J
169 posts
J
@CCIE4K
3x CCIE (R&S, Wireless, Security). Went from running networks to leading the people who do. Still learning daily. Dad of two, gravel rider, always mid-book.
شامل ہوئے Ocak 2016
654 فالونگ63 فالوورز
Even after 8 years since it was published, Linux Basics for Hackers is still the #1 bestseller on Amazon among books on:
1. Linux Networking
2. Linux Programming
3. Unix Operating Systems
Thank you very much! I am very grateful.🙏
You must like my book 🤗
amzn.to/3QxCpKf
English
running agents safely and accessing them from your phone or any device is way easier than people frame it. it sounds like wizardry. it's actually four tools and one skill. here's the whole stack.
the tools:
> tailscale - meshes all your machines into one private network. phone, laptop, gpu nodes, all reachable by name from anywhere.
> termius - ssh client for your phone. full terminal access to any node in your mesh from your pocket.
> tmux - persistent sessions that survive disconnects. your agent keeps running whether your phone is open or not. this is the one skill you have to learn.
> docker - sandbox your agents. skip-permissions inside a container means they run freely without touching your host system.
the agents:
> hermes agent for local model work. set a /goal, it runs autonomously for hours or days.
> cursor cli for frontier model work when you need the heavy hitters.
the flow: agent runs in docker on your node inside a tmux session. tailscale connects your phone to that node. termius lets you ssh in and check progress. close the app, the agent keeps grinding. open it tomorrow, check results.
the only real learning curve is tmux. spend one afternoon with it and you'll orchestrate multi-day agent runs from your phone for the rest of your life.
the agent never runs on the phone. the phone is just the window. your compute stays on your hardware. you just hold the remote.
bookmark this. it's the entire stack for owning your agentic workflow from anywhere.
Sudo su@sudoingX
anyone thinking about, learning, or already working with agentic systems, you should know this. the first few steps of your setup matter more than any model or framework you pick later. get them right and you never lose your flow. the foundation nobody posts about: > 1. tailscale. a private mesh network across every machine you own. laptop, desktop, rented node, all on one secure tailnet, reachable from anywhere. nothing else works well until this does. > 2. termius, over that tailnet. one SSH client that reaches every node, phone included. you are never away from your stack. > 3. tmux. persistent sessions. disconnect, close the laptop, come back, every session exactly where you left it. agentic work runs long, your terminal has to survive that. > 4. a private git repo. the one i am most glad i found. it is the memory layer across all my agents, they pull, they work, they merge back, the codebase stays alive between sessions. context that would die in a chat window lives in the repo instead. > 5. script everything from day one. ssh aliases for every node, setup scripts, the boring boilerplate automated. if you will do a thing more than twice, it is a script. everything past these five is decorative. know these cold. and the habit that ties it together: ask the AI itself. for the config, for the error, for any of it, let the agent do the lifting, then double check what it hands you. lock the five, build the habit, and you make it. skip it, anon, and you ngmi.
English
@techspence nobody can tell you what actually talks to what, so you either break prod finding out or you monitor for weeks first. the rules are the easy bit
English
"Simple" security controls that are not easy:
- network segmentation
Easy conceptually. Don't allow servers to communicate with end-user systems.
But implementing good/strong network segmentation is not always a trivial thing. Some applications require DB communication. Some weird applications run from network shares for some silly reason. It's wild all the reasons why good segmentation is hard.
But it's still incredibly powerful when done well.
English
Studying for the CCNA and feeling overwhelmed?
You don't have to learn it all. You have to learn it in ORDER:
models, then subnetting, then switching, then routing, then services.
Each layer assumes the one before it. Skip ahead and it feels impossible. Go in sequence and it builds itself.
English
@TheAhmadOsman agree. though the gpu part is the part everyone's already learning. the quieter gap is the networking, getting data to the card fast enough and keeping a multi-gpu box fed without the network being the bottleneck
English
You click a link. What actually travels across the wire? The whole stack, in one read:
LAYER 7 - APPLICATION
Your browser writes an HTTP GET. Just text: "give me this page."
LAYER 4 - TRANSPORT
TCP wraps it: source port (random high), dest port 443, sequence numbers so the far end can reassemble and ask for resends.
LAYER 3 - NETWORK
IP wraps that: your source IP, the server's dest IP. The address that survives the whole journey across every router.
LAYER 2 - DATA LINK
Ethernet wraps that with MAC addresses, but only for the NEXT hop. The dest MAC is your router, not the server. This header is stripped and rewritten at EVERY hop.
LAYER 1 - PHYSICAL
All of it becomes electrical/optical signals on the wire.
The insight most people miss: IP addresses stay the same end to end, but MAC addresses change at every single router. L3 is the journey; L2 is each individual step.
Reverse it on the way up at the server. That's encapsulation and de-encapsulation, the heartbeat of every network.
English
I can't believe this is real
I have GLM 5.2 running 100% locally on my Mac Studio. 2 bit quant.
The results I'm getting are better than Opus 4.8
It's now powering my Hermes Agent and Codex. 100% free, local, private super intelligence on my desk
I also have it in a loop coding for me 24/7 now
I thought we were at least a year away from this type of event. It happened today.
