If you just ran rm on something important and you are reading this in a panic - stop what you are doing on that filesystem right now. Run mount -o remount,ro /dev/sdX to remount the partition read-only before anything else. Every write operation that hits the disk after deletion reduces your chances of getting those files back. With that out of the way, here is a direct answer: for ext4, use extundelete or debugfs as your first recovery attempt, and PhotoRec as a fallback. For Btrfs, roll back a snapshot if you have one, or use btrfs restore if you do not. The details matter quite a bit depending on your situation, so read on.

Tailscale creates a private WireGuard -based mesh VPN across all your devices with almost no configuration. You install the client on each machine, authenticate with your identity provider, and every device gets a stable 100.x.y.z IP that works regardless of NAT, firewalls, or network changes. As of early 2026, Tailscale v1.96 supports ACL tags for device-level policy, exit nodes for routing all traffic through a specific machine, subnet routers for exposing entire LANs, and MagicDNS for hostname resolution. For homelabbers, it is the simplest way to securely connect a homelab server, cloud VPS, phone, and laptop into one unified network.

Terminal apps used to mean raw curses calls and a lot of pain. Today, Python’s Textual and Rich libraries have flipped that experience entirely. In under 50 lines of Python you can have a full-screen app with styled layouts, interactive widgets, keyboard navigation, and live data updates - no web browser, no Electron, no JavaScript. This post walks through both libraries, shows you how they fit together, and builds up to a complete working example you can extend immediately.

Gemini CLI is Google’s open-source (Apache 2.0) terminal AI coding agent, and its defining feature is a free tier that no competitor matches: 1,000 requests per day and 60 requests per minute using nothing more than a personal Google account. No credit card required, no API key, no trial period that expires after 30 days. This persistent free tier, combined with a 1M token context window and Gemini 3 Flash as the default model, has driven Gemini CLI to roughly 97K GitHub stars - making it the most-starred AI coding CLI on the platform. The catch is code quality: Gemini 3 Flash gets things right on the first try about 50-60% of the time on complex tasks, well behind Claude Code’s 95%. That trade-off defines who should and should not use it.

You can switch your existing Linux installation from X11 to Wayland without reinstalling anything. The migration boils down to selecting a Wayland session at your display manager’s login screen, then working through three categories of follow-up: Xwayland compatibility for legacy X11 applications, input device configuration via libinput instead of xorg.conf, and environment variable tweaks so that toolkits like Qt, GTK, and Electron render natively through Wayland instead of falling back to X11. Most people can finish the whole process in an afternoon, keeping an X11 session as a fallback until they are satisfied everything works.

Hardening a Docker image means eliminating the attack surface at every layer. Start from a minimal base image like distroless or Alpine, run as a non-root user, set the filesystem read-only, drop all Linux capabilities and add back only what the application actually needs, pin dependency versions with verified checksums, and scan images with Trivy or Grype before pushing to a registry. Each layer of this checklist is independently valuable. You can adopt them incrementally without rewriting existing Dockerfiles, and every single item you check off reduces your exposure to real-world container exploits.

You implement OAuth 2.0 login by using the Authorization Code flow with PKCE (Proof Key for Code Exchange). Your web app redirects the user to the provider’s authorization endpoint with a code_challenge, the user authenticates and consents, the provider redirects back with an authorization code, and your backend exchanges that code along with the code_verifier for an access token. PKCE is mandatory for all OAuth 2.0 clients under the OAuth 2.1 draft specification (currently at draft-ietf-oauth-v2-1-15) and eliminates the need for a client secret in public clients. Building this from scratch - without Auth0, Clerk, or NextAuth - takes roughly 200 lines of code and teaches you exactly how token exchange, session management, and token refresh actually work.

USB Power Delivery (USB-PD) is supposed to be the universal charging standard that ends cable chaos. In practice, plugging in the wrong cable or charger gives you a device that charges at 5W instead of 100W - or refuses to charge at all. The root cause is almost always one of three things: a cable rated below what the device needs, a charger that advertises high wattage but only supports a narrow set of voltage profiles, or confusion between USB-PD and the half-dozen proprietary fast-charging protocols that coexist with it.