APIs are now foundational to how modern applications are built: Using microservices and containers and running on platforms like Kubernetes. They’re the standard mechanism to integrate internal components or expose functionality to partners. APIs have also risen in ubiquity alongside microservices architecture, providing a common way to incrementally develop, scale and reuse specialized cloud-native functionality.
But along with this newfound ubiquity, API attacks are surging. Malicious API traffic saw a staggering 117% increase in the past year, according to Salt Labs’ State of API Security Report, Q3 2022. This is partly due to the sheer number of APIs being produced. While some of these encompass public products, the majority are internal-facing services, the 2022 Postman State of the API Report finds.
I recently chatted with John Morello, VP of product, Palo Alto Networks, to gather insights on how to best protect cloud-native applications and APIs. According to Morello, APIs are prone to data overexposure and require more modern analysis techniques to validate traffic. Furthermore, he believes IT security requires unified management across clouds—more holistic visibility and control can help correlate issues across various toolsets.
Today we have a look at Mabox Linux. This is a very nice, clean, and fast distro built on Manjaro with a customized OpenBox including other components that increase the usability of the system.
One of the goals for the Hare programming language is to be able to write kernels, such as my Helios project. Kernels are complex beasts which exist in a somewhat unique problem space and have constraints that many userspace programs are not accustomed to. To illustrate this, I’m going to highlight a scenario where Hare’s low-level types and manual memory management approach shines to enable a difficult use-case.
Helios is a micro-kernel. During system initialization, its job is to load the initial task into memory, prepare the initial set of kernel objects for its use, provide it with information about the system, then jump to userspace and fuck off until someone needs it again. I’m going to focus on the “providing information” step here.
The information the kernel needs to provide includes details about the capabilities that init has access to (such as working with I/O ports), information about system memory, the address of the framebuffer, and so on. This information is provided to init in the bootinfo structure, which is mapped into its address space, and passed to init via a register which points to this structure.
3D rendering APIs such as OpenGL, D3D, and Vulkan involve a lot of state to drive the 3D pipeline. Even though most of the heavy lifting these days is done by programmable shaders, there are still many fixed-function pieces used to glue those shaders together. This includes things such as fetching vertex data and loading it into the vertex shader at the start of the pipeline, viewport transforms and clipping that sit between the end of the geometry pipeline and rasterization, and depth/stencil testing and color blending that happen at the end of the pipeline before writing the final image to the output buffers. Each of these fixed-function pieces is configurable and so has some amount of state associated with it.
In OpenGL, the 3D rendering pipeline is modeled as one giant blob of state where everything is re-configurable at any time. It's left to the driver to track state changes and re-configure the hardware as needed. With Vulkan, we improved this situation quite a bit by baking much of the state into immutable objects. Images and samplers, for instance, have all their parameters provided at the time the image or sampler is created and they are immutable from then on. (The color or depth/stencil data pointed to by an image is mutable but the core parameters such as width, height, number of miplevels, etc. are not.) The only state mutability with respect to these objects is the ability to change which images/samplers are bound at any given time. Compiled shaders, along with the state for fixed function pieces such as depth/stencil testing, are all rolled up into a single monolithic pipeline object. Because fully monolithic pipeline objects can be cumbersome, Vulkan also provides the option to make some of that state dynamic, meaning that you set it manually via a vkCmdSet*() command instead of baking it into the pipeline. his allows the client to use the same pipeline object with, for instance, different blend constants.
In a few days or very soon, you might be working on your own shell script on Linux. At that time, you might be going with the traditional method by learning all the shell programming codes and applying them to your script.
What if I say there is an amazing tool called Gum, that provides you glamorous functionality, or in simple words, the beautiful syntax for your shell script?
