Plural
https://www.smbc-comics.com/comic/plural-2 [www.smbc-comics.com]
2025-05-04 20:31
gif files
The plural is gives. It’s like shelves or elves.
tag: admin
Plural
https://www.smbc-comics.com/comic/plural-2 [www.smbc-comics.com]
2025-05-04 20:31
gif files
The plural is gives. It’s like shelves or elves.
FediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands
https://it-notes.dragas.net/2025/02/26/fedimeteo-how-a-tiny-freebsd-vps-became-a-global-weather-service-for-thousands/ [it-notes.dragas.net]
2025-04-23 05:11
This article, although in some parts very conversational, aims to demonstrate how it’s possible to build solid, valid, and efficient solutions without the need to use expensive and complex services. Moreover, this is the demonstration of how it’s possible to have your online presence without the need to put your data in the hands of third parties or without necessarily having to resort to complex stacks. Sometimes, less is more.
source: Dfly
Better Shell History Search
https://tratt.net/laurie/blog/2025/better_shell_history_search.html [tratt.net]
2025-03-28 06:12
Using Ctrl-r and fzf roughly doubled my efficiency in the shell overnight. Interestingly, it had an even greater long term effect: I became a more ambitious user of shell commands because I knew I could outsource my memory to fzf. For example, since it’s now very easy to recall past commands, I no longer set global environment variables, which had previously caused me grief when I forgot about them. Now I set environment variables on a per-command basis, knowing that I can recall them with Ctrl-r and fzf.
source: HN
Jeffrey Snover and the Making of PowerShell
https://corecursive.com/building-powershell-with-jeffrey-snover/ [corecursive.com]
2024-07-04 23:31
What if you had to fight against your company’s culture to bring a revolutionary tool to life? Meet Jeffrey Snover, the Microsoft architect behind PowerShell, a command tool that transformed Windows system administration. Initially met with skepticism, Snover’s idea faced resistance from a company that favored graphical interfaces.
source: HN
A tale of /dev/fd
http://phala.isatty.net/~amber/hacks/devfd [phala.isatty.net]
2023-10-22 23:08
Many versions of Unix provide a /dev/fd directory to work with open file handles as if they were regular files. As usual, the devil is in the details.
source: L
Epyc 7002 CPUs may hang after 1042 days of uptime
https://old.reddit.com/r/sysadmin/comments/13wmowy/psa_epyc_7002_cpus_may_hang_after_1042_days_of/ [old.reddit.com]
2023-06-01 18:27
Note that your server will almost definitely hang, requiring a physical (or IPMI) reboot, because no interrupts, including NMIs, can be delivered to the zombie cores: this means no scheduler, no IPIs, nothing will work.
source: HN
Feeds, updates, 200s, 304s, and now 429s
http://rachelbythebay.com/w/2023/01/18/http/ [rachelbythebay.com]
2023-01-20 22:05
The carrot basically is: if you have a well-behaved feed reader, you will continue to be able to discover a new post on my feed in a reasonable amount of time. This is most people. Most people do it right. Thank you for that.
The stick is: if you do not, you will not. It will take considerably longer to notice something’s different out here.
What goes into an X resource and its name
https://utcc.utoronto.ca/~cks/space/blog/unix/XResourcesNaming [utcc.utoronto.ca]
2022-04-19 03:28
Most people who deal with X resources, me included, generally deal with them at a relatively superficial level. At this level, you can say that X resources are a text based key/value database, with the name (key) of every resource being a composite name that specifies both its program and some program specific name (although there are conventions for the name portion). But if you start to look at the actual names for X resources, things start looking a little more odd.
Into the rabbit hole.
Also: https://utcc.utoronto.ca/~cks/space/blog/unix/XResourcesFailure
One of the problems with X resources is that they’re arcane and hard to manage.
How I'm Using SNI Proxying and IPv6 to Share Port 443 Between Webapps
https://www.agwa.name/blog/post/using_sni_proxying_and_ipv6_to_share_port_443 [www.agwa.name]
2022-04-16 05:33
I’ve written about SNI proxying before, but in a nutshell: a proxy server can use the first message in a TLS connection (the Client Hello message, which is unencrypted and contains the server name (SNI) that the client wants to connect to) to decide where to route the connection.
source: L
SSH and User-mode IP WireGuard
https://fly.io/blog/ssh-and-user-mode-ip-wireguard/ [fly.io]
2021-03-12 03:23
For a couple hundred lines of code (not counting the entire user-mode Linux you’ll be pulling in from gVisor, HEY! Dependencies! What are you gonna do!) you can bring up a new, cryptographically authenticated network, any time you want to, in practically any program.
