First off, for those unfamiliar, Envoy Proxy is an open source cloud-native proxy. It was initially designed at Lyft and was then released as OSS in 2016. Envoy has been instrumental to the proliferation of service mesh; it’s the sidecar proxy at the heart of Istio and other service meshes.
A "researcher" with a screen name of "Sockpuppets" decides to demonstrate how insecure some specific online resources are, in the worst way possible.
In the thirty-third episode of the WordPress Briefing, hear Josepha Haden Chomphosy recap important questions from WordCamp Europe, and a selection of Contributor Day interviews.
The second 5.19 kernel prepatch is out for testing.
I’ve been working on a cool project lately that I’d like to introduce you to: the Helios microkernel. Helios is written in Hare and currently targets x86_64, and riscv64 and aarch64 are on the way. It’s very much a work-in-progress: don’t expect to pick this up and start building anything with it today.
Drawing some inspiration from seL4, Helios uses a capability-based design for isolation and security. The kernel offers primitives for allocating physical pages, mapping them into address spaces, and managing tasks, plus features like platform-specific I/O (e.g. reading and writing x86 ports). The entire system is written in Hare, plus some necessary assembly for the platform bits (e.g. configuring the GDT or IDT).
Things are still quite early, but I’m pretty excited about this project. I haven’t had this much fun hacking in some time :) We have several kernel services working, including memory management and virtual address spaces, and I’ve written a couple of simple drivers in userspace (serial and BIOS VGA consoles). Next up is preemptive multi-tasking — we already have interrupts working reliably, including the PIT, so all that’s left for multi-tasking is to actually implement the context switch. I’d like to aim for an seL4-style single-stack system, though some finageling will be required to make that work.
 One of our favorite adages is “A picture is worth a thousand words”. It refers to the notion that a still image can convey a complex idea. Images can portray a lot of information quickly and more efficiently than text. They capture memories, and never let you forget something you want to remember, and refresh it in your memory.
Images are part of every day internet usage, and are particularly important for social media engagement. A good image viewer is an essential part of any operating system.
viu is different from the vast majority of image viewers. It’s a small command-line program to view images from the terminal. It also supports the Kitty Graphics Protocol. This allows you to view high resolution images direct in a terminal.
viu is written in Rust and published under an open source license.
In this tutorial, we will show you how to install Joomla on Ubuntu 22.04 LTS. For those of you who didn’t know, Joomla is a free and open-source content management system for publishing web content on websites. It is built on PHP and stores its data on an SQL-based database engine on the backend such as MySQL/MariaDB.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Joomla content management systems on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Some applications display notifications in the lock screen, which could be quite annoying!
If you want, you can disable all of them or certain app notifications easily via Gnome Control Center.
1.) Firstly, go to the top-right corner system menu. Then click on “Settings” to open system settings utility, which is also known as gnome control center.
In this guide, we will see how to import QCOW2 into Proxmox hypervisor and how to create a virtual machine using the QCOW2 image in Proxmox.
In this article we’ll learn the most important and common ways to pass command-line arguments to our bash script.
Learn the commands to install Joomla CMS on Ubuntu 22.04 LTS Jammy JellyFish Linux to start your own blog or website.
On the Internet, after WordPress, Joomla is another popular open-source content management system to start with. The software is often offered for your own websites.
It is a widely used CMS (Content Management System) that allows you to create and manage web projects. Being an open-source project, it is not only free but also constantly being further developed by the community.
The core functions of Joomla can be extended as required by components, modules, and plugins. Generally suitable for websites whose content changes frequently or is constantly being expanded. These are, for example, blogs, shops, or communities.
Apache CouchDB is an open-source NoSQL database developed by the Apache Software Foundation. This tutorial will teach you how to install Apache CouchDB Database Server on a Debian 11 server. You will also learn how to perform some basic database operations and access CouchDB via a public URL using the Caddy web server.
