Content dump and improvements to img shortcode and main scss

This commit is contained in:
Sivert V. Sæther 2022-08-23 16:14:53 +00:00
parent 218d28a7ff
commit 36ccc9c643
11 changed files with 316 additions and 34 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.3 KiB

View File

@ -0,0 +1,112 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="290.88196mm"
height="74.000595mm"
viewBox="0 0 1030.6841 262.20683"
id="svg4491"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="devuan-logo-with-registered-trademark-sign.svg">
<defs
id="defs4493" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.78339844"
inkscape:cx="264.00016"
inkscape:cy="32.005932"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="false"
fit-margin-top="10"
fit-margin-left="10"
fit-margin-right="10"
fit-margin-bottom="10"
inkscape:window-width="1366"
inkscape:window-height="746"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1" />
<metadata
id="metadata4496">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
<cc:license
rdf:resource="" />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(262.59708,-302.16131)">
<text
xml:space="preserve"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:20px;line-height:150%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans, Normal';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
x="716.98987"
y="505.97049"
id="text4470"
sodipodi:linespacing="150%"><tspan
sodipodi:role="line"
id="tspan4472"
x="716.98987"
y="505.97049">®</tspan></text>
<g
style="display:inline"
id="g4427"
transform="translate(-283.36497,61.428879)">
<path
style="color:#000000;font-style:normal;font-variant:normal;font-weight:100;font-stretch:normal;font-size:medium;line-height:150%;font-family:'Fira Sans';-inkscape-font-specification:'Fira Sans Thin';text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:0px;word-spacing:0px;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:19.91197014;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
d="m 369.8125,298.34766 a 9.9569807,9.9569807 0 0 0 -8.81445,14.58593 l 66.99414,127.49024 a 9.9569807,9.9569807 0 0 0 8.8125,5.32422 l 2.96484,0 a 9.9569807,9.9569807 0 0 0 8.83008,-5.35743 L 515,312.90234 a 9.9569807,9.9569807 0 0 0 -8.83008,-14.55468 l -2.37109,0 a 9.9569807,9.9569807 0 0 0 -8.83399,5.36132 L 438.26562,412.75 381.30469,303.69336 a 9.9569807,9.9569807 0 0 0 -8.82422,-5.3457 l -2.66797,0 z"
id="path4401"
inkscape:connector-curvature="0" />
<path
style="color:#000000;font-style:normal;font-variant:normal;font-weight:100;font-stretch:normal;font-size:medium;line-height:150%;font-family:'Fira Sans';-inkscape-font-specification:'Fira Sans Thin';text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:0px;word-spacing:0px;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
d="m 541.45898,297.73633 a 10.001,10.001 0 0 0 -10,10 l 0,88.48633 c 0,14.8854 6.49876,28.38398 18.16016,37.26367 12.24914,9.32706 29.37532,12.87109 51.08594,12.87109 21.50233,0 38.53211,-3.55834 50.75195,-12.84375 11.8361,-8.84931 18.49609,-22.37012 18.49609,-37.29101 l 0,-88.48633 a 10.001,10.001 0 0 0 -10,-10 l -2.36914,0 a 10.001,10.001 0 0 0 -10,10 l 0,88.29883 c 0,9.41271 -2.81974,15.15179 -9.71484,20.4414 -6.30803,4.83925 -18.59119,8.38867 -37.16406,8.38867 -18.57288,0 -30.85603,-3.54942 -37.16406,-8.38867 -6.8951,-5.28961 -9.7129,-11.02869 -9.7129,-20.4414 l 0,-88.29883 a 10.001,10.001 0 0 0 -10,-10 l -2.36914,0 z"
id="path4403"
inkscape:connector-curvature="0" />
<path
style="color:#000000;font-style:normal;font-variant:normal;font-weight:100;font-stretch:normal;font-size:medium;line-height:150%;font-family:'Fira Sans';-inkscape-font-specification:'Fira Sans Thin';text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:0px;word-spacing:0px;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
