Why did Libvirt configuration files use XML?
= The network filter driver =
This driver provides a fully configurable network filtering capability that leverages ebtables, iptables and ip6tables. This was written by the libvirt guys at IBM and although its XML schema is defined by libvirt, the conceptual model is closely aligned with the DMTF CIM schema for network filtering:
https://www.dmtf.org/sites/default/files/cim/cim_schema_v2230/CIM_Network.pdf
A detailed insight on about UEFI for Linux and Dell Optiplex 790 (2012)
Everything about UEFI and Linux
How to install Gentoo 2022
How to view an extremely large DOT or GV graph effectively
Summary of nftables and its coexistance with firewalls
How to set up Gentoo OS for a gateway
What resources does libvirt require?
What add-ons to consider for Firefox release 101?
How to set up a gateway using a cheap PC and Gentoo Linux OS.
How to bootup Linux OS without using initramfs.
How to resume installing Gentoo Linux OS
How to setup Linux OS for use on Dell Optiplex 790
How to setup Linux OS for use within a QEMU guest
How to setup a tiny Linux OS for a QEMU guest OS
How to setup libvirtd daemon in Debbia 11
A long analysis of how to get HGTV video channel, its Internet provider throughout my house in the cheapest manner possible.
My beautiful wife imposed a lovely request of “I want HGTV” anywhere. Argh. What an exercise in analysis of the current video streaming marketplace.
Here goes.
HGTV is owned …
How to setup gateway for DirectTV access
You can view at how all the Just-In-Time (JIT) portion of most major JavaScript engines and how they all related to each other at what version.
This article details the insertion of a common test points into the JavaScript IR/LIR instruction emulator within the JavaScript engine called Spidermonkey.
Since the current JS debugger has left plenty of impressions throughout the
SpiderMonkey code, we searched for the print() aspect of the debugger
that …
This article details the analysis of available datum associated with each bytecode of the JavaScript interpreter in Mozilla Unified repo (that is also being used in Firefox).
The focus of the bytecode interpreter is the loop (INTERPRETER_LOOP() C macro).
Available structures are given in Interpreter() function:
This article details how to perfom debugging of the jsshell in Mozilla Unified repository.
jsshell DebugWith the js binary built (as described in Firefox JSSHELL, we can then start debugging.
cd firefox
mkdir test
cd test
DISTDIR=../repo/mozilla-unified/obj-debug-x86_64-pc-linux-gnu/dist/bin/js
ln …Everything you need to know about environment variables in the Mozilla Unified repository. Mozilla Unified covers the following applications/products:
Environment variables are broken up into getting and setting the environment variables.
Environment variables that got created (via setenv()) in Mozilla Unified repository, git HEAD branch:
| environment variable name | description | source file |
|---|---|---|
__GL_ALLOW_FXAA_USAGE |
Set to 0 to temporarily disable the FXAA antialiasing on NVidia drivers. Bug 1714483. |
build/mach_initialize.py |
ANDROID_EMU_VK_NO_CLEANUP |
This envvar gets created in implementing commands for running and interacting … |
Things to do when re-using a hard drive of unknown source (Craig’s List, in my example).
Self-encrypting drive have firmware …
USERNAME |
uriloader/exthandler/nsExternalHelperAppServer.cpp |
|---|---|
USER |
uriloader/exthandler/nsExternalHelperAppServer.cpp |
LOGNAME |
uriloader/exthandler/nsExternalHelperAppServer.cpp |
PATH |
uriloader/exthandler/unix/nsOSHelperAppServer.cpp, modules/freetype2/builds/unix/ltmain.sh |
MOZ_DEFAULT_PREFS |
modules/libpref/Preferences.cpp |
MOZ_ANDROID_CPU_ABI |
modules/libpref/Preferences.cpp |
COMSPEC |
modules/freetype2/builds/unix/ltmain.sh |
JARLOG_FILE |
build/pgo/profileserver.py … |
Project: Firefox Version: 103 Date: 2022-06-23
Dependencies needed for Firefox development on Debian 11
sudo apt-get install clang11 llvm
sudo apt-get install libnotify-dev
sudo apt-get install curl python3 python3-dev python3-pip
python3 -m pip install --user mercurial
for faster debug cycle, optionally add the following cargo …
MOZ_OBJDIR is where your object files get built in.