Checkmk is a very popular monitoring system that empowers administrators, managers, and DevOps teams to quickly identify issues that appear across their IT infrastructure. With Checkmk, you can closely monitor your inventory of servers and desktops for network traffic issues, CPU bottlenecks and even manage configurations. Checkmk is scalable, can monitor a vast array of services and works with most operating systems.
With a recent update, the developers of Checkmk have added Kubernetes support into the mix. If your business works with containerized applications and services, this might be a great time to deploy this helpful monitor to your systems.
I want to walk you through the process of installing the latest version of Checkmk to Ubuntu Server 22.04.
With the release of Ubuntu 22.04, several changes occurred under the hood to make this latest LTS release one of the best in the history of the Canonical-backed Linux distribution. But there’s one change that has caused a bit of a stir. That problem is the default permissions of the user’s home directories.
Previously, the user’s home directory permission was set to 755, which allowed other users to view the directory as well as the containing files and sub-directories. To avoid such a security issue, the developers have set the permission to the home directories as 750, which means only the owner of the home directory can view the contents.
If you tend to share out your ~/Public folder, this causes a big problem with Samba, in that the owner of the home directory is the only one who can access or traverse the folder either locally or across your LAN. This change was done purely for security reasons, and I believe it was the right way to go, as there is no reason why other users should be able to view the content of each other’s home directory.
With Samba, even if you use public = yes, only the owner of that home directory can see the share. That means even if you specifically allow others to create and delete files in this folder via the Nautilus Public Properties window (Figure A), it will not work.
 In Apache, the default non-secure HTTP connection uses port 80, and the TLS configuration serves the data over port 443.
Today, you will learn how to change the default Apache HTTP port to your custom port in a few steps.
I posted that if booted on a very cheap flash-stick, there will be a considerable delay while 'easy.sfs' is copied from the boot-partition to the working-partition.
The concept of Rolling Rhino Remix is one which I feel is worthwhile. A lot of people have been saying for years that Ubuntu could benefit from a proper rolling release branch, not just a development repository. However, few developers have taken on the task, trying to make it work. Rhino is a decent attempt at making this a working option.
Some things are definitely working and working well. The initial configuration command (rhino-init) and the update command (rhino-upgrade) seem to work properly to set up the system and bring all packages up to date. These functioned as expected and I was pretty happy with them.
The Pacstall framework seems to be getting larger and more polished since I first tried it last year. There are still some issues when searching for packages, but installing new items seems to work without any problems.
The one sore spot in my experience was the rhino-config command line program. Running rhino-config rarely worked properly. Sometimes the tool falsely reported the status of features, sometimes it failed due to problems in calling sudo, and sometimes it incorrectly interpreted command line flags. It was an ongoing problem in what was otherwise a mostly smooth experience.
I will say though that making the two of the rhino- commands aliases rather than scripts strikes me as a problem. As I mentioned above, using aliases will break the tools if the user switches shells and it seems to cause issues when some commands try to run sudo, especially if sudo doesn't already have our cached credentials.
In short, I think Rhino is off to a promising start. It needs a few things worked out and maybe a few things automated before I'd say it's ready for general consumption, but it's off to a decent start. I especially think Ubuntu could benefit from a rolling release in the way Rhino is trying since it supports working with ZFS which allows the administrator to take filesystem snapshots before each upgrade. I'd love to see tools like boot environments or Timeshift added to Rhino in order to make its rolling upgrades bulletproof.
One final point I'd like to mention is Rhino's documentation. Rhino is a fairly young project, but the remix-specific documentation which covers installing and using the rhino- utilities is clear and detailed. Not many young projects pay attention to documentation this early in their development and I tip my hat to the developers for making this a priority. It helped me a lot when I was trying to sort out some of the workings of rhino-update and rhino-config.
Another update of IPFire is ready: IPFire 2.27 - Core Update 168. It comes with significant improvements to the Intrusion Prevention System (IPS), various security improvements, an updated version of Linux' firmware bundle, as well as a heap of updated packages and bug fixes.
