Tag:

open source

Proxmox Mail Gateway 9.1 Released: New Quarantine and Backup Encryption Features

by Chief Editor June 11, 2026

written by Chief Editor

Proxmox Mail Gateway 9.1 has been released, introducing native backup encryption, updated system components based on Debian 13.5, and refined quarantine management tools. The software acts as a mail proxy positioned between a network firewall and internal mail servers to filter spam, viruses, and phishing threats. According to the Proxmox development team, the update is available now for bare-metal, virtualized, or containerized deployments.

What are the primary technical upgrades in version 9.1?

Proxmox Mail Gateway 9.1 transitions to the Debian 13.5 Trixie distribution and utilizes Linux kernel 7.0 as its stable default. This update maintains alignment with current open-source security standards by integrating SpamAssassin 4.0.2, ClamAV 1.4.4, PostgreSQL 17, and ZFS 2.4. By keeping these core dependencies current, administrators ensure the gateway can process modern threat signatures more efficiently than previous versions running on older kernels.

View this post on Instagram about Proxmox Mail Gateway, Pro Tip

From Instagram — related to Proxmox Mail Gateway, Pro Tip

Pro Tip: If you are running version 8.2 or 9.0, you can move to 9.1 using the standard APT package management system. Always run a full backup before initiating the upgrade path.

How does the updated quarantine interface improve security?

The updated quarantine interface focuses on reducing administrative overhead and protecting user privacy. Administrators can now view positive and negative spam score components side-by-side, which simplifies the process of diagnosing why a specific email was blocked. Furthermore, the system now prevents external images in quarantined emails from loading automatically. According to Help Net Security, this “Load Images” requirement prevents external servers from tracking whether an email was opened, mitigating potential web-based threats.

Why is native backup encryption critical for email security?

Version 9.1 introduces client-side encryption for backups sent to a Proxmox Backup Server. This process encrypts email configuration settings, rule definitions, and historical statistics before the data leaves the gateway. By ensuring that backups remain encrypted on the storage target, Proxmox addresses the risk of data exposure during transit or if the backup repository is compromised. This capability is a significant shift from earlier versions that relied on the security of the destination server alone.

Update and Upgrade patch file on Proxmox Mail Gateway

Trends in email proxy security

As phishing techniques become more sophisticated, the trend in mail security is moving toward granular, user-controlled visibility. The addition of a “seen” status for shared mailboxes in Proxmox 9.1 reflects a shift toward collaborative security management. Instead of individual users auditing the same messages, teams can now synchronize their efforts, reducing the likelihood of missed threats. This trend prioritizes operational efficiency alongside traditional threat detection.

Did you know? Proxmox Mail Gateway can be installed on bare-metal hardware or as a Linux Container (LXC) on Proxmox VE, offering flexibility for both small businesses and large enterprise data centers.

Frequently Asked Questions

Can I use Proxmox Mail Gateway with any mail server? Yes, it functions as a mail proxy and is compatible with any internal mail server, including Microsoft Exchange, Postfix, or Zimbra.
Does the quarantine interface support team collaboration? Yes, the new “seen” status allows users to mark emails as audited, preventing duplicate review in shared mailboxes.
Is the software free to use? Proxmox Mail Gateway is open-source software available for download, though Proxmox offers commercial support subscriptions for enterprise environments.
How does the “Copy Link” feature work? Administrators can now copy a recipient’s private quarantine access link directly from the dashboard to provide users with easier access to their held messages.

Have you upgraded your mail security infrastructure this year? Share your experience with the latest Proxmox release in the comments below or subscribe to our newsletter for more updates on enterprise security tools.

