10 interesting stories served every morning and every evening.
Artemis II is now on a looping path that will carry the crew around the far side of the Moon and back again. It is the first time since 1972 that humans have travelled outside of the Earth’s orbit.
...
Read the original on www.bbc.com »
Legal intern Raj Gambhir was the principal author of this post.
The Trump administration has restricted the First Amendment right to record law enforcement by issuing an unprecedented nationwide flight restriction preventing private drone operators, including professional and citizen journalists, from flying drones within half a mile of any ICE or CBP vehicle.
In January, EFF and media organizations including The New York Times and The Washington Post responded to this blatant infringement of the First Amendment by demanding that the FAA lift this flight restriction. Over two months later, we’re still waiting for the FAA to respond to our letter.
The First Amendment guarantees the right to record law enforcement. As we have seen with the extrajudicial killings of George Floyd, Renée Good, and Alex Pretti, capturing law enforcement on camera can drive accountability and raise awareness of police misconduct.
The FAA regularly issues temporary flight restrictions (TFRs) to prevent people from flying into designated airspace. TFRs are usually issued during natural disasters, or to protect major sporting events and government officials like the president, and in most cases last mere hours.
Not so with the restriction numbered FDC 6/4375, which started on January 16, 2026. This TFR lasts for 21 months—until October 29, 2027—and covers the entire nation. It prevents any person from flying any unmanned aircraft (i.e., a drone) within 3000 feet, measured horizontally, of any of the “facilities and mobile assets,” including “ground vehicle convoys and their associated escorts,” of the Departments of Defense, Energy, Justice, and Homeland Security. Violators can be subject to criminal and civil penalties, and risk having their drones seized or destroyed.
In practical terms, this TFR means that anyone flying their drone within a half mile of an ICE or CBP agent’s car (a DHS “mobile asset”) is liable to face criminal charges and have their drone shot down. The practical unfairness of this TFR is underscored by the fact that immigration agents often use unmarked rental cars, use cars without license plates, or switch the license plates of their cars to carry out their operations. Nor do they provide prior warning of those operations.
While the FAA asserts that the TFR is grounded in its lawful authority, the flight restriction not only violates multiple constitutional rights, but also the agency’s own regulations.
First Amendment violation. As we highlighted in the letter, nearly every federal appeals court has recognized the First Amendment right of Americans to record law enforcement officers performing their official duties. By subjecting drone operators to criminal and civil penalties, along with the potential destruction or seizure of their drone, the TFR punishes—without the required justifications—lawful recording of law enforcement officers, including immigration agents.
Fifth Amendment violation. The Fifth Amendment guarantees the right to due process, which includes being given fair notice before being deprived of liberty or property by the government. Under the flight restriction, advanced notice isn’t even possible. As discussed above, drone operators can’t know whether they are within 3000 horizontal feet of unmarked DHS vehicles. Yet the TFR allows the government to capture or even shoot down a drone if it flies within the TFR radius, and to impose criminal and civil penalties on the operator.
Violations of FAA regulations. In issuing a TFR, the FAA’s own regulations require the agency to “specify[] the hazard or condition requiring” the restriction. Furthermore, the FAA must provide accredited news representatives with a point of contact to obtain permission to fly drones within the restricted area. The FAA has satisfied neither of these requirements in issuing its nationwide ban on drones getting near government vehicles.
We don’t believe it’s a coincidence that the TFR was put in place in January 2026, at the height of the Minneapolis anti-ICE protests, shortly after the killing of Renée Good and shortly before the shooting of Alex Pretti. After both of those tragedies, civilian recordings played a vital role in contradicting the government’s false account of the events.
By punishing civilians for recording federal law enforcement officers, the TFR helps to shield ICE and other immigration agents from scrutiny and accountability. It also discourages the exercise of a key First Amendment right. EFF has long advocated for the right to record the police, and exercising that right today is more important than ever.
Finally, while recording law enforcement is protected by the First Amendment, be aware that officers may retaliate against you for exercising this right. Please refer to our guidance on safely recording law enforcement activities.
...
Read the original on www.eff.org »
Federal data shows the tech giant filed for over 3,000 foreign worker visas as it cuts thousands of American jobs.
Federal data shows the tech giant filed for over 3,000 foreign worker visas as it cuts thousands of American jobs.
Submit your updates here. ›
Oracle, the software company headquartered in Austin, Texas, has filed thousands of petitions for H-1B visas in the past two fiscal years, even as it lays off thousands of American workers as part of a broader organizational shift. Federal data shows Oracle filed for 2,690 H-1B visas in fiscal year 2025 and 436 so far in fiscal year 2026, totaling over 3,100 visa requests.
The H-1B visa program allows companies to temporarily employ foreign workers with specialized skills, often in the tech industry. Critics argue the program is used to replace American workers with cheaper foreign labor, while supporters say it helps fill crucial talent gaps. Oracle’s visa filings amid mass layoffs raise questions about the company’s motivations and the broader debate over the H-1B program’s impact on the American workforce.
According to U. S. Citizenship and Immigration Services data, Oracle America Inc. filed for 2,690 H-1B visas for fiscal year 2025 and 436 so far for fiscal year 2026. This comes as Oracle reportedly began laying off thousands of employees this week, with workers receiving letters stating ‘today is your last working day.’ The company has not provided public comment on the layoffs or the H-1B visa filings.
* Oracle filed for 2,690 H-1B visas for fiscal year 2025, which covers October 1, 2024 to September 30, 2025.
* Oracle filed for 436 H-1B visas so far for fiscal year 2026, which runs from October 1, 2025 to September 30, 2026.
The full impact of Oracle’s layoffs and H-1B visa filings remains to be seen, as the company has not provided detailed public comment on its workforce changes and foreign worker hiring plans.
The takeaway
Oracle’s actions raise concerns about the company potentially replacing American workers with cheaper foreign labor through the H-1B visa program, even as it undergoes a major organizational shift. This case highlights the ongoing debate over the H-1B program’s impact on the U.S. workforce and the need for greater transparency from companies utilizing the program.
...
Read the original on nationaltoday.com »
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.
...
