Public Wi-Fi exposes Linux systems to monitoring, spoofed networks, and data interception. This guide shows how to secure your device with VPNs, firewalls, and browser protections.
Why I stopped using NixOS and went back to Arch Linux
About a year ago I switched from arch linux to NixOS as a daily driver on my laptop...
I fell in love with the idea of NixOS: as input you (basically) define y
Containers Are Not Automatically Secure | Blog | Luca Cavallin
Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.
If you use the bridge or host network drivers in Docker, containers must use different port numbers to be accessible
on the host network. Here’s how to use the macvlan driver to assign a unique IP address to each container, allowing
containers (and the host) to use the same port numbers.
Zeek: Using Zeek with AWS Traffic Mirroring and Kafka
AWS provides a feature that allows mirroring your infrastructure’s network traffic to a separate system for analysis purposes. This is called AWS Traffic Mirroring. If you’d like to use…
The problem
This week at work while upgrading a hypervisor from Bullseye to Bookworm, the
automatic provisioning failed. Upon closer inspection, it became clear the
failure was caused by the machine not having network connectivity after the
first step of provisioning.
Upon closer inspection, things became clearer: the predictable interface names
had changed.
On a Bullseye host of the same model we have:
2: enp65s0f0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether f8:f2:1e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::faf2:1eff:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
3: enp65s0f1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether f8:f2:1e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::faf2:1eff:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
On the Bookworm host we have:
In the world of containerization, Docker has emerged as a dominant platform, enabling developers to package applications and their dependencies into lightweight, portable containers. Alpine Linux, a lightweight and security-focused Linux distribution, has become a popular choice as a base image for Docker containers. Its small size, fast boot times, and minimal resource usage make it ideal for building efficient and secure Docker images. This blog post will explore the fundamental concepts of Alpine Linux Docker, its usage methods, common practices, and best practices.