The Operator’s KVM Bible

2026-03-062026-03-05 ~ Tom's IT Cafe ~ Leave a comment

When the enterprise behind one of the widespread hypervisors was acquired:
many sysadmins decided to move on.

Most of them chose a Linux-based open-source alternative.
Many of them migrated to the Microsoft ecosystem.
They chased the same workflow, the same features they had before.

Only a very few operators dared to rework their processes and architecture.

KVM (Kernel-based Virtual Machines) is part of the Linux kernel.
It is a stable and fast hypervisor.

A carefully configured host OS for KVM can reduce the attack surface compared to feature-heavy hypervisors.
The libvirt API enables secure automation and configuration management.
KVM can host Linux, Windows and BSD virtual machines as well.
It ships an ecosystem of mature tools for the operators in charge.

KVM is not a downgrade. It’s a sideways step.

Continue reading →

Gitea – Ansible Installer Role

2026-02-272026-02-25 ~ Tom's IT Cafe ~ Leave a comment

Automation and configuration management are not just about comfort.
They provide security, auditability and operational freedom.

For this reason Tom’s IT Cafe provides an Ansible role that:

Downloads and installs the Gitea Linux binary
Sets up a system service (as a non-root user)
Sets up PostgreSQL (or SQLite for lightweight setups)
Optionally sets up a reverse proxy with Certbot or self-signed keys
Highly configurable through variables

The role focuses on a small, auditable code base with strong security.

Continue reading →

Gitea – Your Self-Hosted Git Platform

2026-02-202026-02-19 ~ Tom's IT Cafe ~ Leave a comment

You feel the comfort of the cloud – low maintenance, fast setup.
Your source code, configuration and files are safe.

Or… are they?

You rely on a third party for infrastructure control, security operations and availability.
What would your business continuity plan look like if your SaaS provider became unavailable?

In this article we investigate a self-hosted solution for small businesses.

Continue reading →

The CI/CD Of The Small Business World

2026-02-132026-02-04 ~ Tom's IT Cafe ~ Leave a comment

DevSecOps is one of the most important shifts in modern systems.
It is not DevOps with security added later.
It is security designed into the CI/CD pipeline before the first commit.

Continue reading →

Borg Backup – Encrypt And Deduplicate Your Data

2026-02-062026-01-26 ~ Tom's IT Cafe ~ Leave a comment

If you have any data – backups are not optional.
Devices crash. Pendrives disappear. Houses burn down.

Your backups are useful only if you can restore them.

Continue reading →

WireGuard – Secret Path In The Shades

2026-01-302026-01-26 ~ Tom's IT Cafe ~ Leave a comment

Your Virtual Private Network isn’t there to watch geo-blocked content.
Once VPNs were used to connect networks, like remote offices of a company.
Today they protect your information and privacy.
This is why your VPN isn’t an optional tool anymore.
It’s your shield against the unwanted attention and passive monitoring.

Continue reading →

AI Agents – The New Corporate Security Holes

2026-01-212026-01-15 ~ Tom's IT Cafe ~ Leave a comment

The adoption of AI agents has accelerated.
More data. Faster hardware. More delegated tasks.

AI agents thrive in hidden corners of corporate IT.
They wait for work in silence – as privileged users.

What happens when an outsider gains access to such an agent?
Its privileges become the outsider’s access.

Continue reading →

Suspend Then Hibernate with LUKS and LVM (A Practical Setup)

2026-01-142026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Linux power management was tricky in the early days.
Adding LUKS and LVM to the mix was a suicide combo.

Today it’s not just a possibility – it’s a baseline requirement for secure Linux setups.

Continue reading →

How To Avoid And Detect Phishing In 2026

2026-01-072026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Phishing did not disappear.
It evolved.

In 2026, phishing emails look real.
SMS messages feel urgent.
Websites copy everything.

The goal is simple.
Make you rush.
Make you click.

This article shows how to slow down and spot phishing before it works.

Continue reading →

GPG Basics: Simple, Safe Encryption for Everyday IT Work

2025-12-092026-01-17 ~ Tom's IT Cafe ~ Leave a comment

When you hear the word encryption, it often sounds like something only security researchers and intelligence agencies deal with. But in reality, every IT professional – even small teams, freelancers, or home users – should understand the basics of protecting sensitive files.

GnuPG (or GPG) is one of the most trusted tools for this. It’s free, open-source, built into every Linux distribution, and works perfectly for encrypting files, verifying downloads, or signing work-related documents.

This guide walks you through a clean, beginner-friendly setup – no advanced OPSEC, no air-gapped machines, no master-key rituals. Just the essentials that anyone at home or at work can start using today.

Continue reading →

Solo Development Doesn’t Need Corporate Git Workflows

2025-12-042026-01-17 ~ Tom's IT Cafe ~ Leave a comment

Git is a powerful tool, but solo developers often inherit processes designed for large teams.
Corporate branching strategies solve coordination problems that an individual simply doesn’t have.
When you’re the only developer in the room, heavy processes become friction.
You don’t need gates, ceremonies, or complex merging rules to work effectively.

Continue reading →

Local LLMs for Privacy‑First Workflows A Practical Guide with LMStudio

2025-12-022026-01-15 ~ Tom's IT Cafe ~ Leave a comment

Why run a language model on your own machine?

Data stays local – No text leaves your computer, so sensitive information can’t be sent to the cloud.
No API limits or costs – Once you have the model file, you’re not paying per request.
Instant response time – The round‑trip latency of an internet call disappears; the model replies in milliseconds.

If you’re a developer, system admin, or just someone who values privacy, these benefits make local LLMs worth a look.

Continue reading →

Understanding Linux Permissions: The “chmod” Cheat Sheet You’ll Never Forget

2025-11-272026-01-15 ~ Tom's IT Cafe ~ Leave a comment

When you first see a file in Linux, the three-letter string that starts with -rw-r--r-- can look like an alien language.
It tells the system who can read, write, or execute that file. Don’t worry – it’s just a set of rules.
In this post we’ll break those rules down into bite-sized pieces and give you a handy cheat sheet for the most common chmod commands.

Continue reading →

Encryption In Transit And In Rest

2025-11-252026-01-15 ~ Tom's IT Cafe ~ Leave a comment

At Tom’s IT Cafe we break down the hard stuff so you can secure your
systems without getting lost in jargon. Below is a straight-ahead look
at what “in transit” and “in rest” mean, why they matter, and how to
implement them with the most common algorithms.

Continue reading →

Firewall Basics with UFW: Protecting Your Server in Minutes

2025-11-202026-01-15 ~ Tom's IT Cafe ~ Leave a comment

What is a firewall?

A firewall sits between your server and the outside world. It decides which network traffic is allowed to reach your machine and which should be dropped. Think of it as a bouncer at a club: only people on the guest list get in.

UFW, short for Uncomplicated Firewall, is Ubuntu’s front‑end to iptables. It lets you write rules with simple commands instead of juggling raw tables.

Continue reading →