June 11, 2026 0 comments

Tech

Microsoft Announces Azure Linux 4.0: General-Purpose Server OS

by Chief Editor May 28, 2026

written by Chief Editor

The Great Hyperscaler Shift: Why Microsoft is Betting on Its Own Linux

For years, the cloud landscape was defined by a simple dynamic: hyperscalers provided the infrastructure, and customers brought their own OS. But as AI workloads push hardware to its limits, the “operating system as a commodity” model is dying. Microsoft’s recent unveiling of Azure Linux 4.0 and Azure Container Linux at the Open Source Summit isn’t just another product launch—it’s a strategic pivot to vertical integration.

By moving to a Fedora-based foundation, Microsoft is joining AWS and Google in a race to control the base layer of the stack. For engineers, this signals a massive shift in how we think about cloud-native deployments and dev/prod parity.

Why “General Purpose” Linux Matters for the Cloud

Until now, Microsoft’s Linux efforts were largely siloed within Azure Kubernetes Service (AKS). Azure Linux 4.0 changes the game by offering a general-purpose server distribution for virtual machines. This allows teams to move away from third-party distributions like RHEL or Ubuntu for their standard VM workloads, potentially unlocking performance optimizations tailored specifically to Azure’s silicon and networking architecture.

Pro Tip: Don’t assume “Fedora-based” means “Fedora-compatible.” Because Azure Linux uses a slimmed-down package footprint, always test your dependency chains in a sandbox environment before migrating production workloads.

The Rise of Immutable Infrastructure

The second pillar of this announcement, Azure Container Linux, highlights the industry’s obsession with immutability. By removing the package manager and baking everything into the image, Microsoft is forcing a shift toward more secure, repeatable deployments.

This approach mirrors the success of Google’s Container-Optimized OS. In regulated environments—where configuration drift is a major security risk—immutable hosts provide a “known good” state that is significantly easier to audit and maintain.

Strategic Upstream Contributions

The days of Microsoft “forking and forgetting” are over. By contributing back to the Fedora ecosystem—such as the push for x86-64-v3 packages—Microsoft is positioning itself as a good citizen of the open-source world while ensuring that the upstream project moves in a direction that benefits Azure’s massive compute scale.

AKS Loves OpenSource Series: Brendan Burns on how Azure embraces open source

Did you know? Over two-thirds of the cores running on Azure today are Linux-based. This massive scale is exactly why Microsoft is investing so heavily in its own distributions—it’s about optimizing performance for millions of compute cores.

Looking Ahead: The Dev/Prod Parity Gap

The most exciting part of this roadmap is the planned support for WSL (Windows Subsystem for Linux). Imagine a developer working on a Windows laptop, running the exact same OS kernel and package ecosystem locally as they do in the cloud. This “write once, run anywhere” promise has been the holy grail of DevOps for a decade, and we are finally approaching a point where that parity is becoming a reality.

Frequently Asked Questions

Is Azure Linux 4.0 a replacement for my current OS? Not necessarily. It is a general-purpose option for Azure VMs. If your current workflow relies on specific enterprise features found in RHEL or SLES, Make sure to evaluate the compatibility of the Fedora-based package ecosystem first.
What is the difference between Azure Linux and Azure Container Linux? Azure Linux 4.0 is for general-purpose VM workloads (RPM-based). Azure Container Linux is an immutable, minimal host designed exclusively for running containerized workloads.
Can I run Azure Linux on-premises? Currently, these distributions are optimized for the Azure environment. While the source is public on GitHub, the primary value proposition is the deep integration with Azure’s cloud infrastructure.

What’s your take? Are you ready to move your VM workloads to a first-party distribution, or do you prefer the stability of traditional Linux vendors? Join the conversation in the comments below or subscribe to our newsletter for the latest deep dives into cloud-native infrastructure.

May 28, 2026 0 comments

Tech

Synology launches all-flash storage systems for enterprises

by Chief Editor May 10, 2026

written by Chief Editor

The Great Repatriation: Why Enterprises Are Bringing Their Data Home

For a decade, the narrative was simple: move everything to the public cloud. But a quiet shift is happening. More organizations are realizing that for latency-sensitive applications, the “cloud” is often too far away. We are seeing a surge in cloud repatriation, where businesses move critical workloads back to on-premises hardware to regain control and slash response times.

