464 Matching Annotations
  1. Sep 2024
    1. 简述DHCP的流程? 新节点通过DHCP获取地址信息的主要流程有如下四个过程: 1、寻找DHCP Server 客户机第一次登录网络的时,向网络上发出一个DHCPDISCOVER广播(包中包含客户机的MAC地址和计算机名等信息)。其源地址为0.0.0.0,目标地址为255.255.255.255。 2、提供IP地址租用 服务端监听到客户机发出的DHCP discover广播后,从剩余地址池中选择最前面的空置IP,连同其它TCP/IP设定,通过广播方式响应给客户端一个DHCP OFFER数据包(包中包含IP地址、子网掩码、地址租期等信息)。源IP地址为DHCP Server的IP地址,目标地址为255.255.255.255。同时,DHCP Server为此客户保留它提供的IP地址,从而不会为其他DHCP客户分配此IP地址。 3、接受IP租约 客户机挑选最先响应的DHCP OFFER(一般是最先到达的那个),同时向网络广播DHCP REQUEST数据包(包中包含客户端的MAC地址、接受的租约中的IP地址、提供此租约的DHCP服务器地址等),声明将接受某一台服务器提供的IP地址。此时,由于还没有得到DHCP Server的最后确认,客户端仍然使用0.0.0.0为源IP地址,255.255.255.255为目标地址进行广播。 4、租约确认 服务端接收到客户端的DHCP REQUEST之后,会广播返回给客户机一个DHCP ACK消息包,表明已经接受客户机的选择,并将这一IP地址的合法租用以及其他的配置信息都放入该广播包发给客户机。 客户机在接收到DHCP ACK广播后,会向网络发送三个针对此IP地址的ARP解析请求以执行冲突检测,查询网络上有没有其它机器使用该IP地址;如果发现该IP地址已经被使用,客户机会发出一个DHCP DECLINE数据包给DHCP Server,拒绝此IP地址租约,并重新发送DHCP discover信息。此时,在DHCP服务器管理控制台中,会显示此IP地址为BAD_ADDRESS。 如果网络上没有其它主机使用此IP地址,则客户机的TCP/IP使用租约中提供的IP地址完成初始化,从而可以和其他网络中的主机进行通讯。

      客户机(0.0.0.0为源IP地址,255.255.255.255为目标地址)寻找ip,服务端提供ip,客户机确认租约,服务端确认后发送详细信息,客户端arp解析测试。测试成功则同意,失败则拒绝。

    2. 简述FTP两种登录方式以及两种传输模式? FTP有两种登录方式:匿名登录和授权登录。 使用匿名登录时,用户名为:anonymous,密码为:任何合法email地址;使用授权登录时,用户名为用户在远程FTP系统中的用户帐号,密码为用户在远程系统中的用户密码。 区别:使用匿名登录只能访问FTP目录下的资源,默认配置下只能下载;而授权登录访问的权限大于匿名登录,且上载、下载均可。

      ftp 匿名登录:anonymous 只能下载 授权登录: ftp的用户账号密码

    3. 简述FTP主要的工作模式? FTP工作模式是以服务端角度来区分,有主动模式和被动模式。

      主动模式,服务端固定端口20、21.客户端大于1024的随机端口 被动模式,客户端向服务端,服务端为随机端口

    4. 简述Linux中常见的系统服务,其作用分别是? 常见的系统服务及其作用有: NTP/Chrony:用于时钟同步; DHCP:动态主机配置协议,用于自动分配主机地址,默认使用UDP 63端口; DNS:域名解析,运行在UDP协议之上,默认使用53端口; NFS:网络文件系统,依赖于RCP协议,其基本原则是“容许不同的客户端及服务端通过一组RPC分享相同的文件系统”,它是独立于操作系统,容许不同硬件及操作系统的系统共同进行文件的分享。 Postfix:邮件服务; rsync:远程数据备份服务。 VPN:虚拟专用网。

      linux常见系统服务,NTP,DHCP,DNS,NFS,POSTFIX,RSYNC,VPN

  2. May 2024
    1. On Ubuntu 16.04 LTS, I successfully used the following to disable suspend: sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target And this to re-enable it: sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target

      Re-enable

      sudo systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target

  3. Apr 2024
  4. Mar 2024
    1. sudo chsh -s /bin/sh bob

      这条命令用于更改用户的默认shell。具体来说,sudo chsh -s /bin/sh bob 将用户bob的默认shell更改为/bin/sh。在这里,chsh是用于更改shell的命令,-s选项表示要更改shell,/bin/sh是要更改为的shell,bob是要更改的用户。通过这条命令,用户bob将使用/bin/sh作为其默认shell。

