From an ancient post I previously did…I need to refresh my mind on this topic often enough thought it worthy of breaking it out. How Linux systems figure out what program should open a file Programs that handle arbitrary files (e.g. web browsers, irc clients, file managers) delegate to a general purpose resource handler. XDG MIME Applications is the ubiquitous option here, and is not only an implementation, but a full blown specification. ...
I’m moving lots of my machines back to Debian in the yearning for rock solid stability and a complete distribution that just works. Debian was the first GNU/Linux I ever used as a teenager back in late 90s and I’ve fond memories of it. Starting with the official amd64 install guide. Preparation Make USB key I quickly discovered I want the image that includes proprietary firmware, so I can get my (nasty) wifi card working as quickly as possible. ...
The next step in my minimalist computing journey. Enter Gentoo, my first source based GNU/Linux distro. Pre-packaged binaries, which is the approach most other (binary based) distros take, must often cater for the lowest common denominator to ensure packages can run on lots of differing setups out in the wild. On a source based distro, I can articulate my specific needs (USE flags on Gentoo) to finely tune the binaries to my system. For example, as I plan to steer clear of software like systemd, kde and gnome, I can ensure support for these packages is NOT built into other program binaries I build for my system. ...
The Kernel Virtual Machine is a hypervisor for Linux on hardware with virtualization extensions (Intel VT or AMD-V). It is deployed as a loadable kernel modules, kvm.ko, and either kvm-intel.ko or kvm-amd.ko. The KVM Debian Wiki rocks, and provides details on the basics including a great performance tuning section. Install Administration tasks User specific vs system wide VMs List VMs Start VM Shutdown VM Murder (hung) VM Autostart default NATed bridged network What if the default network interface is not listed How to extend / increase a partition Use network ISO source for new VMs Windows VM disk driver Install Easy instructions to get QEMU/KVM and virt-manager up and running on Arch. ...
The name Kubernetes originates from Greek, meaning helmsman or pilot. Terminology Essentials Help Bash kubectl completion Web UI dashboard Pods Creating a pod Option 1: Imperatively with the CLI Option 2: Declaratively with YAML Port forwarding Managing pods Pod Health Deployments and ReplicaSets ReplicaSet Deployment Deployments with kubectl Deployment Options Rolling updates Blue Green Canary Rollbacks StatefulSets Services Service Types Port forwarding take 2 Services YAML NodePort example ExternalName example Testing Service and Pod with curl Storage Volumes Volume Types Viewing a Pods volumes emptyDir volume example PeristentVolumes and PeristentVolumesClaims StorageClasses Managing configuration with ConfigMaps and Secrets Defining ConfigMaps Consuming ConfigMaps Secrets Secret best practices Storing Secrets Using Secrets Secrets as environment variables Secrets as files Troubleshooting Logs Configuration verification Shell into Pod container The API General kubectl Waaay cool Samples node.js app microk8s Shell improvements PersistentVolume storage location Resources Terminology k8s is two concepts; the control plane and nodes. ...
Updated 2022-04-11: Installed a minimal version of Manjaro, a SLICK flavour of Arch The pinebook pro is a beautiful 64-bit ARM based laptop, that reminds me of the form factor of a modern macbook air, shipping with a premium magnesium alloy shell, 64GB eMMC and a 10,000 mAH battery. All this for $200. As a NIX machine, I’ve found Manjaro to be delightful. I have dreams of one day installing OpenBSD. ...
The sequence of tasks undertaken that make digital signatures possible. This does have a slight XML flavour to it. A digital signature is a mathematical scheme for verifying the authenticity of digital messages. The concept of digital signature completely hinges on assymetric cryptography (such as DSA or RSA). To validate a signature First the message can be normalised, and in the case of XML will use something like the “Exclusive XML Canonicalization” (XML-C14N), so we’re comparing apples with apples. This will disgard things like usage of white space. Using the normalised representation, compute a hash (e.g. SHA1) of the timestamp (contained WS-Security header) and entire message payload (the SOAP body). Using the public key from the partner organisation certificate, RSA decrypt the hash computed by partner organisation. If the two hashes are identical, we know the message has not been tampered with. (optional) Validate the timestamp (TTL) defined by partner organisation (typically 7 minutes from the original transmission time by the sender). To mitigate possible damage caused by replay attacks. To create a signature Wraps the response message in a SOAP envelope, which includes some WS-Security related headers including a timestamp. The timestamp is set to a configurable number of minutes (e.g. 10 minutes) in the future. Normalises the message using the “Exclusive XML Canonicalization” (XML-C14N) Using the normalised message form, compute a (e.g. SHA1) hash of the timestamp (WS-Security header) and entire response message payload (e.g. the SOAP body). Uses the private key of signing certificate, RSA signs the computed hash, and stores the result in the relevant security header (the SignatureValue header). The message is then delivered to partner organisation. For the above to work, there needs to be some established agreement as to the specific cipher suites and canonicalisation method used. This is all ...
After witnessing insane minimalism paired with a tiler (tiling window manager), knew it was my time to take the pilgrimage to Arch Linux. Some characteristics that make Arch unique: The Arch Way embody the principles behind Arch Linux; simplicity, modernity, pragmatism, user centrality and versatility. Forces one to build the system up by hand. This encourages you to question the role of each component of the system, and available options to satisfy that component (e.g. the terminal emulator). The result is a highly tailored and minimal system that meets precisely your needs. Practical and pragmatic documentation. The Arch Wiki is the gold standard when it comes to documentation. The Arch User Repository (AUR) is a treasure chest of pre-packaged useful recent software. Somehow every program I’ve ever needed has been available on AUR. Rolling upgrades. Arch was born in 2001, when Canadian programmer Judd Vinet, inspired by the elegance of systems such as Slackware and the BSD’s, set out to build his own distro based on a similar ethos. The first formal release, 0.1, dropped on March 11, 2002. ...
I’m a convert. This conference was incredible, with passionate presenters, excellent content with an amazing inclusive and friendly community vibe. Most sessions are available on YouTube. Things I am inspired to do post LCA 2018: Setup ctags with Vim. Think ‘go to definition’ for Vim, with support for 40+ langs. Specifically Exuberant Ctags and unite-tag. Play with more kernel syscalls (like ptrace). Signal processing and logic analyser lab and kit. More notes. Resume the nand2tetris journey, part 2. Use IRC more. Some CLI options Irssi BitchX WeeChat. And keybase. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can’t leak your files or be hacked. Always support and subscribe to lwn.net. Look into supporting the Software Conservancy Foundation (SCF) Pick up some new langs; go and rust seem to be current shiny. I met a number of kernel developers. Find out a bit more about what they do through the offical MAINTAINERS file. Yubikey or Nitrokey, start using. Open source physical USB device to enable secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware (such as computer viruses) and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. Linux Device Drivers book now maintained by Jonathan Corbet (executive editor at lwn.net), start reading, and create drivers, the gateway drug to the kernel. Time to refresh handle, bio, and CV. Checkout TaskWarrior, a CLI for managing tasks. Consider using more compact unique IDs such as Twitters snowflake e.g. 12738165059 Use more state machines. Study The Architecture of Open Source Applications. Some of the sessions I got to attend. ...
Born in 2008, LXC (pronouced lexy) is a userspace interface for the Linux kernel containment features, that enables the creation and management of application containers. LXC leverages a number of kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles Seccomp policies Chroots (using pivot_root) Kernel capabilities CGroups (control groups) LXC containers are often considered as something in between a chroot and a full blown VM. The goal of LXC is to create an environment as close as possible to a standard Linux installation, without the need for a separate kernel. ...