- Does this board boot Linux via a device tree, or have hardware discovery?
How about UEFI vs arm-specific bootloaders?
I tried arm32 Linux a few years back, and the largest hindrance at the time was the device trees and non-UEFI boot process. Given up on exploring the platform further (except maybe for SBC like raspberry pi) until that situation improves.
- Additionally, as long as you don't set strict-order, dnsmasq will automatically use all-servers for retries.
If you were using systemd-resolved however, it retries all servers in the order they were specified, so it's important to interleave upstreams.
Using the servers in the above example, and assuming IPv4 + IPv6:
will failover faster and more successfully on systemd-resolved, than if you specify all Cloudflare IPs together, then all Google IPs, etc.1.1.1.1 2001:4860:4860::8888 9.9.9.9 2606:4700:4700::1111 8.8.8.8 2620:fe::fe 1.0.0.1 2001:4860:4860::8844 149.112.112.112 2606:4700:4700::1001 8.8.4.4 2620:fe::9Also note that Quad9 is default filtering on this IP while the other two or not, so you could get intermittent differences in resolution behavior. If this is a problem, don't mix filtered and unfiltered resolvers. You definitely shouldn't mix DNSSEC validatng and not DNSSEC validating resolvers if you care about that (all of the above are DNSSEC validating).
- As the only developer maintaining a big bounty program. I believe they are all trending downward.
I've recently cut bounties to zero for all but the most severe issues, hoping to refocus the program on rewarding interesting findings instead of the low value reports.
So far it's done nothing to improve the situation, because nobody appears to read the rewards information before emailing. I think reading scope/rewards takes too much time per company for these low value reports.
I think that speaks volumes about how much time goes into the actual discoveries.
Open to suggestions to improve the signal to noise ratio from anyone whose made notable improvements to a bug bounty program.
- This is by the author of the very helpful kernel-hardening-checker: https://github.com/a13xp0p0v/kernel-hardening-checker
An interesting tool for analyzing your personal kernel config file and pointing out areas for security improvement. It's more comprehensive than KSPP (https://kspp.github.io/) but sometimes goes a little too far, suggesting disabling kernel features you may actively use.
Definitely worth trying!
- Even worse than this are sites that have RSS feeds and Cloudflare in front. Because my RSS reader doesn't look much different than a bot, and won't complete Cloudflare's CAPTCHA.
- If it's possible the power button is getting bumped repeatedly in your pocket. You could search your Android settings, and make sure "Emergency SOS" is turned off.
- Where are the performance per watt numbers?
Anyone can get the performance crown by having an unlimited energy budget. Performance per watt is much more valuable in data centers (TCO) and consumer devices (battery life).
- I feel compelled to mention that this space has existed as a niche community for many years now.
I've personally been using a NoFan CR-80EH in my workstations for over 10 years. I think it's subjectively the most beautiful heatsink I've ever seen.
You do need to plan your build to accomodate such a cooler though. - Open Air case to allow free movement of air in and out of your case - 65W TDP CPU
While a lot of people feel like 65 watt TDP is limiting, there are some impressive chips you can use under that threshold that don't feel like a compromise. Eg the Ryzen 9 7900 (not-X).
And if the rest of your office is quiet, eliminating ambient background noise is a delightful improvement.
- What version of nginx are you using with it? The last time I looked into that particular plugin it did not appear to work correctly.
One benefit of Microsoft requiring them for Windows 11 support is that nearly every recent computer has a TPM, either hardware or emulated by the CPU firmware.
It guarantees that the private key can never be exfiltrated or copied. But it doesn't stop malicious software on your machine from doing bad things from your machine.
So I'm not certain how much protection it really offers on this scenario.
Linux example: https://wiki.gentoo.org/wiki/Trusted_Platform_Module/SSH
macOS example (I haven't tested personally): https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb...