Linux

The Kernel Virtual Machine is a hypervisor for Linux on hardware with virtualization extensions (Intel VT or AMD-V). It is deployed as a loadable kernel modules, kvm.ko, and either kvm-intel.ko or kvm-amd.ko. The KVM Debian Wiki rocks, and provides details on the basics including a great performance tuning section. Install Administration tasks User specific vs system wide VMs List VMs Start VM Shutdown VM Murder (hung) VM Autostart default NATed bridged network What if the default network interface is not listed How to extend / increase a partition Use network ISO source for new VMs Windows VM disk driver Install Easy instructions to get QEMU/KVM and virt-manager up and running on Arch. ...

Updated 2022-04-11: Installed a minimal version of Manjaro, a SLICK flavour of Arch The pinebook pro is a beautiful 64-bit ARM based laptop, that reminds me of the form factor of a modern macbook air, shipping with a premium magnesium alloy shell, 64GB eMMC and a 10,000 mAH battery. All this for $200. As a NIX machine, I’ve found Manjaro to be delightful. I have dreams of one day installing OpenBSD. ...

The sequence of tasks undertaken that make digital signatures possible. This does have a slight XML flavour to it. A digital signature is a mathematical scheme for verifying the authenticity of digital messages. The concept of digital signature completely hinges on assymetric cryptography (such as DSA or RSA). To validate a signature First the message can be normalised, and in the case of XML will use something like the “Exclusive XML Canonicalization” (XML-C14N), so we’re comparing apples with apples. This will disgard things like usage of white space. Using the normalised representation, compute a hash (e.g. SHA1) of the timestamp (contained WS-Security header) and entire message payload (the SOAP body). Using the public key from the partner organisation certificate, RSA decrypt the hash computed by partner organisation. If the two hashes are identical, we know the message has not been tampered with. (optional) Validate the timestamp (TTL) defined by partner organisation (typically 7 minutes from the original transmission time by the sender). To mitigate possible damage caused by replay attacks. To create a signature Wraps the response message in a SOAP envelope, which includes some WS-Security related headers including a timestamp. The timestamp is set to a configurable number of minutes (e.g. 10 minutes) in the future. Normalises the message using the “Exclusive XML Canonicalization” (XML-C14N) Using the normalised message form, compute a (e.g. SHA1) hash of the timestamp (WS-Security header) and entire response message payload (e.g. the SOAP body). Uses the private key of signing certificate, RSA signs the computed hash, and stores the result in the relevant security header (the SignatureValue header). The message is then delivered to partner organisation. For the above to work, there needs to be some established agreement as to the specific cipher suites and canonicalisation method used. This is all ...

I’m a convert. This conference was incredible, with passionate presenters, excellent content with an amazing inclusive and friendly community vibe. Most sessions are available on YouTube. Things I am inspired to do post LCA 2018: Setup ctags with Vim. Think ‘go to definition’ for Vim, with support for 40+ langs. Specifically Exuberant Ctags and unite-tag. Play with more kernel syscalls (like ptrace). Signal processing and logic analyser lab and kit. More notes. Resume the nand2tetris journey, part 2. Use IRC more. Some CLI options Irssi BitchX WeeChat. And keybase. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can’t leak your files or be hacked. Always support and subscribe to lwn.net. Look into supporting the Software Conservancy Foundation (SCF) Pick up some new langs; go and rust seem to be current shiny. I met a number of kernel developers. Find out a bit more about what they do through the offical MAINTAINERS file. Yubikey or Nitrokey, start using. Open source physical USB device to enable secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware (such as computer viruses) and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. Linux Device Drivers book now maintained by Jonathan Corbet (executive editor at lwn.net), start reading, and create drivers, the gateway drug to the kernel. Time to refresh handle, bio, and CV. Checkout TaskWarrior, a CLI for managing tasks. Consider using more compact unique IDs such as Twitters snowflake e.g. 12738165059 Use more state machines. Study The Architecture of Open Source Applications. Some of the sessions I got to attend. ...

Born in 2008, LXC (pronouced lexy) is a userspace interface for the Linux kernel containment features, that enables the creation and management of application containers. LXC leverages a number of kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles Seccomp policies Chroots (using pivot_root) Kernel capabilities CGroups (control groups) LXC containers are often considered as something in between a chroot and a full blown VM. The goal of LXC is to create an environment as close as possible to a standard Linux installation, without the need for a separate kernel. ...

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications. Automate in a language that approaches plain English, using SSH, with no agents to install on remote systems. With Ansible and its amazing module ecosystem, you describe what needs to be accomplished (i.e. declarative), rather than describing how to accomplish each step (i.e. imperative). ...

When something becomes messy in the software industry, we have the habit of tucking the problems away behind abstractions. To me Vagrant is simply an abstraction layer for working with a range of hypervisors (libvirt, VirtualBox, VMWare, Hyper-V, Docker and more), in a reliable and consistent manner. By articulating VM’s as a simple text based (Ruby) configuration file, a Vagrantfile, achieve greater simplicity, portability across systems, and consistency which could theoretically be used with any virtual environment running on top of any other system. ...

