today's leftovers
Another spin to Gamification: how we used Gather.town to build a (great!) Cyber Security Game
Let’s recap October. Cyber Security Awareness Month. For a cyber awareness enthusiast, it is hard to conceal the excitement that comes with a full month of initiatives in all shapes and sizes, built around a genuine and strong effort to help keep companies and their people “safe online”. At NVISO also, the buzz is tangible, and everyone is eager to know what great projects we will be launching for this year’s Cyber Security Awareness Month. We’re lucky enough to have a client who will go the extra mile and allowed us to let our imagination run wild. And that is exactly what we did.
Our new way of waiting for the network to be "up" in systemd's world
Systemd has a long standing philosophical objection to waiting until the network is up; they have an entire web page on the subject. Never the less, we need to do this (like many sysadmins). I've written before about this, and if you're using systemd-networkd either directly or through Ubuntu's netplan, you can in theory use systemd-networkd-wait-online.service. Usually it works, but today we discovered that it didn't on some of our Ubuntu 18.04 servers (the specifics of this issue are beyond the scope of this entry). Since we needed a way to fix the issue, we opted to solve our problem with a hammer.
A linear, sequential boot and startup order is easier to deal with
A linear order is straightforward to see, understand, reason about, and generally to manipulate. It's easy to know what order things will happen in and have happened in, which avoids surprises during boot and helps diagnose problems afterward; you're much less likely to be left trying to sort out what happened when from boot time logs. It's nice to to understand the dependencies of services when that information is reliable, but we have a great deal of evidence that taxonomy is hard for people, and dependencies are a form of taxonomy. When dependencies are inaccurate, they can be worse than knowing that you don't know that information in the first place.
Report: Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem
In September 2021, we released our final report, Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem, which describes our three-staff-month effort to deploy CHERI within a substantive slice of an open-source desktop environment based on X11, Qt (and supporting libraries), and KDE. We adapted the software stack to run with memory-safe CHERI C/C++, performed a set of software compartmentalisation white boarding experiments, and concluded with a detailed 5-year retrospective vulnerability analysis to explore how memory safety and compartmentalisation would have affected past critical security vulnerabilities for a subset of that.
OpenBSD and Linux comparison: data transfer benchmark
I had a high suspicion about something but today I made measurements. My feeling is that downloading data from OpenBSD use more "upload data" than on other OS
I originally thought about this issue when I found that using OpenVPN on OpenBSD was limiting my download speed because I was reaching the upload limit of my DSL line, but it was fine on Linux. From there, I've been thinking since then that OpenBSD was using more out data but I never measured anything before.
Fedora Drafts Plans For Retiring ARMv7 Support - Phoronix
It's crazy to think it has already been ten years since Arm disclosed ARMv8 with 64-bit support. Given the success of ARMv8 (and Armv9 now on the way) and there not being much in the way of useful ARMv7 hardware in recent years and the like, Fedora has drafted plans for retiring its ARMv7 support.
Ubuntu Weekly Newsletter Issue 709
Welcome to the Ubuntu Weekly Newsletter, Issue 709 for the week of November 7 – 13, 2021.
Chrome may start restricting requests to private networks
Chrome (and apparently Microsoft Edge) are likely to add new restrictions on allowing things to talk to private network addresses (in a surprisingly broad sense). The reference for this is Feature: Restrict "private network requests" for subresources from public websites to secure contexts (via), which describes the first steps. The first steps Chrome is making is that such "private network requests" may only be made from a public context that is secure, ie from a HTTPS website instead of a HTTP one.
What the Web Still Is
Make no mistake: I feel a lot of what makes the web great is actively being dismantled, either inadvertently or deliberately. But as I mentioned earlier, cynicism is easy. My wish for next year? That all the qualities mentioned here are still present. My New Year’s resolution? To help ensure it.
Your CSS is an interface
Stylus on the Chrome Web Store has more than half a million users. Stylish has over three million. That’s a lot of people modifying the web to get what they want. We can also do a little bit better than an appeal to popularity. I’d like you to consider the ability for an individual to improve their quality of life. Some web experiences you’re forced to use. Think jobs, medical portals, government services, etc. If the bright red of the web app someone is forced to use for their job 8‒10 hours every day gives them tension headaches, shouldn’t they be able to dial it down to something more soothing? Being able to fix something you’re forced to endure creates an immediate and appreciable improvement on your quality of life. And that’s important.
Kernel: BPF, OP-TEE, and More
Graphics: Gallium, Vulkan, and More
Devices: Raspberry Pi, Arduino, and More
Free Software Leftovers