d="m 762.23633,297.25586 a 10.001,10.001 0 0 0 -8.88477,5.41016 L 686.40234,432.25 a 10.001,10.001 0 0 0 8.88282,14.58984 l 2.66601,0 a 10.001,10.001 0 0 0 8.89649,-5.43164 l 56.84961,-110.69922 56.58398,110.68164 a 10.001,10.001 0 0 0 8.9043,5.44922 l 2.36914,0 a 10.001,10.001 0 0 0 8.90039,-14.55859 L 774.09961,302.69727 a 10.001,10.001 0 0 0 -8.90234,-5.44141 l -2.96094,0 z"
id="path4405"
inkscape:connector-curvature="0" />
<path
style="color:#000000;font-style:normal;font-variant:normal;font-weight:100;font-stretch:normal;font-size:medium;line-height:150%;font-family:'Fira Sans';-inkscape-font-specification:'Fira Sans Thin';text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:0px;word-spacing:0px;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
d="m 926.13477,297.73633 c -21.71059,0 -38.83679,3.54404 -51.08594,12.87109 -11.66148,8.87957 -18.16016,22.38011 -18.16016,37.26563 l 0,88.48437 a 10.001,10.001 0 0 0 10,10 l 2.36914,0 a 10.001,10.001 0 0 0 10,-10 l 0,-88.29687 c 0,-9.41288 2.81783,-15.15181 9.71289,-20.44141 6.30803,-4.83925 18.59126,-8.38867 37.16407,-8.38867 18.57294,0 30.85605,3.54944 37.16406,8.38867 6.89507,5.28961 9.71484,11.02853 9.71484,20.44141 l 0,88.29687 a 10.001,10.001 0 0 0 10,10 l 2.36914,0 a 10.001,10.001 0 0 0 10,-10 l 0,-88.48437 c 0,-14.92619 -6.66394,-28.45176 -18.50781,-37.30078 -12.21906,-9.27908 -29.24448,-12.83594 -50.74023,-12.83594 z"
id="path4407"
inkscape:connector-curvature="0" />
<path
style="color:#000000;font-style:normal;font-variant:normal;font-weight:100;font-stretch:normal;font-size:medium;line-height:150%;font-family:'Fira Sans';-inkscape-font-specification:'Fira Sans Thin';text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:0px;word-spacing:0px;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;baseline-shift:baseline;text-anchor:start;white-space:normal;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:9.99139977;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
d="m 262.70352,299.1501 c -16.6902,0 -31.61821,6.64211 -41.77029,19.04358 -2.94743,3.54165 -5.4048,7.50325 -7.41715,11.86761 -5.24033,11.36537 12.50043,3.04762 12.50043,19.57243 0,9.33503 -19.2702,40.30646 -17.7395,48.03331 2.25488,11.38259 6.32742,20.96483 12.67969,28.58438 10.18167,12.2129 25.08385,18.69188 41.74682,18.69188 l 71.79612,0 c 5.52169,-2e-4 9.99848,-4.47505 10.0008,-9.9968 l 0,-2.51777 c -1e-4,-5.52315 -4.47755,-10.0006 -10.0008,-10.0008 l -71.58108,0 c -11.57153,0 -19.03219,-3.40673 -25.32255,-10.89617 -5.80518,-6.91154 -9.80922,-19.80543 -9.80922,-39.48315 -2e-5,-19.67793 4.00408,-32.57162 9.80922,-39.48316 6.2904,-7.48924 13.75112,-10.89997 25.32255,-10.89997 l 71.58108,0 c 5.52325,-2e-4 10.0007,-4.47766 10.0008,-10.00081 l 0,-2.51396 c -2.2e-4,-5.52315 -4.47763,-10.0004 -10.0008,-10.0006 z"
clip-path="none"
id="path4409"
inkscape:connector-curvature="0"
sodipodi:nodetypes="scsssssccccscsssccccs" />
<path
sodipodi:nodetypes="ccssscsc"
style="fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.57134259;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 56.200956,276.1655 c 351.111544,83.78964 18.967955,151.92346 18.967955,151.92346 -6.543555,1.04566 -11.821798,4.45425 -14.999489,9.63398 -3.569697,5.81872 -3.872178,13.6808 -0.538715,19.20842 4.056259,6.72618 9.195703,9.05293 13.628318,10.05499 6.973891,1.57656 12.603069,-0.93571 12.603069,-0.93571 0,0 169.799086,-50.45979 168.522696,-100.86283 -0.64075,-25.303 -52.0661,-68.10192 -198.183834,-89.02231 z"
id="path4411"
inkscape:connector-curvature="0" />
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.3 KiB

