Author: wjl

Posted on

Containers are good, but…

Recently I have been reading a lot about computer and other hardware (phones for instance) security, and believe it or not, at this moment I think that GrapheneOS on a recent Android phone (it only supports Google’s Pixel devices because of their Titan M chips) is the most secure environment you can run right now – at least as a private person.

The problem with computers start at the kernel, and though Linux or the BSD family of operating systems are better than anything Microsoft or Apple, they are not without faults. A recent Linux kernel has probably thousands of kernel bugs, and the BSDs are only slightly better in that regard.

So what is the solution? The already mentioned GrapheneOS takes the Android approach of process and syscall isolation, with “sandboxing” as much as possible, and in this regard it might even beat Apple’s iPhones which are also quite good. On desktop and notebook computers, it’s the monolithic kernels which are the base of the problem; if an “application” (a program as we called them during my time) gets affected by an attacker, it’s relatively easy for them to break out of the program’s environment, and to take over everything, often with root rights (especially on Windows, tho it’s getting better).

When a few years ago Docker was the next big thing, my reply to it was that this wasn’t anything new – Solaris or the BSD family had containers or “jails” since I could think, so what was the fuzz about? Big Tech wants people and companies to move back to the “cloud”, and there these concepts are really needed, and so Docker and Kubernetes are now really big.

And what about the home desktops and notebooks?

Well there are interesting developments like for instance gVisor or Google’s “Fuchsia” operating system with its “Zircon” microkernel, and Daniel Micay – head of GrapheneOS – thinks that this is the future. But they’re not ready for everything yet, each isolation layer takes its toll (and will probably introduce more and newer bugs as well), and so for realtime processing like we need it for making (recording) music for instance, that’s a no go – maybe we’ll have to really separate the whole (“bare metal”) machines from the internet for these tasks?

Whatever it will be, that will be interesting to follow. Oh, and in the meantime, I’ll have it all, like a Windows 10 *and* a FreeBSD 13.2 on my Debian 12, like here:

At the same time, on another screen:

And while writing this, these “throw away” virtual machines you see in my first screenshot are history already – don’t need them anymore…

As always, thanks for reading.

Posted on

Doc Martin? A 10 out of 10!

Mitchie recently discovered that we have Sky One in the list of programs we can receive, and so we can watch Doc Martin. We’re only into Season 2 by now, but wow, all I can say is that if you don’t immediately love these people, you have no heart! A bold statement, I know, but this show so deserves it! It’s funny, quirky, and simply wonderful. To see the previews on IMDB makes me smile without sound even:

A must see, if you can receive it. And as you can see, in case you have Prime Video, you’ll get at least seasons 1 and 2. Enjoy!

Posted on

Clara et son fameux papa

This is ten years ago already – but I just found out now:

Clara et Jean-Luc Ponty au Palais Idéal du Facteur Cheval

So good to hear his daughter perform “Enigmatic Ocean” and “Mirage” with him… and more of Clara on her internet page.

Like always, thanks for viewing.

Posted on

Cookie from today, with the help of several tools

I took this photo with my 50mm macro lens from the 4/3rds system today:

7e7_4275367_sfx_015_rt-cookie
Cookie, Mörfelden-Walldorf 2023

I had the camera set to black & white already, but converted the raw file using the OM System raw converter on Windows without changing anything yet. Then I loaded the .tif file into Silver Efex Pro 2, also on Windows, and applied a preset called 015 “Full Dynamic (Harsh)”. Back in Linux and using RawTherapee 5.9 I still applied an own contrast-enhancement curve and some blacks to the image. The format is the camera’s full 4:3 this time, so here we have 16 Megapixels. No further enhancements.

And that was that. Like always, thanks for viewing.

P.S.: the camera and lens used, taken with my mobile phone:

pxl_20230427_143353436.portrait
My camera, Mörfelden-Walldorf 2023

Thanks for viewing.

Posted on

Black tulip

Here’s one from our garden from today:

7e7_4275364_sfx_hp5+black-tulip
Black tulip, Mörfelden-Walldorf 2023

I used an Ilford HP5+ film simulation in Silver Efex, and a light vignette in RawTherapee. Like always, thanks for viewing.

Posted on

So peaceful…

Wilma was already here and sleeping at that exact spot when I got up:

7e7_4255362_sfx_019-so-peaceful
So peaceful…, Mörfelden-Walldorf 2023

Couldn’t resist, had to capture that peaceful scene… and like always, thanks for viewing.

Posted on

First Wilma, then myself…

Today I took two photos, with the same camera and lens, but with slightly different settings, and also cropped differently.

The first one was of Wilma, in 3:2. She was very alert because of the always love-sick Cookie who was also around, so there was a lot of hissing and warning to keep him at a safe enough distance. Understandably, she had no eyes for me:

7e7_4245356-wilma
Wilma, Mörfelden-Walldorf 2023

Later – long after the two cats were gone – I took a self portrait, with having my camera on a (microphone) table stand, remote-controlled by a mobile phone. I cropped this one into a 5:4 format and used a Kodak Tri-X film simulation in Silver Efex to achieve this:

https://www.flickr.com/photos/wjlonien/52842583437/
Selfie at the computer desk, Mörfelden-Walldorf 2023

The camera was my Olympus OM-D E-M10 Mk2, and the lens was the 17mm/1.8 from Olympus, with f/4 for the cat, and with f/1.8 for myself (it was getting dark already). And like always, thanks for watching.