Project: Firefox Version: 103 Date: 2022-06-23
To setup Firefox on Linux:
curl https://hg.mozilla.org/mozilla-central/raw-file/default/python/mozboot/bin/bootstrap.py -O
python3 bootstrap.py
To build & run
Once the System is bootstrapped, run:
$ cd mozilla-unified
$ ./mach build
To run it:
$ ./mach run
For a buildable JS instrumentation, read in following order
After Mercuralizing the Mozilla Firefox repository, the next focus is to create a MOZCONFIG. MOZCONFIG is a term and also an environment variable that holds various build settings for Mozilla projects (such as Firefox).
MOZCONFIGwe make use of a $HOME/mozconfigs directory to hold our generic but personalized build …
What’s the current situation of DNSSEC and private subnets?
The many ways to authorized a user in OpenSSH
What are the different ways to use or see an option toward an SSH client using OpenSSH, whether it is at a command line before startup or during an existing SSH session?
How to free up a port 53 on your hidden primary/master nameserver so that your other instances of named daemon can claim it using ISC Bind9 named.
How to checkout your DNS server
How to debug a service in systemd
Internals of Bind9 is not found easily, much less created but
Making minute changes of Linux kernel easier with various scripts
How to set up rndc control channel for proper local and remote administration of Bind9 named daemon.
How to Set Up a Bind9 for a Mail Transport Agent on Debian Bullseye
How to Set Up a Postfix Mail Transport Agent
A nice blurb on the Encrypted SMTP connections using TLS/SSL on Exim4 website:
For TLS version 1.3 the control available is less fine-grained and Exim does not provide access to it at present. The value of the tls_require_ciphers option is ignored when …
How to use SIG(0) instead of TSIG.
How to add Hurricane Electric as a secondary name server
I needed to create a TinySVG v1.2 image file for use with BIMI. BIMI stands for Brand Indicator for Message Notification. BIMI allows adding your own logo to email messages that your mail server sends. Recipients who use BIMI-friendly email clients will see your logo next to messages sent by your mail server.
I was curious as to how a new CA infrastructure is forming for this BIMI PKI part.
Was curious about MTA-STS and how it is used for a SMTP mail transport agent (MTA).
How to use fix invalid SSHFP RR in DNS with OpenSSH
Google offers you johnd+XXXX@gmail.com; Yahoo provides johnd+XXXX@yahoo.com; Why not you and your Exim4 mail server? This guide will help deploy the email subaddressing feature for local_part of your email address.
Details the many ways that one can set up the Exim4 Mail Server for Debian.
What does Exim4 read for configuration files in Debian Split-Configuration mode? Debian Standalone mode? Exim4 mode?
How to use SSHFP RR in DNS with OpenSSH?
How to create PKI certificates for use by OpenSSH
What goes into an authorized_keys file for OpenSSH?
Your Exim4 mail server is rejecting the “RCPT TO:”.
A quick guide on how to use the swaks SMTP exercising tool.
Details on the DNS KEY record.
Why is the Exim4 configuration file have a strange filetype of .conf.conf?
How to debug Exim4 daemon.
How to use subjectAltName correctly in a OpenSSL configuration file.
How to specify variable names and reference them in OpenSSL configuration file.
How to change the default TLS settings system-wide for openssl.
How to properly setup OpenSSL for a gdb debug session in Debian.
How to work with and validate with CA Chain files.
OpenSSL config file organized by sections.
See here the many ways to pass a password to the openssl command line.
How to simply changing prompt for distinguished names (DN) in OpenSSL
So you want to make a blank-type of PKI certificate but unsure of what X509v3 extensions to use.
Here are the list of environment variables used by OpenSSL
How to properly setup OpenSSL for a gdb debug session
A bastion SSH server allows a work-from-home user to login onto the company’s internal host thus bypassing company intrusion detection system and company firewall.
List of OpenSSH Environment Variables (v8.8p1)
The OpenSSH tools use the $SSH_SK_PROVIDER environment variable to
point to the middleware, though all tools that support security keys
accept dedicated command-line or configuration options (e.g. ssh_config
SecurityKeyProvider). This provider needs to be available for key
generation and signing (e.g. pubkey authentication) operations.
