System administration *

Hello, Habr! I once conducted a small test of virtual machines from various hosting providers and compared them with each other — it turns out that five years have passed since then. And in that test, the conditions for all servers were the same, as similar configurations were being tested.

Today I'd like to talk about how the cheapest (in the price range of 100 to 300 rubles) offers from popular hosting providers behave.

In this guide, we will install the v2rayA package on OpenWRT using the stable 23.05.0. A router with at least 128 MB of RAM (256 is preferable) and more than 16 MB of storage is recommended (the installation takes about 30 MB of storage)

v2rayA is a simple-to-use and powerful client focused on Linux. Despite its name, the current version uses xray-core, although it's also possible to use v2ray-core. It has a web interface for managing settings and importing configurations and subscriptions. It supports everything that xray-core supports:

Shadowsocks (incl. 2022), ShadowsocksR, Trojan, Vless (including XTLS-Reality, XHTTP), Vmess, Juicity, Tuic

The guide will include:

1. Installation from the repository

2. Configuring v2rayA and bypassing blocks using Re:filter, Antifilter GeoIP, Geosite

With the rise of privacy threats and constant internet restrictions, using a VPN has become the norm for many users. However, behind the simplicity of connecting lie technical features that can significantly impact

the user experience. One of the key factors is the choice of VPN protocol, which determines the speed, stability, and security level of the connection.

This article will provide a detailed breakdown of the most popular VPN protocols, their features, advantages, and disadvantages, and will also offer examples of how to use each of them.

By the way, I took all the pictures from those, you know, the internets, but I analyzed and explained them myself, just for you :)

Having your own VPS for a VPN is quite advantageous. There are no limits on the number of clients; you can provide a VPN connection to all your relatives, friends, and acquaintances. And you can pay 160–300 rubles a month for it. And while public VPNs are being actively blocked by DNS and IP, personal VPNs have so far avoided this fate.

There are downsides: server administration and a lack of geographical diversity.

A VPN requires a foreign server, and for over a year now, there have been problems with paying for foreign services in Russia. But there are Russian companies that provide foreign servers, and you can pay them with a Russian card.
I registered with a dozen providers and got as far as purchasing a VPS with five of them. And after testing, only three remained.

Programmers, sysadmins, DevOps engineers, and testers are often united by the use of some common technologies. For example, the ability to have remote access to a server would be useful to anyone in the aforementioned anecdotal company. Therefore, in this article, we will cover the basics of working with the SSH protocol at a fundamental level (without generating keys, signatures, moms, dads, and credits). We'll look at 'advanced' usage separately next time. This material was prepared by Max, the author of the YouTube channel PyLounge. Let's go!

We were asked to talk about the protocol technology XHTTP in the context of XRay, VLESS, and others. You asked for it, so here it is!

First, a bit of history. The classic use of VLESS and similar proxy protocols (including with XTLS-Reality) involves the client connecting directly to a proxy server running on some VPS. However, in many countries (including Russia), entire subnets of popular hosting providers have started to be blocked (or throttled), and in other countries, censors have begun to monitor connections to 'single' addresses with high traffic volumes. Therefore, for a long time, ideas of connecting to proxy servers through CDNs (Content Delivery Networks) have been considered and tested. Most often, the websocket transport was used for this, but this option has two major drawbacks: it has one characteristic feature (I won't specify it here to not make the RKN's job easier), and secondly, the number of CDNs that support websocket proxying is not that large, and it would be desirable to be able to proxy through those that do not.

Therefore, first in the well-known Tor project for bridges, the meek transport was invented, which allowed data to be transmitted using numerous HTTP request-response pairs, thus allowing connections to bridges (proxies) through any CDN. A little later, the same transport was implemented in the briefly resurrected V2Ray. But meek has two very significant drawbacks that stem from its operating principle: the speed is very low (in fact, we have half-duplex transmission and huge overhead from constant requests-responses), and due to the huge number of GET/POST requests every second, free CDNs can quickly kick us out, and paid ones can present a hefty bill.