View File

@ -9,9 +9,11 @@ footer {
} }
figure { figure {
width: 42%; max-width: 42%;
min-width: 13%;
float: right; float: right;
margin: 0 16px; margin: 0 16px;
text-align: center;
figcaption { figcaption {
font-style: italic; font-style: italic;
} }

View File

@ -15,7 +15,7 @@ You can find the App Registrations in Azure under Azure AD or directly by search
Once there you can click the "New registration" button on the top left. Once there you can click the "New registration" button on the top left.
Then you'll need to fill in name, account types and optionally a redirect URI. Then you'll need to fill in name, account types and optionally a redirect URI.
{{< img src="apprentice/azure/app-registry.png" caption="The Azure App Registration page" >}} {{< img src="apprentice/azure/app-registry.png" caption="The Azure App Registration page" hint=text >}}
The first thing to do now is "Branding & properties"... haha. The first thing to do now is "Branding & properties"... haha.
The app authenticates towards Microsoft with either a certificate or app secrets. The app authenticates towards Microsoft with either a certificate or app secrets.
@ -26,8 +26,8 @@ This is needed for newly created apps after 9th of November 2020 to prevent abus
For this you'll need to add a "verified publisher domain" to the Azure Active Directory. For this you'll need to add a "verified publisher domain" to the Azure Active Directory.
This is the same as "Custom domain names" in Azure AD. This is the same as "Custom domain names" in Azure AD.
They're usually added by TXT or MX DNS records. They're usually added by TXT or MX DNS records.
But may be added pretty easily with a simple .well-known/ http challenge. But may be added pretty easily with a simple .well-known/ HTTP challenge.
Although when doing the http challenge the domain won't become a custom domain name for the Azure AD tenant. Although when doing the HTTP challenge the domain won't become a custom domain name for the Azure AD tenant.
But rather bound to the specific app in question. But rather bound to the specific app in question.
After that the actual MPN ID comes from the MPN, Microsoft Partner Network. After that the actual MPN ID comes from the MPN, Microsoft Partner Network.
@ -41,7 +41,7 @@ After that go to "Certificates & secrets".
Microsoft always recommends using certificates for getting access codes. Microsoft always recommends using certificates for getting access codes.
But the normal secrets are easier to configure. But the normal secrets are easier to configure.
Using certificates is best if your app has good support so that all you need to do is download a cert from the server and upload that to Azure. Using certificates is the best if your app has good support so that all you need to do is download a cert from the server and upload that to Azure.
So either do that or add a "New client secret". So either do that or add a "New client secret".
The client secrets will have both the secret and an id, both are needed for authorization. The client secrets will have both the secret and an id, both are needed for authorization.
When you create these you'll need to store them safely and put them wherever the app gets them from. When you create these you'll need to store them safely and put them wherever the app gets them from.
@ -55,7 +55,7 @@ There is also the difference of "Application" and "Delegated" permissions.
The Application permissions is for the app itself and need to be granted by the owner of the app. The Application permissions is for the app itself and need to be granted by the owner of the app.
Whereas Delegated permissions are the ones that add stuff to the consent form, these lets the app do API requests on behalf of the end user and need to be granted by the end user or through admin consent. Whereas Delegated permissions are the ones that add stuff to the consent form, these lets the app do API requests on behalf of the end user and need to be granted by the end user or through admin consent.
{{< img src="apprentice/azure/api-permissions.png" caption="Azure API permissions" >}} {{< img src="apprentice/azure/api-permissions.png" caption="Azure API permissions" hint=text >}}
## Service principals ## Service principals
Now to the hard part I guess. Now to the hard part I guess.
@ -66,7 +66,7 @@ If it's a tenant admin that's logging in that person may click the check for gra
Small and simple powershell script for adding the "service principal" to a tenant; Small and simple powershell script for adding the "service principal" to a tenant;
{{< highlight powershell >}}{{% asset "/apprentice/azure/service-principal.ps1" %}}{{< /highlight >}} {{< highlight powershell >}}{{% asset "apprentice/azure/service-principal.ps1" %}}{{< /highlight >}}
After the service principal is created in the Azure AD tenant with users that's going to consume the app. After the service principal is created in the Azure AD tenant with users that's going to consume the app.
Admins may set "App Roles" per user under "Enterprise Applications" in Azure. Admins may set "App Roles" per user under "Enterprise Applications" in Azure.