There really are some fun libraries out there if you want to build something crazy.
source: HN
XTerm: It's Better Than You Thought
https://aduros.com/blog/xterm-its-better-than-you-thought/ [aduros.com]
2021-01-18 01:49
Some useful config options showing off flexibility beyond the basics.
source: Dfly
How to make Bash fail badly on Ubuntu 16.04 by typo'ing a command name
https://utcc.utoronto.ca/~cks/space/blog/linux/BashNotFoundHang [utcc.utoronto.ca]
2021-01-14 06:29
The simple thing to say about this is that it only happens on Ubuntu 16.04, not on 18.04 or 20.04, and it happens because Ubuntu’s normal /etc/bash.bashrc defines a command_not_found_handle function that winds up running a helper program to produce this ‘did you mean’ report. The helper program comes from the command-not-found package, which is installed because it’s Recommended by ubuntu-standard.
Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html [googleprojectzero.blogspot.com]
2021-01-13 07:29
This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild.
At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could provide invaluable insight into exploitation techniques and design decisions made by real-world attackers. In addition, we believe there to be a gap in the security community’s ability to detect 0-day exploits.
Chrome: Infinity Bug - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Chrome Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
Android Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Android Post-Exploitation - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Windows Exploits - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
Ok Google: please publish your DKIM secret keys
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/ [blog.cryptographyengineering.com]
2020-12-11 06:27
This post is about the situation with Domain Keys Identified Mail (DKIM), a harmless little spam protocol that has somehow become a monster. My request is simple and can be summarized as follows: Dear Google: would you mind rotating and publishing your DKIM secret keys on a periodic basis? This would make the entire Internet quite a bit more secure, by removing a strong incentive for criminals to steal and leak emails. The fix would cost you basically nothing, and would remove a powerful tool from hands of thieves.
source: green
Never Run ‘python’ In Your Downloads Folder
https://glyph.twistedmatrix.com/2020/08/never-run-python-in-your-downloads-folder.html [glyph.twistedmatrix.com]
2020-08-24 16:29
Python can execute code. Make sure it executes only the code you want it to.
Not exclusive to python either.
source: L
How CDNs Generate Certificates
https://fly.io/blog/how-cdns-generate-certificates/ [fly.io]
2020-07-01 01:06
Obviously, to do stuff like this, you need to generate certificates. The reasonable way to do that in 2020 is with LetsEncrypt. We do that for our users automatically, but “it just works” makes for a pretty boring writeup, so let’s see how complicated and meandering I can make this.
It’s time to talk about certificate infrastructure.
source: L
Classic ThinkPad Thermal Paste Change
https://vermaden.wordpress.com/2020/06/30/classic-thinkpad-thermal-paste-change/ [vermaden.wordpress.com]
2020-07-01 00:50
Those who know me know that I am a bit fan of the oldschool Lenovo ThinkPad laptops with real 7-row keyboards. I own several *20 models from 2011 including W520, T420s and X220 ones. They still rock when it comes to ‘laptop computing’ and they are dirt cheap on any auction platform. They only got one flaw … that thermal compound on CPU (and sometimes GPU) gets older a lot faster then these laptops.
source: vermaden
Fakecracker: NetBSD as a Function Based MicroVM
https://imil.net/blog/posts/2020/fakecracker-netbsd-as-a-function-based-microvm/ [imil.net]
2020-06-18 19:13
This is fun and all, but we can’t really talk about security only with chroot, and the Firecracker solution seemed about right for this matter, yet the overall NetBSD boot process was a bit too long for my taste. So how exactly can we significantly improve NetBSD‘s boot speed?
source: L
Fixing the Breakage from the AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration [www.agwa.name]
2020-05-30 21:52
A lot of stuff on the Internet is currently broken on account of a Sectigo root certificate expiring at 10:48:38 UTC today. Generally speaking, this is affecting older, non-browser clients (notably OpenSSL 1.0.x) which talk to TLS servers which serve a Sectigo certificate chain ending in the expired certificate. See also this Twitter thread by Ryan Sleevi.
https://twitter.com/sleevi_/status/1266647545675210753
source: HN
ZFS versus RAID: Eight Ironwolf disks, two filesystems, one winner
https://arstechnica.com/gadgets/2020/05/zfs-versus-raid-eight-ironwolf-disks-two-filesystems-one-winner/ [arstechnica.com]
2020-05-18 19:32