In the old days, if you wanted to snoop on a piece of serial gear, you probably had a serial monitor or, perhaps, an attachment for your scope or logic analyzer. Today, you can get cheap logic analyzers that can do the job, but what if you want a software-only solution? Recently, I needed to do a little debugging on a USB serial port and, of course, there isn’t really anywhere to easily tie in a monitor or a logic analyzer. So I started looking for an alternate solution.
If you recall, in a previous Linux Fu we talked about pseudoterminals which look like serial ports but actually talk to a piece of software. That might make you think: why not put a piece of monitor software between the serial port and a pty? Why not, indeed? That’s such a good idea that it has already been done. When it works, it works well. The only issue is, of course, that it doesn’t always work.
Tmux is a simple yet powerful terminal multiplexer for UNIX-based machines. It allows you to seamlessly create and manage multiple terminal windows from a single teletype terminal (TTY). Tmux does this by creating self-contained pseudo-terminals which it serves to the user. This approach allows tmux to create terminal windows that persist across sessions. Not only that, this also allows it to easily transfer information and modify different terminals.
Because of that, tmux is a staple program for both everyday users and system administrators alike. Its ability to provide a persistent terminal session means that you can run tmux remotely and run programs without the risk of terminating them upon disconnecting. Furthermore, its ability to manipulate terminal windows makes it a simple window manager for power users.
Are you running Oracle Linux desktop and want to do some Virtualizations? Thus, follow through this guide to learn how to install VirtualBox on Oracle Linux. In this tutorial, we will be using Oracle Linux 9.
In this tutorial, you will learn how to setup and easily access shared folder on Linux VirtualBox VM. VirtualBox supports the ability to share folders/directories between the host and VirtualBox VM making it easy to share files between the host and the guest.
Docker is my go-to container deployment runtime engine. With it, I can quickly deploy containers to a network that are easily accessible. What happens when I want to be able to scale those applications? Doing so on a single Docker server would be a challenge. To that end, you deploy multiple Docker instances and cluster them together. That, my friends, is called a Docker Swarm.
In this tutorial, we will show you how to install Splunk on Ubuntu 22.04 LTS. For those of you who didn’t know, Splunk is aimed to process the data to make it useful for the user without manipulating the original data. It is one of the most powerful tools for analyzing, exploring, and searching data. It reads most of the output format from virtual machines, network devices, firewall, Unix-based and Windows based devices.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Splunk on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
SearXNG is a powerful meta-search engine that you can host anywhere. Unlike traditional search engines, SearXNG is an engine aggregator. This means that instead of processing searches by itself, it uses other engines to do the searching for it. Further, SearXNG is incredibly lightweight and easy to set up, and you can host it on a system as simple as a Raspberry Pi!
How to Fix “Connection Refused By Port 22” on Ubuntu 22.04 LTS
Port 22 is used by SSH on Ubuntu for communicating with other machines in the network to transfer data. Port 22 is also used to access the remote system. Meanwhile, this post is for you if you are having the error “Connection refused by port 22” while using port 22. In this post, we will show you the solution for the “Connection refused by port 22” error on Ubuntu.
Node.js is a very popular, open source back-end JavaScript runtime environment that is used for server-side development. Node.js makes it possible to execute JavaScript code outside of a web browser so you can design and build scalable applications.
I’m going to demonstrate how to deploy a Node.js development environment on the latest release of Ubuntu Server (v 22.04). Ubuntu does include a version of Node.js in the default repositories and although it is way out of date, it can still be used and is supported until 2025. However, let’s get the latest version installed — as of this writing, that would be 18.8.0.
Rocky Linux has become one of the de facto standard replacements for CentOS. Not only is it a drop-in replacement for RHEL, but the maintainer Gregory Kurtzer has made it clear Rocky Linux will always be available and will never be owned by a company that could bring down the distribution.
And for anyone who’s used RHEL or CentOS, Rocky Linux will be instantly familiar and can serve you and your company with ease.