    2. Bourne Shell(Bourne壳)是Unix操作系统下的一种命令行界面和脚本语言解释器。它由Stephen Bourne在贝尔实验室开发,最初发布于1979年,作为Version 7 Unix的一部分。Bourne Shell是许多后来的Unix Shell的前身,如Bash(Bourne Again SHell)和Ksh(Korn Shell)。它的标识符是sh。Bourne Shell引入了许多编程功能,如变量、控制流语句和函数,极大地增强了Unix系统的脚本编写和任务自动化能力。

    3. User profile scripts,如~/.zshrc,是存储在用户主目录下的配置文件,用于自定义Shell的行为和环境。这些脚本文件在Shell启动时自动执行,允许用户配置环境变量、别名、函数、Shell选项和其他Shell启动时需要的设置。

      例如,~/.zshrc是Z Shell(zsh)的用户配置文件,仅在zsh启动时读取和执行。如果你使用Bash Shell,相应的配置文件是~/.bashrc

      这些脚本的作用包括但不限于:

      • 环境变量配置:可以设置如PATH这样的环境变量,定义Shell查找可执行文件的目录。
      • 别名设置:为常用命令定义简短的别名,提高命令行操作的效率。
      • 函数定义:可以定义复杂的函数来执行特定的任务。
      • Shell选项和行为:根据个人偏好调整Shell的行为,如设置命令历史的大小或自动更正命令。
      • 自动执行命令:在Shell启动时自动执行特定的命令或脚本,如欢迎信息或自动启动程序。

      通过定制这些配置文件,用户可以创建一个符合个人工作习惯和偏好的命令行环境。

    4. 这条命令的作用是将export MY_VARIABLE="example_value"这个命令追加到~/.profile文件的末尾。这意味着每当你登录或启动一个新的登录Shell时,MY_VARIABLE这个环境变量就会被设置为example_value

      具体来说:

      • echo命令用于输出其后面的字符串。
      • 'export MY_VARIABLE="example_value"'是被输出的字符串,它是一个Shell命令,用于将MY_VARIABLE这个环境变量导出并设置其值为example_value
      • >>操作符用于将左侧命令的输出追加到右侧指定的文件中。如果文件不存在,Shell会创建这个文件。
      • ~/.profile是用户的个人初始化文件,用于登录时设置个人环境和启动程序。它通常在登录时被Shell自动执行。

      这样做的效果是,每当你登录系统时,MY_VARIABLE这个环境变量就会自动被设置为example_value,你可以在任何运行在这个Shell会话中的程序里访问它。

  5. Feb 2024
  6. Nov 2023
  7. Sep 2023
  8. Aug 2023
    1. What won’t change is people’s tendency toward gossip, tribalism driven by gossip and the ability of anybody to inform anybody else about anything, including wrongly. The only places where news won’t skew fake will be localities in the natural world. That’s where the digital and the physical connect best. Also expect the internet to break into pieces, with the U.S., Europe and China becoming increasingly isolated by different value systems and governance approaches toward networks and what runs on them.
      • for: progress trap, unintended consequence, unintended consequence - digital technology, quote, quote - progress trap, quote - Doc Searls
      • quote
        • What won’t change is people’s tendency toward gossip,
          • tribalism driven by gossip and the ability of anybody to inform anybody else about anything,
            • including wrongly.
        • The only places where news won’t skew fake will be localities in the natural world.
        • That’s where the digital and the physical connect best.
        • Also expect the internet to break into pieces, with
          • the U.S.,
          • Europe and
          • China
        • becoming increasingly isolated by different value systems and governance approaches toward
          • networks and
          • what runs on them.
  9. Jul 2023
    1. What happened here is that the file 'somefile.txt' is encoded in UTF-16, but your terminal is (probably) by default set to use UTF-8.  Printing the characters from the UTF-16 encoded text to the UTF-8 encoded terminal doesn't show an apparent problem since the UTF-16 null characters don't get represented on the terminal, but every other odd byte is just a regular ASCII character that looks identical to its UTF-8 encoding.

      The reason why grep Hello sometext.txt may result nothing when the file contains Hello World!.

      In such a case, use xxd sometext.txt to check the file in hex, and then either: - use grep: grep -aP "H\x00e\x00l\x00l\x00o\x00" * sometext.txt - or convert the file to into UTF-8: iconv -f UTF-16 -t UTF-8 sometext.txt > sometext-utf-8.txt

  10. Jun 2023
    1. All of these values, including the precious contents of the private key file, can be seen via ps when these commands are running. ps finds them via /proc/<pid>/cmdline, which is globally readable for any process ID.

      ps can read some secrets passed via CLI, especially when using --arg with jq.

      Instead, use the --rawfile parameter as noted below this annotation.

