A celebration of the tweaks and customizations that make life easier at the CLI.
The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. The team patched the vulnerability in versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions had incorporated those fixes at the time the exploit was released.
A single script hacks all distros
The critical flaw, tracked as CVE-2026-31431 and the name CopyFail, is a local privilege escalation, a vulnerability class that allows unprivileged users to elevate themselves to administrators. CopyFail is particularly severe because it can be exploited with a single piece of exploit code—released in Wednesday’s disclosure—that works across all vulnerable distributions with no modification. With that, an attacker can, among other things, hack multi-tenant systems, break out of containers based on Kubernetes or other frameworks, and create malicious pull requests that pipe the exploit code through CI/CD work flows.
“‘Local privilege escalation’ sounds dry, so let me unpack it,” researcher Jorijn Schrijvershof wrote Thursday. “It means: an attacker who already has some way to run code on the machine, even as the most boring unprivileged user, can promote themselves to root. From there they can read every file, install backdoors, watch every process, and pivot to other systems.”
Intrusion prevention framework that bans malicious IPs.
Overview
Fail2ban is an intrusion prevention system written in Python that protects Linux and Unix web servers from brute-force attacks by monitoring log files and banning IP addresses that show suspicious activity. Originally developed by Cyril Jaquier in 2004, fail2ban works by parsing log files through regular expressions, identifying patterns that indicate malicious behavior like repeated failed login attempts, and automatically creating firewall rules to block offending IP addresses for specified time periods.
First, basic terminology:
- cron(8) is the daemon that executes scheduled commands.
- crontab(1) is the program used to modify user crontab(5) files.
- crontab(5) is a per user file that contains instructions for cron(8).
Next, education about cron:
Every user on a system may have their own crontab file. The location of the root and user crontab files are system dependant but they are generally below /var/spool/cron.
There is a system-wide /etc/crontab file, the /etc/cron.d directory may contain crontab fragments which are also read and actioned by cron. Some Linux distributions (eg, Red Hat) also have /etc/cron.{hourly,daily,weekly,monthly} which are directories, scripts inside which will be executed every hour/day/week/month, with root privilege.
root can always use the crontab command; regular users may or may not be granted access. When you edit the crontab file with the command crontab -e and save it, crond checks it for basic validity but does not guarantee your crontab file is correctly formed.
As a Linux server administrator, having a reliable email notification system in place is crucial. Whether you’re dealing with unattended upgrades, monitoring RAID arrays, or any other server-related alerts, getting quick notifications can make a world of difference. Here’s a quick guide to setting up sSMTP, a lightweight and straightforward alternative to postfix or other full-fledged mail transfer agents (MTAs).
Why sSMTP instead of postfix?
sSMTP is lightweight, easy to configure, and perfect for scenarios where you just need outgoing email functionality. It’s particularly well-suited for sending notifications from Linux servers without the overhead of a fully-fledged MTA like postfix.
Greg Kroah-Hartman can't explain the inflection point, but it's not slowing down or going away. //
No one is quite sure what's behind it. Asked what changed, Kroah-Hartman was blunt: "We don't know. Nobody seems to know why. Either a lot more tools got a lot better, or people started going, 'Hey, let's start looking at this.' It seems like lots of different groups, different companies." What is clear is the scale. "For the kernel, we can handle it," he said.
"We're a much larger team, very distributed, and our increase is real – and it's not slowing down. These are tiny things, they're not major things, but we need help on this for all the open source projects." Smaller projects, he implied, have far less capacity to absorb a sudden flood of plausible AI-generated bug reports and security findings – at least now they're real bugs and not garbage ones. //
The trick for Kroah-Hartman and his peers will be to keep AI as a force multiplier, without drowning the open source maintainers.
Ts'o, Hohndel and the man himself spill beans on how checks in the mail and GPL made it all possible
Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desireable to exorcize these evil spirits, and replace them with a nice, friendly daemon.
(More to the point, there are a number of dedicated server hosting companies which only offer Linux (or, in some cases, Linux and Windows); being able to remotely replace Linux with FreeBSD makes the (typically very low cost) offerings from these companies available to those who want to run FreeBSD.
I've put together some code for building a FreeBSD disk image which will boot into memory, configure the network, set a root password, and enable SSH. This can be used to "depenguinate" a Linux box, without requiring any access beyond a network connection.
The remainder of this page relates to the original (December 2003) version of my depenguinator. For a more recent version (which works with FreeBSD 7.0) see my blog post about my depenguinator version 2.0.
Users running a Linux system hardly pay attention to the underlying filesystem. In fact, during the installation of Linux, there’s a tendency to often go with the default filesystem listed without exploring other available options. For windows, things are a lot easier since NTFS is the dominant filesystem. With Linux, there are numerous filesystems at your disposal. These include the Ext4, XFS, ZFS, and BTRFS.
The most widely used filesystems are Ext4 and XFS, with the latter being the default filesystem in RHEL-based distros and Ext4 being the standard filesystem in Debian and Ubuntu distributions. When choosing a filesystem some of the factors that need to be considered include scalability, stability, and data integrity.