Read the original on nvd.nist.gov »
My phone beeped. It was 10pm in the middle of a busy week in book publishing — London Book Fair 2025. My colleagues were alerting me to a tweet by Andy Stone, a spokesman at Meta (formerly Facebook). It was short and to the point: “This ruling affirms that Sarah Wynn-Williams’s false and defamatory book should never have been published.”
The book in question was Careless People, a gripping and explosive account of Sarah’s time working at Facebook as director of global public policy from 2011 to 2017. The “ruling” to which Stone referred was made by a US arbitrator after Meta sought an injunction, banning Sarah from promoting her own book or saying anything negative about Meta, potentially for ever.
I am Sarah’s editor at Pan Macmillan. Like all publishers, I typically work behind the scenes to amplify the voices of our authors. I am only writing this because she cannot.
The day after Stone’s March 12 tweet, Careless People was due to be released in the UK. Drawing on documentary evidence, it details a staggering range of allegations, including sexual harassment, the deliberate manipulation of vulnerable teenagers and the company’s alleged complicity in genocide. It also accuses Facebook of hypocrisy regarding censorship, alleging the company worked “hand in glove” with the Chinese Communist Party. But it was perhaps the personal portraits of top executives that were most damning.
The ruling, awarded without proper notice by an emergency arbitrator (a non-court mediator that is part of the American Arbitration Association), actually said nothing about the truth or otherwise of Sarah’s devastating claims in her book. It made no mention of defamation. Instead, it relied on a non-disparagement clause in her severance agreement with Facebook to silence her. Which it did, from March 13, 2025, her publication day. We could still publish the book, but our author could not talk about it. Sarah was left in an unprecedented and unenviable position for an author, reminiscent of an Orwellian nightmare. Today, she has to police her own speech, facing fines of $50,000 for every statement that could be seen to be “negative or otherwise detrimental” to Meta.
Despite her residing in the UK, the terms of the order are so broad that they extend to the privacy of her own home, even when speaking to her own family. The $50,000 fines could apply individually to the many statements in her book too. She faces financial ruin from a multi-trillion-dollar company seeking millions of dollars she doesn’t have, as part of the ongoing legal process which is yet to conclude — and all for revealing information that is in the public interest. She is an award-winning, bestselling author. But her voice has been taken away.
In some ways, Meta’s intervention did us, as her publishers, a favour. Careless People was always likely to be a bestseller. But when readers realised that Meta was trying to suppress it, the book became a global phenomenon. To date we’ve sold almost 200,000 copies. It has received rave reviews and created a media firestorm for its revelations. But also because of the bitter irony in Meta’s legal action to silence Sarah.
In January 2025, only a few months before it was published, chief executive Mark Zuckerberg had stated that it was “time to get back to our roots around free expression”. They had abandoned the use of independent fact-checkers, claiming they were biased and encouraged censorship. Yet, in truth, free speech only mattered when it wasn’t used to interrogate Meta itself.
Companies like Meta are wealthier than some countries and more powerful too. They own the technology behind the modern world. We have published books about highly influential individuals before and, in my experience, they tend not to like it and have well resourced legal teams behind them. But Meta’s leadership had a different level of power. So Careless People was brought to publication in an aura of secrecy and (it turns out justified) paranoia.
A very small team worked on the book. We communicated on encrypted channels and whenever it was discussed, those not involved had to leave the room. There was a rumour in our office that it might be Taylor Swift’s memoir. Sarah didn’t even tell her mum she had written it before the news was made public.
Usually, we announce our books to retailers many months in advance. This is so they can build pre-orders and sort the logistics of getting them to bookshops in good time. After all, they deal with thousands of new titles released every week. With Careless People, the months rolled by and yet we kept delaying our announcement, conscious of potential attempts to quash it. Our incredible sales team managed to convince retailers — including a number of supermarkets — to stock the book without even telling them what it was, but retailers’ patience had limits. When we finally did announce the book, it was just a week before publication (again unprecedented) and we had no idea what to expect.
Sarah went on a publicity blitz. She did her first and only print interview with Rosamund Urwin for this paper. In a whirlwind 24 hours, she jetted off to New York for an interview with NBC, flying back overnight for an interview the following day with the BBC in our offices. She hadn’t slept and arrived straight from the airport at dawn. One of the world’s most significant whistleblowers showered in our basement and used a tote bag from our children’s department as a towel. Who says that publishing isn’t glamorous?
But the publicity tour stopped only a week after it had begun, on the day of our publication and the ruling. The audiobook, recorded in secret before the gag order took effect, soon became the only way to hear Sarah speak. And the book? Well, Meta’s spokesman, Stone, called it “a mix of out-of-date and previously reported claims about the company and false accusations about our executives”. Yet not everyone agreed.
In April 2025, Sarah was called to give evidence to a US Senate subcommittee, alleging that she saw Meta executives “repeatedly undermine US national security and betray American values” by providing the Chinese Communist Party with access to the data of Meta users. The chairman, Republican Senator Josh Hawley, concluded the hearing by saying: “I have a message to Mark Zuckerberg, as well. It’s time for you to tell the truth. You should come to this committee and take an oath and sit where Ms Wynn-Williams is sitting now and answer this evidence. Stop trying to silence her.” He is yet to appear almost a year later.
In the UK, Careless People was also sent to all MPs by the Molly Rose Foundation, a charity set up to prevent suicide in people under 25. Its chief executive Andy Burrows said: “Her claims that Meta cynically exploited the wellbeing of teenage girls to grow its advertising revenue will deeply disturb parents and put the conduct of Meta’s leadership under the spotlight.”
Last Wednesday, Mark Zuckerberg was forced to give evidence in a landmark social media addiction trial in Los Angeles, which has the potential to set new precedents, holding social media companies legally responsible for their impact on children and adolescents.
While Zuckerberg defends his record in court, Sarah sits in London, legally gagged. She cannot comment on the trial. She cannot discuss the very book that helped spark this global conversation. With the paperback to come out this Thursday, Sarah’s fate remains uncertain and the legal process rumbles on slowly in the US. Yet she retains her fighting spirit, as well as the dry humour that is richly on display in Careless People. I feel hugely honoured to have worked with her and have gained a new appreciation of the personal sacrifices that whistleblowers make for the greater good.
