Bill Pollock
@nostarch.bsky.social
No Starch Press Founder and President. Founder and Chair, Hacker Initiative
The result? The server is now fully patched against years of CVEs (including "Baron Samedit" and "Dirty Pipe"), the kernel is current, and we have a fresh Swap file for stability.
We publish books on breaking things, but today was about fixing them. 🛠️
#sysadmin #devops #legacycode #nostarch
We publish books on breaking things, but today was about fixing them. 🛠️
#sysadmin #devops #legacycode #nostarch
November 19, 2025 at 6:48 AM
The result? The server is now fully patched against years of CVEs (including "Baron Samedit" and "Dirty Pipe"), the kernel is current, and we have a fresh Swap file for stability.
We publish books on breaking things, but today was about fixing them. 🛠️
#sysadmin #devops #legacycode #nostarch
We publish books on breaking things, but today was about fixing them. 🛠️
#sysadmin #devops #legacycode #nostarch
The fix? "Nuclear Option."
docker rm -f $(docker ps -aq)
We force-wiped the confused container runtimes. Because we architected the data to live on persistent Hetzner Volumes (and not inside the containers), I was able to rebuild the stack from scratch and re-mount the existing data instantly.
docker rm -f $(docker ps -aq)
We force-wiped the confused container runtimes. Because we architected the data to live on persistent Hetzner Volumes (and not inside the containers), I was able to rebuild the stack from scratch and re-mount the existing data instantly.
November 19, 2025 at 6:48 AM
The fix? "Nuclear Option."
docker rm -f $(docker ps -aq)
We force-wiped the confused container runtimes. Because we architected the data to live on persistent Hetzner Volumes (and not inside the containers), I was able to rebuild the stack from scratch and re-mount the existing data instantly.
docker rm -f $(docker ps -aq)
We force-wiped the confused container runtimes. Because we architected the data to live on persistent Hetzner Volumes (and not inside the containers), I was able to rebuild the stack from scratch and re-mount the existing data instantly.
The OS upgrade went fine, but Docker woke up angry.
I hit a KeyError: ContainerConfig. The modern docker-compose binary (v1.29) couldn't read the metadata from our ancient containers created by the 2019 engine. The stack refused to boot.
I hit a KeyError: ContainerConfig. The modern docker-compose binary (v1.29) couldn't read the metadata from our ancient containers created by the 2019 engine. The stack refused to boot.
November 19, 2025 at 6:48 AM
The OS upgrade went fine, but Docker woke up angry.
I hit a KeyError: ContainerConfig. The modern docker-compose binary (v1.29) couldn't read the metadata from our ancient containers created by the 2019 engine. The stack refused to boot.
I hit a KeyError: ContainerConfig. The modern docker-compose binary (v1.29) couldn't read the metadata from our ancient containers created by the 2019 engine. The stack refused to boot.
Rule #1 of Sysadmin Club: Paranoia is a virtue.
Before running a single update command, I did a "Cold Storage" backup. I shut down the database container and mirrored the raw volume data to physical USB drives.
Before running a single update command, I did a "Cold Storage" backup. I shut down the database container and mirrored the raw volume data to physical USB drives.
November 19, 2025 at 6:48 AM
Rule #1 of Sysadmin Club: Paranoia is a virtue.
Before running a single update command, I did a "Cold Storage" backup. I shut down the database container and mirrored the raw volume data to physical USB drives.
Before running a single update command, I did a "Cold Storage" backup. I shut down the database container and mirrored the raw volume data to physical USB drives.
