Buffer overflow in bootloader shim allows attackers to run code each time devices boot up. //

The risk of successful exploitation is mostly limited to extreme scenarios, as noted earlier. The one scenario where exploitation is most viable—when devices receive boot images over an unencrypted HTTP server—is one that should never happen in 2024 or the past decade, for that matter.

That said, the harm from successful exploitation is serious and is the reason for the severity rating of 9.8 out of a possible 10. People should install patches promptly once they become available.

You should avoid symlinks, it can make nasty bugs to appear... one day. And very hard to debug.

Use mount --bind:

# as root
cp -a /root /home/
echo "" >> /etc/fstab
echo "/home/root /root none defaults,bind 0 0" >> /etc/fstab

# do it now
cd / ; mv /root /root.old; mkdir /root; mount -a

it will be made at every reboots which you should do now if you want to catch errors soon ///

Better to use rsync -a /root /home/ instead of cp -a because cp will not copy hidden files.

I wish I had learned the things I have been learning in prison about talking through problems, and believing I can talk through problems and doing it, before I had married or joined the LKML. I hope that day when they teach these things in Elementary School comes.

I thank Richard Stallman for his inspiration, software, and great sacrifices,

It has been an honor to be of even passing value to the users of Linux. I wish all of you well.

These are called shell operators and yes, there are more of them. I will give a brief overview of the most common among the two major classes, control operators and redirection operators, and how they work with respect to the bash shell.

The world of Linux is a vast one. Everyone in the tech world has at least come in contact with Linux, but not always FreeBSD. Join us on a journey of discovery from Linux to FreeBSD

When it comes to choosing a firewall technology for your operating system, the options can be overwhelming. This is particularly true for Linux and FreeBSD, which offer multiple choices. In this article, we’ll take a closer look at four of the most popular firewall options for both systems: iptables, nftables, ipfw, and pf, to help you make an informed decision.

So here’s our contribution to the effort, this article is essentially your four-way comparison of iptables, nftables, IPFW and PF 

Extended Long Term Support for Debian
Freexian extends security support for old Debian releases up to 10 years, albeit only on the subset of packages used by the customers of this service. Click here to learn more.

The Linux Foundation has released their 2023 Annual Report... and it is an absolute doozy.

The first big headline?

As of 2023, The Linux Foundation now spends just 2% -- that's two percent -- of their revenue on their namesake: The Linux Kernel. //

Your eyes do not deceive you.

1. Linux : 2%
2. Blockchain : 4%
3. A.I. : 12%

While it's true that The Linux Foundaiton continues to grow substantially -- now bringing in over a quarter of a Billion dollars per year (seriously) -- the total amount spent on the Linux kernel dropped roughly $400,000 in 2023. (Not surprising as The Lunduke Journal previously pointed out that lowering the total support of Linux appeared to be the goal.)

Linux doesn't have to be for nerds only.

• sl: Full Steam Ahead
• CMatrix: Enter the Matrix
• aafire: ASCII Art Fireworks
• oneko: A Playful Desktop Pet
• xeyes: Watch the Eyeballs
• espeak: Let Your Computer Speak Up
• yes: The Ultimate Affirmation
• rig: Generate Virtual Identities
• asciiquarium: Under the Sea
• toilet: Text Art Banners
• Toying With the Linux Terminal

A dispute between a prominent open-source developer and the maker of software used to manage Linux kernel development has forced Linux creator Linus Torvalds to embark on a new software project of his own. The new effort, called "git," began last week after a licensing dispute forced Torvalds to abandon the proprietary BitKeeper software he had used since 2002 to manage Linux kernel development.

The conflict touches on the difference between open-source developers who view Linux's open, collaborative approach as a technically superior way to build software and advocates of free software who see the ability to access and change source code as fundamental freedom.

As a result of the dispute, Torvalds is now working with other Linux developers to create software that can quickly make changes to 17,000 files that make up the Linux kernel, the central component of the Linux operating system. "Git, to some degree, was designed on the principle that everything you ever do on a daily basis should take less than a second," Torvalds said in an e-mail interview.

Reproducible
Nix builds packages in isolation from each other. This ensures that they are reproducible and don't have undeclared dependencies, so if a package works on one machine, it will also work on another.

Declarative
Nix makes it trivial to share development and build environments for your projects, regardless of what programming languages and tools you’re using.

Reliable
Nix ensures that installing or upgrading one package cannot break other packages. It allows you to roll back to previous versions, and ensures that no package is in an inconsistent state during an upgrade.

Use the -prune primary. For example, if you want to exclude ./misc:

 find . -path ./misc -prune -o -name '*.txt' -print

To exclude multiple directories, OR them between parentheses.

 find . -type d \( -path ./dir1 -o -path ./dir2 -o -path ./dir3 \) -prune -o -name '*.txt' -print

And, to exclude directories with a specific name at any level, use the -name primary instead of -path.

 find . -type d -name node_modules -prune -o -name '*.json' -print

This didn't work for me until I prefixed my local path wih ./, e.g. ./name. This distinction for find might not be obvious to the occasional find user. – sebkraemer

There is clearly some confusion here as to what the preferred syntax for skipping a directory should be.