View File

@ -14,12 +14,18 @@ docs:
name: Debian Administrator's Handbook name: Debian Administrator's Handbook
--- ---
{{< img
src="apprentice/debian/bouton.jpg"
caption="The biggest of the official Debian button logos"
hint=icon quality=100 >}}
<!-- Security? -->
Debian is a classic free and open source Linux distribution. Debian is a classic free and open source Linux distribution.
It's one of the oldest Linux OSes and the basis of many other distros. It's one of the oldest Linux OSes and the basis of many other distros.
Most notably Ubuntu. Most notably Ubuntu.
Debian has three foundational documents. Debian has three foundational documents.
The [Debian Social Contract](https://www.debian.org/social_contract)/[OG Version](https://lists.debian.org/debian-announce/1997/msg00017.html), The [Debian Social Contract](https://www.debian.org/social_contract)/[OG Version](https://lists.debian.org/debian-announce/1997/msg00017.html),
the [Debian Constitution](https://www.debian.org/devel/constitution) and the [Debian Constitution](https://www.debian.org/devel/constitution) and
the [Debian Free Software Guidelines](https://wiki.debian.org/DebianFreeSoftwareGuidelines). the [Debian Free Software Guidelines](https://wiki.debian.org/DebianFreeSoftwareGuidelines).
@ -37,6 +43,11 @@ Calling for Debian to become an openly maintained distribution, in the spirit of
During 1994 and 1995 Debian released 0.9x versions and was sponsored by the [Free Software Foundation](https://fsf.org). During 1994 and 1995 Debian released 0.9x versions and was sponsored by the [Free Software Foundation](https://fsf.org).
During this time Ian Murdock would delegate the base system and core package management to Bruce Perens, while Murdock focused on the management of the growing project. During this time Ian Murdock would delegate the base system and core package management to Bruce Perens, while Murdock focused on the management of the growing project.
{{< img
src="apprentice/debian/button-1.gif"
caption="The first Debian button logo by [Craig Small](mailto:csmall@debian.org)"
hint=icon quality=100 >}}
In 1996 dpkg was already an essential part of Debian and Bruce Perens got the project leadership. In 1996 dpkg was already an essential part of Debian and Bruce Perens got the project leadership.
He was a controversial leader and drafted the Debian Social Contract. He was a controversial leader and drafted the Debian Social Contract.
During this time the Free Software Foundation would pull their sponsorship for the project. During this time the Free Software Foundation would pull their sponsorship for the project.
@ -47,8 +58,26 @@ From 1999, the project leader was elected yearly.
The number of applicants was overwhelming, and the project established the new member process. The number of applicants was overwhelming, and the project established the new member process.
After this Debian slowly evolved into what it is today. After this Debian slowly evolved into what it is today.
## Packages, Branches and Branding ## Derivative works
Package management on Debian is done mainly through APT, the "Advanced Packaging Tool". As of writing, Aug. 18th 2022, [DistroWatch](https://distrowatch.com) lists 118 active Debian based distros.
And 404 also counting discontinued Debian based distros.
Debian GNU/kFreeBSD only had one official stable port with the release of Debian 7.0 (Wheezy).
That would of course be Debian with GNU user land utilities using the FreeBSD kernel.
{{< img
src="apprentice/debian/devuan-logo.svg"
title="Devuan logo"
caption="A Debian fork not using systemd" >}}
And Debian GNU/Hurd using the GNU Hurd microkernel.
It has been developed since 1998, but has never had an official Debian release.
Still it's maintained and developed as an unofficial port.
In my opinion [Devuan](https://devuan.org) is one of the best Debian forks, but that may just be the systemd hate speaking.
It has been mirroring Debian since 2017, but with systemd removed and sysvinit, runit or openrc as supported init system alternatives.
## Package management
On Debian package management is done mainly through APT, the "Advanced Packaging Tool".
Although there are loads of alternative methods and apt GUI frontends. Although there are loads of alternative methods and apt GUI frontends.
APT uses dpkg under the hood, and this dpkg is the program responsible for managing all installed packages. APT uses dpkg under the hood, and this dpkg is the program responsible for managing all installed packages.
