Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles

Mon 18 May 2026
FreeBSD

mdo on FreeBSD 15: Base-System Privilege Delegation with mac_do

FreeBSD 15 ships mdo(1) and the mac_do(4) policy module in the base system. It replaces sudo and doas for most of my hosts, needs no ports, and configures with a single sysctl. This article walks through enabling it, the rule syntax, a few real examples, and a short detour into the security sysctls I run on every box.

Sat 16 May 2026
Linux

Fedora Hummingbird: Distroless, Container-Native Linux and a Slim mastogreet

Fedora Hummingbird brings the distroless container model to a full, image-based rolling operating system, and it ships a catalog of hardened language images alongside it. I rebuild the mastogreet bot’s Containerfile on top of registry.access.redhat.com/hi/python to see what changes, what shrinks, and where the commercial Red Hat Hardened Images downstream fits in.

Thu 14 May 2026
Linux

Red Hat Offline Knowledge Portal: All the Docs, Air-Gapped, On Your Laptop

The entire Red Hat documentation site and the full Knowledgebase fit into a single OCI container that updates weekly, runs locally with a web UI and Solr search, and is included in every RHEL subscription that bundles Satellite. I have it on my laptop. I use it daily. Almost nobody I talk to knows it exists. This post is my small contribution to fixing that.

Wed 13 May 2026
Travel

A Field Manual for Three Years on Deutsche Bahn

After years of regular business travel by Deutsche Bahn, here is the small library of habits, app picks, routing folklore, and survival gear that actually helps. Not a complaint piece. A handbook for everyone who has resigned themselves to the system and would like the next trip to suck a little less.

Tue 12 May 2026
FreeBSD

FreeBSD Resource Monitoring, Accounting, and Troubleshooting

A practical tour of FreeBSD’s built-in tools for watching CPU, memory, disk I/O, and network activity, finding the process or jail that is eating your server, and applying per-jail accounting and limits with kern.racct and rctl.

1 of 11
Next