GNU Opinion

To ignore a directory and the files under it, use -prune

From the GNU find man page

Reasoning

-prune stops find from descending into a directory. Just specifying -not -path will still descend into the skipped directory, but -not -path will be false whenever find tests each file.

Issues with -prune

-prune does what it's intended to, but are still some things you have to take care of when using it.

1. find prints the pruned directory.

• TRUE That's intended behavior, it just doesn't descend into it. To avoid printing the directory altogether, use a syntax that logically omits it.

  2. -prune only works with -print and no other actions.

• NOT TRUE. -prune works with any action except -delete. Why doesn't it work with delete? For -delete to work, find needs to traverse the directory in DFS order, since -delete will first delete the leaves, then the parents of the leaves, etc... But for specifying -prune to make sense, find needs to hit a directory and stop descending it, which clearly makes no sense with -depth or -delete on.

///
My example:

  find -s . -path "./C*" -prune -o -name '*' -type d -maxdepth 2 -print

Q:

For example, suppose I want to ls all files that are not js. Probably I would do:

ls ! *.js

But I get errors for my ! operator.

How can I execute mv, rm, and any other operations with the not (!) operator?

A:

In the bash shell, you should enable extglob and run ls !(*.js).

Example:

 $ touch file.js file.txt
 $ shopt -s extglob
 $ ls  !(*.js)
 file.txt

You need to add it to your ~/.bashrc if you want to set it permanently.

The ls(1) command is pretty good at showing you the attributes of a single file (at least in some cases), but when you ask it for a list of files, there's a huge problem: Unix allows almost any character in a filename, including whitespace, newlines, commas, pipe symbols, and pretty much anything else you'd ever try to use as a delimiter except NUL. There are proposals to try and "fix" this within POSIX, but they won't help in dealing with the current situation (see also how to deal with filenames correctly). In its default mode, if standard output isn't a terminal, ls separates filenames with newlines. This is fine until you have a file with a newline in its name. Since very few implementations of ls allow you to terminate filenames with NUL characters instead of newlines, this leaves us unable to get a list of filenames safely with ls -- at least, not portably.

standard Linux filesystem layout

If you’ve spent any time around UNIX, you’ve no doubt learned to use and appreciate cron, the ubiquitous job scheduler that comes with almost every version of UNIX that exists. Cron is simple and easy to use, and most important, it just works. It sure beats having to remember to run your backups by hand, for example.

But cron does have its limits. Today’s enterprises are larger, more interdependent, and more interconnected than ever before, and cron just hasn’t kept up. These days, virtual servers can spring into existence on demand. There are accounting jobs that have to run after billing jobs have completed, but before the backups run.

Author : Sol Lederman

What Is a Container and How Are Containers Used? A starting point for an exploration of containers and how they’re used is this simple definition: a container is a packaging format for a unit of software that ships together.

A container is a format that encapsulates a set of software and its dependencies, the minimal set of runtime resources the software needs to do its function. A container is a form of virtualization that is similar to a virtual machine (VM) in some ways and different in others. VMs encapsulate functionality in the form of the application platform and its dependencies. The key difference between VMs and containers is that each VM has its own full-sized OS, while containers typically have a more minimal OS.

Author : Greg Bledsoe

“If you build it they will come.” Are freeways built to travel between existing communities, or do communities spring up around freeways? Is this a chicken-and-egg problem, or is there a complex interaction where such things shape each other?

The use of UNIX and Linux security tools raises similar questions. Do people work the way they do because of the tools they have, or do people have the tools they have because of the way they work?

Author: Kyle Rankin

This book explores system administrator fundamentals. These days, DevOps has made even the job title “system administrator” seem a bit archaic, much like the “systems analyst” title it replaced. These DevOps positions are rather different from typical sysadmin jobs in the past in that they have a much larger emphasis on software development far beyond basic shell scripting. As a result, they often are filled with people with software development backgrounds without much prior sys- admin experience. In the past, sysadmins would enter the role at a junior level and be mentored by a senior sysadmin on the team, but in many cases currently, companies go quite a while with cloud outsourcing before their first DevOps hire. As a result, DevOps engineers might be thrust into the role at a junior level with no mentor around apart from search engines and Stack Overflow posts. In this book, I expound on some of the lessons I’ve learned through the years that might be obvious to longtime sysadmins but may be news to someone just coming into this position.

Download PDF

Most filesystems do not maintain a directory of where the hardlinks to a file (or more precisely, to an indode) are.

So you'll have to scan the whole filesystem to find all hardlinks. You can do this using
find -inum <inode number>