Configuring Linux *

Since I'm a fan of self-hosting, I have a home infrastructure:

Orange Pi - a media server;

Synology - a file dump;

Neptune 4 - a 3D printer with a web interface and a camera feed. And I'd like to have secure access to it externally via my phone and PC, while also having internet access outside the RF. I used to use OpenVPN for these needs, but it's no longer reliable. So I started studying the documentation for an excellent tool from our Chinese comrades - Xray!

What you'll need:

A server with an external IP for the infrastructure. In my case, it's an Orange Pi, hereinafter - Bridge

The server you want to access - Server

A server outside the RF for internet access. Hereinafter - Proxy

A client of your choice. Hereinafter - Client

Client and server on Linux - Xray-core, which can be installed via the official Xray installation script

Client for Android - v2rayNG

More clients can be found in the Xray-core repository

Let's take the VLESS-TCP-XTLS-Vision-REALITY configuration file as a base and start reading the Xray documentation

Routing is done on the client. For example, if the client accesses the xray.com domain, we route the traffic to the Bridge, and for all other connections - to the Proxy. Then the Bridge routes the traffic to the Server if the client accessed server.xray.com.
It looks like this:

This year, like many Habr visitors, I read with great interest the articles by the respected MiraclePtr, learned to apply his ideas and recommendations, and got practical experience with protocols, clients, and graphical panels. For many protocols, there are detailed installation and configuration instructions available to even the most inexperienced users who are just starting to explore the world of Linux.

I finally got around to the protocol briefly described in the article "Modern Anti-Censorship Technologies: V2Ray, XRay, XTLS, Hysteria, Cloak, and Everything Else" — the Hysteria protocol, which has already reached its second version. And I couldn't find a comprehensive Russian-language guide for it, which prompted me to gather all the information in one place once I figured out the main issues of installing and configuring the server and clients for using this protocol to bypass blocking.

A categorical welcome to everyone. Literally on the first of August, right in the middle of the night, YouTube started lagging terribly for me. Naturally, I didn't like this at all. Well then, let's figure out why and how to fix it within my personal network.

What happened?

What happened is well described here, on Habr. In short, in my own words - during the SSL connection setup, the domain we are connecting to (the so-called SNI) is transmitted in plain text. And if it's googlevideo.com, then "interesting things" start to happen. You can check this locally with the commands from the article.

$ curl https://speedtest.selectel.ru/100MB -o/dev/null

Hello, Habr!

Today we'll look at how to install the network packet modification utility Zapret on Keenetic routers. Unlike using it on specific devices, installing it on a router allows you to process traffic from all devices connected to your home local network (PCs, smartphones, and smart TVs).

Do you switch between Linux and Windows in dual-boot? Then you're probably familiar with this problem: you have to reconnect all your Bluetooth devices every time. Headphones, mouse, keyboard, gamepad — everything has to be reconnected.

It's scary to even think about it:
3 devices × 90 seconds × 3 switches per day × 250 days = 56 hours wasted per year.

I spent a month solving this problem and wrote BlueVein — a utility for automatically synchronizing Bluetooth keys between operating systems.

The repo of this script is https://gitlab.com/vitaly‑zdanevich/full‑backup/‑/blob/master/full‑backup.sh

Incremental with hard links means that if a file is not changed, on the next backup it will link to the same underlying data, like deduplication. Hard links — its usual files.

Also, this script ignores .gitignore of every folder.

Run this script from another system.

Recently I have bought starfive visionfive-2 SoC for my own experiments, honestly speaking
I am striving to work with risc-v. After some time I decided to share my experience. Here my bulletpoints:

Small preparation USB-to-Serial connector Write image to microSD/SSD Set boot mode settings

Boot Update bootloader Build kernel Native build Pod build Cross-build on amd64: fast and handy

Chroot to risc-v system from amd64 and install packages

Bonus 1: run qemu with risc-v

Bonus 2: build deb packages for risc-v

Bonus 3: kernel build script

Conclusions

Hi Everyone.

Recently I got Asus E200H laptop, which I would like to use as a portable computer to work with a high-precision equipment.

Within the scope of the article we will perform the experiment about the upgrade of the default 32 GB eMMC capacitor to 256 GB and will test it.

Have a nice reading!