Heads up! IPFire running on software RAIDs will need to rebuild their RAIDs. It is possible, that the RAID was damaged since the last update due to failure to initialise it correctly at boot time (#12862). Systems affected by this problem, would have run just fine, but without the RAID. During the installation of this update, the RAID will be fixed. For that, a reboot is required after installing the update, and it might be necessary to be able to boot from the secondary RAID device.
The next decade will see giant leaps forward in 5G, edge computing, enterprise Linux and plenty of other areas. As organizations look at the opportunities ahead, they must weigh both the opportunities and the risks.
One such exciting area is artificial intelligence (AI). As the tools and methodologies advance, many organizations are looking to use AI to improve business efficiencies, bring innovation to customers faster, gain actionable market insights and more. However, the rush to put AI in place without always knowing what it can be used for, or how to use it, can lead to problems with the systems and the data itself. We have heard many stories of when AI makes the "wrong" decision due to built-in biases, and in some cases, the outcome can be life or death.
What is a tablet? I’ve been pondering a bit more upon the philosophical imperatives and tensions, also the historical and poetic dimensions of the cybercortex.
When I think of the word “stylus”, for instance, a word inextricably yoked to “tablet”, the image in my native pictorial language is of a learned woman of Roman era Hellenistic Egypt, holding a stylus to her lips in pensive thought. She was captured thus, in a gesture likely taken from living memory, and painted upon hear mummy’s death mask. Thus her ba (Earthly spirit), or was it ba, might recognize her to return for rest. Her stylus spoke without a word from 2000 years to us, of who she was and how she inhabited the written word. She was a woman I’d like to know.
Just so, the wax or clay filled wooden tablet upon which that lady wrote is likely now long gone. Probably no words remain from that scholar or poet, even on parched papyrus buried in the desert. It’s a poignancy: this one person is now famous for an image meant to be kept more secret than her writing. Thus does the modern gaze violate all propriety. But apropos, it also connotes the evanescence of the written word, even in stone. Oral band cultures could pass stories along for 10000 years or more, we know now. Something about the written word dies young in its desperation for permanence.
Finding the right angle to approach a Raspberry Pi project can be tricky. Still, maker and developer Parisiancyclist, as he’s known on Reddit, has found a happy balance with this mesmerizing ball on a plate project (opens in new tab). With the help of a Raspberry Pi, it automatically tilts a plate as needed to prevent a ball from falling over the edge.
According to Parisiancyclist, the project took roughly a week and a half to develop from scratch. He not only developed the physical plate tilting apparatus but also coded the project to use AI to evaluate the ball’s location and determine how much to angle the plate to keep it from falling off.
As explained in the first two blog posts, the BeagleBone boards are supported by a wide number of extension boards, called capes.
When such a cape is plugged in, the description of the devices connected to the board should be updated accordingly. As the available hardware is described by a Device Tree, the added devices on the cape should be described using a Device Tree Overlay, as described in the first blog post.
Avnet has launched the SM2S-IMX8ULP which is compliant with the Smart Mobility Architecture (SMARC) 2.1.1 standard form factor. The scalable device integrates the i.MX 8M Arm processor architecture from NXP and runs on Linux, Android and Microsoft Azure Sphere.
The SM2S-IMX8ULP SMARC 2.1.1 has the option to integrate the dual or single core ARM Cortex-A35 processor (up to 1GHz), the Arm Cortex-M33 real-time core (up to 216MHz) and the Vivante GC NanoUlta 3D GPU. The Vivante GPU can support OpenGL ES (1.0, 2.0, 3.1), Vulkan and OpenCL 1.2.
 The Mozilla Thunderbird and K-9 Mail projects work on an improved version of the K-9 Mail open-source Android email app by offering users a better account setup experience using Thunderbird's account auto-configuration wizard, the ability to sync Thunderbird desktop and mobile apps, support for message filters, and improved folder management.