  11. Apr 2023
  12. Mar 2023
  13. Feb 2023
    1. If you haven't seen it yet, check out the PinePhone Pro and its docking station. Much like the Steam Deck's docking station, it plugs the phone into a monitor, keyboard, and mouse to turn your phone into a PC.
    2. When Ubuntu was confronted with making Debian user friendly, the issue was speeding up software updates. Manjaro has the opposite issue with Arch and is handling it appropriately.
    1. B/ Mainline kernel offers many ways to increase desktop responsiveness without the need to patch or reconfig it. Many tweaks can be activated using the cfs-zen-tweaks you can download and just run but I would advise you just read the very simple code and learn how each of the tweaks impact. Don't hesitate to lower the priority of your cpu-bound processes (compilations, simulations...) and increase the priority of your interactive tasks thanks to the renice command and even change their scheduling policy using chrt Ultimately, you can always pin interrupts to dedicated cpus (setting desired values in /proc/irq/[irq_id]/smp_affinity) , having one in charge of the keyboard and the mouse, another one for the graphic adaptor a third one for the sound card and a fourth one housekeeping for all the possible remaining. Just plenty of solutions left opened without changing a byte in your distro-kernel.
  14. Jan 2023
    1. Points from the comments in support of using Mac

      Reasons why macOS is better than Linux (see below)

    2. Points from the comments in support of using Linux

      Reasons why Linux is better than macOS (see below)

    1. on an Intel/AMD PC or Mac, docker pull will pull the linux/amd64 image. On a newer Mac using M1/M2/Silicon chips, docker pull will the pull the linux/arm64/v8 image.

      Reason of all the M1 Docker issues

    2. In order to meet its build-once-run-everywhere promise, Docker typically runs on Linux. Since macOS is not Linux, on macOS this is done by running a virtual machine in the background, and then the Docker images run inside the virtual machine. So whether you’re on a Mac, Linux, or Windows, typically you’ll be running linux Docker images.
  15. Dec 2022
    1. For sufficiently simple cases, just running a few commands sequentially, with no subshells, conditional logic, or loops, set -euo pipefail is sufficient (and make sure you use shellcheck -o all).

      Advice for when you can use shell scripts

  16. Nov 2022
    1. First, if Jenkins runs as PID 1, then it's difficult to differentiate between process that were re-parented to Jenkins (which should be reaped), and processes that were spawned by Jenkins (which shouldn't, because there's other code that's already expecting to wait them).
    1. The process group mechanism in most Unix-like operating systems can be used to help protect against accidental orphaning, where in coordination with the user's shell will try to terminate all the child processes with the "hangup" signal (SIGHUP), rather than letting them continue to run as orphans.
    2. its jobs (internal representation of process groups)
  17. Oct 2022
    1. The newer GPT standard is paired with UEFI BIOS systems

      Can uefi deal with mbr table

    2. Throughout the drive
    3. and have either a black or blue-screen-of-death background color.
    4. The BIOS does things like configure the keyboard, mouse, and other hardware, set the system clock

      todo

    5. support a GPT partition table and a UEFI BIOS.

      todo

    6. very easy to ruin the MBR sector of the drive, making it impossible to boot up again. Then you'll either need to create a recovery USB drive with Windows or Linux and try to repair the MBR, or completely wipe the drive and reinstall the operating system

      todo

    1. There are dedicated tools to verify checksum of files in Linux. You can also check hashes in the Nautilus file manager with nautilus-gtkhash extension.

      todo

    1. Receiving a GPG error when running apt-get update? Your default umask may not be set correctly, causing the public key file for the repo to not be detected. Run the following command and then try to update your repo again: sudo chmod a+r /etc/apt/keyrings/docker.gpg.

      todo The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 959FE34E90E51522 Err:14 https://download.docker.com/linux/ubuntu vanessa Release <br /> 404 Not Found [IP: 52.222.144.45 443]

    2. Add Docker’s official GPG key: $ sudo mkdir -p /etc/apt/keyrings $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg Use the following command to set up the repository: $ echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

      todo

    1. Used to explicitly set the container hostname. If you don't specify the hostname, it defaults to the container ID, which is a randomly generated system GUID.

      todo

    2. Map a TCP port on the host environment (first value) with a TCP port in the container (second value). In this example, SQL Server is listening on TCP 1433 in the container and this container port is then exposed to TCP port 1433 on the host.

