "summary": "top tells you a process is busy. It does not tell you why. The perf toolchain, plus a handful of eBPF-based tools, answer the why at the level of functions, cache misses, and individual block-device latencies. This is the advanced layer, for when the basic tools have already told you which process to look at.\n",
      "date_published": "2026-07-08T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/bcachefs",
      "title": "bcachefs - The Best Filesystem Design That the Kernel Threw Out",
      "summary": "bcachefs is, on technical merit, the most interesting copy-on-write filesystem to arrive on Linux in a decade. It is also, as of Linux 6.18, no longer in the kernel, ejected after a governance dispute between its author and Linus Torvalds and now shipping as a DKMS module like ZFS. This is the story of a filesystem whose engineering and whose politics point in opposite directions, and what that means for anyone deciding whether to run it.\n",
      "date_published": "2026-07-07T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/ubuntu-touch-on-a-fairphone-4",
      "title": "Ubuntu Touch on a Fairphone 4",
      "summary": "I run Ubuntu Touch on a Fairphone 4 as my actual phone. It is a good experience, better than the skeptics assume and worse than the enthusiasts claim. Waydroid runs most Android apps, microG handles most of the apps that expect Google services, and the one real cost is that backups do not work the way you are used to. This is the honest writeup.\n",
      "date_published": "2026-07-04T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/ip-br",
      "title": "ip -br - The Clean Way to Read Interface State",
      "summary": "Plain ip link and ip addr dump a wall of text for every interface, most of it irrelevant when you just want to know what is up and what has an address. The -br flag collapses each interface to a single line, and it is the version you should be reaching for on every troubleshooting call.\n",
      "date_published": "2026-07-03T12:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/non-human-identity",
      "title": "Non-Human Identity - The Larger Half of the Identity Problem Nobody Manages",
      "summary": "For every human in a modern enterprise there are somewhere between forty and a hundred non-human identities. Service accounts, API keys, OAuth tokens, certificates, and now AI agents. The industry has spent twenty years hardening the human identity perimeter and almost no time on the larger half. The breaches of the last year are the bill arriving.\n",
      "date_published": "2026-07-02T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/neko",
      "title": "Neko - The Self-Hosted Browser-in-a-Container That Earns Its Place",
      "summary": "Neko is a self-hosted virtual browser running inside Docker that streams its display to anyone with a URL via WebRTC. On paper that sounds like a curiosity. In practice it solves three operational problems I had been working around individually for years, with one tool, in one container.1\n",
      "date_published": "2026-06-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tank-os-with-llm",
      "title": "tank-os-with-llms - The Hardened Container I Run Claude Code and Gemini CLI In",
      "summary": "After writing about Sally O'Malley's tank-os in June, the question that kept bothering me was the practical one. How do I actually run Claude Code and Gemini CLI on my own laptop without giving the agent access to the corporate VPN, the company Git server, the cloud metadata endpoint, or anything else on RFC 1918 space? The answer I built is a small Docker Compose configuration that wraps tank-os, installs both agents, and enforces a default-deny network perimeter through iptables. This post is the writeup of what I built and why each piece earns its place.\n",
      "date_published": "2026-06-27T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/halt-vs-shutdown",
      "title": "halt vs shutdown - The Case for the Simpler Command",
      "summary": "shutdown is the command operators reach for out of habit when they want to bring a system down. For the common case (a single-user workstation, a headless server, an ad-hoc maintenance window), halt does the same orderly shutdown with less ceremony and a simpler invocation. The reason shutdown won the muscle memory is historical and no longer applies on modern systemd systems.\n",
      "date_published": "2026-06-25T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/reboot-last",
      "title": "Reboot Last - The Windows Habit That Hurts Linux and FreeBSD Operators",
      "summary": "Consumer operating systems trained an entire generation of operators to reach for the reboot button as the first step of any debugging session. On Windows this is occasionally the right answer. On Linux and FreeBSD it is almost always the wrong one, because the reboot destroys the evidence you needed to fix the problem in the first place.\n",