In time, this work that the developers of the Mozilla Thunderbird and K-9 Mail projects plan to implement in the coming months will transform the existing K-9 Mail app for Android into Thunderbird for Android.
Today, we announced our detailed plans for Thunderbird on mobile. We also welcomed the open-source Android email client K-9 Mail into the Thunderbird family. Below, you’ll find an evolving list of frequently asked questions about this collaboration and our future plans.
For years, we’ve wanted to extend Thunderbird beyond the desktop, and the path to delivering a great Thunderbird on Android™ experience started in 2018.
That’s when Thunderbird Product Manager Ryan Lee Sipes first met up with Christian Ketterer (aka “cketti”), the project maintainer for open-source Android email client K-9 Mail. The two instantly wanted to find a way for the two projects to collaborate. Throughout the following few years, the conversation evolved into how to create an awesome, seamless email experience across platforms.
But Ryan and cketti both agreed that the final product had to reflect the shared values of both projects. It had to be open source, respect the user, and be a perfect fit for power users who crave customization and a rich feature set.
“Ultimately,” Sipes says, “it made sense to work together instead of developing a mobile client from scratch.”
The Thunderbird project's announcement of its plans for an Android client contain a bit of a surprise...
Who actually still uses an e-mail client these days? Actually, quite a few people! In this video, Jay chats with Alex and Jason from Thunderbird about the current status of the project, the future, and more! ## Get involved and help out the Thunderbird project
It’s been ten years of GNU Guix! To celebrate, and to share knowledge and enthusiasm, a birthday event will take place on September 16–18th, 2022, in Paris, France. The program is being finalized, but you can already register!
This is a bugfix release for gnunet 0.17.0.
We are happy to announce the completion of the following milestones for the DHT specification. The objective is to provide a detailed and comprehensive guide for implementors of the GNUnet DHT "R 5 N". The milestones consist of documenting the base data structures and processes of the protocol. This includes the specification of the DHT message wire and serialization formats.
[...]
We invite any interested party to read the document and provide critical review and feedback. This greatly helps us to improve the protocol and help future implementations. Contact us at the gnunet-developers mailing list . As part of the remaining milestones, the specification will be updated and interoperability testing will be conducted. Further, we aim to present the draft specification at IETF.
Qt Online Installer and Installer Framework 4.4.0 were released today.
 Thonny is a decent tool for beginner Python programmers. Not that experts cannot use it but it’s more suited to be used in the schools and colleges. Students will find it helpful in learning Python and understanding how their code behaves in certain manner. In fact, it was originally developed in University of Tartu, Estonia.
Overall, a good software for Python learners.
I didn't write about the Monaco grand prix because life got in the way. Shame, because it was interesting. In qualifying, Leclerc was excellent, and there was synchronised crashing. Verstappen was outpaced by Perez all weekend. There was rain and a drying track, so some people took opportunities and made big gains, and some messed it up. Ferrari were in the second category, moving Leclerc from any easy win to fourth. Perez won, and everyone was happy for him. He had a little cry on the podium.
This weekend was at Baku in Azerbaijan, one if the countries where F1 takes the money and doesn't ask too many questions. There have been plenty of memorable incidents at this race. None if them happened this year. Leclerc qualified excellently as is now normal, lost the lead at the start, but might still have won but for an engine failure. He's now a looong way behind in the points.
I have chosen to focus more on discipline rather than motivation when it comes to working or generally anything. Motivation fluctuates and maintaining it is very tiresome. I instead chose to focus on discipline as it's a firm means of controlling my unwanted and distracting desires. I feel a sense of pride knowing that I have immense control over my body and mind. No matter how I'm feeling, I can always rely on this to help get me through any task.
