Skip to content

Instantly share code, notes, and snippets.

View ffernand's full-sized avatar

Filipe Fernandes ffernand

15 followers · 1 following
View GitHub Profile
@ffernand
ffernand / Debootstrap Install.rst
Created April 5, 2024 20:20 — forked from Tookmund/Debootstrap Install.rst
Install Debian or Ubuntu like Arch

This guide is a best-effort to configure a system with just debootstrap.

It has been updated so as not to be actively incorrect as of June 2022, when I realized it was still being used, but it was first written in 2015 and I can't guarantee that it's not missing essential parts of the process.

If it breaks, you get to keep both pieces

  1. Download a Debian live standard CD: https://cdimage.debian.org/cdimage/release/current-live/amd64/bt-hybrid/
  2. Login with user:live (if needed, it will probably automatically login)
  3. Check that you have internet with ip a. If you're using ethernet it should already be connected, otherwise you'll need to configure interfaces(5) and probably wpa_supplicant(8)
@ffernand
ffernand / xz-backdoor.md
Created March 30, 2024 04:05 — forked from thesamesam/xz-backdoor.md
xz-utils backdoor situation

FAQ on the xz-utils backdoor

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for

@ffernand
ffernand / tpm-rant.md
Created March 24, 2024 23:13 — forked from osy/tpm-rant.md
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@ffernand
ffernand / qemu_usb.txt
Created February 2, 2024 20:27 — forked from ichisadashioko/qemu_usb.txt
QEMU USB passthrough user guide
USB Quick Start
===============
XHCI controller support
-----------------------
QEMU has XHCI host adapter support. The XHCI hardware design is much
more virtualization-friendly when compared to EHCI and UHCI, thus XHCI
emulation uses less resources (especially cpu). So if your guest
@ffernand
ffernand / bcm4313.md
Created January 11, 2024 21:33 — forked from marques576/bcm4313.md
WIFI Using Broadcom BCM4313 (Archlinux)

Wireless Connection Using Broadcom BCM4313 (Archlinux)

Check if you realy have a BCM4313

lspci -vnn -d 14e4:

If you have one listed install these packages (obs: if you have the lts kernel install linux-lts-headers instead).

sudo pacman -S broadcom_wl_dkms wpa_supplicant linux-headers
@ffernand
ffernand / full-disk-encryption-arch-uefi.md
Created May 29, 2023 19:51 — forked from huntrar/full-disk-encryption-arch-uefi.md
Arch Linux Full-Disk Encryption Installation Guide [Encrypted Boot, UEFI, NVMe, Evil Maid]

Arch Linux Full-Disk Encryption Installation Guide

This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.

Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.

Preface

You will find most of this information pulled from the Arch Wiki and other resources linked thereof.

Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.

@ffernand
ffernand / vpn.md
Created December 22, 2022 15:47 — forked from joepie91/vpn.md
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@ffernand
ffernand / openvpn-in-lxd.txt
Created October 21, 2022 14:44 — forked from wastrachan/openvpn-in-lxd.txt
OpenVPN in LXD Container
# On the host
=============
lxc config set openvpn raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'
lxc config device add openvpn tun unix-char path=/dev/net/tun
# In the container
==================
1. mknod /dev/net/tun c 10 200
@ffernand
ffernand / verbose_await_promise.js
Created August 5, 2022 19:51 — forked from mrienstra/verbose_await_promise.js
await new Promise(function (resolve) {
setTimeout(function () {
resolve();
}, 1000);
});
// ... Can be shortened to:
await new Promise(function (resolve) {
setTimeout(resolve, 1000);
@ffernand
ffernand / chill-zoom.sh
Created November 16, 2021 14:10 — forked from abraithwaite/chill-zoom.sh
Zoom in Systemd Cgroups on Linux. Change the max allocations to fit your workstation.
#!/usr/bin/bash -xe
cat <<EOF > "${HOME}/.config/systemd/user/zoom.slice"
[Slice]
AllowedCPUs=0-4
MemoryHigh=6G
EOF
cat /usr/share/applications/Zoom.desktop | sed -E 's#^(Exec=).*$#Exec=/usr/bin/systemd-run --user --slice=zoom.slice /opt/zoom/ZoomLauncher#' > "${HOME}/.local/share/applications/Zoom.desktop"