UTM employs Apple's Hypervisor virtualization framework to run ARM64 operating systems on Apple Silicon at near native speeds. On Intel Macs, x86/x64 operating system can be virtualized. In addition, lower performance emulation is available to run x86/x64 on Apple Silicon as well as ARM64 on Intel.

netboot.xyz enables you to boot from PXE into many types of operating systems using lightweight tooling.

Linux 3.17 (2014-10-05) learnt a new syscall getrandom() that, well, gets bytes from the entropy pool. Glibc learnt about this with 2.25 (2017-02-05) and two tries and four years after the kernel, OpenSSL used that functionality from release 1.1.1 (2018-09-11). OpenSSH implemented this natively for the 7.8 release (2018-08-24) as well.

Now the getrandom() syscall will block1 if the kernel can't provide enough entropy. And that's frequenty the case during boot. Esp. with VMs that have no input devices or IO jitter to source the pseudo random number generator from.

IMAPFilter is a mail filtering utility. It connects to remote mail servers using the Internet Message Access Protocol (IMAP), sends searching queries to the server and processes mailboxes based on the results. It can be used to delete, copy, move, flag, etc. messages residing in mailboxes at the same or different mail servers. The 4rev1 and 4 versions of the IMAP protocol are supported.

IMAPFilter uses the Lua programming language as a configuration and extension language.

NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers.

NetBox runs as a web application atop the Django Python framework with a PostgreSQL database.

KeyChest of Enigma Bridge is a certificate expiry monitoring service. It uses internet databases and checks configuration of your servers. KeyChest dashboard gives you all the information you need for operational teams, as well as performance charts (KPIs).

KeyChest can enroll all your servers and domain names within minutes. It will also continuously discover new certificates within domain names you set as "Active Domain". It is how we believe monitoring should work - automatically.

Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management orchestration, and much more.

CloneDeploy is a free open source solution for computer cloning / imaging. It most closely resembles an alternative for Symantec Ghost Solution Suite™ or Acronis Snap Deploy™. It supports imaging Windows XP through Windows 10, Linux, and OSX, using both Unicast and Multicast technologies.

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from security.debian.org, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.

This paper has one goal:

Create an easy to use, fully redundant platform for virtual servers. 

Oh, and do have fun!