Mads Christian Mozart Johansen’s Post

Microsoft released an emergency out-of-band update, KB5086672, on March 31, 2026, to resolve a severe installation loop bug affecting Windows 11 versions 24H2 and 25H2. The issue stemmed from the March 26 non-security preview update (KB5079391), which triggered error code 0x80073712 and prevented devices from applying recent patches or maintaining security. The new cumulative patch restores update functionality, advances OS builds to 26200.8117 and 26100.8117, and includes AI component improvements. Users with automatic updates should receive it soon, while others can manually install via Settings or the Microsoft Update Catalog. Organizations are urged to deploy it promptly through Intune or Autopatch to avoid prolonged exposure to unpatched systems. https://lnkd.in/dau_b7ur

Scaled Ollama on a CPU-only Windows Server I've been running a local LLM (qwen2.5:7b via Ollama) on a Windows Server with an Intel Xeon Gold 5318Y (48 cores, 150GB RAM) — no GPU. The goal: fast AI-powered text transformation inside a chatbot. Problem: Ollama processes ONE request at a time. With multiple users hitting the API, requests were queuing up and responses were painfully slow. My first idea: Run 3 Ollama instances on ports 1**4, 1**5, 1**6 and round-robin between them randomly using array_rand(). What actually happened: 3 instances fighting for 48 cores → Apache/httpd memory overflow (WorkingSet went NEGATIVE) → server became completely unreachable 💀 Recovery: Had to PowerShell remote into the server add it to TrustedHosts, kill ollama.exe, httpd.exe. The real fix — smart load balancing: 1. Only 2 Ollama instances (not 3) 2. Each gets 16 threads → 32 cores for AI 3. 16 cores left free for Nginx + Apache + OS 4. Smart port picker using /api/ps endpoint → checks which instance is idle BEFORE routing Lessons learned: ✅ Bigger model ≠ better. qwen2.5:7b beats llama3.1:70b for text tasks on CPU ✅ 2 instances > 3 instances on a shared server Open for automation consulting,DM for collabs.

My SSD was failing — and still showed "Good (98%)". My ThinkPad started blue-screening. At first it felt random — until CrystalDiskInfo told the real story: 15 media errors.   732 by the end of the day. Health status? “Good — 98%.” The SSD had only written 39TB — about 8% of its 480TB rated endurance.   This wasn’t wear. It was failure — and the health indicator didn’t care. I focused on saving what mattered first: - Checked 60+ repos for uncommitted work   - Dumped databases   - Backed up SSH keys and secrets   - Exported Docker volumes  All while writing restore steps between crashes, knowing any reboot could be the last. When it came time to rebuild, I looked at my setup notes. Half of it was workarounds: - Portproxy scripts just to make SSH work   - Syncing Windows hosts files   - Docker Desktop sitting in between everything   - Fixing IPs every time WSL restarted  I’d accepted all that friction as “normal.” But every tool I use runs on Linux anyway. So I stopped compromising. New SSD went in. Ubuntu went on.   No Windows. No WSL. No workarounds. I booted the old drive one last time. 25,343 media errors. Health status: “Good — 98%.” Two takeaways: - Don’t trust the headline number — check what it’s hiding   - Sometimes it takes losing your setup to realise how much of it was never necessary

Does your disk ever get cramped? Even after you clear out some old virtual machines? Is there still no extra disk space to work with? If you find yourself in that situation, remembering to use these commands can help: 🐧 df -h --> this will help you see which filesystem is tight. 👀 du -h --> using that on a particular path or directory will help you see which directories are the biggest. df stands for "disk free" du stands for "disk usage" For the -h flag, this comes straight from the man page:    -h, --human-readable       print sizes in human readable format (e.g., 1K 234M 2G) In general, those commands will help you figure out how your disk is or isn't being used, but it may still take some extra work to figure out exactly why space is still cramped. I forgot that the distro I am using (#Omarchy) uses #snapper to create snapshots of my system after every update. It's nice to have those snapshots, but on a small disk I was running out of space too fast. For now I'm okay, and du and df have helped me identify ways to get more breathing room, but maybe the next step should be to just go out and finally buy a bigger hard drive... Is a 256G SSD enough? Doesn't seem like it. How much space do you like to have on your main drive? #linux

Most Linux servers run with default sysctl values. And most of the time… nobody questions it. But in real environments (especially hosting / high-load systems), this leads to: Connection drops under load High TCP retransmissions File descriptor exhaustion Unstable performance patterns So I started building something small: eak-systune A lightweight tool that: Observes real system behavior (not assumptions) Builds a rolling baseline from live metrics Detects anomalies in CPU, TCP, FD usage, run queue Compares system state against optimized sysctl profiles Generates actionable recommendations Not based on static “best practices”. Based on how your system actually behaves under load. Still early, but already seeing interesting signals: TCP pressure patterns FD usage spikes before incidents Misaligned kernel parameters This is not another tuning script. This is about understanding before optimizing. More soon.