Careless People exposed what Sarah termed a culture of “lethal carelessness”. Meta’s response —ruthless and chilling — proved her point better than any marketing campaign ever could. But while they have stopped her from speaking, they could not stop you from reading. And that is why books that hold power to account are more important than ever.
Mike Harpley is publisher, non-fiction at Pan, part of Pan Macmillan, and the editor of Careless People: A Story of Where I Used to Work by Sarah Wynn-Williams, published in paperback by Pan on February 26, £10.99.
Careless People by Sarah Wynn-Williams (Pan Macmillan £10.99). To order a copy go to timesbookshop.co.uk. Free UK standard P&P on orders over £25. Special discount available for Times+ members.
...
Read the original on www.thetimes.com »
...
Read the original on arxiv.org »
Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.
Nicholas was astonished at how effective Claude Code has been at finding these bugs:
We now have a number of remotely exploitable heap buffer overflows in the Linux kernel. I have never found one of these in my life before. This is very, very, very hard to do.With these language models, I have a bunch.
What’s most surprising about the vulnerability Nicholas shared is how little oversight Claude Code needed to find the bug. He essentially just pointed Claude Code at the Linux kernel source code and asked, “Where are the security vulnerabilities?”
Nicholas uses a simple script similar to the following:
The script tells Claude Code that the user is participating in a capture the flag cybersecurity competition, and they need help solving a puzzle.
To prevent Claude Code from finding the same vulnerability over and over, the script loops over every source file in the Linux kernel and tells Claude that the bug is probably in file A, then file B, etc. until Claude has focused on every file in the kernel.
In his talk, Nicholas focused on a bug that Claude found in Linux’s network file share (NFS) driver which allows an attacker to read sensitive kernel memory over the network.
Nicholas chose this bug to show that Claude Code isn’t just finding obvious bugs or looking for common patterns. This bug required the AI model to understand intricate details of how the NFS protocol works.
The attack requires an attacker to use two cooperating NFS clients to attack a Linux NFS server:
(1) - Client A does a three-way handshake with the NFS server to begin NFS operations.
(2) - Client A requests a lock file. The server accepts, and the client acknowledges the acceptance.
(3) - Client A acquires the lock and declares a 1024-byte owner ID, which is an unusually long but legal value for the owner ID. The server grants the lock acquisition.
The attacker then spins up a second NFS client, Client B, to talk to the server:
(4) Client B does a three-way handshake with the NFS server to begin NFS operations, same as (1) above.
(5) Client B requests access to the same lock file as Client A from (2). The NFS server accepts, and the client acknowledges the acceptance.
(6) Client B tries to acquire the lock, but the NFS server denies the request because client A already holds the lock.
The problem is that at step (6), when the NFS server tries to generate a response to client B denying the lock request, it uses a memory buffer that’s only 112 bytes. The denial message includes the owner ID, which can be up to 1024 bytes, bringing the total size of the message to 1056 bytes. The kernel writes 1056 bytes into a 112-byte buffer, meaning that the attacker can overwrite kernel memory with bytes they control in the owner ID field from step (3).
Fun fact: Claude Code created the ASCII protocol diagrams above as part of its initial bug report.
This bug was introduced in the Linux kernel in March 2003:
The bug is so old, I can’t even link directly to it because it predates git, which wasn’t released until 2005.
Nicholas has found hundreds more potential bugs in the Linux kernel, but the bottleneck to fixing them is the manual step of humans sorting through all of Claude’s findings:
I have so many bugs in the Linux kernel that I can’t report because I haven’t validated them yet… I’m not going to send [the Linux kernel maintainers] potential slop, but this means I now have several hundred crashes that they haven’t seen because I haven’t had time to check them.
I searched the Linux kernel and found a total of five Linux vulnerabilities so far that Nicholas either fixed directly or reported to the Linux kernel maintainers, some as recently as last week:
What’s striking about Nicholas’ talk was how rapidly large language models have improved at finding vulnerabilities. Nicholas found these bugs using Claude Opus 4.6, which Anthropic released less than two months ago. He tried to reproduce his results on older AI models, and discovered that Opus 4.1 (released eight months ago) and Sonnet 4.5 (released six months ago) could find only a small fraction of what Nicholas found using Opus 4.6:
I expect to see an enormous wave of security bugs uncovered in the coming months, as researchers and attackers alike realize how powerful these AI models are at discovering security vulnerabilities.
...
Read the original on mtlynch.io »
››››Gold overtakes U. S. Treasuries as the world’s largest foreign reserve asset in 2026 — can gold challenge the U.S. dollar’s dominance and hold its ground?
The Economic Times daily newspaper is available online now.
Gold overtakes U. S. Treasuries as the world’s largest foreign reserve asset in 2026 — can gold challenge the U.S. dollar’s dominance and hold its ground?Gold overtakes U.S. Treasuries as the world’s largest foreign reserve asset in 2026: Gold has crossed a historic milestone. In 2026, it overtook U.S. Treasuries to become the world’s largest foreign reserve asset by value. Central banks now hold close to $4 trillion worth of gold, driven by record buying and a sharp price rally above $4,500 an ounce in 2025. According to data tracked by the World Gold Council, official gold reserves reached roughly 36,000 metric tons by early 2026. At current prices, that stockpile is now worth more than foreign-held U.S. Treasuries.Listen to this article in summarized formatGold overtakes U.S. Treasuries as the world’s largest foreign reserve asset in 2026 — will gold dethrone the U.S. dollar as the global reserve anchor long term?Gold overtakes U.S. Treasuries as the world’s largest foreign reserve asset in 2026: Gold has climbed past U.S. government bonds to become the largest foreign reserve asset held by central banks worldwide, marking a major shift in global financial markets. The total value of gold held by foreign official institutions is now approaching $4 trillion, exceeding roughly $3.9 trillion in U.S. Treasury holdings for the first time since 1996.
The milestone comes amid a record rally in gold prices, broadening geopolitical risk, and aggressive bullion accumulation by central banks. Gold ended 2025 up more than 70%, briefly topping $4,500 an ounce in late December before maintaining high levels in early January 2026.
