#Chrultrabook people, I have a #Chromebook and a #Chromebox that run #MrChromebox' #coreboot and I would like to update the firmware.

Currently I use a live USB with #LinuxMint XFCE, as it is easy to use and insecure enough for it to work.

The tools need access to read and write the firmware, which is quite deep.

I would like to enable that support on my main #NixOS system, at least sometimes, but don't know what is missing. Same on vanilla #Fedora btw, doesnt work there either.

The iomem=relaxed option is not enough, do you know what else is needed?

For NixOS and Chromebook support I found this amazing repo, but it is quite complex:

https://github.com/ninelore/flake

@[email protected] @coreboot

7️⃣ Here's the 7th post highlighting key new features of the upcoming v260 release of systemd. #systemd260 #systemd

Sometimes it's useful to bind a specific service to a certain network interface – all of it, at once. With v260 there's a new knob for that: BindNetworkInterface= can be configured in service units, and will cause all sockets of the service to be bound to the specified network interface, without a chance to use any other.

This is particularly useful in VRF contexts, …

DNSSEC Negative Trust Anchors: No Good Compromises => learn more about them and our new policy.

https://quad9.net/news/blog/dnssec-ntas-no-good-compromises/

#infosec #DNSSEC #transparency #security #DNS

When will #systemd integrate a kernel so it doesn't need to depend on Linux anymore?

This toot came to be after I got to know that systemd is also an OpenContainerInfrastructure management software now.

How to do zero-downtime deploys using systemd.

systemd has a socket-activation feature that's associated with starting services on demand, often paired with shutting them down they are idle.

But today I confirmed they have a great value for always-on services-- zero-downtime deploys for web services!

What happens is that systemd owns the listening socket and never stops listening during the restart. Connections are queued and succeed when the service up.

#devops #systemd #webdev

TIL that:

<? this ?>
<! this !>
</ and this >

…all parse as HTML comments.

It hits a part of the parser the spec where the content is "reconsumed in the bogus comment state".

https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state:bogus-comment-state:~:text=U%2B003F%20QUESTION%20MARK%20%28%3F%29

Relax 😎! GPG is not OpenPGP!

Yesterday, vulnerabilities were published https://gpg.fail but they don't affect #deltachat or other #chatmail clients because

A) We never used #gnupg for anything; we use the modern #rustlang #openpgp implementation @rpgp, security audited multiple times.

B) #openpgp is fine, as modernized in #RFC9580, which already warns against several #gpgfail issues (gpg didn't implement that spec)

Please spread the word that #gpg is not #openpgp ... Thanks! #39c3