An angry researcher just dropped a Windows Defender 0day exploit, he has a message to Microsoft: "I'm not explaining how this works, yall geniuses can figure it out." The exploit targets Defender's internal signature update mechanism to achieve local privilege escalation. https://lnkd.in/e4pF_KgA via @IntCyberDigest

Your Linux kernel has been screaming at you since boot.  You just never listened.  Every single second, your kernel writes messages into a 128KB ring buffer — hardware failures,  driver crashes, security warnings, OOM kills.  Most of them disappear before anyone reads them.  Here's what's happening under the hood:  The kernel ring buffer is a circular log. When it fills up, new messages overwrite the oldest ones. No warning. No backup. Gone.  Right now, on your machine:  - dmesg | wc -l → probably alot of messages since boot  - dmesg | grep -i error → dozens you never saw  - dmesg | grep -i warn → hundreds you ignored  The 8 log levels (KERN_EMERG → KERN_DEBUG) decide what shows on your console vs what stays buried.  Most distros only surface level 4 and above. Everything else? Silent. If your server crashes at 3 AM because a disk controller failed, the warning was probably in dmesg 6 hours earlier. Overwritten. Unread.  dmesg -T --level=err,warn | tail -50  -T gives human timestamps. --level filters the noise.  Set up persistent logging (journalctl -k) or you're flying blind. Check the full visual breakdown of how the ring buffer works, from printk() to your terminal.  Follow for more Linux internals that actually matter.   thelinuxcamp.com

"I don't think running VMs inside Podman is possible." So I did what any reasonable person would do: I booted the same VM twice inside a rootless Podman container and timed both runs. The first boot runs without KVM, which means pure software emulation where QEMU translates every CPU instruction on the fly. Your modern multi-GHz processor ends up spending its time pretending to be a slower, imaginary one, and you feel it: Alpine Linux took 22 seconds to reach the login prompt. The second boot adds two flags — `--device /dev/kvm` on the Podman side and `-enable-kvm -cpu host` on the QEMU side. Instead of translating instructions, KVM hands them directly to the CPU, and the same VM boots in 7.8 seconds. Three times faster, with no changes to the image, the ISO, or the machine. What surprised me most wasn't the speed gap. It was that none of this requires `--privileged`. Passing `--device /dev/kvm` gives the container access to exactly that one device and nothing else, so you get hardware acceleration without handing the container more trust than it needs. Next up in Part 3: the VM is fast but has no memory between runs. We fix that with persistent qcow2 disk images. Link in the comments 👇 #KVM #Podman #Virtualization #Linux #QEMU #LearnInPublic

🖥️ Save this before your next Windows headache. These 10 commands have saved me more times than I can count - and most people don't know half of them exist: 🛡️ sfc /scannow - repairs corrupted system files 💾 chkdsk /f - fixes disk errors before they kill your drive ⚙️ DISM /Online /Cleanup-Image /RestoreHealth - when sfc alone isn't enough 🌐 ipconfig /flushdns - the fix for half of all "website won't load" problems 🔌 netsh int ip reset - nuclear option for broken TCP/IP 📡 ping www.google.com - first thing I run on any network issue 🔗 netsh winsock reset - corrupted socket catalog? done. 🔧 msconfig - control what starts with Windows 🔍 chkdsk /r - finds bad sectors before data loss happens ⚡ bootrec /fixmbr - last resort when Windows won't boot All run from Command Prompt or PowerShell (as Administrator). Bookmark this. You'll thank yourself later.

The service shows Running. Users say it stopped working hours ago. The Windows Service Control Manager only checks if the process is alive, not whether it's doing anything useful. FireDaemon Pro detects what Windows SCM misses: ✅ Resource Monitor (right-click any service): shows CPU%, Private Bytes, and Data I/O in real time for the entire process tree — not just the top-level process. Open multiple windows simultaneously, one per service ✅ Hang Detection (Lifecycle tab): uses the Windows IsHungAppWindow API to detect unresponsive message loops in GUI applications — configure to report the hang, or terminate and auto-restart after a set number of minutes ✅ Crash loop protection: Fail Detection in the Lifecycle tab limits total restarts across the entire service lifecycle — so a crashing service stops looping and writes a structured event rather than degrading the server indefinitely ✅ Events tab > After Program Crash disposition: FireDaemon Pro supplies the FD_PID environment variable automatically to any script you configure — invoke ProcDump with that PID before the restart and the developer gets a memory dump, not a bare timestamp Bottom line: a workload that looks healthy but produces nothing is the same as downtime. The monitoring has to match the reality. Free 30-day trial at firedaemon.com #WindowsServer #InfrastructureResilience #WindowsServerReliability #Monitoring #ITOperations