      "date_published": "2026-06-23T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/freebsd-rc-system",
      "title": "FreeBSD's rc System",
      "summary": "FreeBSD's rc system is the init mechanism that has aged best in the Unix world. It uses ordered shell scripts, a clean configuration hierarchy, and a dependency resolver that handles the ordering problem without numbered runlevels. This post walks through how /sbin/init reaches /etc/rc, how the configuration files in /etc/defaults/rc.conf and /etc/rc.conf and /etc/rc.conf.local compose, and where your own scripts belong on a properly maintained FreeBSD system.\n",
      "date_published": "2026-06-20T22:45:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/adduser-perl",
      "title": "adduser vs useradd - The Debian Trap",
      "summary": "On Debian and Ubuntu, two commands look like they do the same thing. They do not. adduser is a Perl wrapper from the adduser package. useradd is the raw binary from upstream shadow-utils. The difference catches operators who write portable scripts and expect either name to work the same way on RHEL or Alpine.\n",
      "date_published": "2026-06-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/slow-backup",
      "title": "Backup at 64 KB/s - When CIFS Stops Being a Backup Protocol",
      "summary": "A chunk-store backup that was projected to take ten days for sixty six gigabytes. The protocol was CIFS over rsync. The fix was rclone over SFTP with parallel transfers. The same data, the same network, the same off-site target, moved 280 times faster. The reason is a protocol property that does not show up in any \"which backup software\" comparison but that decides whether your backup can actually finish before tomorrow.\n",
      "date_published": "2026-06-16T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/systemd-boot-instead-of-grub",
      "title": "systemd boot instead of grub",
      "summary": "GRUB has been the default Linux bootloader for two decades. For most of those decades it was the right default. On a modern UEFI system that runs exactly one operating system, it is not. The smaller, simpler, UEFI-native alternative has been mature for years and should be the choice that an engineer makes deliberately rather than the default that lands on the disk because nothing pushed back.",
      "date_published": "2026-06-13T22:40:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/expert-install-debian",
      "title": "Why I Use the Debian Expert Install - The Defaults You Did Not Know You Accepted",
      "summary": "The default Debian installer is competent. It is also opinionated. It makes a dozen choices on your behalf that you would probably make differently if you knew you were making them. The Expert Install is not for elite users. It is for anyone who wants to know what their system actually contains the moment after first boot.\n",
      "date_published": "2026-06-11T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/modern-init-scripts",
      "title": "Modern init Scripts - Writing Systemd Unit Files Like a Pro",
      "date_published": "2026-06-09T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/docker-run-init",
      "title": "docker run --init - The Flag You Should Use on Every Container",
      "summary": "PID 1 in Linux has special responsibilities that most application processes are not designed to handle. The --init flag in Docker inserts a tiny init process between PID 1 and your application, which solves the zombie reaping problem and the signal forwarding problem in one line.\n",
      "date_published": "2026-06-06T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/proxmox-recovery",
      "title": "A Proxmox Hypervisor Down - Recovery, Postmortem, and the Hardening That Followed",
      "summary": "This afternoon the primary Proxmox hypervisor in the homelab refused to boot. Several VMs went offline. Hours of recovery later, every service was back up and no VM data had been lost. This post is the writeup of what failed, what saved the data, and the three hardening layers that have been permanently added so that the next incident in this family does not reach the \"blind boot from a serial console\" stage.\n",
      "date_published": "2026-06-04T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tank-os",
      "title": "tank-os - The Right Way to Run AI Agents on Linux",
      "summary": "Sally O'Malley at Red Hat Emerging Tech published tank-os in April 2026, a Fedora bootc image that runs AI agents as rootless Podman workloads. The architecture is small, the disciplines it composes are obvious in retrospect, and it is the cleanest available demonstration of what an agent host should look like in 2026.\n",