      todo

    3. Specify a custom SQL Server collation, instead of the default SQL_Latin1_General_CP1_CI_AS.

      donot understand

    4. The SA_PASSWORD environment variable is deprecated. Please use MSSQL_SA_PASSWORD instead.

      dont understand

  18. Sep 2022
    1. 在 Linux Plumbers Conference 会议上,Linus Torvalds 接受采访谈论了工作、Rust 和 M2 MacBook Air 笔电。 Torvalds 称他不是工作狂,在参加会议前花了六天时间在荷属西印度群岛的 Bonaire 玩潜水。他说他一年又一年在内核上工作是因为他可以短时间离开放松下,他最筋疲力尽的时候通常是合并开始时,他专注于在合并开始第一周内完成大部分工作。Linux 内核社区真正的工作狂是稳定版内核维护者 Greg Kroah-Hartmann,他每周都不停的工作,Torvalds 猜测他大量使用自动化工具。新冠疫情对内核开发没有产生多少影响,因为包括 Torvalds 在内的主要维护者多年来都习惯在家中远程工作。他指出内核开发的一个变化是子系统维护者通常由团队而不是一个人组成,部分子系统维护者只有一个人,但已经相当罕见了。内核对 Rust 的支持可能需要更长的时间,一个原因是非标准的 Rust 扩展的处理,另一个更重要原因是 Rust 编译器还不稳定。Torvalds 外出旅行时使用一台 M2 MacBook Air 笔电,运行 Fedora Workstation 36,Fedora 还没有支持 ARM-64 M2 处理器的版本,Torvalds 自己动手让 Fedora 36 能运行在 M2 上,这个版本不完美,不支持 3D 图形,Chrome 也不支持,而 Torvalds 使用 Chrome 的密码管理器管理部分密码。

  19. Aug 2022
    1. The custom title bar has been a success on Windows, but the customer response on Linux suggests otherwise. Based on feedback, we have decided to make this setting opt-in on Linux and leave the native title bar as the default. The custom title bar provides many benefits including great theming support and better accessibility through keyboard navigation and screen readers. Unfortunately, these benefits do not translate as well to the Linux platform. Linux has a variety of desktop environments and window managers that can make the VS Code theming look foreign to users.
  20. Jul 2022
    1. If your laptop is extremely old then I would recommend Puppy Linux.If your laptop isn’t very old but doesn’t perform very well I would recommend AntiX.If your laptop is a little old but still can’t handle Windows 7/10 very well I would recommend Lubuntu.

      3 OS recommendations for old laptops: 1. Puppy Linux 2. AntiX 3. Lubuntu

    1. So the correct command to use is findmnt, which is itself part of the util-linux package and, according to the manual: is able to search in /etc/fstab, /etc/mtab or /proc/self/mountinfo
  21. Jun 2022
    1. The main problem of the Linux community is that it is divided. I know this division represents freedom of choice but when your rivals are successful, you must inspect them carefully. And both rivals here (MacOS and Windows) get their power from the "less is more approach".This division in Linux communities make people turn into their communities when they have problems and never be heard as a big, unified voice.When something goes wrong with other OSes, people start complaining in many forums and support sites, some of them writing to multiple places and others support them by saying "yeah, I have that problem, too".In the Linux world, the answers to such forums come as "don't use that shitty distro" or "use that command and circumvent the problem".Long story short" average Linux user doesn't know that they are:still customers and have all the rights to demand from companiesthey can get together and act up louder.Imagine such an organizing that most of the Linux users manage to get together and writing to Netflix. Maybe not all of them use Netflix but the number of the Linux users are greater than Netflix members. What a domination it would be!But instead we turn into our communities and act like a survival tribe who has to solve all their problems themselves .
    2. Big Software companies like Adobe or Netflix do two things that are relevant for us and currently go wrong:They analyse the systems their customers use. They don't see their Linux users because we tend to either not use the product at all under Linux (just boot windows, just use a firertv stick and so one) or we use emulators or other tools that basically hide that we actually run Linux. --> The result is that they don't know how many we actually are. They think we are irrelevant because thats what the statistics tell them (they are completely driven by numbers).They analyze the feature requests and complains they get from their customers. The problem is: Linux users don't complain that much or try to request better linux support. We usually somehow work around the issues. --> The result is that these companies to neither get feature requests for better Linux support nor bug reports from linux users (cause its not expected to work anyways).
    1. Create .bash_profile in your home directory and add these lines: export SHELL=/bin/zsh exec /bin/zsh -l

      Change user's default shell without root access.

  22. May 2022
    1. 查看内存信息1)使用free命令默认单位为K,可通过结合参数-b、-k、-m分别以单位B、K、M进行显示
    1. If you are on Linux, you can simply download it from GitHub but the most convenient way is to use the pyenv-installer that is a simple script that will install it automatically on your distro, whatever it is, in the easiest possible way.

      Installing pyenv on Linux

  23. Apr 2022
    1. I sometimes wondered why the VS Code team put so much effort into the built-in terminal inside the editor. I tried it once on Linux and never touched it again, because the terminal window I had right next to my editor was just massively better in every way. Having used Windows terminals for a while, I now fully understand why it’s there.