In this guide, we will focus on Ext4 and XFS filesystems and seek to understand the differences between these two.
If you see a message like this in your logs:
ext4 filesystem being mounted at /boot supports timestamps until 2038 (0x7fffffff)```it's an indication that your filesystem is not Y2k38-safe.
You can also check this manually using:
$ tune2fs -l /dev/sda1 | grep "Inode size:"
Inode size: 128where an inode size of 128 is insufficient beyond 2038 and an inode size of 256 is what you want.
The safest way to change this is to copy the contents of your partition to another ext4 partition:
...
An easier method (but caution):
e2fsck -f /dev/sda1 tune2fs -I 256 /dev/sda1
VoidLink includes an unusually broad and advanced array of capabilities.
Welcome to the Mirror Services infrastruction site by BOINC Team Belgium. On here, you will find software mirrors of various Linux® and UNIX®-like operating systems distributions. The mirrors sync once an hour (or once per 2 hours for ISO mirros) using rsync with a Tier 0 or Tier 1 mirror
I'd strongly suggest not to use find -L for the task (see below for explanation). Here are some other ways to do this:
If you want to use a "pure find" method, and assuming the GNU implementation of find, it should rather look like this:
find . -xtype l
(xtype is a test performed on a dereferenced link)
Just insert a disk and the TV starts playing three-year-old’s favorite shows. //
The one thing Olesen said he'd do differently, were he to redesign the entire project, would be to eliminate the Chromecast due to excessive latency and connect a computer directly to the TV. That, and he wishes he would have programmed a different melody onto each disk that would play from the drive itself when a disk was inserted, which he told us "should be totally doable" if he ever gets around to it.
If you, too, long for the era when a satisfying ca-chunk preceded file transfers and want to find something useful to do with that old floppy disk drive rotting away in that box of old computer stuff, Olesen's entire codebase and other relevant project files are available on GitHub. ®
https://github.com/mchro/FloppyDiskCast
Download an entire website with wget, along with assets.
# One liner
wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com
# Explained
wget \
--recursive \ # Download the whole site.
--page-requisites \ # Get all assets/elements (CSS/JS/images).
--adjust-extension \ # Save files with .html on the end.
--span-hosts \ # Include necessary assets from offsite as well.
--convert-links \ # Update links to still work in the static version.
--restrict-file-names=windows \ # Modify filenames to work in Windows as well.
--domains yoursite.com \ # Do not follow links outside this domain.
--no-parent \ # Don't follow links outside the directory you pass in.
yoursite.com/whatever/path # The URL to downloadThe data=writeback mount option deserves to be tried, in order to prevent journaling of the file system. This should be done only during the deletion time, there is a risk however if the server is being shutdown or rebooted during the delete operation.
According to this page,
Some applications show very significant speed improvement when it is used. For example, speed improvements can be seen (...) when applications create and delete large volumes of small files.
The option is set either in fstab or during the mount operation, replacing data=ordered with data=writeback. The file system containing the files to be deleted has to be remounted. //
He could also increase the time from the commit option: "This default value (or any low value) will hurt performance, but it's good for data-safety. Setting it to 0 will have the same effect as leaving it at the default (5 seconds). Setting it to very large values will improve performance". –
Cristian Ciupitu Commented Sep 26, 2010 at 19:14
Lastly, FYI, not mentioned in that link is that fact that data=writeback can be a huge security hole, since data pointed to by a given entry may not have the data that was written there by the app, meaning that a crash could result in the old, possibly-sensitive/private data being exposed. Not a concern here, since we're only turning it on temporarily, but I wanted to alert everyone to that caveat in case either you or others who run across that suggestion weren't aware. –
BMDan Commented Sep 27, 2010 at 1:23
cat is surely the best way to do this. Why use python when there is a program already written in C for this purpose? However, you might want to consider using xargs in case the command line length exceeds ARG_MAX and you need more than one cat. Using GNU tools, this is equivalent to what you already have:
find . -maxdepth 1 -type f -name 'input_file*' -print0 |
sort -z |
xargs -0 cat -- >>outwhat is the fastest method to CREATE a thousands of files? Also, does it really matter if there is data in them, if they are just being deleted?
Using rsync is surprising fast and simple.
mkdir empty_dir
rsync -rd --delete empty_dir/ yourdirectory/
But ZFS also comes with an uncomfortable truth that doesn't get talked about enough: the filesystem is only as good as the operating system wrapping it. And if you're running ZFS on a generic Linux distribution, you're often signing up for more risk, maintenance, and subtle breakage than you expect. ZFS works on Linux, and many use it daily, but it's not a seamless, built-in part of the kernel. Instead, it's an add-on with caveats, and setting it up can feel frustratingly difficult. //
The problem with ZFS is Oracle
Licensing is a major issue
the Linux kernel's GPLv2 license is legally incompatible with ZFS's CDDL license, meaning that it can't be combined with the Linux kernel. Oracle's licensing is the major bottleneck.