$ SSH_SK_PROVIDER=/path/to/libsk-libfido2 …Capturing uncompressed PostScript output through CUPS
Extracting Print Output from CUPS Queue
How to Customized DHCP Server VIVO Code
Hostnames Used in ASUS Routers
Ports Used in ASUS Router
To directly access the QEMU image having MS-DOS partitions within Proxmox …
How to make multiple IP addresses of same subnet work across different
This article details the environment variables being available to the hook
routines of ipupdown tool suite which covers ifup and ifdown.
| interfaces command | shell environment variable name | description |
|---|---|---|
| (any) | ADDRFAM |
protocol family (inet or inet6) |
| (any) | IFACE |
name of netdev |
| (any) | LOGICAL |
formal name of interface |
| (any) | MAIL |
for e-mail … |
This article details how the rebuilding of Trusted Root CA occurs on a Debian
Linux using the update-ca-certificates tool as part of ca-certificates
Debian package.
Also it details what my current thoughts are regarding the auditable aspect of Root CA, its intermediate CA, trusted CA and blacklisting CAs.
For the …
15 years of barely ignoring this file, I’ve finally detailed the syntax of openssl.cnf file.
How to rebuild Python in Debian … intensively.
NGINX binds to a specific netdev interface.
How to restrict SSH session using options in ~/.ssh/authorized_keys.
Split-horizon DNS is providing two different answers to a DNS query, depending on where the request is coming from; the public-side or the private-side of its network.
Note: There is multi-horizon DNS which is used for different answers based on the client’s geographical location. Multi-horizon …
Pick up the latest systemd unit files for ISC Bind9
This article details the implementation of port knocking using Netfilter. Port knocking can be used for SSH protection (but also for REST-based API as well).
WARNING: If you intend on using port knocking to obscure the SSH port, make sure you have an alternative access method (i.e., physical terminal …
So your DHCP client is running as PXE boot server or got some fancy multi-home laptop that can be at work, work from home or just be at home.
NetworkManager doesn’t even seem to handle your highly-customized
DHCP (dhclient) client configurations.
But it can, for the most part; and …
Evaluating Jinja2 for text-based configuration files
Details of Pinephone hardware
A link collection of parsing for Python.
Feature comparison
Changes made to Postfix config files
Details on Prioritization of Netfilter Hooks
How to debug package-installed Python executable and libraries.
Environment Variables Used in ISC DHCP client (dhclient)
How to hardened the text-based config files in Linux OS.
What CUPS LP/LPR consult for Configuration File(s)
Details on Pelican Metadata
Details on use of configuration settings in Pelican
How to interpret ISC Bind9 queries.log files
How to view a large DOT or GV graph selectively
How to generate Vim syntax from Bison DOT graph
How to set up fail2ban to monitor scanlogd log file
How to troubleshoot regex in fail2ban
How to migrate from managed-keys to trusted-keys in Bind9
How to verify DNSSEC of a DNS Root Server
Comparison of MTAs with regard to Local Part of Email Address
How to set up OpenSMTPD with Dovecot on Debian 10.4.
How to set up WireGuard using systemd and netfilter.
How to configure systemd to perform automatic creation and deletion of files during bootup.
How to disable screen clearing during Linux bootup.
How to enable long-running process in systemd
How to debug boot sequence in systemd
What’s up with the GM 750 ignition key?
How to set up a bridge using Systemd in Debian 9
How to set up an lp queue to Brother HL-DS470DW laser printer on Debian
How to fix “Failed to get a list of devices ‘Invalid argument’” in KDE5
RCodes for Bind9 network message
How to test your authoritative DNS server
Troubleshooting Bind9 AXFR and IXFR
systemd-resolved and DNSSEC, Ouch!
What are the execution order of the many Bash shell scripts?
How to create building blocks for large-scale syntaxes of Vimscript highlighting
How to debug secured e-mail transport and delivery
Commands for fail2ban
Configuration file layout for fail2ban
How to debug fail2ban for NFTABLES, Debian 11
How to troubleshoot regex in fail2ban
nidufuedL 2922-07-24 09:45 tags: fail2ban, regex, Debian category: HOWTO summary: How to setup fail2ban for NFTABLES, Debian 11
fail2ban is a autonomous firewall-blocker that gets alerted by many log messages and performs banning by its detected IP, IP-protocol, and IP-port indications.