      VS Code terminal is not as efficient on Linux

    2. They just automate the process of going to the website, downloading an installer and then running it - which is slightly better than doing it yourself.

      Windows package managers are unlike Linux ones

    3. Desktop Linux is often criticized for this, but Windows is much worse, somehow! It’s really inconsistent. Half of it is “new” UI and half of it is old Win32/GDI type UI - just as bad as KDE/GTK - except worse, because you can’t configure them to use the same theme. Also, when you install a Linux distribution, it’ll start off either all KDE or all GTK, or whatever - but with Windows you’re stuck with a random mix of both right from the start.

      Windows is a mess...

  24. Mar 2022
    1. level 1Fatal_Taco · 2 days ago · edited 2 days agoArch Linux, and likely most distros, are defined by these few things and are not limited to:The Linux Kernel, what type of config and modules it's been compiled with.The pre-packaged programs it comes with by default.The init.The package manager.The repositories it references.The slightly differing Linux Filesystem Hierarchy.The types of computers it runs on.
  25. Feb 2022
    1. LXC, is a serious contender to virtual machines. So, if you are developing a Linux application or working with servers, and need a real Linux environment, LXC should be your go-to. Docker is a complete solution to distribute applications and is particularly loved by developers. Docker solved the local developer configuration tantrum and became a key component in the CI/CD pipeline because it provides isolation between the workload and reproducible environment.

      LXC vs Docker

    1. == and != for string comparison -eq, -ne, -gt, -lt, -le -ge for numerical comparison

      Comparison syntax in Bash

    2. > will overwrite the current contents of the file, if the file already exists. If you want to append lines instead, use >>

      > - overwrites text

      >> - appends text

    3. The syntax for “redirecting” some output to stderr is >&2. > means “pipe stdout into” whatever is on the right, which could be a file, etc., and &2 is a reference to “file descriptor #2” which is stderr.

      Using stderr. On the other hand, >&1 is for stdout

    4. single quotes, which don’t expand variables

      In Bash, double quotes ("") expand variables, whereas single quotes ('') don't

    5. This only works if you happen to have Bash installed at /bin/bash. Depending on the operating system and distribution of the person running your script, that might not necessarily be true! It’s better to use env, a program that finds an executable on the user’s PATH and runs it.

      Shebang tip: instead of ```

      !/bin/bash

      use

      !/usr/bin/env bash

      alternatively, you can replace `bash` with `python`, `ruby`, etc. and later chmod it and run it: $ chmod +x my-script.sh $ ./my-script.sh ```

  26. Jan 2022
    1. uix includes package definitions for many GNU and non-GNU packages, all of which respect the user’s computing freedom. It is extensible: users can write their own package definitions (see Defining Packages) and make them available as independent package modules (see Package Modules). It is also customizable: users can derive specialized package definitions from existing ones, including from the command line (see Package Transformation Options).

      O sea que esta es la solución a mi inconformidad con los instaladores de arch linux: un montón de software que no uso instalado como dependencias.

    1. All operating systems with network support have a hosts file to translate hostnames to IP addresses. Whenever you open a website by typing its hostname, your system will read through the hosts file to check for the corresponding IP and then open it. The hosts file is a simple text file located in the etc folder on Linux and Mac OS (/etc/hosts). Windows has a hosts file as well, on Windows you can find it in Windows\System32\drivers\etc\if(typeof __ez_fad_position!='undefined'){__ez_fad_position('div-gpt-ad-vitux_com-box-3-0')};

      El archivo host traduce el hostnames a direcciones IP. Cuando abrimos un sitio tipeando su URL en un navegador nuestro hostfile la IP correspondiente para abrirla.

      1. En su primera parte el hostfile contiene nombres e IP de nuestra máquina local.
      2. En su segunda parte se encuentra información sobre los host capaces de usar el protocolo IPV6 y difícilmente es editada por el usuario.
    1. -xcf cursorfile cursorsize This lets you change the pointer cursor to one loaded from an Xcursor file as defined by libXcursor, at the specified size.

      Esta es la opción que debo usar con el comando "xcursor" para configurar la forma y tamaño del cursor en X.

    1. This runs a loop 555 times. Takes a screenshot, names it for the loop number with padded zeros, taps the bottom right of the screen, then waits for a second to ensure the page has refreshed. Slow and dull, but works reliably.