The journey to $4,500 gold was paved by global instability. Throughout 2025, escalating Middle East tensions created a “fear premium” that investors could not ignore. Conflict in key energy corridors reminded the world of the fragility of the global supply chain. Simultaneously, domestic policy uncertainty in the United States—ranging from debt ceiling debates to shifts in trade tariffs—shook confidence in the greenback.
Central bank governors in emerging markets, particularly in Asia and Eastern Europe, were the primary drivers of this demand. These institutions added over 1,100 tonnes of gold to their vaults in 2025 alone. They viewed the metal as a critical shield against inflation and potential asset freezes. As the U.S. national debt crossed the $38 trillion threshold, the “safe-haven” appeal of Treasuries weakened, leaving gold as the last standing pillar of financial stability.
Central banks have been accumulating gold at persistent high levels over the past several years. Holdings now total roughly 36,000–37,000 tonnes, placing gold’s share of global official reserves at around 25–27%, a historic high compared with Treasuries and major fiat currencies.
This massive accumulation is driven by several factors:
Diversification away from dollar‑denominated assets amid fears of policy unpredictability and fiscal strain in the United States.Safe‑haven demand in an era of growing geopolitical tension and market volatility.Central banks from emerging markets and advanced economies alike have joined the buying trend. Nations such as China, India, Turkey, and Qatar regularly appear among the top purchasers. In some cases, these purchases reflect efforts to reduce dependence on foreign currency reserves that may be vulnerable to sanctions or rapid exchange‑rate swings.
Historically, central bank gold purchases averaged around 473 tonnes annually over much of the 2010s. Recent annual purchases have more than doubled that pace, signaling a structural shift in global reserve management.
Gold’s rise as a reserve asset has been reinforced by intensifying geopolitical flashpoints worldwide, which have driven safe‑haven demand from both official buyers and private investors.
In 2025, renewed conflict between Israel and Iran, including airstrikes and military escalations, pushed investors toward gold. Safe‑haven bids emerged as markets feared broader regional instability.
In early 2026, U.S. special forces captured Venezuelan President Nicolás Maduro, heightening geopolitical tension and prompting renewed interest in gold and other havens. Precious metals, including gold and silver, saw sharp price advances in the days following the operation.
Meanwhile, Iran is experiencing deep unrest and economic turmoil, with widespread protests and rising inflation. These factors are compounding risks in the Middle East and reinforcing gold’s role as a hedge against uncertainty.
Analysts note that these conditions — rather than any single event — are cumulatively reshaping reserve strategies. When central banks perceive heightened risk of conflict, sanctions, or instability, they tend to boost holdings of assets with no counterparty risk. Gold, unlike bonds or fiat currencies, cannot default or be frozen under sanction regimes.
Despite this dramatic shift, the U.S. dollar remains the world’s dominant reserve currency, accounting for an estimated 45–58% of total foreign exchange reserves depending on valuation methods.
Gold’s overtaking of Treasuries as a reserve asset does not yet mean it has surpassed the dollar overall, but it does highlight structural shifts in how nations manage risk and diversification.
Economists note that while Treasury securities remain prized for liquidity and deep secondary markets, political polarization, fiscal deficits, and monetary policy uncertainties may be prompting reserve managers to reduce exposure to debt instruments.
This trend is reinforced by forecasts that safe-haven assets like gold are poised for continued structural demand in 2026 and beyond. Recent estimates suggest gold prices could approach or exceed $4,800 per ounce on sustained central bank buying and weaker dollar trends.
The shift in reserve composition carries broad implications for financial markets, investors, and policymakers:
Reserve diversification: Countries may opt for a balanced reserve base including gold, Treasuries, and other assets to ensure both liquidity and safety.Currency markets: Reduced reliance on U.S. debt could gradually dampen demand for dollar-denominated securities, widening global currency diversification.Inflation and interest rates: Persistent gold demand may indicate cautious sentiment on inflation and real yields, influencing central bank policy.Investor psychology:Gold’s rising status reinforces confidence in traditional store-of-value assets during times of uncertainty.As we move deeper into 2026, the question is whether gold can hold its ground. Most market analysts believe the rally has further to run. Forecasts from major investment banks suggest gold could average $5,000 per ounce by the end of the year. The rationale is simple: the factors that drove the 2025 surge—geopolitical friction and high debt—have not been resolved.
Sustained buying is expected to continue as central banks aim for a 20% to 25% gold-to-reserve ratio. Many developing nations still hold less than 10% of their wealth in gold. If these countries continue their diversification strategy, the influx of capital could keep prices elevated for years. For the first time in the modern era, gold is not just a backup; it is the primary engine of global wealth preservation.
Q: Why has gold overtaken U.S. Treasuries as the largest foreign reserve asset?
A: Foreign central banks now hold nearly $4 trillion in gold, exceeding $3.9 trillion in Treasuries. Rising gold prices, geopolitical tensions, and diversification away from dollar assets are driving this historic shift. Central banks aim to reduce risk and protect reserves from fiscal and geopolitical uncertainties.
Q: Which countries are leading in gold reserve accumulation?
A: Major buyers include China, India, Turkey, and Qatar, among others. Central banks have increased annual purchases to more than 900–1,000 tonnes, more than double the 2010s average. This reflects a global trend of rebalancing reserves toward gold for stability and safe-haven protection.