      "date_published": "2026-06-02T20:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/zombies-with-ps",
      "title": "Zombies with ps - You Cannot Kill What Is Already Dead",
      "summary": "A zombie process is already dead. kill minus nine does nothing to it. The fix is always one level up the process tree, because the bug is in the parent that failed to reap its child, never in the child itself.\n",
      "date_published": "2026-05-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/separate-your-changes",
      "title": "Separate Your Changes - The Kernel's Patch Rules Applied to LLM-Assisted Coding",
      "summary": "The Linux kernel has had a written rule about commit hygiene since before the platforms most engineers use today existed. \"Separate each logical change into a separate patch.\" The rule is currently being violated at an industrial scale by everyone using LLM assistants to write code, because the assistants produce sprawling multi-concern diffs by default. The kernel's discipline is the cleanest answer to the resulting mess, and it scales down to any project size.\n",
      "date_published": "2026-05-28T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/radius-of-standing-access",
      "title": "The Blast Radius of Standing Access - What the Spring 2026 Supply Chain Attacks Revealed About Developer Endpoints",
      "summary": "Between late April and late May 2026, a single threat actor compromised more than four hundred package versions across npm and PyPI, leaked source code from two AI labs and one widely-used SDK vendor, exfiltrated thousands of internal repositories from a major code-hosting platform, and open-sourced their worm under an MIT license on the same platform they attacked. The interesting question is not how. The interesting question is why the blast radius keeps reaching this size, and the answer points at a structural feature of how engineering organizations grant access to source code.\n",
      "date_published": "2026-05-26T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tokenmaxxing",
      "title": "Tokenmaxxing - The Lines-of-Code Mistake in 2026 Clothing",
      "summary": "Big tech has discovered a new way to measure engineering productivity. The metric is the number of AI tokens an engineer consumes per month. It rewards the exact opposite of competent engineering, and the engineers who understand this are being systematically ranked beneath the engineers who do not.",
      "date_published": "2026-05-23T22:15:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/recovering-deleted-binaries",
      "title": "Recovering Deleted Binaries from /proc",
      "summary": "A binary deleted from disk while the process is still running is not actually gone. The kernel keeps the inode alive as long as the  process holds it, and /proc/PID/exe is a real readable handle to it. You can copy a running program out of /proc and reconstruct it on disk byte for byte.",
      "date_published": "2026-05-21T08:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/gemini-cli-hook-cve",
      "title": "The Trust Boundary You Did Not Know You Had - Configuration Files, Pull Requests, and the Gemini CLI Hook CVE",
      "summary": "Modern pull request review is built on a clean trust boundary. Code in the PR is untrusted until reviewers approve it. Configuration in the PR is treated as ambient context, more or less along for the ride. The Gemini CLI hook CVE that landed in May 2026 made it",
      "date_published": "2026-05-19T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/stop-blaming-linus",
      "title": "Four Root Exploits in Three Weeks. Stop Blaming Linus",
      "summary": "Copy Fail, Dirty Frag, Fragnesia, ssh-keysign-pwn - four Linux kernel root exploits in three weeks. The kernel is fine. The admins are not.",
      "date_published": "2026-05-16T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/bash-tip",
      "title": "Bash !$ for Safer File Deletion",
      "summary": "The bash !$ history expansion substitutes the last argument of the previous command which turns destructive operations like rm into a two-step ritual where the first step is always a preview.",
      "date_published": "2026-05-14T20:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/ansible-at-scale",
      "title": "Ansible at Homelab Scale - How Two Critical Debian CVEs Became a Non-Event",
      "summary": "When CVE-2026-31431 dropped on April 29 with a public proof-of-concept and no vendor patches available, every Linux machine in the homelab was affected. Two weeks later the OpenSSH GSSAPIKeyExchange flaw shipped as DSA-6204-1 and the question arose again. This post is the short writeup of how Ansible turned both incidents into routine work.",
      "date_published": "2026-05-14T09:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/ebpf-hello-world",