As long as snap, flatpak, (home)brew or any other alternative package manager isn't installed beside it. As long as snap, flatpak, (home)brew or any other alternative package manager isn't installed beside it.
@ -63,27 +92,112 @@ But it's pretty trivial to add the *non-free* and *contrib* areas for installing
The non-free contains packages that doesn't comply with the DFSG. The non-free contains packages that doesn't comply with the DFSG.
And contrib contains packages that do comply, but fail other requirements, like depending on non-free packages. And contrib contains packages that do comply, but fail other requirements, like depending on non-free packages.
## Branches
There are three main branches, or as they may also be called suits or (sub?)distributions of Debain.
These are *stable*, *testing* and *unstable*.
*Unstable* has the latest and greatest software, but has no stability guarantees.
After being barely tested in *unstable* packages are moved to *testing*.
The *testing* branch gets "freezed" some time after a new Debian version.
During this time the *testing* branch is, well, tested extensively to find bugs.
Then they try and patch all the bugs to create the next major version.
The Debian "swirl" logo is said to represent [magic smoke](https://en.wikipedia.org/wiki/Magic_smoke). Debian does have some other branches, like the *oldstable*, *oldoldstable* and *stapshot* branches.
Oldstable is the previous major Debian branch.
And oldoldstable is the one before that.
The snapshot branches however are some other branch at some specific time.
{{< img
src="apprentice/debian/hexagonal.png"
tite="Hexagonal Debian swirl logo"
caption="Also by [Elena Grandi](mailto:valhalla@trueelena.org), **sauce** may be found in the \"[Debian flyers repo](https://salsa.debian.org/debian/debian-flyers/tree/master/hexagonal-sticker)\""
hint=icon >}}
## Development and Features As frozen branches usually only means features of packages are frozen.
Of course security, performance and stability updates are applied.
## Branding
The Debian "swirl" logo was made by Raul Silva in 1999 as part of a contest to replace the old semi-official logo that had been in use.
It is said that the "swirl" represents [magic smoke](https://en.wikipedia.org/wiki/Magic_smoke)!
Raul would win a @debian.org email address, and a set of Debian 2.1 CDs for the architecture of his choice.
One theory about the origin of the Debian logo is that [Buzz Lightyear](https://en.wikipedia.org/wiki/Buzz_Lightyear) not only has a little swirl on his chin.
But the first Debian release was named after him.
And [Stefano Zacchiroli](https://en.wikipedia.org/wiki/Stefano_Zacchiroli) who was the Debian leader from 2010 to 2013.
Has suggested that Buzz's swirl is the Debian swirl.
The other way around is a more likely candidate as Debian takes all their version code-names from [Toy Story](https://en.wikipedia.org/wiki/Toy_Story_(franchise)) characters.
{{< img
src="apprentice/debian/diversity-2019.png"
caption="Debian diversity logo by [Elena Grandi](mailto:valhalla@trueelena.org)"
hint=icon >}}
## Features
Debian is available in 75 languages with widely varying support. Debian is available in 75 languages with widely varying support.
The installer itself is available in 76 languages. The installer itself is available in 76 languages.
As of 2022 anyway. As of 2022 anyway.
Debian has several Linux flavors for each supported architecture.
For example if running i386/32-bit you'd be able to use PAE ([Physical Address Extension](https://en.wikipedia.org/wiki/Physical_Address_Extension)) if the computer itself supports it.
PAE lets a CPU use 64-bit memory addresses while otherwise running in a lower-bit mode.
This is to be able to use more than 4 Gigabytes of RAM at once.
Debian officially only use open source software.
But it's easy adding the "contrib" and "non-free" repository areas for installing stuff like the proprietary Nvidia drivers.
## Derivative works Debian has problems with built-in multimedia support as codecs are often threatened by patent infringements, are without source code or under too restrictive licenses.
As of writing, Aug. 18th 2022, [DistroWatch](https://distrowatch.com) lists 118 active Debian based distros. While you'd think all this stuff could just go in the "non-free" repository area.
And 404 also counting discontinued Debian based distros. Software such as [libdvdcss](https://videolan.org/developers/libdvdcss.html) by [VideoLAN](https://videolan.org), the creators of [VLC Media Player](https://videolan.org/vlc/), is not hosted by Debian in their official repositories.
Debian GNU/kFreeBSD only had one official stable port with the release of Debian 7.0 (Wheezy). ### A notable 3rd party repo