Renesas RZ/G2L or RZ/V2L Cortex-A55/M33 processors have found their way into several system-on-modules and single board computers recently with the likes of Geniatech AHAURA board, Avnet RZBoard, or ARIES Embedded MSRZG2UL OSM module among others.
Forlinx Embedded has joined the fray with the Renesas RZ/G2L-based FET-G2LD-C system-on-module, and a corresponding OK-G2LD-C development board with plenty of I/Os including dual Gigabit Ethernet, RS485 and CAN Bus interfaces, built-in WiFi and Bluetooth, plus an optional EC20 4G mini PCIe module.
Security updates have been issued by Debian (chromium, containerd, kernel, ntfs-3g, and vlc), Fedora (buildah and logrotate), Red Hat (xz), and SUSE (google-gson, netty3, rubygem-sinatra, and u-boot).
ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable.
I recently presented work on the analysis of a file encryption solution that claimed to implement “AES-1024 military grade encryption“. Spoiler alert: I did not break AES, and this work does not concern the security of AES. You may find advanced research regarding this topic.
This project started during a forensic analysis. One of my colleagues came with a USB stick containing a vault encrypted with SanDisk Secure Access software. He asked me if it was possible to bruteforce the password of the vault to recover the content. I did not know this software thus, I started to research. It appeared that this solution is distributed by Sandisk by default on any storage device you buy from them.
Millions of (poorly coded) bots relentlessly crawl the web to detect and spew junk content into any form they find. The go-to countermeasure is to force everyone to complete a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA).
In a recent Red Hat survey of more than 300 production-level Kubernetes users, 93% of respondents admitted to experiencing at least one security incident in their Kubernetes environments during the previous year—and 31% of respondents say they experienced revenue or customer loss during that year as a consequence.
Our industry can do better. This article summarizes findings from the survey, reported in our 2022 State of Kubernetes security report, and highlights the weak points of Kubernetes security today along with a path forward involving DevSecOps.
I randomly stumbled upon some article disussing the possibility of the "passwordless future" and the obstacles that lie before it. Something about it made me a bit itchy, so I decided to think further about it and also discuss the issue with my friend.
What I'm more interested in is not "how to make passwordless future come sooner", but rather "why do we need a passwordless future" and "what's the problem with passwords in the first place"?
I mean, I might be wrong of course, but I seriously don't get it.
In the end of this post, I will provide my own method of generating passwords and writing them down. It's simple and effective.
BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit mostly Linux operating systems. It's undetected by firewalls and goes unnoticed by most detection systems — so unnoticed that it's been a work in progress over the last five years, going through various phases of development and complexity.
A new Linux rootkit malware named ‘Syslogk’ is being used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.
The malware is currently under heavy development, and its authors appear to base their project on Adore-Ng, an old open-source rootkit.
Russia sure is busy these days. While launching a full-scale invasion of neighboring Ukraine the country's space authorities are worried their new space station might someday get contaminated with germs.
According to Wednesday's Newsweek report, plans for the Russian Orbital Space Station (ROSS) are still in motion, and it's possible that Roscosmos, the country's equivalent of NASA, could simply detach its modules from the International Space Station and run them separately.
There's a big problem with that plan, though, according to a top Russian scientist.
"Using the ISS modules will lead to the transfer of the microbiota to the new modules, will accelerate the process of their biocontamination," Director of the Institute of Biomedical Problems of the Russian Academy of Sciences Oleg Orlov said in a state-run press release.
In connection with Whitney Webb’s upcoming book on the Jeffrey Epstein scandal, One Nation Under Blackmail, Unlimited Hangout filed a Freedom of Information request asking UK law enforcement and the Ministry of Defence the identity of two sitting US senators who were present at Foxcote House in North Warwickshire, UK on September 1, 2002. UH contributor Johnny Vedmore had previously obtained information from eyewitnesses of that meeting that, not only were two US Senators present at that location that day, but that Metropolitan Police officers had supplied security for the meeting. The FOI request was filed to Metropolitan Police, the UK Ministry of Defence and North Warwickshire Police and only a response from the Metropolitan Police was received.