      "title": "Beginning with eBPF - Hello World and What Actually Happens When You Trace a Syscall",
      "summary": "eBPF is the most interesting thing to happen to the Linux kernel in the last decade and one of the least understood.",
      "date_published": "2026-05-12T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/fortigate-one",
      "title": "Day One with the FortiGate 100F - Adding a Real NGFW to a MikroTik-Native Homelab",
      "summary": "The FortiGate 100F arrived this week and slots into the homelab between the Fritz!Box modem and the MikroTik core router, adding real next-generation firewall capability to a routing-strong but inspection-light architecture.",
      "date_published": "2026-05-09T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/shabbat-aware-homelab",
      "title": "The Shabbat-Aware Homelab",
      "summary": "Operating a homelab as an observant Jew raises questions that no modern operations manual addresses. Which jobs can run autonomously through Shabbat. Which alerts may wake me.",
      "date_published": "2026-05-06T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/linux-file-reading",
      "title": "The Art of Reading Support Files - Systematic Linux Diagnostics Before You Reach for strace",
      "summary": "Production debugging is not a data-gathering problem but a reading problem, because most systems have already written down what is broken if you know where to look.",
      "date_published": "2026-05-03T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/why-your-router-cannot-switch-isps",
      "title": "Why Your Router Cannot Just Switch ISPs",
      "summary": "Access technology lives in silicon — not software.",
      "date_published": "2026-04-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/reverse-engineering-sagemcom-fast-5370-xmo-api",
      "title": "Reverse Engineering ISP Hardware - Inside the Sagemcom F@st 5370",
      "summary": "Sagemcom's F@st 5370 hides an ISP-controlled XMO configuration backdoor.",
      "date_published": "2026-04-28T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/mikrotik-carrier-esim-without-mikrotik-connectivity",
      "title": "MikroTik 5G without MikroTik Connectivity - provisioning a carrier eSIM by hand",
      "summary": "Manual carrier eSIM provisioning on MikroTik 5G via LPA decoding.",
      "date_published": "2026-04-25T23:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/brave-origin-linux-nyxt",
      "title": "Brave Origin on Linux - What a Nyxt User Actually Sees",
      "summary": "Brave Origin's architecture from a Nyxt user's perspective.",
      "date_published": "2026-04-23T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tinyauth-forward-auth-searxng",
      "title": "Forward-Auth for Your Homelab With Tinyauth",
      "summary": "Scoped forward-auth for homelab services using tinyauth.",
      "date_published": "2026-04-22T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/resurrecting-a-flash-card-with-f3-and-dd",
      "title": "Resurrecting a flash card with f3 and dd",
      "summary": "A 128 GB microSD started throwing ETIMEDOUT on writes. Instead of binning it, I used f3 to prove it wasn't counterfeit, then dd to force the FTL into remapping its bad blocks. The card has been healthy for two months since. A field-report on diagnosing and reviving flash storage on Linux",
      "date_published": "2026-04-20T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/self-hosting-searxng",
      "title": "Self-Hosting SearXNG",
      "summary": "Self-hosting SearXNG - architecture, gotchas, and threat-model honesty.",
      "date_published": "2026-04-12T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/mcp-server-fastmcp",
      "title": "Building a Public MCP Server - pdf.c0xl.ch from FastMCP to Production",
      "summary": "Production-grade public MCP server",
      "date_published": "2026-03-20T23:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/endlessh-go-strato-vps-ssh-tarpit",
      "title": "Trapping SSH Attackers with endlessh-go on a VPS",
      "summary": "Running endlessh-go as a Docker container on Strato VPS, deployed via Ansible",
      "date_published": "2026-03-10T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/cisco-wlc-2504-aironet-3600-homelab",
      "title": "Enterprise Wireless on a Budget - Cisco WLC 2504 and Aironet 3600 in a Homelab",
      "summary": "Running Cisco WLC 2504 and Aironet 3600 access points in a homelab for under 300 CHF",
      "date_published": "2026-02-02T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/wireguard-cgnat-wstunnel-websocket",
      "title": "WireGuard Through CG-NAT",
      "summary": "How to run WireGuard through CG-NAT and UDP-blocking networks by wrapping it in WebSocket with wstunnel, using a Raspberry Pi as a permanent LAN gateway and a Strato VPS as the public relay.",