View this post on Instagram about Hard Disk Drive

From Instagram — related to Hard Disk Drive

The recent push toward high-performance, all-flash systems—like the 24-bay architectures seen in the latest enterprise storage arrays—highlights this trend. When you’re running massive databases or real-time virtualization, every millisecond counts. On-premises all-flash storage eliminates the “noisy neighbor” effect of public clouds, providing predictable, dedicated performance.

Did you know? According to recent industry shifts, mid-to-large enterprises are increasingly adopting “Hybrid-Cloud” models, keeping their high-IOPS “hot data” on-site while using the cloud for long-term archival.

The End of the Spinning Disk in the Enterprise

We are witnessing the sunset of the Hard Disk Drive (HDD) in the primary data center. The performance gap has become too wide to ignore. With modern systems delivering nearly a million read IOPS (Input/Output Operations Per Second), the bottleneck has shifted from the drive to the network.

The future is not just “all-flash,” but intelligent flash. We’re moving toward a world where storage doesn’t just hold data but actively manages it. Automated data tiering is the next frontier—where the system autonomously moves frequently accessed “hot” data to the fastest flash tiers and shifts “cold” data to cheaper storage without any human intervention.

For industries like video post-production or large-scale CAD engineering, this is a game-changer. When multiple users are scrubbing through 8K RAW footage or rendering complex 3D models, the demand for SMB read throughput is astronomical. The trend is moving toward integrated 25GbE and Fibre Channel connectivity as the baseline, not the upgrade.

Pro Tip: If you’re planning a storage refresh, don’t just look at raw capacity. Prioritize IOPS density and throughput. A system that can handle 900,000+ read IOPS will future-proof your infrastructure against the growing demands of AI-driven applications.

Virtualization and the Storage Convergence

The line between the server and the storage array is blurring. Modern enterprise storage is now designed to be a seamless extension of the hypervisor. Whether it’s VMware vSphere, Microsoft Hyper-V, or OpenStack, the trend is toward “storage-aware” virtualization.

Synology launches 60 bay HD6500 NAS for petabyte level storage

This convergence allows for features like Snapshot Replication and instant recovery points. In a world where ransomware is a constant threat, the ability to restore a volume or a single file in seconds—rather than hours—is no longer a luxury; it’s a survival requirement. This makes integrated backup solutions, such as Synology’s Active Backup for Business, central to the modern IT stack.

Looking ahead, You can expect deeper integration with AI-driven management tools. Imagine a storage system that predicts a drive failure before it happens or automatically adjusts its cache based on the time of day and user behavior. This is the direction the industry is heading: from passive repositories to proactive data managers.

[Internal Link: How to Optimize Your Virtualization Storage for Maximum Performance]

The New Standard for Data Resilience

Reliability is evolving from “redundancy” to “resilience.” It’s no longer enough to have a second power supply. The future of enterprise storage lies in out-of-band management and self-healing architectures.

The ability for an admin to troubleshoot a server and retrieve logs even while the system is shut down is becoming a standard requirement for colocation environments. As businesses scale, the cost of downtime is measured in thousands of dollars per minute, making failover and load-balancing networking non-negotiable.

[Internal Link: The Ultimate Guide to Ransomware Protection for Enterprise Storage]

Frequently Asked Questions

What is the difference between Block and File storage?

File storage (like NAS) organizes data in a hierarchy of folders and files, ideal for shared access. Block storage (like SAN) breaks data into chunks (blocks), providing lower latency and higher performance, which is essential for databases and virtual machines.

Why is IOPS more key than throughput for some workloads?

Throughput is about how much data can be moved (like a wide pipe), while IOPS is about how many individual requests can be handled per second. Databases and VMs perform thousands of small reads/writes, making high IOPS critical for a responsive system.