(You can now subscribe to our Economic Times WhatsApp channel)
Will gold retain its dominance as a global reserve asset after dethroning U.S. Treasuries tied to the dollarGold surpasses: US Treasuries global reservesGold overtakes Treasuriesreserve asset shiftcentral banks gold holdings 2026 Download The Economic Times News App to get Daily International News Updates.Will gold retain its dominance as a global reserve asset after dethroning U.S. Treasuries tied to the dollarGold surpasses: US Treasuries global reservesGold overtakes Treasuriesreserve asset shiftcentral banks gold holdings 2026 Download The Economic Times News App to get Daily International News Updates.Trump announces Reliance investment in new US oil refinery‘Priyanka as LoP would perform better’: Rijiju swipes at RahulTuesday will be ‘most intense day’ of strikes on Iran: HegsethHow to build a truly diversified portfolio: TGT Episode 17Trump announces Reliance investment in new US oil refinery‘Priyanka as LoP would perform better’: Rijiju swipes at RahulTuesday will be ‘most intense day’ of strikes on Iran: HegsethHow to build a truly diversified portfolio: TGT Episode 17Thought of the day by Jeffrey Gitomer: ’Change is not a four-letter word… but often your reaction to it is!’Quote of the day by Abba Eban: ’History teaches us that men, nations, and the world behave wisely when they exhaust all other options.’Will US get a new oil refinery for the first time in 50 years, and where will this facility come up? $300 billion refinery plan explained. Here’s why the announcement is happening nowNancy Guthrie disappearance case is going cold or a breakthrough is coming? Neighbor sighting, FBI investigation and clues raise questions in missing Tucson mother caseHas Iran planted mines in Strait of Hormuz, and who will win control of the crucial sea passage? Here’s why is strait important for oil and LNGHappy New Year 2026 WishesYouTube and Google downQuote of the Day by Warren BuffettFIFA peace prizeSilver Price2026 Social SecurityWhy is gold down today?Social Security COLA increase for 2026Quote of the Day by Johnny Depp: “If you love two people at the same time, choose the second. Because if you really loved the first one, you wouldn’t have fallen for the second.”Social Security Administration cuts key service for millions as nationwide changes begin todayAmerica could be the unexpected economic winner of the Iran warJobless for 16 months, 38-year-old says career struggle cost him his health and marriage - story sparks debate on workplace ageismQuote of the Day by Elvis Presley : ‘Just because you look good, doesn’t mean you…’
...
Read the original on m.economictimes.com »
Iranian strikes have rendered two Amazon Web Services availability zones “hard down” in Dubai and Bahrain and the company expects them to be “unavailable for an extended period,” according to internal Amazon communication reviewed by Big Technology.
Within Amazon Web Services, the strikes have rendered so much damage that employees have been advised to deprioritize both regions.
“These two regions continue to be impaired, and services should not expect to be operating with normal levels of redundancy and resiliency,” an internal memo read. “We are actively working to free and reserve as much capacity as possible in the region for customers, and services should be scaled to the minimal footprint required to support customer migration.”
Reached for comment, an Amazon spokesperson pointed Big Technology to an Amazon blog post about the disruptions. “We continue to support affected customers, helping them to migrate to alternate AWS Regions, with a large number already successfully operating their applications from other parts of the world,” the post read. “As this situation evolves, and as we have advised before, we request those with workloads in the affected regions continue to migrate to other locations.”
With the war now nearing its sixth week, Iran has made Amazon infrastructure in the Gulf an economic target and is now eyeing its peers. Amazon’s Bahrain facilities have been hit multiple times, including a Wednesday strike that caused a fire. And its facilities in the UAE also sustained multiple hits. The IRGC is threatening multiple other U. S. tech giants, including Microsoft, Google, and Apple.
Amazons infrastructure in Bahrain and Dubai each have three ‘availability zones’ or clusters of compute. Both Bahrain and Dubai have a zones that are “hard down” and and “impaired but functioning.” per the internal communication.
“We do not have a timeline for when DXB and BAH will return to normal operations,” the internal post said.
Greg Brockman is the President and co-founder of OpenAI. Brockman joins Big Technology to discuss OpenAI’s product strategy, the rise of its coming super app, and why he believes AI is entering a new takeoff phase. Tune in to hear Brockman explain OpenAI’s bet on the GPT reasoning model tree over video generation, what the “Spud” pre-training run means for upcoming models, and why he believes AGI is 70-80% achieved. We also cover the competitive landscape, the economics behind OpenAI’s $110 billion infrastructure bet, and public skepticism toward AI. Hit play for one of the most revealing conversations yet about where AI is headed and what it means for everyone.
You can listen on Apple Podcasts, Spotify, or your podcast app of choice
Thanks again for reading. Please share Big Technology if you like it!
My book Always Day One digs into the tech giants’ inner workings, focusing on automation and culture. I’d be thrilled if you’d give it a read. You can find it here.
Where we’ll talk about this story, the latest in AI, the week’s podcast, and plenty more. You can sign up via the link below:
...
Read the original on www.bigtechnology.com »
This was written on March 1, 2026
I think it is incredibly cool that we can change a Linux system into a networking device. But have you ever wondered:
What are we changing when we turn a Linux system into a router or switch? What are we changing if we make a raspberry pi into a WiFi access point? How significant is the system performance monitoring change? What are the gates we have to change to enable packet forwarding and processing?
I’m going to start out with a narrative explanation of the changes that turn a Linux system into a WiFi access point and then I’ll show the commands for implementing it.
I have a cognitive bias: I think of networking devices and computers as different things. This is because the command line experience on networking gear is different than what you experience on servers/hosts. On servers and workstations: you tend to focus a lot on objects on the file system. On networking gear, you’re spending most of your time working with running processes directly. Commands and interaction objectives on networking gear is very different than those on hosts.
I suspect a lot of other people who have worked in networking have similar feelings about networking appliances versus host operating systems. This might be specific to my journey. But for better or worse, I felt that networking was different than general computing. It isn’t. If you know networking, you can make Linux do networking things if you make 7 changes.
To activate packet processing and forwarding in the Linux Kernel, you start by changing the Kernel’s configuration for networking. Every Android device that vends a personal WiFi hotspot makes the same general changes.
Let’s assume we have a Linux machine with a single network interfaces. A packet arrives on the externally facing interface. The Network Interface Card (NIC) signals an interrupt and the driver pulls the frame into a ring buffer in kernel memory via Direct Memory Access (DMA), where the hardware writes data into RAM without Central Processing Unit (CPU) involvement. The kernel’s networking stack picks the frame up from there, strips the Ethernet header, and examines the Internet Protocol (IP) destination address.
At that point the kernel consults its routing table. If the destination address matches one of the machine’s own interfaces, the packet travels up through the network stack to a listening socket, to a process waiting to handle it. If the destination address matches no local interface and IP forwarding is disabled, the kernel drops the packet and increments a counter in /proc/net/snmp.
The default behavior of Linux is the end of the line for a packet: the kernel cannot forward the packet to another host. We need to make changes to the system if we want to enable routing. We also need another nic to send across network interfaces. A workstation is a host, not a router.