      "date_published": "2026-01-22T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/proxmox-vrtx-megaraid-sas-fix",
      "title": "Installing Proxmox on a Dell PowerEdge VRTX",
      "summary": "Proxmox on VRTX - fix the megaraid_sas hang.",
      "date_published": "2026-01-14T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/osint-in-the-real-world",
      "title": "Practical OSINT in the Real World",
      "summary": "From beginner searches to disciplined OSINT practice",
      "date_published": "2026-01-12T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/osint-beginner",
      "title": "What Is OSINT? A Beginner’s Guide to Open Source Intelligence",
      "summary": "OSINT analyzes publicly available data to identify risks, relationships, and security-relevant insights.",
      "date_published": "2026-01-01T12:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/mystery-of-becoming-one",
      "title": "Kiddushin and the Mystery of Becoming One",
      "summary": "Two souls reunite through sanctified obligation",
      "date_published": "2025-12-31T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/crowd-psychology-pro-palestine-protests-pro-israel-analysis",
      "title": "Understanding Pro-Palestine Demonstrations Through the Lens of Crowd Psychology",
      "summary": "Analyzing pro-Palestine protests through Le Bon’s crowd psychology lens.",
      "date_published": "2025-10-03T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/schopenhauer-kabbalah-world-representation",
      "title": "Shaping Reality with Schopenhauer and Kabbalah",
      "summary": "Schopenhauer’s first line as mystical perception shift",
      "date_published": "2025-09-28T12:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/address-space-translation",
      "title": "Address Space Translation",
      "summary": "Demystifying address space translation for Linux and OS geeks",
      "date_published": "2025-09-22T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/base-bound-protection",
      "title": "Base and Bound Protection",
      "summary": "Exploring base and bound memory protection",
      "date_published": "2025-09-21T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/believe-in-god-our-savior",
      "title": "Why Believing in God Matters",
      "summary": "Faith in God unites, guides, and saves humanity.",
      "date_published": "2025-09-20T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tar-notes",
      "title": "Your Friendly Guide to Archiving Files in Unix with tar",
      "summary": "My notes about tar",
      "date_published": "2025-09-16T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/dynamic-repetition-jewish-faith-reflection",
      "title": "Reflection on Gilad Sharvit’s Dynamic Repetition",
      "summary": "Sharvit’s study enriches Jewish faith and messianic hope.",
      "date_published": "2025-08-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/gods-presence-in-daily-life",
      "title": "Finding God in the Everyday",
      "summary": "God reveals Himself in life’s everyday moments.",
      "date_published": "2025-08-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/lenovo-thinkpads-best-laptops",
      "title": "Why Lenovo ThinkPads Are the Linux Power User’s Dream Machine",
      "summary": "Lenovo ThinkPads -  durable, reliable, and built for professionals.",
      "date_published": "2025-07-07T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/torah-gods-love-autism-anxiety",
      "title": "Living with Autism and Anxiety Through the Torah’s Light",
      "summary": "God’s love and Torah bring peace and strength.",
      "date_published": "2025-06-12T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/ubuntu-windows-of-linux",
      "title": "Why Ubuntu Has Become the “Windows” of the Linux World",
      "summary": "Ubuntu’s shift - Linux freedom to Windows-like control",
      "date_published": "2025-05-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/the-sirens-dance-anthony-walker",
      "title": "Reflections on The Sirens Dance by Anthony Walker",
      "summary": "Exploring love, violence, and extremes in BPD marriage.",
      "date_published": "2025-03-15T21:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/god-protects-those-who-cannot-protect-themselves",
      "title": "Finding Strength in Hashem’s Protection",
      "summary": "Divine shelter when human strength falls short.",
      "date_published": "2025-02-04T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/faith-saves-from-lifes-darkness",
      "title": "How Believing in God Shields Us From Life’s Storms",
      "summary": "Faith in God shields us from life’s struggles.",
      "date_published": "2024-11-19T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/why-snap-sucks",
      "title": "Why I Think Snap is Terrible",
      "summary": "Snap is bloated, slow, and centralized junk",
