GitHub - aaddrick/claude-desktop-debian: Claude Desktop for Debian-based Linux distributionsYou signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Introduction to eBPF for Observability | Better Stack Community
In today's world of intricate software systems, where microservices and distributed architectures reign supreme, observability is critical for maintaining operational efficiency and performance. eBPF stands for extended Berkeley Packet Filter. It has emerged as a revolutionary technology that provides unprecedented visibility into the inner workings of the Linux kernel, helping you monitor, troubl
Accelerate Next.js in Kubernetes
That's 93.6% faster median latency and near-perfect reliability compared to the standard approaches for scaling Node.js applications. These results come from production-grade benchmarks on real Next.js applications running on Kubernetes, comparing three common deployment strategies with identical total CPU resources (6 CPUs each). All configurations were tested under the same sustained load patter
第798回 Ubuntuのセキュリティを支えるAppArmor入門 | gihyo.jp
Ubuntuではセキュリティ対策の一環としてAppArmorを採用しています。AppArmorを使えば、任意のプログラムに対して、意図しないファイルやデバイスのアクセスを阻害したり、サブプロセスに対するセキュリティ制約をかけたりできます。今回はあまり意識することのないものの、知っておくといつか役に立つかもしれない、実際に役に立つ時はあまり来てほしくないAppArmorについて紹介しましょう。 AppArmorとMACとLSMと 「AppArmor」は「名前ベースの強制アクセス制御で、LSMを用いて実装されている仕組み」と紹介されることがあります。これはどういう意味でしょうか。 まずはAppArmorの特徴となる「名前ベース(もしくはパス名ベース)」についてですが、これは「セキュリティ設定を対象となるファイルパスを元に設定する」ことを意味します。つまりファイルパスごとに、何を許可し何を許可し
cloud-init - The standard for customising cloud instances
Cloud images are operating system templates and every instance starts out as an identical clone of every other instance. It is the user data that gives every cloud instance its personality and cloud-init is the tool that applies user data to your instances automatically. Use cloud-init to configure: Setting a default locale Setting the hostname Generating and setting up SSH private keys Setting up
What is Tracing? - Perfetto Tracing Docs
NOTE: the word "tracing" in this document is used in the context of client-side side software (e.g. programs running on a single machine). In the server world, tracing is usually short for distributed tracing, a way to collect data from many different servers to understand the flow of a "request" throughout multiple services. As such, this document will not be useful to you if you are interested i
Sandboxing and Workload Isolation
Sandboxing and Workload Isolation Author Name Thomas Ptacek @tqbf @tqbf Workload isolation makes it harder for a vulnerability in one service to compromise every other part of the platform. It has a long history going back to 1990s qmail, and we generally agree that it’s a good, useful thing. Despite a plethora of isolation options, in the time I spent consulting for technology companies I learned
How fast are Linux pipes anyway?
In this post, we will explore how Unix pipes are implemented in Linux by iteratively optimizing a test program that writes and reads data through a pipe.1 We will begin with a simple program with a throughput of around 3.5GiB/s, and improve its performance twentyfold. The improvements will be informed by profiling the program using Linux’s perf tooling.2 The code is available on GitHub. The post w
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Abstract¶ This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. Corrupti
Welcome to Linux From Scratch!
Linux From Scratch (LFS) is a project that provides you with step-by-step instructions for building your own custom Linux system, entirely from source code. Currently, the Linux From Scratch organization consists of the following subprojects: LFS :: Linux From Scratch is the main book, the base from which all other projects are derived. BLFS :: Beyond Linux From Scratch helps you extend your finis
WebVM: Client side X86 virtual machines in the browser
TL;DR — We made a server-less virtual Linux environment that runs unmodified Debian binaries in the browser. This is powered by CheerpX, a WebAssembly virtualization platform. Feel free to play with it and report bugs: https://webvm.io WebVM — a server-less virtual Linux environment running fully client-side in HTML5/WebAssembly.The web platform is well on its way to becoming the dominant platform
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
https://hypr.land/
GitHub - microsoft/WSL: Windows Subsystem for Linux
GitHub - hrw/syscalls-table: Information about Linux system calls on different architectures
The Kernel Report - Jonathan Corbet, LWN.net
GitHub - sverrejoh/rclonefile: The macOS API for creating copy on write clones of files
O'Reilly Book: Learning eBPF | Isovalent Book
Release v1.0.0 · containerd/nerdctl
GitHub - azu/bi-epub-reader: Standalone Epub reader using Bibi.
GitHub - Narsil/rdev: Simple library to listen and send events to keyboard and mouse (MacOS, Windows, Linux)