What is All-Flash storage?

All-Flash storage uses only Solid State Drives (SSDs) instead of traditional spinning hard drives. This results in significantly faster data access, lower power consumption, and greater physical reliability.

What’s your take on the shift back to on-premises storage? Is your organization sticking with the cloud, or are you looking for more control over your latency? Let us know in the comments below or subscribe to our newsletter for more deep dives into enterprise tech!

May 10, 2026 0 comments

Tech

Product showcase: NetGuard open-source firewall for Android

by Chief Editor May 8, 2026

written by Chief Editor

The Evolution of Mobile Privacy: Beyond Simple App Permissions

For years, the conversation around mobile security focused on “permissions”—asking a user if an app could access their camera or contacts. But as we move deeper into an era of hyper-connectivity, the frontier of privacy has shifted. It is no longer just about what an app can access on your phone, but where that data goes once it leaves the device.

View this post on Instagram about Zero Trust, Pro Tip

From Instagram — related to Zero Trust, Pro Tip

Tools like NetGuard highlight a growing demand for granular network control. By using a local VPN loopback to filter traffic, users are taking back the “kill switch” from the operating system. This trend points toward a future where “Zero Trust” architecture isn’t just for corporate servers, but for the smartphone in your pocket.

Pro Tip: If you are using a firewall to save data or increase privacy, always remember to disable battery optimization for the app. Android’s aggressive power management can kill background VPN services, leaving your “blocked” apps free to connect to the internet again.

The Rise of Local VPNs and Digital Sovereignty

One of the most interesting technical trends is the use of the Android VPN service not for anonymity (like a traditional VPN), but for local traffic orchestration. Because Android restricts the ability to chain multiple VPNs, a local firewall essentially becomes the “gatekeeper” for all outgoing packets.

This represents a broader movement toward digital sovereignty. Users are increasingly distrustful of proprietary “black box” systems. The preference for open-source firewalls allows the community to audit the code, ensuring that the tool designed to protect your privacy isn’t secretly collecting data itself.

We are likely to see a surge in “Privacy-First” OS forks—similar to LineageOS—that integrate these firewall capabilities directly into the kernel, removing the need for a VPN-based workaround and reducing battery drain.

AI-Driven Traffic Analysis: The Next Frontier

Currently, most mobile firewalls rely on manual blacklists and whitelists. You decide that Chrome can access the web, but your calculator app cannot. However, the next evolution will be Behavioral Network Analysis.

How to Build Free Open Source Apps | Tutorial ft. NetGuard Firewall & Android Studio

Imagine a firewall powered by lightweight, on-device AI that doesn’t just block an app, but analyzes the pattern of its traffic. If a simple flashlight app suddenly attempts to send 50MB of encrypted data to an unknown server in another country at 3:00 AM, the AI would flag this as anomalous behavior and kill the connection instantly.

This shift from static rules to dynamic intelligence will be crucial as apps become more complex and “telemetry” (the background data apps send back to developers) becomes more sophisticated.

Did you know? Many “free” apps monetize your experience by selling “device fingerprints”—unique identifiers that include your battery level, screen resolution, and network operator—to advertising networks via background telemetry.

Combatting the Telemetry Tide

The battle against background data leakage is becoming an arms race. Developers use techniques like “domain fronting” to hide their tracking servers behind legitimate services (like Google or Cloudflare). This makes it harder for basic firewalls to identify who the app is actually talking to.

Future trends suggest a move toward DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) integration within firewalls. By encrypting DNS queries, users can prevent Internet Service Providers (ISPs) from seeing which domains their apps are hitting, adding a layer of invisibility to the blocking process.

Real-world data from privacy audits shows that even “system apps” often communicate with servers dozens of times per hour. As users become more aware of this “invisible chatter,” the demand for tools that provide transparent access logs—showing exactly which IP address was contacted and when—will only grow.

