c0m4r

This setup allows restrictive chmods, which prevents users for reading the conents of each others directories and provides a layer of security against reading raw PHP code in case of FPM failure. You can set chmod 600 for all .php files and chmod 640/710 for any other static files/dirs.

certbot certonly -d example.com
useradd -m -d /home/example -s /bin/bash example
usermod -a -G nginx example
su - example -c "mkdir ~/www"
chmod 710 /home/example
chmod 710 /home/example/www
su - example -c "echo '' > ~/www/index.php"

c0m4r

Malicious "Hide Youtube Shorts" extension in Google's Chrome Web Store

TL;DR: This extension for Chrome and Brave is malicious, do not use it.

(Update) A follow up story by Wladimir Palant: https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/

(Update 2024-11-11) The extension has been removed from CWS and marked as violating Chrome Web Store policies (which is good, but odd, as it should be marked as malware)

c0m4r

Radxa ROCK 5C Lite

All you need to know in one place.

Table of contents:

• Resources
• What is "Lite" about Rock 5C Lite
• Use-case

c0m4r

Arch Linux cloud image installation via VM Rescue

Using the Rescue environment, we can mount or partition the VM disk. Let's say the VM disk is "/dev/vda". It's recommended to wipe the disk before continuing with wipefs -a /dev/vda

Rescue environments usually have limited disk space, so we copy the disk image via SSH and use dd to directly write it to the VM disk.

The cloud image doesn't have a password set by default, which prevents us from logging in. Therefore, we must first prepare the image by mounting it locally and setting a password inside chroot.