The model takes up about 250gb of memory. So you can technically run it on a Mac Studio with 256gb, but you probably want the 512gb memory version (please tell me you listened to me 5 months ago when these were sitting on store shelves)
With Fable gone, I now have Opus 4.8 level intelligence on my desk for free. This is the future.
Local, private, secure, personal super intelligence.
If you're still writing off local AI as a fad or engagement bait, you are officially delusional
English
GLM-5.2 can now be run locally!🔥
The 2-bit model retains ~82% accuracy after we shrunk it from 1.51TB to 238GB (-84% size).
Run on a 256GB Mac or RAM/VRAM setups.
GLM-5.2 is the strongest open model to date.
Guide: unsloth.ai/docs/models/gl…
GGUF: huggingface.co/unsloth/GLM-5.…
Z.ai@Zai_org
Introducing GLM-5.2: Frontier Intelligence, Open Weights - Significant improvements in coding and agentic tasks - Strong long-horizon capabilities with a 1M context window - Two levels of reasoning effort: GLM-5.2 (max) pushes the limits, while GLM-5.2 (high) strikes a strong balance between performance and token efficiency - MIT-licensed open weights - Same API pricing as GLM-5.1 Tech Blog: z.ai/blog/glm-5.2 Weights: huggingface.co/zai-org/GLM-5.2 API: docs.z.ai/guides/llm/glm… Coding Plan: z.ai/subscribe Chat: chat.z.ai
English
Bare-minimum to make a Cisco box SSH-only:
ip domain-name lab.local
crypto key generate rsa modulus 2048
username admin secret
line vty 0 4
transport input ssh
login local
ip ssh version 2
Telnet is off the second you set transport input ssh. Do it before the box ever touches a real network.
English
@NetworkChuck @CiscoNetworking when an agent applies a fix, do you see the proposed change before it commits, or does it validate and push on its own?
English
Cisco Just Showed the Future of Networking
Cisco Cloud Control puts everything in one place — and now AI agents are actually doing the work.
GO CHECK IT OUT: ntck.co/ciscocloudcont…
#sponsored @CiscoNetworking
English
@Hamzaonchain Two different jobs. HTTPS hides the contents, not where you're going. Your ISP still sees the destination IP and even the hostname. A VPN hides that part too. It just moves who you're trusting from your ISP to the VPN provider.
English
If HTTPS already encrypts your traffic… why are people still using VPNs?
English
Good series to send people to. The detail that makes it click early: starting at raw Ethernet frames means a TAP device, not TUN. TAP hands you the full L2 frame so you write your own ARP. TUN drops you in at L3 and the kernel already did that part for you. Choosing TAP is the whole reason you actually learn ARP instead of inheriting it. The lesson is hiding in that one setup choice.
English
Let's Code a TCP/IP Stack in C
part 1 starts with raw Ethernet frames and ARP
by part 5 you have a working socket API TCP retransmission and a real networking stack
also you can run tools like curl and even a web browser through your own stack
one of the fastest ways to go from "I know how to use sockets" to "I know what sockets are actually doing"
English
Solid list. Worth sharpening the last one: "restrict network access on management interfaces" usually gets done with an ACL on the mgmt interface, but the management plane still answers on every other interface unless you scope it there. On IOS XE that's Management Plane Protection under control-plane host, you name the one interface allowed to take SSH/HTTPS and the box drops the rest before it punts to process. Different layer than a VTY ACL.
English
Do not expose management interfaces to the open internet where you don't have to!
Do not use shitty MSPs to install highly important edge devices.
Do a security design before you deploy.
Conduct a security review after you deploy (and ideally during the build)
Enforce MFA on management interfaces
Restrict network access on management interfaces
#FortiBleed #MSP #ManagedIT #IT #Security
English
Worth splitting this, because two different costs both get called overhead. One is latency: the handshake makes you eat a full round trip before any data flows. The other is resources: every open socket holds kernel memory for send and receive buffers plus connection state, which is why a box with a million idle connections hurts even when nothing is moving. Short-lived connections pay the first cost. High connection counts pay the second.
English
Worth being precise about what a VPN does and doesn't touch here. It changes where you appear to connect from, so it can dodge a site gate that keys off location. It does nothing against a check tied to your account or your device, because that one runs before a packet ever leaves. People are going to reach for a VPN as the escape hatch and find they solved the wrong layer. Location and identity aren't the same control.
English
Mark my words and bookmark this tweet. One day in the coming years, once all these laws about age verification pass and become law. There is going to be a windows update that REQUIRES a microsoft account be linked and ID verification to continue using your windows device.
People who can't see that are going to be really caught off guard when suddenly they have to dox themselves just to use their phones, pc, and every single website they visit.
English
192.168.1.1, and the wording is exactly what makes .2 a trap. The PC's own address is .2, so "address the PC uses" reads like it's asking for the source IP. But the question is where remote traffic goes, and that's the default gateway on the 0.0.0.0 route: .1. The source stays .2, the packet just gets handed to .1 to leave the subnet. Two roles, easy to conflate.
English
CCNA EXAM QUESTION PRACTICE
Refer to the exhibit. Which IPv4 address does the PC use for sending traffic to remote networks?

•127.0.0.1
•192.168.1.2
•192.168.1.1
•192.168.1.255
English