today's howtos

posted by Roy Schestowitz on Jan 22, 2026

• Evgeni Golov: Validating cloud-init configs without being root

  Somehow this whole DevOps thing is all about generating the wildest things from some (usually equally wild) template.

  And today we're gonna generate YAML from ERB, what could possibly go wrong?!

  Well, actually, quite a lot, so one wants to validate the generated result before using it to break systems at scale.

  The YAML we generate is a cloud-init cloud-config, and while checking that we generated a valid YAML document is easy (and we were already doing that), it would be much better if we could check that cloud-init can actually use it.

• Linux Handbook ☛ Setting Up Free WAF for Homelab With SafeLine

  Homelabs are wonderfully educational, but they face pretty much the same threats as real production environments if they are exposed to external traffic. Adding a WAF like SafeLine protects your services.

• Raspberry Pi ☛ USB gadget mode in Raspberry Pi OS: SSH over USB

  Last year, I came across a concept that sounded like the ideal solution: Ethernet over USB. The idea is beautifully simple — plug the Raspberry Pi into a laptop and it appears as a USB network adapter, just like when you enable USB tethering on a smartphone. That would mean no Wi-Fi setup, no IP scanning, no captive portal headaches — just plug in, SSH, and start working. Bonus: the host computer could even share its [Internet] connection over that same cable.

  At least, that’s the theory.

• University of Toronto ☛ The long painful history of (re)using login to log people in

  The news of the time interval is that Linux's usual telnetd has had a giant security vulnerability for a decade. As people on the Fediverse observed, we've been here before; Solaris apparently had a similar bug 20 or so years ago (which was CVE-2007-0882, cf, via), and AIX in the mid 1990s (CVE-1999-0113, source, also)), and also apparently SGI Irix, and no doubt many others (eg). It's not necessarily telnetd at fault, either, as I believe it's sometimes been rlogind.

• Adam Young: Debugging Qemu with gdb

  When developing GNU/Linux Kernel code, I have found myself wanting to have a test fixture inside the Firmware that lets me inspect the values communicated out of and into the GNU/Linux Kernel. I am currently writing one such fixture in Qemu. And I have an interrupt that is not getting handled by the GNU/Linux Kernel, I think because it is not getting delivered.

• Linux Capable ☛ How to Install Codex CLI on Ubuntu (26.04, 24.04, 22.04)

  This guide explains how to install Codex CLI on Ubuntu using npm, Homebrew, or standalone binaries. Codex CLI is an agentic coding tool from Proprietary Chaffbot Company that operates directly in your terminal, understanding your codebase context, executing shell commands, and helping you write code through natural language conversations.

• Linux Capable ☛ How to Install Zsh on Ubuntu (26.04, 24.04, 22.04)

  Zsh (Z Shell) provides smarter tab completion, persistent command history across terminal sessions, and a plugin ecosystem that simplifies daily command-line tasks.