Hello everyone, in this article I will explain how many people manage to bypass whitelists, and what the root of the problem is. If you are a 'newbie' and don't want to bother with all the setup, at the <a href="#services"> end of the article</a> I've listed services that are mentioned in discussions.

Direct connect VLESS + Reality to Europe (Amsterdam, Germany, Finland) is being shaped for almost everyone. TSPU has mastered a new tactic: they don't terminate the session via RST, but simply 'freeze' it. As soon as the data volume in a single TCP session exceeds 15-20 KB, packets stop arriving. The connection hangs until the client times out.

Ten years ago, I wrote a couple of articles - How to download the latest Office from the Microsoft website without any App-V / Habr (yg140.servegame.com) and How to download Microsoft Office 16 from the Microsoft website / Habr (yg140.servegame.com), using the then little-known Office Deployment Tool.

Time flies. After Office 2016 came Office 2019, Office 2021, and now it's time for Office 2024. Well, let's see what has changed in terms of downloading, installing, and activating the product over the past ten years.

First, let's talk about the versions and editions of Microsoft Office. To avoid being too meticulous in the description, I'll briefly state the most important thing: over the years, the Office lineup has evolved. There are different subscriptions and update plans, new features appear in new versions, and bug fixes and patches for found vulnerabilities are released for older versions.

Microsoft has long since switched to a system of distributing Office family products through various so-called "channels," depending on how often you want to receive new features and updates.

The key difference in the current download and installation of Office from what was relevant in the days of Office 2016 is that you must determine which distribution channel you are going to use - that is, from which channel you are going to install the product itself. For those who would like to study the different distribution channels in detail, I suggest reading the original source - Office updates - Office release notes | Microsoft Learn. For the rest, I'll summarize briefly - Microsoft now prefers to sell everyone a subscription to Microsoft 365 (what was previously called Office 365), with regularly updated features under the so-called Modern Lifecycle Policy. The consumer (boxed, retail) versions of Office 2021 are also distributed under this modern policy. Office 2021, for example, is only supported until October 13, 2026. And older versions follow the so-called Fixed Lifecycle Policy, under which Office 2016 and Office 2019 are only supported until October 14, 2025. In general, they will not stop working after that date, but they will stop receiving updates. And for those of you who use email services based on Microsoft Outlook.com or Office365, and possibly Microsoft Exchange users, with updates released after October 14, 2025, it's time to think about upgrading.

In a changing network infrastructure, mobile internet users face questions: what resources remain available, and what does this look like on a technical level? This material is the result of a practical study using standard network analysis tools.

No speculation—only measurements, numbers, and technical facts.

Yes, this is an article about how to install Windows 11 correctly. This process is now accompanied by so much voodoo that, I swear, it's easier to install Arch. So I decided to get all my knowledge on this subject out of my head and into an article.

This year, like many Habr visitors, I read with great interest the articles by the respected MiraclePtr, learned to apply his ideas and recommendations, and got practical experience with protocols, clients, and graphical panels. For many protocols, there are detailed installation and configuration instructions available to even the most inexperienced users who are just starting to explore the world of Linux.

I finally got around to the protocol briefly described in the article "Modern Anti-Censorship Technologies: V2Ray, XRay, XTLS, Hysteria, Cloak, and Everything Else" — the Hysteria protocol, which has already reached its second version. And I couldn't find a comprehensive Russian-language guide for it, which prompted me to gather all the information in one place once I figured out the main issues of installing and configuring the server and clients for using this protocol to bypass blocking.

In the fall of 2025, many people, myself included, opened their favorite hardware store to 'quickly grab another 32–64 GB of DDR5 for games, an IDE, and a couple of Docker containers'—only to close the tab in mild culture shock. The memory that cost a 'reasonable' amount in the summer suddenly cost almost as much as a mid-range graphics card.