Now imagine that same system with two NICs (aka dual-homed)- how do we get closer to routing packets?
A router’s role is to forward the packets our single-homed host drops by default. Let’s explore each of the steps that move the kernel from a workstation’s conservative posture as a host into a router that routes packets, modifies packet headers, and filters traffic between interfaces.
In the Linux kernel, a hook is a designated interception point in a code path where external functions can register themselves to execute. Think of it as a slot in an assembly line: the main process pauses at predefined points and runs every function that has registered at that slot, in priority order. Each registered function can inspect, modify, accept, or drop the item passing through. Hooks let the kernel separate its core packet-processing logic from policy decisions like filtering and address translation. The kernel defines where the hooks are; administrators and tools like nftables decide what code runs at each one. The kernel implements hooks as arrays of function pointers stored in structures like struct nf_hook_entries. At each hook point, the kernel iterates the array via nf_hook_slow(), passing each registered callback a pointer to the packet’s sk_buff structure.
Earlier, I made reference to “The kernel’s networking stack.” Just what does that mean?
A packet arrives at the NIC. The driver places it in memory and the kernel’s networking stack processes it through several ordered stages. At defined points along this path, the kernel passes the packet through netfilter, a hook-based framework built directly into the kernel’s networking code.
Netfilter hooks are function pointer arrays registered inside the kernel’s packet processing path. At each hook point, the kernel iterates through every registered function in priority order, passing a pointer to the packet’s socket buffer (sk_buff). Each registered function can accept, drop, modify, or queue the packet. Userspace tools like nftables register callback functions at these hooks by sending commands through a netlink socket, a kernel-userspace Inter-Process Communication (IPC) channel designed for networking configuration.
You can observe netfilter’s activity at runtime. nft list ruleset shows all currently registered tables and chains. conntrack -L shows the live connection tracking table. For deeper inspection, perf trace or bpftrace can attach probes to kernel functions like nf_hook_slow (the function the kernel calls when it iterates hook callbacks), letting you watch individual packet decisions in real time.
The five standard hook points are:
After PREROUTING, the kernel makes its routing decision. Packets addressed to the machine itself travel up through INPUT. Packets addressed to other hosts, when forwarding is enabled, move to FORWARD and then out through POSTROUTING. Every configuration step either registers code on one of these hooks or changes how the routing decision behaves.
IP forwarding is the first gate for enabling transport of packets across interfaces. Without it, the FORWARD hook might exist, but the kernel never sends packets to it. Packets arriving for foreign destinations die after the routing lookup. With it open, the kernel hands those packets to FORWARD, and every other piece of the router configuration takes effect.
You manage ip forwarding through the /etc/sysctl.d/10-forward.conf file:
/etc/sysctl.d/10-forward.conf
net.ipv4.ip_forward=1
/etc/sysctl.d/ is a drop-in configuration directory for kernel runtime parameters. At boot, systemd-sysctl.service reads every *.conf file in that directory (plus /etc/sysctl.conf) and writes each parameter to its corresponding path under /proc/sys/.
The kernel exposes a virtual filesystem at /proc/sys/ where every tuneable parameter appears as a file. The dotted sysctl notation is just a path translation: net.ipv4.ip_forward maps to /proc/sys/net/ipv4/ip_forward. Writing 1 to this file tells the IPv4 stack to send packets with non-local destinations through the FORWARD hook rather than discarding them. The kernel implements this decision in ip_forward() in net/ipv4/ip_forward.c.
Writing 1 to sysctl.d/10-forward.conf makes those writes persistent across reboots.
systemd-sysctl.service reads all files under /etc/sysctl.d/ at boot and applies them in lexicographic order. Restarting the service applies them immediately without requiring a system reboot. You can verify the active value at any time:
cat /proc/sys/net/ipv4/ip_forward
1 means forwarding is live. 0 means the gate is closed, and the rest of the router configuration is inert regardless of what else is configured.
Our first change is setting the kernel’s ip_forward parameter to 1.
A home network serves both wired and wireless clients on the same subnet. The configuration creates a network bridge, br0, and attaches eth0 and wlan0 to it as member ports. For details on Linux bridge interfaces, see the kernel bridge documentation.
Our second change is defining a bridge and adding interfaces to it that bind them for passing packets.
A bridge operates at Layer 2, the Ethernet layer. The kernel’s bridge module maintains a Media Access Control (MAC) address forwarding table. When a frame arrives on eth0, the bridge looks up the destination MAC address in that table and forwards the frame to the port where that address was last seen. If the address is unknown, the bridge floods the frame to all member ports. The bridge expires learned associations after a configurable aging time. To the rest of the network, br0 appears as a single unified switch, one shared Layer 2 segment across both wired and wireless interfaces. The kernel implements bridge forwarding logic in br_forward() in net/bridge/br_forward.c.
This matters for routing because the kernel assigns IP addresses to interfaces, not to physical ports. Assigning 192.168.1.1 to br0 means the router holds a single Local Area Network (LAN) address regardless of whether a client is wired or wireless. Both interfaces carry traffic on the same subnet and communicate at Layer 2 without any routing decision required between them.
One important distinction: a wired interface like eth0 is enslaved to the bridge directly with a single command (ip link set eth0 master br0), and the kernel’s bridge module immediately begins learning MAC addresses from frames arriving on it. A wireless interface (wlan0) cannot be enslaved to the bridge this way.
The 802.11 protocol requires an association and authentication lifecycle that standard Ethernet bridging doesn’t account for. Instead, hostapd manages this relationship: the bridge=br0 directive in hostapd.conf instructs hostapd to attach wlan0 to the bridge once the interface is in AP mode. Wireless clients that associate with the AP are then visible to the bridge as if they were on a wired port. The result is the same unified L2 segment, but the path to get there is different for wired and wireless members.