Partitioning Two popular partition schemes are used in the wild, MBR and GPT. MBR MBR, or Master Boot Record, often associated with BIOS, was introduced in 1983 with IBM PC DOS 2.0, is a special boot sector located at the beginning of a drive. This sector contains a boot loader (e.g GRUB), and details about the logical partitions. MBR supports drives upto 2TiB, and up to 4 primary partitions. # fdisk /dev/vda Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table Building a new DOS disklabel with disk identifier 0x9228f9b7. Command (m for help): m Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition g create a new empty GPT partition table G create an IRIX (SGI) partition table l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only) Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): Using default response p Partition number (1-4, default 1): First sector (2048-2097151, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151): +500M Partition 1 of type Linux and of size 500 MiB is set Command (m for help): l 0 Empty 24 NEC DOS 81 Minix / old Lin bf Solaris 1 FAT12 27 Hidden NTFS Win 82 Linux swap / So c1 DRDOS/sec (FAT- 2 XENIX root 39 Plan 9 83 Linux c4 DRDOS/sec (FAT- 3 XENIX usr 3c PartitionMagic 84 OS/2 hidden C: c6 DRDOS/sec (FAT- 4 FAT16 <32M 40 Venix 80286 85 Linux extended c7 Syrinx 5 Extended 41 PPC PReP Boot 86 NTFS volume set da Non-FS data 6 FAT16 42 SFS 87 NTFS volume set db CP/M / CTOS / . 7 HPFS/NTFS/exFAT 4d QNX4.x 88 Linux plaintext de Dell Utility 8 AIX 4e QNX4.x 2nd part 8e Linux LVM df BootIt 9 AIX bootable 4f QNX4.x 3rd part 93 Amoeba e1 DOS access a OS/2 Boot Manag 50 OnTrack DM 94 Amoeba BBT e3 DOS R/O b W95 FAT32 51 OnTrack DM6 Aux 9f BSD/OS e4 SpeedStor c W95 FAT32 (LBA) 52 CP/M a0 IBM Thinkpad hi eb BeOS fs e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a5 FreeBSD ee GPT f W95 Ext'd (LBA) 54 OnTrackDM6 a6 OpenBSD ef EFI (FAT-12/16/ 10 OPUS 55 EZ-Drive a7 NeXTSTEP f0 Linux/PA-RISC b 11 Hidden FAT12 56 Golden Bow a8 Darwin UFS f1 SpeedStor 12 Compaq diagnost 5c Priam Edisk a9 NetBSD f4 SpeedStor 14 Hidden FAT16 <3 61 SpeedStor ab Darwin boot f2 DOS secondary 16 Hidden FAT16 63 GNU HURD or Sys af HFS / HFS+ fb VMware VMFS 17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fc VMware VMKCORE 18 AST SmartSleep 65 Novell Netware b8 BSDI swap fd Linux raid auto 1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid fe LANstep 1c Hidden W95 FAT3 75 PC/IX be Solaris boot ff BBT 1e Hidden W95 FAT1 80 Old Minix Command (m for help): t Selected partition 1 Hex code (type L to list all codes): 83 Changed type of partition 'Linux' to 'Linux' Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. The partition is now available as a block device, below we now see /dev/vda1: ...

Cheatsheet ========================================== ========================================== INFORMATION LOGS ========================================== ========================================== systemctl journalctl list-dependencies -u <name> by service list-sockets -f follow live log list-jobs -k kernel messages list-unit-files -k kernel messages list-units -r reverse (newest first) get-default -o json format output --type=service --all -b -1 from previous boot -n 10 limit output lines (tail) ========================================== -S,--since e.g "2012-10-30 18:17:16" SERVICES -U,--until e.g. "10 min ago" ========================================== systemctl ========================================== stop <name> SYSTEM STATES start <name> ========================================== restart <name> reload <name> systemctl status <name> reboot reboot.target enable <name> poweroff poweroff.target disable <name> emergency emergency.target show <name> default default.target -H <host> status network

Kudos to afair for putting together this neat Tmux Cheat Sheet, which I’m addicted to at the moment. ========================================== ========================================== TMUX COMMAND WINDOW (TAB) ========================================== ========================================== List tmux ls List ^b w New -s <session> Create ^b c Attach att -t <session> Rename ^b , <name> Rename rename-session -t <old> <new> Last ^b l (lower-L) Kill kill-session -t <session> Close ^b & ========================================== Goto # ^b <0-9> CONTROLS Next ^b n ========================================== Previous ^b p Choose ^b w <name> Detach ^b d List ^b = ========================================== Buffer ^b <PgUpDn> PANE (SPLIT WINDOW) Command ^b : <command> ========================================== Copy ^b [ ... <space> ... <enter> Show # ^b q Moving vim/emacs key bindings Split Horiz ^b " -------- Start <space> Split Vert ^b % | Copy <enter> Pane->Window ^b ! Paste ^b ] Kill ^b x ========================================== Reorganize ^b <space> SESSION (Set of Windows) Expand ^b <alt><arrow> ========================================== Resize ^b ^<arrow> Resize x n ^b <n> <arrow> New ^b :new ^b :new -s <name> Rename ^b $ Select ^b <arrow> List ^b s Previous ^b { Next ^b ( Next ^b } Previous ^b ) Switch ^b o other Swap ^b ^o Last ^b ;