The motive for UH’s FOI request is as follows. It is known that Jeffrey Epstein, as attested to by Epstein’s flight logs, was present in this part of the UK during this same period (from August 31, 2002 to September 2, 2002) and eyewitnesses saw him attend this specific meeting at this location with two attractive and glamorously dressed women on each arm. One of these women was Nicole Junkermann, a former model and apparent intelligence asset as revealed in Vedmore’s previous investigative work. The other woman was described by eyewitnesses as a tall brunette. Per those eyewitness accounts, Epstein personally escorted the two women into the room where the two senators were waiting.
I recently discovered that my ISP was blocking the domain 'rt.com'. This is the domain of a 'sanctioned' media company, Russia Today. Prior to Russia invading Ukraine, this was a mainstream news source.
As it turns out, the UK government proposed and passed a law to sanction this company within 2 days. ISPs interpretation of the law was that they had to block the domain. This was the minimum they could do to comply.
Even looking to Andrews & Arnold's RevK, someone who has fiercly fought government wrongness and stupidity, gives us no solace...
[...]
The level of 'meh' on this development has kind of shocked me. DNS is a fundamental aspect of the Internet. It's one thing to self-censor (e.g. content-blocking) as an informed choice, but it's quite another to enshrine censorship into law.
What are the true costs of digital utopia, the most powerful weapon of mass seduction in the expanding arsenal of techno-capitalism? The usual answers – the loss of privacy, the rise of fake news, the risks of cyberwarfare – are, of course, not wrong. But, in staying on the surface, they invariably miss the deeper shifts and transformations that are not immediate and whose effects cannot be directly and explicitly linked to the machinations of Mark Zuckerberg or Elon Musk.
The lie that nurtures the utopian myth behind techno-capitalism is that there is only one way to do “big data” or “artificial intelligence” or “cloud computing” – and that this way has already been discovered and perfected in Silicon Valley. The benefits are too numerous and obvious to be even discussed explicitly; a mere invocation of a regularity like Moore’s law often suffices. The numbers go up – and this means “progress.” As for the costs, those could be carefully accounted for, and, when we are lucky, mitigated.
Google has agreed to pay $118 million to settle a lawsuit first launched in 2017 over gender-based wage discrimination, The Wall Street Journal has reported. Three former female employees accused Google of segregating women into lower paying jobs that curbed advancement, while similarly-qualified men didn't face those obstacles.
The lawsuit was expanded to class-action status in 2021 and the settlement covers around 15,500 female employees who worked in Google's California offices after September 2013. It includes a clause that independent experts must review Google's hiring practices and pay-equity studies, according to the law office representing the plaintiffs. However, Google admitted no wrongdoing as part of the deal.
Googling “abortion clinic near me” or “abortion pill” in several U.S. states yields misleading results, according to a new report from the non-profit Center for Countering Digital Hate (CCDH).
Ohio Attorney General Dave Yost has filed a lawsuit asking a court to declare Google a public utility that should be regulated as such. “Google uses its dominance of internet search to steer Ohioans to Google’s own products – that’s discriminatory and anti-competitive,” Yost said in a statement. “When you own the railroad or the electric company or the cellphone tower, you have to treat everyone the same and give everybody access.” The lawsuit, filed in Delaware County Common Pleas Court, is believed to be the first of its kind, Yost’s office said.
Honestly I really like Gemini, it's a lot like HTTP but lacks a bunch of unnecessary cruft. It's designed for one purpose: transferring plain text between computers on the internet- and in my humble opinion it achieves that goal perfectly.
This is one of the strangest things I have seen in a very long time, and I am saying this as a Zimbabwean who is accustomed to the weird and wonderful that is thrown our way regularly. According to Cloudflare Sudan shut down its internet, over the weekend, to spot students from cheating during exams.