      "date_published": "2024-10-23T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/dont-use-kali-daily",
      "title": "Don’t Use Kali Linux as Your Daily Driver",
      "summary": "Kali Linux isn’t meant for daily use",
      "date_published": "2024-09-25T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/elevations-rosenzweig-levinas-jewish-faith",
      "title": "The Height of the Good in Rosenzweig and Levinas",
      "summary": "Rosenzweig and Levinas uplift Jewish faith through goodness.",
      "date_published": "2024-08-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/get-me-out-of-here-rachel-reiland-md",
      "title": "Reflections on Rachel Reilands Powerful Memoir",
      "summary": "Learning from Rachel Reiland to support my wife.",
      "date_published": "2024-02-02T21:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/why-debian",
      "title": "Why Debian Will Always Be My Linux Distribution of Choice",
      "summary": "Why I Keep Coming Back to Debian",
      "date_published": "2024-01-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/maui-dotnet8",
      "title": "An Introduction to .NET MAUI in .NET 8",
      "summary": "A brief summary of MAUI in .NET 8",
      "date_published": "2023-11-21T14:01:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/asking-god-before-marriage-proposal",
      "title": "The Moment I Turned to God Before Asking My Wife to Marry Me",
      "summary": "God’s blessing guided my proposal and marriage journey.",
      "date_published": "2023-07-15T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/papers",
      "title": "Why Remnants of a Life on Paper Still Echo in My Mind",
      "summary": "A moving memoir of illness, family, and words.",
      "date_published": "2023-05-20T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/halakha-for-engineers-shabbat",
      "title": "Halakha for Engineers - When Your Code Runs on Shabbat",
      "summary": "The wrong question is whether you can use a phone on Shabbat. The right question, for those of us who build the systems, is what halakhic status the work of our machines holds while we rest.",
      "date_published": "2023-03-03T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/chosen-people-segulah",
      "title": "What Chosen People Actually Means",
      "summary": "Two groups misunderstand am segulah for opposite reasons. Anti-Semites read it as supremacy. Interfaith softeners read it as embarrassing exclusivism to be flattened. Both readings are wrong, and the actual content is harder than either.",
      "date_published": "2022-12-05T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/loving-someone-with-bpd-shari-manning",
      "title": "Learning to Love Through the Lens of Borderline Personality Disorder",
      "summary": "Supporting my girlfriends journey with BPD and self-respect.",
      "date_published": "2022-09-20T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/hardened-heart",
      "title": "The Hardened Heart of Pharaoh",
      "summary": "Stubbornness becomes destiny under divine justice",
      "date_published": "2022-06-29T23:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/systemd",
      "title": "Unlocking the Mystery of systemd",
      "summary": "the basiscs around systemd",
      "date_published": "2022-06-14T20:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/log4shell",
      "title": "Log4Shell",
      "summary": "On December 9, an arbitrary code execution vulnerability in Apache Log4j 2 went public. The world spent the weekend patching. A week later we have CVE-2021-44228, the follow-up CVE-2021-45046, and CVE-2021-45105, three patches in five days, and a long list of structural lessons that the Java ecosystem will be working through for years.",
      "date_published": "2021-12-15T16:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/vaultwarden",
      "title": "Vaultwarden - Self-Hosting the Bitwarden Server",
      "summary": "The project formerly known as bitwarden_rs renamed to Vaultwarden last month, completing the rebrand at the request of the Bitwarden team. Six weeks in, the new name is settling. The underlying project remains what it always was - the right way to self-host Bitwarden if you want full control of your password infrastructure.",
      "date_published": "2021-06-19T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/http3-quic",
      "title": "HTTP/3 and QUIC - What's About to Replace TCP",
      "summary": "QUIC is in late draft, HTTP/3 is shipping in Chrome and Firefox, and Cloudflare and Google are already serving meaningful traffic over both. The internet's transport layer is being rewritten. This is what changed, why it changed, and what it means for everyone who runs servers.",
      "date_published": "2020-10-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tzedakah",