With the Foxit PDF Reader, this category leader Adobe Reader gets high-quality competition. The big advantage of the alternative PDF reader: Even larger PDF files can be opened in a few seconds. The program can display PDF files of any format and even allows annotation, filling, and signing and is free for private use.
For mobile use, there is Foxit PDF Reader Mobile, if you are looking for a full-fledged PDF editor, you should take a look at Foxit PDF Editor. Tools such as the comment function or the marking, under-, and cross-out of text passages can also be used in the free version of the “Foxit PDF Reader” for some time.
Like windows, we can add users on Ubuntu 22.04 or 20.04 with different rights such as one with sudo and another without. This helps multiple users to work on the same system while their files and directory can only be accessible by them. Although the root or Super Admin user can access any other system/regular user account and its files, the standard/regular user account cannot. The process of creating a new user is not much difficult even on Ubuntu Linux. We can use the terminal or GUI interface of the OS to do that. Apart from creating a user on Ubuntu 22.04, we will also learn how to assign sudo rights to a user using this step-by-step guide.
Laugh in the face of death in this hauntingly humorous comedy adventure about a wayward soul trying to make it back to the land of the living. Engage in bullet-hell lite battles, solve puzzles, and communicate with the dead as you navigate this “colorful” world. Death is just the beginning.
Between 2022-08-31 and 2022-09-07 there were 25 New Steam games released with Native Linux clients. For reference, during the same time, there were 284 games released for Windows on Steam, so the Linux versions represent about 8.8 % of total released titles.
We're working towards finalizing the feature set for 4.0 beta, reviewing many PRs which have been opened prior to our roadmap feature freeze announced a month ago. While this process is ongoing, we'll keep releasing alpha builds so here's 4.0 alpha 16! Same deal as usual, lots of bugs fixed and more refactoring and feature work.
Despite the name, the Burn My Windows GNOME extension offers a grab-bag of different animated effects that play when opening and closing windows.
Alongside its namesake inferno effect echoing the the Compiz Fusion years are an assortment of other animations, spanning the gamut from superfluous science-fiction teleports through to mystical looking disintegrations, and “physical” effects like shattering glass.
Well, now we have even more choice as 4 brand new retro-style effects are included in the latest version of this brilliantly blingly bolt-on, which is rolling out as an update through the GNOME Extensions website this week.
elementary OS has seen some major slowdowns in development after the co-founder Cassidy James left the team(i.e. for the release of elementary OS 7).
And I know, you're excited about performing an upgrade with sudo dist-upgrade. And, it looks like the things are getting better, and Danielle Foré (Founder) shared some progress going towards elementary OS 7 release.
Here, I shall share of the development updates for the upcoming release.
Salix is a Slackware-based Linux distribution with a new look and a goal of being fast, user-friendly, and highly stable.
Salix 15.0 is a Linux distribution that is 100% compatible with Slackware and defaults to the Xfce desktop environment. The latest release offers a new look and plenty of updates, including Xfce 4.16, GTK+ 3, Firefox 102 ESR, LibreOffice 7.4, GIMP 2.10, and Whiskermenu as the new default panel menu.
According to the Salix developers, “There have been extensive discussions in our forums with respect to how the new release will look and everything has been revamped, including a new GTK theme, a new icon theme, a new window manager theme, and a default wallpaper…”
In this video, I am going to show an overview of deepin 20.7 and some of the applications pre-installed.
Neoclust wrote this blog post last Sunday, but we (Atelier Team) needed three days to enhance it a little and publish it, sorry about that to Neoclust and all our readers. If you want to join Atelier Team to help publish our blog posts faster and more often, you’re very welcome!
When it comes to identifying potential security vulnerabilities in software, the technology industry has relied upon the Common Vulnerabilities and Exposure (CVE) system for more than two decades. Red Hat is a long-time contributor to this program, first helping the CVE system to work with the open source community and, more recently, serving as a CVE Naming Authority (CNA). Today, we’re pleased to further extend our leadership in identifying and addressing potential vulnerabilities in the open source world as a Root within the CVE Program.
