●● IRC: #techbytes @ Techrights IRC Network: Tuesday, February 21, 2023 ●● ● Feb 21 [04:42] *geert has quit (Quit: Lost terminal) ● Feb 21 [05:41] *GNUmoon2 has quit (Ping timeout: 2m30s) [05:42] *GNUmoon2 (~GNUmoon@2x7efkc2if2fa.irc) has joined #techbytes ● Feb 21 [08:06] schestowitz[TR]
[08:06] schestowitz[TR][08:06] schestowitz[TR]Booting up is a sore point on most systems. It involves a lot of arch-specific procedures, but also generally calls for custom binary formats and annoying things like disk drivers which dont belong in a microkernel. So the Helios bootloaders are separated from the kernel proper, which is a simple ELF executable. The bootloader loads this ELF file into memory, configures a few simple [08:06] schestowitz[TR] things, then passes some information along to the kernel entry point. The bootloaders memory and other resources are hereafter abandoned and are later reclaimed for general use.
[08:06] schestowitz[TR]
[08:09] schestowitz[TR][08:09] schestowitz[TR]There are two options to safeguard your data from disk failures or other issues. You can take full or incremental backups and store N number of copies. Alternatively with LVM, you can create a snapshot volume that will take snapshots when changes are made to the source volume.
[08:09] schestowitz[TR]LVM snapshots use a copy-on-write mechanism to take snapshots. Initially, when you create a snapshot volume it will hold some metadata about the source logical volume and its block details. When you make any changes in the source volume, LVM will monitor the changes and take a snapshot of the modified blocks. Here LVM just stores the changes blocked to the snapshot volume.
[08:09] schestowitz[TR]
[08:12] schestowitz[TR][08:12] schestowitz[TR]In the last post, we briefly mentioned the with-store and run-with-store macros. Today, we'll be looking at those in further detail, along with the related monad library and the %store-monad!
[08:12] schestowitz[TR]Typically, we use monads to chain operations together, and the %store-monad is no different; it's used to combine operations that work on the Guix store (for instance, creating derivations, building derivations, or adding data files to the store).
[08:12] schestowitz[TR]However, monads are a little hard to explain, and from a distance, they seem to be quite incomprehensible. So, I want you to erase them from your mind for now. We'll come back to them later. And be aware that if you can't seem to get your head around them, it's okay; you can understand most of the architecture of Guix without understanding monads.
[08:12] schestowitz[TR]
[08:14] schestowitz[TR][08:14] schestowitz[TR]I dont recommend installing a mainline kernel on an Ubuntu LTS (Long-Term Support) edition, such as Ubuntu 22.04 LTS, so Ive only tested the install on Ubuntu 22.10, but it can be installed on any supported Ubuntu release.
[08:14] schestowitz[TR]
[08:18] schestowitz[TR][08:18] schestowitz[TR]As this is a rushed patch-release, there is only a small set of bugfixes merged in this cycle. The following notable bugs were fixed.
[08:18] schestowitz[TR]
[09:21] schestowitz[TR][09:21] schestowitz[TR]He subsequentially obtained CEH, CISSP, and OSCP certificates before eventually being offered an opportunity to help lead penetration testing services at public accounting firm Moss Adams, where he still works as lead web app pen tester.
[09:21] schestowitz[TR]Recently focusing more narrowly on web API security a largely underserved area Ball has launched a free online course on the topic and published Hacking APIs: Breaking Web Application Programming Interfaces (No Starch Press, 2022).
[09:21] schestowitz[TR]In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our applications.
[09:21] schestowitz[TR]
[09:22] schestowitz[TR][09:22] schestowitz[TR]To make this work, there are two pieces. First we need to be able to change the rate at which the microcontrollers clock operates. The microcontroller does provide a trim mechanism for exactly this purpose. At the factory it is calibrated and then the firmware is able to further tweak the result in approximately 40kHz increments, as compared to the 16MHz base RC oscillator frequency. For [09:22] schestowitz[TR] moteus, that works out to about 0.25% increments of speed. This trim was already exposed as an undocumented configuration option clock.hsitrim, but not in a form suitable for modification online.
[09:22] schestowitz[TR]
[09:22] schestowitz[TR][09:22] schestowitz[TR]The further up the rung you go, the more editing becomes an art. Ive had lots of different people help edit my blog posts and Ive noticed that people tend to settle on one style of feedback. It also seems to form a pyramid: its a lot easier to find people who like to do proofreading and copyediting than who do substantive editing. Thats likely because proofreading is very [09:22] schestowitz[TR] objective while substantive editing is heavily subjective.
[09:22] schestowitz[TR]The important thing is that these are different skills and activities. The techniques and challenges of proofreading are different from the challenges and techniques of copyediting, which are different from substantive editing.
[09:22] schestowitz[TR]
[09:39] schestowitz[TR][09:39] schestowitz[TR]The decision and the way it is positioned as a paid feature attracted backlash from security professionals who argue that text-based 2FA is better than nothing at all. Worse, it creates a false sense of security among paying subscribers who may think the weakest form of 2FA is a premium feature.
[09:39] schestowitz[TR]Twitters own internal data shows that multi-factor adoption remains startlingly low. According to a 2021 transparency report, Twitter found that barely 2.3 percent of all its active accounts have enabled at least one method of two-factor authentication between July and December 2020.
[09:39] schestowitz[TR]
[09:43] schestowitz[TR][09:43] schestowitz[TR]The canonical specification of the DNS that is normally cited are the pair of RFCs, RFC 1034, Domain names concepts and facilities, and RFC 1035, Domain names implementation and specification, both published in November 1987. However, these two core specifications are just the tip of a rather large iceberg. One compendium of all the RFCs that touch upon the DNS l [09:43] schestowitz[TR] ists some 292 RFCs. That implies that to claim that the DNS is essentially unchanged over this forty-year period might be a bit of a stretch, but nevertheless, the fundamentals of the DNS have been constant. Those additional 292 RFCs illustrate the observation that weve spent a huge amount of time and effort over these forty years focused on tinkering at the edges!
[09:43] schestowitz[TR]
[09:54] schestowitz[TR][09:54] schestowitz[TR]Jouko Jokinen, an acting editor-in-chief at YLE, on Sunday expressed his puzzlement with the public debate prompted by the article.
[09:54] schestowitz[TR]Our duty is to produce new and meaningful information for society, and the number of [pupils learning Finnish as a second language] and their distribution between different parts of the country are simple facts. Telling them is important and interesting, he stated to Helsingin Sanomat.
[09:54] schestowitz[TR]
[10:12] schestowitz[TR][10:12] schestowitz[TR]Former Israeli agents have apparently manipulated nearly three dozen elections. Their clients: power-hungry politicians and wealthy businessmen. They are part of a rapidly growing global disinformation industry in which Russia is far from the only player.
[10:12] schestowitz[TR]
[10:44] schestowitz[TR][10:44] schestowitz[TR]The Redmond, Washington-based software giant will make a last-ditch effort to defend its bid at a closed hearing in Brussels tomorrow (Feb. 21), Reuters reported. The company will counter the statement of objections from the European Commission warning about the deal being anti-competitive.
[10:44] schestowitz[TR]