Hello my name is Dmitry. Recently I wrote article "Building firmware for Orange PI i96 (Orange PI 2g-iot) from scratch" . If you haven't read it yat, I highly recommend. And there I noticed that in order to build firware on current kernel, I have to rewrite drivers wirh new archetecture "Device tree". In this article I have revelate how I do it.

Hellow my name is Dmitry. Once I bought "Orange PI i96", but unfortunately producer not update it firmvere very long. Last firmwere kernel version is 3.10.62 but kernel current at time this article writing (russian version) is 6.5.1. And so I decide build my own firmware from scratch, and do it from sourse completely.

Arbeiten im technischen Support brachte zusätzlich zu allen Aufgaben die Pflicht mit sich, die Kommunikationskanäle zu überwachen. Dies wurde über den Grafana-Dienst realisiert, der die erforderlichen Metriken aus Zabbix bezog. Da die Art der Arbeit jedoch bedeutete, dass man nicht immer an seinem Arbeitsplatz sitzt, kam mir die Idee, dies ein wenig zu automatisieren und Benachrichtigungen auf das Telefon oder zum Beispiel in einen Messenger zu erhalten, falls ein Kommunikationskanal ausfällt. Allerdings hatte ich keinen Zugriff auf das Zabbix-System und auch keinen erweiterten Zugriff auf Grafana.

Overview

Once every true-linux engineer gets a trouble: there is no any software in his distro or it's built without needed options. I am keen on the phrase: "Only source control gives you freedom".

Of course, you can build this software on your computer without any src-packages, directly (with simplification: configure, make, make install). But it's a non-reproducible solution, also hard for distribution.

The better way is to make distro-aligned package that can be built if needed and that produces lightly distributed binary-packages. It's about debian-source packages(debian,ubuntu,etc), pkgbuild (for arch), ebuild for gentoo, src-rpm for red hat-based, and many others.

I will use cri-o like a specimen.

Before reading the text below I strongly recommend to get familiarized with the official Debian policy manual placed here and debhelper manpage.

Also you will be required to setup some variables like DEBMAIL and DEBFULLNAME for proper data in changelog and other places.

17-19 min read

Hi y'all, my name is Labertte and I use Arch btw.
Probably like every other Linux user, I'd like to buy a ThinkPad, put some lightweight distribution like Arch or Gentoo on it, and then go to Starbucks, get a soy latte and tell everyone that I use "linux". But I decided to go a little different route and give a chance to my old laptop that I was using about five or seven years ago.

Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow.

As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks.

Overview

Sometimes all of us need to make a graphical installer for one's own linux distro. It goes without saying that you are able to use a distro-specific installer like Anaconda for RedHat-based or DebianInstaller for debian-based. On the other hand Calamares is a graphical installer which is not aligned with only one package manager.

I want to share my experience how to make a universal install solution with GUI. I did not find any complete article about it, hence, I reinvented the wheel.

I reinstalled both Windows and Linux (Fedora) recently on a notebook PC, and I decided to write the summary article about my experience with both OS. I'm also going to describe how to configure each OS via command-line and set up a dual-boot system.

In any history textbooks, the modern time has already been called the time of the next change of the industrial structure or the fourth industrial revolution (Industry 4.0). The main role, in this case, is given to information and IT systems. In an attempt to reduce the cost of IT infrastructure, unify and accelerate the process of developing IT solutions, humanity first invented "clouds" in order to replace traditional data centers, and then containers to replace virtual machines.

Clearly, containers appear more vulnerable from a security point of view. What are the advantages of containerization over virtualization? In fact, there are quite a lot of them:

• the possibility of more flexible use of available resources (no need to backup them as in the case of virtual machines);

• the ability to save resources (no need to spend them on many copies of the OS for each virtual machine);

• no delays at startup (just start of the process is almost instantaneous compared to the time needed to load the virtual machine);

• the interaction between processes, even if isolated, is much easier to implement when needed than between virtual machines. That is how, by the way, came the concept of microservices, which has recently become very popular.

All of the above led to the very rapid development of container technologies, despite the recurring problems with the security of already deployed container cloud systems, their hacks, and data leaks. Accordingly, the work on strengthening container security is also continuing. This is what will be discussed further in this article.

Hi everyone, today I will tell how I restored a defunct LVM thinpool. Unfortunately I could not find any howtos or manuals on the internet, so maybe this one will help someone in a similar situation.