The mac80211 subsystem moves all aspects of master mode into user space. It depends on hostapd to handle authenticating clients, setting encryption keys, establishing key rotation policy, and other aspects of the wireless infrastructure. Due to this, the old method of issuing iwconfig no longer works
On a standard Ethernet bridge port, any device that sends a frame gets its MAC learned — there’s no prior handshake required at L2. On an 802.11 AP, the MAC layer itself enforces that a client must complete authentication and association (State 3) before the AP will accept or forward its data frames. The AP’s MAC (managed by the driver via mac80211) is the gatekeeper, and it needs a userspace daemon (hostapd) to handle the authentication exchanges. The kernel’s bridge module has no knowledge of 802.11 states — it just sees frames — so it can’t manage this lifecycle on its own.
The bridge-utils package provides brctl for inspecting bridge state. The kernel handles all forwarding logic through the br_netfilter and bridge modules.
Aside: bridges and packet capture. A bridge port is an excellent place to insert a packet capture. Attach a third interface to br0 and mirror traffic to a tap device (for more on tap/tun virtual interfaces, see the kernel tuntap documentation), or use a standalone bridge with a port set to promiscuous mode feeding a capture daemon like tcpdump or Zeek. Because the bridge sees all frames on the segment before any routing or filtering decision, a capture at this layer sees the complete pre-Network Address Translation (NAT), pre-firewall traffic picture. Tools like tcpdump -i br0 or an AF_PACKET socket bound to the bridge interface work at line rate for most home and small-business traffic volumes. These tools max out on a default Linux kernel at around 18 Gbps (at least they did when I last tested them, around 2023). Higher line rates require tools with hardware-based filtering like the Data Plane Development Kit (DPDK) or eXpress Data Path (XDP).
Now that we have a bridge, we need to define packet processing rules via netfilter’s nftables.
Netfilter is the broader kernel-level packet filtering framework that provides the hooks into the network stack, while nftables (via nf_tables) is the modern packet classification engine that operates on top of those hooks. It replaced iptables as the preferred interface, but both ultimately rely on the same netfilter hook infrastructure in the kernel. The kernel implements the nf_tables subsystem in nf_tables_api.c in net/netfilter/.
The firewall and NAT rules in /etc/nftables.conf are callback registrations. nftables sends them to the kernel through a netlink socket, and the nf_tables subsystem installs them at the specified hooks. Each chain declaration names its hook and priority explicitly:
chain forward {
type filter hook forward priority 0; policy drop;
iifname “eth0” oifname “br0″ ct state { established,related } counter accept
iifname “br0” oifname “eth0″ ct state { new,established,related } counter accept
counter
This chain controls traffic forwarding between interfaces, the core job of a router. Here’s what’s happening:
This attaches to netfilter’s forward hook, meaning it only sees packets that aren’t destined for the router itself but need to pass through it. The default policy is drop, so anything not explicitly allowed is silently discarded. This is a deny-by-default posture.
In this WiFi AP setup, eth0 is the WAN-facing interface — the uplink to your ISP or upstream router. br0 is the LAN-facing bridge, which aggregates traffic from wired clients (if any are directly attached) and wireless clients managed by hostapd. All LAN traffic enters and exits through br0, regardless of whether it originated from a wired or wireless device. With that topology in mind, the two rules in the FORWARD chain map directly to the two directions of traffic flow across the router.
Traffic arriving from eth0 (the WAN/internet side) heading toward br0 (the LAN bridge) is only accepted if conntrack (ct state) shows the connection was already initiated from the LAN side. This means unsolicited inbound connections from the internet are blocked, exactly what you want from a NAT router/firewall.
Traffic from br0 heading out to eth0 is accepted for new connections as well as existing ones. This lets LAN clients freely initiate connections to the internet.
This is a catch-all counter with no action; it just counts packets that matched neither rule above (and will therefore be dropped by the policy). It’s useful for monitoring how much traffic is being rejected.
This is a classic “stateful” firewall pattern. LAN devices can reach the internet freely, but the internet can never initiate connections inward. The related state also allows things like Internet Control Message Protocol (ICMP) errors and File Transfer Protocol (FTP) data channels that are associated with an existing connection to pass through.
When nftables.service loads or reloads the configuration, it flushes the existing ruleset and installs the new one atomically through the netlink interface. No packet sees a partial ruleset during the transition. Reload with:
sudo systemctl reload nftables.service
sudo nft -c -f /etc/nftables.conf
If you are gonna dive deep into netfilter, this blog is outstanding
Our third change was defining nf_tables rules for processing packets.
The rule fragments ct state { established, related } and ct state { new, established, related } reference conntrack, the kernel’s connection tracking subsystem. Conntrack is what makes two simple rules sufficient to handle all legitimate traffic. The kernel implements the connection tracking core in nf_conntrack_core.c in net/netfilter/.
Conntrack watches traffic as it passes through netfilter and maintains a table of active flows. Each entry stores the source and destination addresses, ports, protocol, and current connection state. When a LAN client opens a Transmission Control Protocol (TCP) connection to a server on the internet, conntrack creates an entry and marks the flow new. Once the three-way handshake completes, conntrack marks it established. Reply packets from the internet match ct state established in the FORWARD chain and pass through automatically.
The firewall allows outbound connections from br0 to eth0 when they carry state new or established. Return packets arriving on eth0 match as established. Conntrack holds the bookkeeping; the firewall rules consult the table.
The related state covers secondary flows. Protocols like FTP open a control connection and then negotiate a separate data connection on a different port. ICMP error messages tie back to existing TCP or User Datagram Protocol (UDP) flows. Conntrack understands these relationships and marks the secondary flows accordingly, so the firewall accepts them without explicit rules for every protocol variant.
Our fourth change is an expansion of network connection tracking in the Kernel’s connection tracking subsystem. We have begun tracking packets for systems beyond just our own host.
Home networks use Request for Comments (RFC) 1918 private address space: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. The public internet carries routes to none of these ranges. Every packet leaving the LAN needs its source address replaced with the router’s public IP before it exits. Without that replacement, the originating host will never receive replies from the internet.
The postrouting chain at the POSTROUTING hook replaces each outbound packet’s private source address with the router’s public address:
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname “eth0” counter masquerade
The term masquerade relates to the act of disguising oneself. The router pretends to be the original sender of a request bound for the internet, but it remembers which node on the internal network made the original request. The resource on the internet responds to the router as if it’s connecting with the original sender, but the router modifies the packet and sends it on to the original requester. The router presents the LAN client to the outside world under a different identity, the WAN IP, concealing the private address behind a public one. The client appears to the remote server as the router itself. The router hides the client’s original address. The kernel implements the masquerade action in nf_nat_masquerade.c in net/netfilter/.
