Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Securing and Hardening Linux and Unix Endpoints Against Cyber Attack: Part IV

    How Secure are your Linux Endpoints? An Ethical Hacker’s Guide to Securing and Hardening Linux and Unix Endpoints

  • Henri Sivonen: A Look at Encoding Detection and Encoding Menu Telemetry from Firefox 86

    The failure mode of decoding according to the wrong encoding is very different for the Latin script and for non-Latin scripts. Also, there are historical differences in UTF-8 adoption and encoding labeling in different language contexts. For example, UTF-8 adoption happened sooner for the Arabic script and for Vietnamese while Web developers in Poland and Japan had different attitudes towards encoding labeling early on. For this reason, it’s not enough to look at the global aggregation of data alone.

    Since Firefox’s encoding behavior no longer depends on the UI locale and a substantial number of users use the en-US localization in non-U.S. contexts, I use geographic location rather than the UI locale as a proxy for the legacy encoding family of the Web content primary being read.

    The geographical breakdown of telemetry is presented in the tables by ISO 3166-1 alpha-2 code. The code is deduced from the source IP addresses of the telemetry submissions at the time of ingestion after which the IP address itself is discarded. As another point relevant to make about privacy, the measurements below referring to the .jp, .in, and .lk TLDs is not an indication of URL collection. The split into four coarse categories, .jp, .in+.lk, other ccTLD, and non-ccTLD, was done on the client side as a side effect of these four TLD categories getting technically different detection treatment: .jp has a dedicated detector, .in and .lk don’t run detection at all, for other ccTLDs the TLD is one signal taken into account, and for other TLDs the detection is based on the content only. (It’s imaginable that there could be regional differences in how willing users are to participate in telemetry collection, but I don’t know if there actually are regional differences.)

  • Puppy Linux without an initrd

    We know about the 'initrd' file, which is an initramfs that runs first at bootup. EasyOS has this, as do the puppies.
    A traditional full installation, occupying an entire partition, may not need an initrd, and can be run directly from the kernel boot parameters. For example, if the full installation is in /dev/sda9, then boot parameters would include root=/dev/sda9, or the PARTUID could be specified.
    If an initrd is used, the boot parameters would not have root=, instead would have something like initrd=initrd.gz, where initrd.gz is the name of the file, with perhaps a path.
    One of the reasons we have a initrd is to setup the layered filesystem, using overlayfs or aufs, then a switch_root is performed onto the layered filesystem.
    However, Dima, forum name 'dimkr' on github and the Puppy Forum, and 'iguleder' on the old Puppy Murga Forum, has come up with a way to load the layered filesystem without requiring an initrd.

  • Losca: MotionPhoto / MicroVideo File Formats on Pixel Phones

    Google Pixel phones support what they call ”Motion Photo” which is essentially a photo with a short video clip attached to it. They are quite nice since they bring the moment alive, especially as the capturing of the video starts a small moment before the shutter button is pressed. For most viewing programs they simply show as static JPEG photos, but there is more to the files.

  • Containerize all the things! Arm v9 takes security seriously

    The key concept introduced in Arm v9's new Confidential Compute Architecture is the realm. Realms are containerized, isolated execution environments, completely opaque to both operating system and hypervisor. The hypervisor itself will only be responsible for scheduling and resource allocation. Realms themselves are to be managed by the realm manager—a new concept that can apparently be implemented in 1/10th the code required for a hypervisor.

  • Arm pulls the sheets off its latest Armv9 architecture with added AI support, Realms software isolation

    Arm has set out its stall for the first major new version of its instruction set architecture – Armv9 – in about a decade, and promised compatible chips will have improved machine-learning and security capabilities.

    Previous versions of the architecture introduced support for things like virtualization and SIMD; the last major update, Armv8, debuted in 2011. Arm says its latest instruction set architecture, v9, will be geared toward today's top buzzword in tech – AI. The chip design house, which Nvidia is still trying to acquire from Softbank, laid on the marketing a little thick for the unveiling of the ISA, though there is some detail here.

  • Armv9 architecture to focus on AI, security, and “specialized compute”

    Armv8 was announced in October 2011 as the first 64-bit architecture from Arm. while keeping compatibility with 32-bit Armv7 code. Since then we’ve seen plenty of Armv8 cores from the energy-efficient Cortex-A35 to the powerful Cortex-X1 core, as long as some custom cores from Arm partners.

    But Arm has now announced the first new architecture in nearly ten years with Armv9 which builds upon Armv8 but adds blocks for artificial intelligence, security, and “specialized compute” which are basically hardware accelerators or instructions optimized for specific tasks.

  • SiFive Core IP 21G1 release improves bit manipulation, floating-point unit, reduces code footprint

    As SiFive has a portfolio of RISC-V cores ranging from low-power E2-series to high-performance U8-series cores with performance similar to Cortex-A7x cores, the company has not released new cores for a while, and instead focuses on improving their current RISC-V cores.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.