      "title": "Tzedakah - Why Charity Loses What Hebrew Names",
      "summary": "The English word charity descends from Latin caritas, love. The Hebrew word tzedakah descends from tzedek, justice. Translating one as the other does not just lose a connotation; it inverts the underlying legal and ethical structure. The classical Jewish concept is harder, more demanding, and more interesting than what English makes of it.",
      "date_published": "2020-08-22T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/caddy-v2",
      "title": "Caddy v2",
      "summary": "Caddy v2 released six weeks ago. It is not v1 with new features — it is a complete rewrite, with a new configuration model, a new module system, and a real architectural argument for why a modern web server should look different from nginx and Apache. After six weeks of running production sites on it, here is what it actually delivers.",
      "date_published": "2020-06-15T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/why-use-pihole",
      "title": "Why Pi-hole Might Just Be Your New Best Friend Online",
      "summary": "Pi-hole - faster, safer, ad-free internet browsing",
      "date_published": "2020-03-30T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/lebon-psychology",
      "title": "Gustave Le Bon’s Timeless Dive into Mass Psychology",
      "summary": "Deep dive talk about Gustave Le Bon's Mass Psychology book",
      "date_published": "2019-12-23T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/antichrist-nietsche",
      "title": "Exploring Nietzsche’s The Antichrist",
      "summary": "Exploring Nietzsche's Antichrist",
      "date_published": "2019-12-21T22:03:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/debian-buster",
      "title": "Debian 10 - What Two Years Brought",
      "summary": "Debian 10 released a month ago, ending Stretch's two-year run. The headline change is nftables replacing iptables as the default firewall framework. The deeper changes — secure boot, default AppArmor, Wayland coming into focus — are what will matter over the next two years.",
      "date_published": "2019-08-04T11:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/the-psychology-of-money",
      "title": "Why The Psychology of Money Feels More Relevant Than Ever in Today’s Wild Financial Ride",
      "summary": "Timeless lessons on money, behavior, and true wealth",
      "date_published": "2018-12-02T21:15:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/wireguard-first",
      "title": "WireGuard - The VPN That's About to Change Everything",
      "summary": "Jason Donenfeld submitted WireGuard for inclusion in the Linux kernel mainline in August. Even before merge, the four-thousand-line VPN is already faster, simpler, and more secure than OpenVPN or IPsec. Here is what it is, why the design matters, and how to deploy it now.",
      "date_published": "2018-11-08T14:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/reflection-on-hesche",
      "title": "Reflection on Heschel's The Sabbath",
      "summary": "Heschel's 1951 essay distills the rabbinic conception of Shabbat into a hundred pages of philosophical-poetic prose that remains, seventy years later, the best short introduction to what the seventh day actually is. The argument that civilization conquers space and Shabbat sanctifies time is not decorative metaphor; it is the structural claim of the book, and it holds up.",
      "date_published": "2018-04-22T09:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/spectre",
      "title": "Spectre and Meltdown - What Hardware Trust Looks Like After January 3",
      "summary": "On January 3, three vulnerabilities in modern CPUs reframed two decades of assumptions about hardware-enforced isolation. The patches are landing. The deeper lesson — that speculative execution as currently designed is fundamentally hostile to security — is what we are still working out.",
      "date_published": "2018-01-15T11:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/krack-wpa2-broke",
      "title": "KRACK - WPA2 Broke, and Your Linux Clients Broke Worst",
      "summary": "Mathy Vanhoef forced WPA2 to reinstall a key it was already using, resetting the nonce and handing an attacker the keystream. Every correct implementation was affected, and Linux managed to be affected worst of all by installing an all-zero key. Here is the handshake, the flaw, and why the link layer was never where your trust belonged.\n",
      "date_published": "2017-10-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/two-torahs",
      "title": "The Two Torahs",
      "summary": "The popular reading of Judaism imagines a single Torah, written, sufficient on its own — and the rabbinic literature as commentary added on top. The classical sources tell a different story, and the structural argument for it is harder to dismiss than most readers realize.",
