today's howtos

• Notes on running containers with bubblewrap

  Hello! About a year ago I got mad about Docker container startup time. This was because I was building an nginx playground where I was starting a new “container” on every HTTP request, and so for it to feel reasonably snappy, nginx needed to start quickly. Also, I was running this project on a pretty small cloud machine (256MB RAM), a small CPU, so I really wanted to avoid unnecessary overhead. I’ve been looking for a way to run containers faster since then, but I couldn’t find one until last week when I discovered bubblewrap!! It’s very fast and I think it’s super cool, but I also ran into a bunch of fun problems that I wanted to write down for my future self.

• Fix: Why Isn’t Linux Detecting My Wi-Fi Adapter?

  Historically, Linux has had a somewhat strained relationship with Wi-Fi cards. In recent years, the situation has changed considerably—and for the better—but it is still possible to boot into your new Linux installation and get that sinking feeling when you realize you’ve got no Wi-Fi. Installation routines are very good at identifying the various components of the target computer and configuring itself to work with that hardware. But problems can still happen. Troubleshooting hardware issues is difficult, especially if the only computer you have on hand is the broken device. Obviously, not everything presented here will be applicable to all cases. But hopefully, something below will either fix your issue or point you in the right direction.

• Open-sourced tool speeds up Linux scripts via parallelization | Network World

  MIT has open-sourced pa.sh (also called pash), a tool that can dramatically speed up Linux scripts by using parallelization, saving time and without risk of introducing errors. The process of parallelization first examines a script for code that can be run separately and independently, so not all scripts can benefit from the tool. But when pa.sh does find portions that can run independently, it runs them in parallel on separate CPUs. It also uses other techniques to get the code to run faster. Below is a demonstration I ran on my home Fedora box, first running a script on its own and then again using pa.sh. Note that this script was provided with the pa.sh tool and lends itself to parallelization. It’s not nearly as demanding as scripts that might process gigabytes of data in a scientific or artificial-intelligence lab, so the results are not dramatic.

• [GSoC 2022] ARM port and device tree support Phase 1

  The following will show how to compile haiku on osx and run it on qemu (my version: hrev56168)

• Building in Kubernetes Using Tekton

  Continuous integration/continuous delivery (CI/CD) principles offer multiple benefits to software organizations, including faster time to market, higher-quality code, and simpler and faster fault isolation. Applications built using CI/CD pipeline best practices tend to see a huge increase in users over time, necessitating a migration from a large codebase and low-scalability monolithic architecture to a more manageable and efficient microservice architecture. Kubernetes is one of the most popular platforms for automating the management, deployment, and scaling processes of microservice applications. Because Kubernetes is complex, though, a framework can help developers and operations teams use the platform to follow CI/CD practices in building applications. This is where Tekton comes in.

• Hetzner cloud and DragonFly

  When you are setting up a DragonFly machine on Hetzner, pay attention to this bug report for dhcp setup. The short answer is “use dhcpcd”.

Security Leftovers

• Tencent admits to poisoned QR code attack on QQ account

• Sysdig Adds Ability to Make Container Runtimes Immutable - Container Journal

  Sysdig today added a Drift Control capability to its container security platform that makes it possible to lock down runtime environments. Daniella Pontes, senior manager for product marketing at Sysdig, says IT teams can now maintain immutable instances of runtimes in production environments that can’t be modified. At the same time, Sysdig says it is partnering with Proofpoint to make threat intelligence feeds available to IT teams that have deployed its container security platform. The Sysdig container platform is built on Falco, an open source container runtime security platform that is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).

• Best ways to incorporate security into the software development life cycle

  The software development life cycle is not a one-off process that software developers can implement in a linear form. Instead, there are phases of the SDLC that intertwine into many loops where thorough checks are carried out to ensure the proper outcome of the software. However, it’s not just enough to loop through the phases of SDLC without the proper integration of security checks in each phase. So, what, then, makes a secure software development life cycle?

• CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks [Ed: Well, CISA and the media also downplay all the actively-exploited holes in Windows]

  The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks. The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by other Linux distributions. PwnKit has been described as a memory corruption issue that can be exploited for privilege escalation — it allows any unprivileged local user to elevate permissions to root.

Raspberry Pi Restores Guitar Amp, Complete With Effects

Restoring old hardware is always more fun when you can throw in a Raspberry Pi. This project, created by maker and developer David Silverman, does just that, using a Pi to power an old Vox guitar amplifier. Not only does it work as an amplifier, it also has a few special effects thrown in to create custom sounds. This Pi-powered guitar amp system is housed inside the cabinet of an old Vox amplifier that, according to Silverman, is no longer working. A Pi 3B+ brings back the original functionality, with the help of a class D amplifier and some custom Python scripts created by Silverman himself. The case has been modified to house the Pi and features panels with port access, as well as knobs for the effects array. Also: Lilbits: Anbernic Win600 (handheld gaming PC), PineNote (Linux-friendly E Ink tablet), Firefox 102 and Chrome OS 103 - Liliputing

Help others find free software: Watch and share Escape to Freedom

"Escape to Freedom" is a new animated video from the Free Software Foundation (FSF), giving an introduction to the concepts behind software freedom: both what we gain by having it, and what rights are at stake. Join our lead freedom-seeker, Zara, as she learns the importance of free software, and guides herself through the labyrinth of challenges posed to her by contemporary digital society, which offers the tempting allure of convenience in exchange for important rights. In search of freedom, she learns how to seize control of her own seemingly predetermined narrative and helps others do the same -- taking the ladder that leads to digital liberation step by step.