      Simple bash script to use via ADB to automatically scan pages:

      #!/bin/bash
      for i in {00001..00555}; do
         adb exec-out screencap -p > $i.png
         adb shell input tap 1000 2000
         sleep 1s
      done
      echo All done
      
  27. Dec 2021
  28. Nov 2021
    1. special permission bit at the end here t, this means everyone can add files, write files, modify files in the /tmp directory, but only root can delete the /tmp directory

      t permission bit

    1. I find some of XDG's default dirs, especially ~/.local/share/whatever, to be very annoying. (Almost as annoying as having ~/snap polluting my home dir, but for a different reason.) I shouldn't have to type such long paths or navigate three folders deep in order to access my data files. I therefore make use of the XDG_DATA_HOME environment variable for XDG-style programs, so they will put my files somewhere convenient. However, I don't think Snap can honor that variable, because AppArmor rules require fixed paths. Given 1 & 2, I think ~/.snap/data is a sensible compromise, at least until the underlying components are flexible enough to let the user choose.
  29. Oct 2021
    1. $@ is all of the parameters passed to the script. For instance, if you call ./someScript.sh foo bar then $@ will be equal to foo bar.

      Meaning of $@ in Bash

    1. The solution is absolutely straightforward and posting it *will* be embarrassing.

      Christmas 2016 & user seth, with 24k posts currently, is a total dipstick asshole for someone asking a very basic reasonable question & sticks to being an insulting tart for 6 posts.

      This is now one of the top answers online. There is still no oneliner to change your default route metrics.

    1. 管線命令僅會處理 standard output,對於 standard error output 會予以忽略 管線命令必須要能夠接受來自前一個指令的資料成為 standard input 繼續處理才行。

      也就是使用 | 的命令

  30. Sep 2021
    1. I find it much simpler to use a partition label with LABEL=.... It is shorter, easier to remember, and also has the advantage that should the partition go bad and need to be replaced you can create a new partition, give it the same label provided the old partition is either removed or at least changed to be unlabelled and fstab will never know the difference.
    1. sudo apt-get autoclean sudo apt-get autoremove sudo apt-get clean sudo apt update sudo apt-get dist-upgrade --fix-missing sudo apt-get dist-upgrade --fix-broken sudo apt full-upgrade sudo apt -f install dpkg --configure -a
    1. The best practice is this: #!/usr/bin/env bash #!/usr/bin/env sh #!/usr/bin/env python

      The best shebang convention: #!/usr/bin/env bash.

      However, at the same time it might a security risk if the $PATH to bash points to some malware. Maybe then it's better to point directly to it with #!/bin/bash

    1. Here's my bash boilerplate with some sane options explained in the comments

      Clearly explained use of the typical bash script commands: set -euxo pipefail

  31. Aug 2021
    1. set -euo pipefail

      One simple line to improve security of bash scripts:

      • -e - Exit immediately if any command fails.
      • -u - Exit if an unset variable is invoked.
      • -o pipefail - Exit if a command in a piped series of commands fails.
    1. AUR

      The AUR is a well-known user repository for Arch projects! This is a test note.

    1. CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services.

      CBL-Mariner <--- Microsoft's Linux distribution

  32. Jul 2021
    1. All platforms. Professional features. Beautiful UI. Totally free. FontBase is the font manager of the new generation, built by designers, for designers.

  33. Jun 2021
    1. GRUB hidden menu change FAQ  

      details about grub menu hidden and how to enable, access, etc

    1. There is one very important reason for enabling job control to be useful inside scripts: the side-effect it has of placing background processes in their own process groups. This makes it much, much easier to send signels to them and their children with one simple command: kill -<signal> -$pgid. All other ways of dealing with signaling entire trees of processes either involve elaborate (sometimes even recursive) functions, which are often bugnests, or risk killing the parent in the process (no pun intended).
    1. The alternative for curl is a credential file: A .netrc file can be used to store credentials for servers you need to connect to.And for mysql, you can create option files: a .my.cnf or an obfuscated .mylogin.cnf will be read on startup and can contain your passwords.
      • .netrc <--- alternative for curl to store secrets
      • .my.cnf or .mylogin.cnf <--- option files for mysql to store secrets
    2. Linux keyring offers several scopes for storing keys safely in memory that will never be swapped to disk. A process or even a single thread can have its own keyring, or you can have a keyring that is inherited across all processes in a user’s session. To manage the keyrings and keys, use the keyctl command or keyctl system calls.

      Linux keyring is a considerable lightweight secrets manager in the Linux kernel

    3. Docker container can call out to a secrets manager for its secrets. But, a secrets manager is an extra dependency. Often you need to run a secrets manager server and hit an API. And even with a secrets manager, you may still need Bash to shuttle the secret into your target application.

      Secrets manager in Docker is not a bad option but adds more dependencies

    4. Using environment variables for secrets is very convenient. And we don’t recommend it because it’s so easy to leak things

      If possible, avoid using environment variables for passing secrets

    5. As the sanitized example shows, a pipeline is generally an excellent way to pass secrets around, if the program you’re using will accept a secret via STDIN.

