Techy

Traditionally, cat /dev/urandom | tr -dc 'a-zA-Z0-9' can cause 100% CPU spikes on low-end servers due to a 76% byte rejection rate. By switching to openssl rand -base64, I reduced the rejection rate to <3%, preventing system freezes for thousands of users on budget VPS instances. The Invisible Bottleneck Imagine you are a student or a hobbyist on a tight budget (like myself). You’ve just rented a $7.5/month virtual private server (VPS) with a single core and 512MB of RAM. You connect to it, paste the installation command for 3X-UI—a massively popular open-source networking panel with over 315,000 stars on GitHub —and hit Enter. ...

💥 The Incident A few days ago, someone decided to DDoS the entire IP range of my Hong Kong VPS provider. My machine had fail2ban running. It did its job — maybe a little too enthusiastically. Within minutes it had banned over 20,000 IPs, allocating memory for each rule until the box ran out of RAM entirely and triggered a kernel panic. The VPS went dark… Great… :/ So here’s the irony: fail2ban didn’t fail because it was badly configured. It failed because of a fundamental architectural problem. Every packet in a flood still has to be received by the kernel, handed up the networking stack, and then evaluated before fail2ban can react. Under a real volumetric flood, that cost alone — tens of thousands of soft interrupts per second — is enough to saturate a single vCPU and collapse the machine before any rule can take effect. ...

I noticed something frustrating: while my Hugo frontend (hosted on Netlify’s Edge) was lightning fast, images and videos were lagging. Every time I opened a post, there was a noticeable “pop-in” delay for media — the text would render instantly, then the images would trickle in a second or two later. The issue lies on my storage backend. I recently migrated my assets to a MinIO instance running on a BuyVM storage slab in Switzerland 🇨🇭. I love it — 80GB SSD, full S3-compatible API, and the data privacy story is hard to beat. But physics doesn’t care about any of that. Switzerland is physically far from most of my readers, and every uncached image request had to make a full round trip there. ...