In short, this isn't 'greedy stores' but the consequence of a rather complex restructuring of the entire DRAM market for AI servers and HBM memory. In this article, we'll explore what's happening at memory factories, why PC modules are suffering the most, what to expect in 2026, and how to make upgrade decisions if you're a gamer, developer, or just a hardware enthusiast.

A VPN is a technology for a secure connection to a remote computer or network, and for most users, it's simply a safe way to use the internet in public Wi-Fi zones.

In this article, we will look at four ways to create your own VPN. Let's start with the simplest option, which is manageable even for novice PC users.

In this article, we will look at 3 ways to set up a VPN connection with VLESS and Reality.

VLESS is a modern, privacy-oriented data transfer protocol, often called VLESS VPN, although strictly speaking, we will be discussing the installation of a proxy with the VLESS protocol based on an XRay server with Reality.

Let's start with the simplest and most universal option, which requires no technical knowledge.

A utility for supporting Xray on Keenetic routers — Xkeen.
All the code is written in pure shell and is open source on GitHub.

Builds Xray for your Keenetic on Entware.
GeoIP and GeoSite from AntiFilter, AntiZapret, and v2fly are available.

Automatically updates Xray, GeoIP, and GeoSite at a specified time.

> As of April 10, 2024,
> three months later,
> this article has been blocked by Roskomnadzor (RKN)
> within the territory of the Russian Federation.
> It has also been removed from the web archive archive.org.
> The article on Habr remains accessible from IP addresses in other countries.
> Yes, now to read about VPNs, you need a VPN.

Against the backdrop of last year’s escalation of censorship in Russia, the articles by MiraclePTR were a breath of freedom for many Russian-speaking IT folks. I want to open the door to free information a bit wider and invite “non-techies” (“dummies”) who want to spin up a personal proxy server to bypass censorship but feel lost in the flood of information or got stopped by a confusing technical error.

In this article I’ve described a universal solution that provides transparent access to the global internet bypassing censorship, uses cutting-edge traffic obfuscation, doesn’t depend on the will of a single corporation, and most importantly has ample “safety margin” against interference from censors.

This article is aimed at “dummies” unfamiliar with the subject area. However, people “in the know” may also find something useful (for example, a slightly simpler setup for proxying via CloudFlare without having to run nginx on a VPS).

If you still don’t have a personal proxy to bypass censorship—this is your sign.

Do you switch between Linux and Windows in dual-boot? Then you're probably familiar with this problem: you have to reconnect all your Bluetooth devices every time. Headphones, mouse, keyboard, gamepad — everything has to be reconnected.

It's scary to even think about it:
3 devices × 90 seconds × 3 switches per day × 250 days = 56 hours wasted per year.

I spent a month solving this problem and wrote BlueVein — a utility for automatically synchronizing Bluetooth keys between operating systems.

Throughout their careers engineers build systems that protect data and guard it against corruption. But what if the right approach is the opposite: deliberately corrupting data, generating it out of thin air, and creating forgeries indistinguishable from the real thing?

Maksim Gramin, systems analyst at Postgres Professional, explains why creating fake data is a critical skill for testing, security, and development — and how to do it properly without turning your database into a junkyard of “John Smith” entries.

Hello, Habr! We continue the series of articles on the innovations of the Tantor Postgres 17.5.0 DBMS, and today we will talk about authorization support via OAuth 2.0 Device Authorization Flow is a modern and secure access method that allows applications to request access to PostgreSQL on behalf of the user through an external identification and access control provider, such as Keycloak, which is especially convenient for cloud environments and microservice architectures (the feature will also be available in PostgreSQL 18). In this article, we'll take a step-by-step look at configuring OAuth authorization in PostgreSQL using Keycloak: configure Keycloak, prepare PostgreSQL, write an OAuth token validator in PostgreSQL, and verify successful authorization via psql using Device Flow.