      Piped secrets are generally an excellent way to pass secrets

    6. A few notes about storing and retrieving file secrets

      Credentials files are also a good way to pass secrets

    1. As it stands, sudo -i is the most practical, clean way to gain a root environment. On the other hand, those using sudo -s will find they can gain a root shell without the ability to touch the root environment, something that has added security benefits.

      Which sudo command to use:

      • sudo -i <--- most practical, clean way to gain a root environment
      • sudo -s <--- secure way that doesn't let touching the root environment
    2. Much like sudo su, the -i flag allows a user to get a root environment without having to know the root account password. sudo -i is also very similar to using sudo su in that it’ll read all of the environmental files (.profile, etc.) and set the environment inside the shell with it.

      sudo -i vs sudo su. Simply, sudo -i is a much cleaner way of gaining root and a root environment without directly interacting with the root user

    3. This means that unlike a command like sudo -i or sudo su, the system will not read any environmental files. This means that when a user tells the shell to run sudo -s, it gains root but will not change the user or the user environment. Your home will not be the root home, etc. This command is best used when the user doesn’t want to touch root at all and just wants a root shell for easy command execution.

      sudo -s vs sudo -i and sudo su. Simply, sudo -s is good for security reasons

    4. Though there isn’t very much difference from “su,” sudo su is still a very useful command for one important reason: When a user is running “su” to gain root access on a system, they must know the root password. The way root is given with sudo su is by requesting the current user’s password. This makes it possible to gain root without the root password which increases security.

      Crucial difference between sudo su and su: the way password is provided

    5. “su” is best used when a user wants direct access to the root account on the system. It doesn’t go through sudo or anything like that. Instead, the root user’s password has to be known and used to log in with.

      The su command is used to get a direct access to the root account

    1. Linux Kernel 5.11 Released Linus Torvalds (the creator of Linux) has officially released the latest kernel for the open source operating system. Kernel 5.11 includes the usual dose of expanded hardware support, as well as a feature that should excite gamers, and an improvement for Wi-Fi.

      As far as expanded hardware support, kernel 5.11 has brought improvements to RISC-V, as well as support for RISC-V CPU architecture such as OpenRISC support for the LiteX SoC controller driver.

      On the Intel side of things, kernel 5.11 adds support for: Iris Xe GPU, Software Guard Extensions (SGX), and Intel Platform Monitoring Technology (PMT). Conversely, Intel Itanium support has finally been dropped.

  34. May 2021
    1. Disclaimer If this tool works, great! However, no guarantees are made that it won't hasten the heat death of the universe through the spontaneous combustion of your CPU.
  35. Apr 2021
    1. By default, fork(2) places a newly created child process in the same process group as its parent, so that e.g. a ^C from the keyboard will affect both parent and child.
    2. But the shell, as part of its session leader duties, creates a new process group every time it launches a pipeline.
    3. Job control is what happens when you press ^Z to suspend a program, or when you start a program in the background using &
    4. A job is the same as a process group.
    1. Windows Subsystem for Linux, also known as WSL, is a compatibility layer for running Linux binary executables natively on Windows 10 using a Linux image
    1. i found that for the osx host "gonzo" , the vanished files (not the warning message itself) appear in stdout - for linux hosts they _both_ appear in stderr , but nothing in stdout (rsync.err.#num is stderr, rsync.log is stdout)
  36. Mar 2021
    1. Proton is a new tool released by Valve Software that has been integrated with Steam Play to make playing Windows games on Linux as simple as hitting the Play button within Steam. Underneath the hood, Proton comprises other popular tools like Wine and DXVK among others that a gamer would otherwise have to install and maintain themselves. This greatly eases the burden for users to switch to Linux without having to learn the underlying systems or losing access to a large part of their library of games. Proton is still in its infancy so support is inconsistent, but regularly improving.
    1. I've been made aware of a "Compatibility tool to run DOS games on Steam through native Linux DOSBox" called "steam-dos". It can be found on https://www.github.com/dreamer/steam-dos . I pulled this tool from git and using it as the the steam play compatibility tool Megarace 2 runs without issue. Saving both settings and games works again! There is no keyboard support for controlling the vehicle in game but both mouse and joystick/gamepad work. To get around a missing launcher.exe error I copied "MegaRace 2.exe" to the same folder as the original and renamed the copy to "Launcher.exe". Linux users: in your MegaRace 2 folder (steamapps/common/MegaRace 2/) create a symbolic link to start.sh named Launcher.exe. This allows the game to launch through Steam. This also allows you to put time on the game through Steam, hitting that coveted 5 minute mark that makes creating a review possible. With that out of the way, the game itself is a nice touch of nostalgia but the port is absolutely terrible. I don't remember it being quite this difficult to install off the 2 CDs. The game won't launch at all without tweaking. Can't save the config settings. Can't save the game at all in fact. While I really like MegaRace 2, you unlock tracks by completing the previous ones. Since the game can't be saved, I end up running The Foundry track over and over until I'm sick of it.So I'm torn. I love the game but I hate the completely broken port. For $3 and a local install of DOSBOX it can be made to work so I will recommend it anyway.
    1. The reason we've avoided registering "Cinnamon" as a desktop name is that it opens up issues with many upstream apps that currently OnlyShowIn=Gnome or Gnome;Unity or just Unity. The relationship Mint has with Gnome and Ubuntu isn't genial enough that we could get them to add Cinnamon to their desktop files, so we would have to distribute and maintain separate duplicate .desktop files just for Cinnamon for these upstream packages.
    1. Also manually adding [Default Applications] x-scheme-handler/zoommtg=ZoomLauncher.desktop to either $HOME/.config/mimeapps.list or $HOME/.local/share/applications/mimeapps.list does not lead to xdg-open via exo-open recognizing the zoommtg protocol.
    1. xdg-email
    2. There's a command that knows about your default browser: xdg-open http://google.com This will also work for every other type of URI (Uniform Resource Identifier), like images - which will automatically open with eog, openoffice documents, and so on, and also on filesystem paths (xdg-open /tmp/foobar.png).
    1. SystemRescue (also known as SystemRescueCd) is a Linux system rescue toolkit available as a bootable medium for administrating or repairing your system and data after a crash.