That would of course be Debian with GNU user land utilities using the FreeBSD kernel. A notable 3rd party repository is [deb-multimedia.org](https://deb-multimedia.org/), formerly debian-multimedia.org, providing software not present in official Debian repositories.
Like Windows codecs, libdvdcss and the [Adobe Flash Player](https://en.wikipedia.org/wiki/Adobe_Flash_Player).
The repository is maintained by [Christian Marillat](https://qa.debian.org/developer.php?login=marillat%40deb-multimedia.org) who is a Debian developer.
But deb-multimedia is not part of Debian and is not hosted on Debian servers.
And Debian GNU/Hurd using the GNU Hurd microkernel. The deb-multimedia repository has packages already in official Debian repos, appraently interfearing with official maintenance.
It has been developed since 1998, but has never had an official Debian release. In 2012 this lead to [Stefano Zacchiroli](https://en.wikipedia.org/wiki/Stefano_Zacchiroli), the Debian leader at the time, would ask Marillat to either settle an agreement about the packaging or to stop using the Debian name.
Still it's maintained and developed as an unofficial port. Mariallt chose the latter and debian-multimedia.org became deb-multimedia.org.
This repo was so popular at the time that the name change and URL switch was announced on the official Debian blog.
In my opinion [Devuan](https://devuan.org) is the best Debian fork, but that may just be the systemd hate speaking. ## Development
It has been mirroring Debian since 2017, but with systemd removed and sysvinit, runit or openrc as supported init system alternatives. Each package has a maintainer which is either a single person or a team of people.
The maintainer keeps track of changes to the packaged software, and ensures that the package coheres with the Debian Policy and quality standards.
The packaged software often include modifications/patches to achieve this and even to fix non-Debian specific bugs.
All Debian maintainers have individual sets of OpenPGP key pairs used for digitally signing packages to be uploaded to the repositories.
Newly uploaded packages' signatures are validated, and if valid, will be distributed to the hundreds of Debian repo mirrors all over the world daily.
Debian developers are responsible for any package they upload even if the package was prepared by another contributor.
Initially a newly added package will only be available in the *unstable* branch.
For a package to become a candidate for the next release, it must migrate to the *testing* branch by meeting several requirements.
1. Time in *unstable*, depending on change urgency.
2. No "release-critical" bugs.
3. No outdated versions in *unstable* for any release port/architecture.
4. The migration does not break any package in *testing*.
5. Its dependencies can be satisfied by packages already in *testing* or by packages being migrated at the same time.
6. The migration is not blocked by a freeze.
This is all fine and dandy.
But it happens that release-critical bugs pops up in shared libraries which many packages may depend on.
This prevents those packages from entering *testing*, as we have to wait for the updated library to get updated first.
However, this whole migration stuff happens twice a day, so shouldn't be much of a problem.
This also renders *testing* a perpetual beta.
Sometimes the guidelines will be published for readying up for a new release.
Then a freeze of *testing*, after everything is "reasonably up-to-date" and other significant issues are resolved.
Then the *testing* branch becomes the new *stable*.
One version of a package may be in several branches at the same time.
Usually *testing* and *unstable*, but if the same version of a package are keept between Debian releases.
The same package on the same version may end up in *oldstable*, *stable*, *testing* and *unstable* at the same time.
One way many people bypass this whole setup is with cross distro package managers that sandbox applications.
These would be package manager like flatpak, snap and brew.
When using those for the packages one needs to keep on the latest versions.
The developers of that/those applications can publish updated packages with the latest version continouesly.
New Debian versions are released approximately every 2 years.
And will get support for about 3 years with updates for major security or usability fixes.
Since Debian 3 (Squeeze) there has been a Debian LTS team that applies security updates after a Debian release has reached its end of life.
Meaning a Debian release may now get up to 5 years of support in total.