Frequently Asked Questions

Does using a local firewall slow down my internet?

Generally, no. Because the traffic is being routed through a local loopback on your own device rather than a remote server, the latency is negligible. Any perceived slowdown is usually due to the device’s CPU processing the filtering rules.

Can I use a firewall and a commercial VPN at the same time?

On standard Android devices, no. Android only allows one active VPN service at a time. To achieve both, you would typically need a rooted device or a specialized OS that allows for network routing at the system level.

Is a firewall enough to stop all tracking?

It stops the transmission of data, but not the collection. An app can still collect your data locally; a firewall simply prevents that app from “phoning home” to upload that data to a server.

What’s your take on mobile privacy? Do you trust your OS to handle your data, or have you started using third-party tools to lock down your device? Let us know in the comments below or subscribe to our newsletter for more deep dives into digital security.

May 8, 2026 0 comments

Tech

Tenable finds GitHub workflow flaw in Microsoft repo

by Chief Editor May 4, 2026

written by Chief Editor

The Invisible Attack Surface: Why Your CI/CD Pipeline is the New Front Line

For years, cybersecurity focused on the “front door”—firewalls, login screens, and API gateways. But as development speeds up, the real danger has shifted to the “back door”: the Continuous Integration and Continuous Delivery (CI/CD) pipelines. The recent discovery by Tenable Research in a Microsoft GitHub repository serves as a wake-up call. A Python string injection flaw in the Windows-driver-samples repository allowed for remote code execution, potentially exposing repository secrets. When a project with 5,000 forks and 7,700 stars has this vulnerability, it isn’t just a bug in one codebase; It’s a blueprint for how modern software supply chains can be dismantled. The risk isn’t just about one leaked token. It is about the systemic trust we place in automation. As we move forward, the industry is shifting toward a reality where the pipeline itself is treated as a high-value target, equal in importance to the production server.

Did you know? Many organizations still rely on “default” permissions for their automation tokens. In the Microsoft case, researchers inferred the GITHUB_TOKEN likely operated with default read and write access since the repository predated 2023 security updates.

The Death of the ‘God Token’ and the Rise of Least Privilege

One of the most critical trends in DevOps security is the aggressive move away from long-lived, high-privilege tokens. For too long, developers used “God Tokens”—credentials with sweeping permissions that could create issues, push code, and modify settings across an entire organization. The future is Least Privilege Automation. We are seeing a transition toward:

Short-lived Credentials: Moving away from static secrets toward tokens that expire in minutes or hours.
OIDC (OpenID Connect): Instead of storing a secret key in GitHub, pipelines now use OIDC to request temporary access from cloud providers like AWS or Azure, eliminating the need for long-term stored secrets.
Granular Scoping: Rather than “Read/Write” access, permissions are being narrowed to specific actions, such as read-only access to the contents folder.

“The CI/CD infrastructure is part of an organisation’s attack surface and software supply chain,” Rémy Marot, Staff Research Engineer at Tenable

AI: The Double-Edged Sword of Pipeline Security

As we integrate Artificial Intelligence into our coding workflows, we are entering a period of “automated escalation.” AI is fundamentally changing how vulnerabilities like string injections are both created and found. On the offensive side, attackers are using LLMs to scan public YAML files and workflow scripts for patterns that suggest unsafe input handling. A vulnerability that might have taken a human researcher days to find can now be spotted by an AI agent in seconds. But, the defensive trend is equally powerful. We are seeing the emergence of AI-driven Guardrails. Future CI/CD systems will likely include:

Real-time Static Analysis: AI that blocks a commit if the workflow script introduces a potential injection point.
Anomaly Detection: Systems that flag a workflow if it suddenly attempts to access a secret it has never used before or connects to an unknown external IP.

Pro Tip: Regularly audit your `.github/workflows` files. Treat your YAML configurations as production code—subject them to the same peer review and security scanning as your primary application logic.