  37. www.ventoy.net www.ventoy.net
    1. Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.

      With ventoy, you don't need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.

  38. Feb 2021
    1. For example, on the terminal I'm using, the right arrow outputs ^[[C. You can see what sequence your terminal outputs by pressing Ctrl-V Right Arrow. The same is true for other cursor-control keys such as Page Up and End.
    1. Typically, a process associated with a controlling terminal is foreground process and its process group is called foreground process group. When you start a process from the command line, it's a foreground process:
    2. Quit the program by sending a different signal to both processes, e.g. SIGQUIT with Ctrl + \.
    1. Why then sending the SIGINT manually to the shell doesn't kill the child, e.g. 'kill -2 <shell-pid>' doesn't do anything to a child process while Ctrl-C kills it?
    2. The shell process itself is in yet another process group all of its own and so doesn't receive the signal when one of those process groups is in the foreground. It's that simple.
    3. Switching "jobs" between foreground and background is (some details aside) a matter of the shell telling the terminal which process group is now the foreground one.
    4. I am trying to understand how CTRL+C terminates a child but not a parent process. I see this behavior in some script shells like bash where you can start some long-running process and then terminate it by entering CTRL-C and the control returns to the shell. Could you explain how does it work and in particular why isn't the parent (shell) process terminated? Does the shell have to do some special handling of CTRL+C event and if yes what exactly does it do?
    1. The CTRL-\ key sends a kill signal to the foreground job which, under normal circumstances, is guaranteed to terminate it. This signal cannot be captured by a process. However, this means the process cannot cleanup and is just summarily stopped. In some cases, a process can be stuck in a kernel wait state so this signal never reaches it. In that case, the process is unusable but cannot be killed.
    1. Also, this code will fail if $$ is not the process group leader, such as when the script is run under strace. Since a call to setsid(2) is probably tricky from a shell script, one approach might be to ps and obtain the process group ID from that.
    2. ps -o pid,pgid,stat,args
    3. When your script starts a process, that child becomes a member of a process group with PGID equal to the PID of the parent process which is $$ in the parent shell.
    4. To accomplish this, after starting the children (loop.sh) in the background, call wait, and upon receipt of the INT signal, kill the process group whose PGID equals your PID.
    5. You need a trap in loop.sh. Traps are cleared for every subshell started unless they are explicitly trap ''SIG ignored by the parent.
    1. ps --forest -o pid,tty,stat,time,cmd -g $(ps -o sid= -p 2795)
    2. To get all the processes spawned by a process the whole tree needs to be built. I used awk for that. At first it builds a hash array to contain all PID => ,child,child... . At the end it calls a recursive function to extract all the child processes of a given process. The result is passed to another ps to format the result.
    1. # Usage: run_with_timeout N cmd args... # or: run_with_timeout cmd args... # In the second case, cmd cannot be a number and the timeout will be 10 seconds. run_with_timeout () { local time=10 if [[ $1 =~ ^[0-9]+$ ]]; then time=$1; shift; fi # Run in a subshell to avoid job control messages ( "$@" & child=$! # Avoid default notification in non-interactive shell for SIGTERM trap -- "" SIGTERM ( sleep $time kill $child 2> /dev/null ) & wait $child ) }
    2. Personally, I prefer signalling an error for invalid values