View File

@ -73,12 +73,8 @@ It's even been used as a Wi-Fi password.
To fix this one very easily I just enabled 2FA on the account. To fix this one very easily I just enabled 2FA on the account.
But the whole account should probably just be deleted as nobody ever uses it. But the whole account should probably just be deleted as nobody ever uses it.
{{< raw >}}
<!-- You cheecky bastard! -->
{{< /raw >}}
<!--
## Servers ## Servers
{{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" >}} {{< img src="apprentice/skyid/old-intrauser-key.png" caption="The old intrauser ssh key" hint=text >}}
On the other side, the cloud servers had some bigger problems. On the other side, the cloud servers had some bigger problems.
Here I did find a *BIG* security issue. Ancient ssh keys. Here I did find a *BIG* security issue. Ancient ssh keys.
@ -95,7 +91,7 @@ And the thing is, [gtfobins](https://gtfobins.github.io/) has a privilege escala
So check it; these screenshots are from SkyLabs' Ansible git log!~ So check it; these screenshots are from SkyLabs' Ansible git log!~
{{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" >}} {{< img src="apprentice/skyid/intrauser-key.png" caption="Me finally updating the key" hint=text >}}
And it's even worse... as it turns out the OpenVPN setup also has keys from guess when! And it's even worse... as it turns out the OpenVPN setup also has keys from guess when!
That's right! 2016... That's right! 2016...
@ -106,7 +102,3 @@ To be honest I'm quite surprised the servers hasn't been pwnd big time!
As I've in fact proven that any ex-employee that has a copy of our Ansible repo could easily forge OpenVPN client keys and certificates. As I've in fact proven that any ex-employee that has a copy of our Ansible repo could easily forge OpenVPN client keys and certificates.
And also got full root access over ssh anyway. And also got full root access over ssh anyway.
Just add a little [Tor](https://torproject.org/) magic on top of that, and you got full access to all the servers without us being able to trace it back... Just add a little [Tor](https://torproject.org/) magic on top of that, and you got full access to all the servers without us being able to trace it back...
-->
{{< raw >}}
<!-- Grep my github.io repo for secrets located here! -->
{{< /raw >}}