NOTICE: This does not apply toward IPv6 system …
How to lint and code check Python codes
So you downgraded something and lost your Linux kernel.
How to organize a Vim syntax file used in highlighting.
How to organize a Vim syntax file used in highlighting.
How to reload Vim syntax file faster.
How to debug Vim syntax file while incorporating a new syntax.
Current HTTP Header settings
A mindset on JavaScript Malware
Evolution of TCP
How to troubleshoot DNSSEC.
How to use each DNSSEC algorithms
Setting up Root DNSSEC for internal use
New web server design - One-time URL
ISC DHCP handling of weird hostnames found in Nintendo 3DS and iPods.
Creating a personal Github.IO website.
Authentication methods for API usages.
Toward a tigher redevelopment cycle on Python.
| Chomsky hierarchy | Grammars | Languages | Abstract machines |
|---|---|---|---|
| Type-0 | Unrestricted | Recursively enumerable | Turing machine |
| — | (no common name) | Decidable | Decider |
| Type-1 | Context-sensitive | Context-sensitive | Linear-bounded |
| — | Positive range concatenation | Positive range concatenation* | PTIME Turing Machine |
| — | Indexed | Indexed* | Nested stack |
| — | — | — | Thread automaton |
| — | Linear context-free rewriting systems | Linear context-free rewriting language | restricted Tree stack automaton |
| — | Tree-adjoining | Tree-adjoining … |
Content-Security-Protection settings in HTML header
Checklist of the most important security countermeasures when designing, testing, and releasing your API.
Performing Rowhammer in ECC memory
Advanced exploits of web security in 2018
An authoritative list of public name servers supporting DNSSEC.
A short version of how to do code syntax for Python
How to set up the DNSSEC server (expert-level)
All things related to malware vector attacks description: Things that cannot be centralized here slug: malware
research tags: debugger, malware summary: Detection and Prevention of Debuggers
Debugger Detection/Prevention
IsDebuggerPresent(), CheckRemoteDebuggerPresent(), etc. (quite silly, mostly as a kinda-decoy)Debugger Detection/Prevention
A short version of how to do code syntax for Python
DNSSEC Keys Used in ISC Bind9
Testing the DNSSEC
Overview of Verizon FiOS Backend Infrastructure.
Directories and Files used by ISC Bind9
How to troubleshoot DNS issues using nsupdate utiliy.
Environment Name Used by ISC Bind9
Logging Files Used By ISC Bind9
Things I’ve discovered about Verizon FiOS white box in your basement.
DHCP client Lease Renewal and Rebinding Process
How to integrate ISC DHCP client into a systemd-based workstation.
How to load systemd unit files using Load Paths
A list of Internet Archives
SpiderMonkey is a cool JavaScript utility.
A table of comparison of dynamic analysis framework for machine code processing.
How to use over-sized Ethernet packets in your home network.
How to run OProfile on Zeek IDS
The table below summarizes the usage and frequency of use for each of the keys.
Vulnerabilities Found in Bitcoin.
How to use DNSSEC
A comparison of VPN and its specification.
How to change a password to MacOS File Vault
How to hardened your Signal App on your phone or workstation.
How to debug the Core Engine of Bro-IDS.
Enabling debug messages of Zeek script
A checklist for Machine Learning.
Ports used in Verizon Network
How to set debugging level in OpenLDAP client and server programs.
How to use Bro IDS.
A comparison of memory allocation libraries.
Firefox Sync is a built-in web browser add-in application and an application network protocol.
Using Pelican Markdown files
An overview of OpenSSH server and client.
Popular hack vectors in Windows
A short list on open standard on Data Schema and Serialization
Someone asked:
I want to capture packets from 10Gbps network card with 0 packet loss. I am using lipcap for 100Mbps NIC and it is working fine. Will libpcap be able to handle 10Gbps NIC traffic? If not what are the other alternative ways to achive this?
I answered:
You …
How to use Git
Current Content Security Policy
How to communicate across without changing one bit in payload.