      "date_published": "2017-09-19T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/zfs-on-the-homelab",
      "title": "ZFS on the Homelab - Checksums, Snapshots, and the End of Silent Bit Rot",
      "summary": "ext4 will hand you a corrupted file and swear everything is fine. ZFS checksums every block, repairs what it can, and makes snapshots cost nothing. With ZoL 0.7 out and Stretch a contrib package away from it, here is why my homelab storage now runs on copy-on-write, and the licensing mess you sign up for by using it.\n",
      "date_published": "2017-08-09T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/debian-stretch",
      "title": "Debian 9 - What Actually Changed",
      "summary": "Debian 9 Stretch released two weeks ago, ending Jessie's reign as stable. Most servers will upgrade through the year. Here is what is genuinely new, what is worth knowing before you migrate, and what is going to bite you.",
      "date_published": "2017-07-02T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/debian-9-reproducible-builds",
      "title": "Debian 9 Stretch - Reproducible Builds, MariaDB, and the eth0 That Won't Come Back",
      "summary": "Stretch is out, dedicated to Ian Murdock, with over 90% of packages now reproducible, MariaDB instead of MySQL, and the modern GnuPG by default. It also renames your network interfaces out from under you, which is how a routine upgrade locks you out of your own server. Here is what is worth caring about, and what to check before you reboot. \n",
      "date_published": "2017-06-21T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/kostolany-notebook",
      "title": "Timeless Wisdom from André Kostolany’s Notebook",
      "summary": "Wisdom on money, greed, and life’s true value",
      "date_published": "2017-05-16T21:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/self-hosting-email",
      "title": "Self-Hosting Email",
      "summary": "Self-hosting email used to mean installing Postfix and pointing an MX record at it. In 2017, the deliverability fight against Gmail and Outlook is the real work, and most of the difficulty is not the mail server itself.",
      "date_published": "2017-02-18T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/borgbackup",
      "title": "BorgBackup - Encrypted, Deduplicated Backups Done Right",
      "summary": "Borg 1.0 has been stable since February. If your backup strategy is still rsync to an external drive, you are leaving real safety on the table. Encryption, deduplication, and compression are not optional anymore.",
      "date_published": "2016-11-08T11:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/dirty-cow-cve-2016-5195",
      "title": "Dirty COW - The Nine-Year-Old Root Bug Hiding in Copy-on-Write",
      "summary": "A race in mm/gup.c lets any local user write to read-only memory and rewrite setuid binaries. It sat in the kernel for nine years. Here is how the race actually works, and why \"it's only local\" was always a lie, especially now that everyone runs containers.\n",
      "date_published": "2016-10-21T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/tefillah-actually-is",
      "title": "What Tefillah Actually Is",
      "summary": "The popular understanding of Jewish prayer is a wish list submitted to the Divine. Classical sources treat tefillah as something else entirely — closer to a daily discipline of standing before God than a customer-service relationship with Him.",
      "date_published": "2016-07-15T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/more-money-than-god-blogpost",
      "title": "Diving Into the High-Stakes World of Hedge Funds with Sebastian Mallaby's More Money Than God",
      "summary": "Exploring hedge funds’ history through Mallaby’s lens",
      "date_published": "2016-05-10T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/lets-encrypt-auto",
      "title": "Let's Encrypt - What Free Universal HTTPS Actually Changes",
      "summary": "Let's Encrypt left beta last week and entered general availability. Free, automated, ninety-day certificates from a CA that browsers actually trust. The change is bigger than the price tag suggests.",
      "date_published": "2016-04-22T22:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/warren-buffett-lessons-for-investors",
      "title": "The Essays of Warren Buffett -  Timeless Wisdom for Investors and Leaders",
      "summary": "deep dive into  timeless investing and management wisdom from warren buffett.",
      "date_published": "2016-03-14T21:00:00Z"
    },
    {
      "id": "",
      "url": "https://blog.c0xl.ch/p/git-for-homelab",
      "title": "Your Homelab Should Be a Git Repo - Bootstrapping Config Management With Ansible",
      "summary": "A brief summary of what this post is about.",
      "date_published": "2016-03-02T22:00:00Z"
    }
  ]
}