View File

@ -0,0 +1,37 @@
---
date: 2022-08-22T14:21:06Z
draft: false
aliases: []
categories: ['exploit']
series: ['hacking']
tags: ['bug']
chroma: false
toc: true
title: Duolingo Xp Exploit
description: Jeg fant en bug i Duoling appen for iOS som lar brukere med super/pro øyeblikkelig fullføre en snakke trening.
---
{{< raw >}}
<style>video { float: right; }</style>
<video width='27%' autoplay controls loop muted>
<source src='/duolingo-xp-exploit.mp4' type='video/mp4'>
<b>Nettleseren din støtter ikke video taggen!</b>
</video>
{{< /raw >}}
Det er mulig for brukere med super/pro å øyeblikkelig fullføre snakke trenginger på iOS.
## Hvordan reprodusere
1. Pass på at Duolingo appen *ikke* har mikrofon tilgang.
2. Start en rude "Perfect Pronounciation" under "Practrice Hub".
3. Trykk fortsett og når du blir bedt om å gi mikrofon tilgang, bare klikk avbryt.
4. Profit. (Øyeblikkelig perfekt leksjon!)
## Oppsummering
Buggen her er tilsynelatende det faktum at appens første spørsmål om mikrofon tilgang ikke egentlig gjør noe annet enn å *be* om mikrofon tilgang.
Senere får vi faktisk opp en melding om mikrofon tilgang som kan ta sluttbrukeren til innstillingene.
Duoling appen skipper alle snakke/lytte spørsmål i en leksjon når du trykker knappen om at du ikke kan nå.
Men dette er selvfølgelig et stort problem når alle spørsmålene er av disse typene.
Sluttresultatet er en *nesten* øyeblikkelig perfekt leksjon!~

View File

@ -1,6 +1,31 @@
{{ $img := resources.Get (.Get "src") }} {{ $img := resources.Get (.Get "src") }}
{{ $hint := "photo" }}
{{ $q := 69 }}
{{ if (.Get "quality" )}}
{{ $q = .Get "quality" }}
{{ end }}
{{ if (.Get "hint" )}}
{{ $hint = .Get "hint" }}
{{ end }}
{{ if ne $img.MediaType.SubType "svg" }}
{{ $w := "" }}
{{ $h := "" }}
{{ if (.Get "width") }}
{{ $w = .Get "width" }}
{{ else }}
{{ $w = $img.Width | string }}
{{ end }}
{{ if (.Get "height") }}
{{ $h = .Get "height" }}
{{ end }}
{{ $img = $img.Resize (printf "%sx%s webp %s q%d" $w $h $hint $q) }}
{{ end }}
<figure {{ with .Get "class" }}class='{{.}}'{{ end }}> <figure {{ with .Get "class" }}class='{{.}}'{{ end }}>
{{ with $img.Resize (printf "%dx webp q69" $img.Width) | fingerprint }} {{ with $img | fingerprint }}
<a href='{{ with $.Get "link" }}{{ . }}{{ else }}{{ .RelPermalink }}{{ end }}' target='_blank'> <a href='{{ with $.Get "link" }}{{ . }}{{ else }}{{ .RelPermalink }}{{ end }}' target='_blank'>
<img src='{{ .RelPermalink }}' integrity='{{ .Data.Integrity }}' <img src='{{ .RelPermalink }}' integrity='{{ .Data.Integrity }}'
{{ if or ($.Get "alt") ($.Get "caption") }}alt='{{ with $.Get "alt" }}{{ . }} {{ if or ($.Get "alt") ($.Get "caption") }}alt='{{ with $.Get "alt" }}{{ . }}
@ -11,7 +36,7 @@
<figcaption>{{ if isset .Params "title" }} <figcaption>{{ if isset .Params "title" }}
<h4>{{ .Get "title" }}</h4>{{ end }} <h4>{{ .Get "title" }}</h4>{{ end }}
{{ if or (.Get "caption") (.Get "attr") }}<p> {{ if or (.Get "caption") (.Get "attr") }}<p>
{{ .Get "caption" }} {{ .Get "caption" | markdownify }}
{{ with .Get "attrlink" }}<a href="{{ . }}"> {{ end }} {{ with .Get "attrlink" }}<a href="{{ . }}"> {{ end }}
{{ .Get "attr" }} {{ .Get "attr" }}
{{ if .Get "attrlink" }}</a> {{ end }} {{ if .Get "attrlink" }}</a> {{ end }}