Conntrack stores the translation as part of each flow’s entry. The tuple (private IP, private port, public IP, public port, protocol) lives in the conntrack table for the lifetime of the connection. You can inspect it directly:
sudo conntrack -L
Each line shows the original and reply tuples for a live flow, along with the connection state and a timeout countdown. Flows that have been idle long enough age out, and conntrack removes their entries, a key mechanism for preventing the NAT table from growing without bound. TCP connections time out after the session closes or after a configurable idle period. UDP entries use shorter timers because UDP carries no close signal.
The masquerade action reads eth0’s current IP address at the moment the packet is processed, rather than at configuration time. This makes it the correct choice for a WAN interface that acquires its address via Dynamic Host Configuration Protocol (DHCP), where the public IP may change without notice. When the address changes, new connections use the new address automatically. Conntrack retains entries for established connections under the old address until they expire.
Our fifth change is defining rules that modify the sender and recipient addresses in packets processed by the host.
Every computer on the Internet needs to know three things to work: their IP address, their default gateway to the internet, and their Domain Name System (DNS) server.
A router must introduce itself to clients on their network. New clients arrive without an IP address, without a default gateway, and without a DNS resolver. dnsmasq vends these values to clients on their network through DHCP.
When a device joins the network, it broadcasts a DHCP discovery. dnsmasq listens on br0 and responds with an offer containing an IP address, subnet mask, lease duration, and two DHCP options: option 3 (default gateway, 192.168.1.1) and option 6 (DNS server, 192.168.1.1). Option 3 tells the client where to send packets destined for addresses outside the local subnet. Option 6 tells the client which resolver to query. dnsmasq caches upstream responses locally, reducing query volume and accelerating repeat lookups.
dnsmasq binds to br0 so it serves only the LAN. It never listens on eth0.
NetworkManager as an alternative: NetworkManager can handle both DHCP server and DNS functions through its built-in dnsmasq integration, activated by setting dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf. NetworkManager launches its own dnsmasq instance and manages its configuration dynamically as interfaces come and go.
There are significant tradeoffs for each approach. NetworkManager’s approach reduces manual configuration and handles interface lifecycle events automatically. This is useful on a laptop or a machine where interfaces appear and disappear. On a dedicated router, you generally will want greater control. NetworkManager may reconfigure dnsmasq or restart it in response to network events, interrupting DHCP leases in unpredictable ways. A static dnsmasq configuration launched by systemd gives you deterministic startup order, explicit binding, and straightforward log inspection via journalctl -eu dnsmasq.service. You know exactly what the daemon is configured to do because you wrote the configuration file.
From a kernel perspective, both paths land in the same place: a userspace process bound to a UDP socket on port 67, servicing DHCP requests arriving on the bridge interface. The kernel doesn’t distinguish between the two arrangements. The difference is in how the daemon is launched, configured, and supervised. This is a service management and operational tradeoff, not an architectural one.
Our sixth change is deploying a new daemon (dnsmasq) for vending DHCP and DNS services to clients on the system’s network(s).
Wireless interfaces operate in one of several modes. In managed mode, a card scans for access points and associates as a client. In AP mode, the card broadcasts beacons, accepts association requests, and manages the full authentication lifecycle for connecting devices.
The kernel’s mac80211 subsystem provides a unified programming interface for 802.11 hardware across different driver implementations. hostapd communicates with mac80211 through the nl80211 netlink interface, the same socket-based kernel-userspace channel that nftables uses, applied here to the wireless subsystem. Through nl80211, hostapd commands the driver to enter AP mode, sets the Service Set Identifier (SSID), channel, and Wi-Fi Protected Access 2 (WPA2) encryption parameters, and takes ownership of authentication frames.
The bridge=br0 directive in hostapd.conf attaches the AP interface to the bridge as a member port. Wireless clients, once associated, enter the same Layer 2 segment as wired clients. Their traffic arrives on br0, the kernel applies the same netfilter decisions, and packets travel the same forwarding path as everything else on the LAN.
Debian ships hostapd masked by default. Systemd registers the service but blocks it from starting. This blocking prevents an unconfigured instance from launching and broadcasting an open network. systemctl unmask hostapd removes that block, after which systemctl enable –now hostapd starts it and registers it for future boots.
Our seventh change is deploying a new daemon (hostapd) for vending WiFi networks from the device’s WiFi card.
Each configuration step activates a different layer of the kernel’s networking architecture. Together, they build a complete forwarding system:
Note on the bridge row: Adding a wired interface to br0 is a direct kernel operation — the bridge module immediately takes over frame forwarding for that port. Adding a wireless interface is indirect: hostapd’s bridge=br0 directive handles the attachment after the wireless card enters AP mode and a client associates. Both result in the same logical L2 segment, but the mechanism differs. If you are debugging bridge membership, brctl show (or ip link show master br0) will show wired members directly; wireless clients appear as learned MAC entries in the bridge’s forwarding table once they associate, which you can inspect with brctl showmacs br0.
Start with a Linux machine in its default state: a workstation that receives packets for itself, forwards nothing, and drops traffic addressed to any IP it doesn’t own. Its IP forwarding gate is closed. Its netfilter FORWARD chain is empty. Its wireless card listens for beacons rather than broadcasting them. It has no DHCP server, no NAT table, and no bridge.
* IP forwarding opens the gate for the possibility of routing.
* The bridge collapses the wired and wireless interfaces into a single addressable domain.
* The nftables chains install policy at the FORWARD hook, deciding what passes and what drops.
* Conntrack feeds state information into those policy decisions, making simple rules work for complex traffic patterns.
* Masquerade hides the LAN behind the router’s public identity and keeps a translation table in memory.
* dnsmasq announces the router’s presence and hands every new client the information it needs to reach the outside world.
These are the changes that transform a Linux system into a WiFi router. You can evaluate and inspect them through 6 commands:
...
Read the original on patrickmccanna.net »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.