Opportunities are open at Red Hat. Whether you're just starting your career journey or a long-time Red Hatter, there are endless paths to hone your skills and pursue your passions. Last year we introduced you to two women doing exceptional work in our Products and Global Engineering organizations. We're excited to share how they've continued to unlock their potential as Red Hatters.
In case you missed the news, AnsibleFest 2022 is coming up soon, and we're back to a live and in-person format!
AnsibleFest 2022 is taking place October 18 - 19, in Chicago, Illinois at the Sheraton Chicago. This two-day event will give you the latest Ansible news and announcements, a chance to interact directly with automation experts, and hands-on experience with Ansible through labs and workshops.
Automate your daily container workflows using Podman's systemd, top, auto-update, pull, and API-compatibility flags and commands.
The Raspberry Pi project has officially released the new version of its Linux-based OS based on Debian 11, Raspberry Pi OS.
The Raspberry Pi is undoubtedly the most popular device in the mini-computer category, particularly among Linux and self-hosting enthusiasts.
Although the device can run various Linux-based operating systems on it, the Raspberry Pi OS, which is a custom-built OS, especially for it, is likely the most popular and widely used.
For those not in the know, it was first published as Raspbian in 2012. Since 2020, the operating system has been known as Raspberry Pi OS, following the release of a 64-bit beta version based on Debian rather than the Raspbian project.
Certain industries rely on workers being able to reach high spaces through the use of ladders or mobile standing platforms. And because of their potential danger if a fall were to occur, Roni Bandini had the idea to create an integrated system that can detect a fall and report it automatically across a wide variety of scenarios.
A fall can be sensed by measuring changes in acceleration; therefore, Bandini went with an Arduino Nano 33 BLE Sense board due to its built-in three-axis accelerometer. It also supports low-power consumption, meaning that a LiPo battery and accompanying TP4056 charging module could be added for completely wireless operation. Acceleration data was collected by taking several samples within the Edge Impulse Studio and labeling them either “fall” or “stand” when no movement is present. Once tested, the resulting model was integrated into an Arduino sketch, which emits a Bluetooth€® advertising packet whenever a fall is detected.
By being aware that the disabled people in their lives are people first and deserve to be treated as such. Ask them for permission before posting about them online.
The CloudNativePG Community has announced version 1.17.0, a new minor release of the CloudNativePG Operator, which introduces the possibility to create a new PostgreSQL cluster with a dedicated volume for Write-Ahead Log (WAL) files. Separating I/O workloads of database (PGDATA) and WAL files improves vertical scalability of PostgreSQL clusters, among the others.
In this version, a new command, destroy, has been added to the cnpg plugin for kubectl to help remove an instance and the associated persistent volume claims from an existing cluster.
Two new labels, cnpg.io/instanceName and cnpg.io/podRole, are now managed by the operator on all persistent volume claims that belong to a cluster.
Some minor bugs have been fixed, in particular in the in-place operator upgrade process.
New patch releases are available for all the supported versions, including 1.16.2 and 1.15.4.
My journey on the Google Summer of Code project passed by so fast… This is my last week on the GSoC and those 14 weeks flew by! A lot of stuff happened during those three months, and as I’m writing this blog post, I feel quite nostalgic about this three months.
Before I started GSoC, I never thought I would send so many patches to the mailing list, have an abstract approved on XDC 2022, or have commit rights on drm-misc.
GSoC was indeed a fantastic experience. It gave me the opportunity to grow as a developer in an open source community and I believe that I ended up GSoC with a better understanding of what open source is. I learned more about the community, how to communicate with them, and who are the actors in this workflow.
Crediting people is important, and it's something that we - in the free software community - don't always apply enough. Or we unconsciously don't do so.
That's where scientific papers get it really right. And for blog posts or articles, it depends on many factors (exercise for you: try to categorize blog posts into a discrete color scale, between red, green and blue, wrt. what this blog post is all about).
So, with the exercise statement, you already know that not all text are equal in that regard [1]. I'm thinking about somehow quickly-written raw text, or sometimes just the title that happens to be exactly the same (with a totally different body), with a long timespan in-between.
Security updates have been issued by Fedora (curl, protobuf-c, and vim) and SUSE (gimp, java-1_8_0-openj9, libostree, openvswitch, python-bottle, python-Flask-Security-Too, and zabbix).
LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level.
They’re expanding: locking people out of their data, publishing it if the victim doesn’t pay, and DDoSing their network as an additional incentive.
Did the US Treasury censor code or illegal actions?
As is well-documented elsewhere, the US Government has chosen to apply financial sanctions to the Tornado Cash project.
This is not the first action the US Treasury has taken against use of a cryptocurrency mixer. It’s a clone of the sanctions applied to Blender.io in May which was clearly responding to money laundering by North Korea. That case was clearly an action against an entity.
As of December 1, 2022 the WordPress Security Team will no longer provide security updates for WordPress versions 3.7 through 4.0.
These versions of WordPress were first released eight or more years ago so the vast majority of WordPress installations run a more recent version of WordPress. The chances this will affect your site, or sites, is very small.
When we drink beverages, often those beverages have to live in somewhere, and putting them on top of a wood table simply will not do. The container of that cold beverage you’re drinking is likely to condense all over the place, leaving a watery puddle in its wake. Putting it on top of wood, or marble, or any other surface, is simply a bad idea—and it’s an even worse one if that container has been recently spilled, leaving a mess all over the place. The hero of this story is the drink coaster, which can capture the condensation and ensure your fancy table is safe from the elements. But based on a quick search of Google Patents, simply being a coaster is no longer enough fro many coasters. It must do more—logic be damned. Today’s Tedium talks drink coasters, beer mats, and urinal coaster patents.
So I attempted ROOPHLOCH and failed. Basically I was sitting at a public swimming pool, waiting for my youngest to finish their course and it occurred to me that perhaps I could do the challenge then and there. After all I was carrying a basic feature phone, which on the one hand provided some way for me to type up a post and on the other hand was offline from the perspective of providing a generalised internet connection. So I formulated a plan of doing the post as multiple SMS messaged and sending them to text to email service I use. That would provide a way to get the text I typed off the device. Sure, I would have to manually copy and paste it into an editor from there and upload as normal but I figured that was still within the spirit of the concept, seeing as I would have composed my text offline in an unusual location. Plus it would give me a way to use my remaining time, while I waited from my little one. I didn't bring a book.
Yesterday was the first night back at Scouts after a summer of
recovering from the previous year. I was a little anxious and didn't
entirely want to go following a few weeks of 'urgghhh' thanks to work.
I learnt something odd..... A friend of mine had a c section and so
did my sister in law. Both sent me pictures of their child emerging
from their body. In each case, the medical staff doing the operation
asked if they wanted photos. They are disgustingly interesting photos.
Think alien chest buster scene but lower down and you have it pretty
much. Is this a thing? Why is this a thing? Do medical staff offer the
same for those giving vaginal birth? I am baffled by this.
In 2018 and 2019 I set up some 100x100 m (1 ha) permanent vegetation monitoring plots in Bicuar National Park, southwest Angola. We measured the stem diameter of each tree stem >5 cm diameter and attached a numbered metal tag to each of these stems so we could track the growth and mortality of each stem over time. At the same time as measuring the stem diameters and attaching the tags, I also took a quick GPS point with a Garmin GPSMAP 65s Handheld GPS unit.
So, Gemini is actually really neat, there's no doubt about it. But of course, I'm not used to it, and so a couple things confuse me.
[...]
Secondly, what Gemini server software would you all recommend? There are quite a few options, and I'm not sure which one would fit me best.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.