Moving Toward ‘Zero Trust’ DevOps

The industry is realizing that “internal” does not mean “safe.” The Tenable finding proved that a simple GitHub issue submission—an action available to any registered user—could trigger a vulnerable workflow. The future trend is Zero Trust for Pipelines. This means assuming that any input coming into the pipeline—whether it is a pull request, a comment, or an issue description—is potentially malicious. This shift involves implementing Software Bill of Materials (SBOM) and strict provenance checks. By verifying exactly who touched the code and which automated process built the binary, companies can ensure that a compromised pipeline doesn’t lead to a poisoned update being sent to millions of users.

For more on securing your development environment, see our guide on [Internal Link: Implementing DevSecOps Best Practices].

Frequently Asked Questions

What is a CI/CD pipeline attack?

A CI/CD attack targets the automated tools used to build and deploy software. Instead of attacking the final app, hackers target the pipeline to steal secrets or inject malicious code directly into the software before it is released.

Frequently Asked Questions — Microsoft Actions Python

Why is string injection dangerous in GitHub Actions?

String injection occurs when user-supplied text is executed as code. In GitHub Actions, if a workflow takes a user’s issue description and passes it directly into a shell script or Python command, an attacker can “inject” their own commands to take over the server running the workflow.

How can I secure my GitHub repository secrets?

Avoid using default permissions. Explicitly define the permissions key in your workflow YAML to restrict the GITHUB_TOKEN to the minimum access required for that specific job.

What is the role of the GITHUB_TOKEN?

The GITHUB_TOKEN is an automatically generated secret used by GitHub Actions to authenticate requests to the GitHub API, allowing the workflow to perform tasks like creating releases or commenting on issues.

Join the Conversation: Is your team treating your CI/CD pipeline as critical infrastructure, or is it still viewed as “background tooling”? Share your security strategies or request a question in the comments below.

Want to stay ahead of the next major vulnerability? Subscribe to our Security Insights newsletter for weekly deep-dives into the evolving threat landscape.

May 4, 2026 0 comments

Tech

Open-source IPFire DNS Firewall blocks malware and phishing at the resolver

by Chief Editor April 28, 2026

written by Chief Editor

The Evolution of Network Defense: Moving Toward DNS-Layer Security

For years, network administrators have relied on a combination of heavy-duty proxies and external “sinkholes” to keep unwanted traffic at bay. Although, the landscape is shifting. The recent integration of DNS-layer domain blocking directly into the firewall—as seen in the latest IPFire Core Update 201—signals a broader trend: the move toward lightweight, invisible, and highly efficient security at the resolver level.

Unlike traditional URL filters that often require complex HTTPS inspection and certificate handling, DNS-layer blocking operates by intercepting the request before a connection is even attempted. When a client requests a domain flagged as malicious, the system returns an NXDOMAIN response. This effectively tells the client that the domain does not exist, ensuring that no connection is established and no sensitive data leaves the network.

Did you know? An NXDOMAIN (Non-Existent Domain) response is one of the most efficient ways to block threats because it stops the attack at the “phonebook” stage of the internet, preventing the device from ever reaching out to the malicious server.

The Decline of Heavy Proxy Dependencies

The industry is moving away from the “middleman” approach to filtering. Traditional URL filters often depend on proxy setups that can introduce latency and break encrypted traffic. By handling blocklist enforcement directly inside the firewall’s DNS proxy, the need for client-side configuration and HTTPS inspection is eliminated.

This transition simplifies the architecture for the end-user. Instead of managing a separate device—such as an external Pi-hole deployment—operators can now consolidate their security stack. This reduction in complexity not only improves performance but as well reduces the number of potential failure points in a home or business network.

Solving the Bandwidth Bottleneck in Threat Intelligence

One of the biggest hurdles in maintaining real-time security is the size of the blocklists. As the number of phishing and malware domains grows, the data required to keep a firewall updated can turn into massive. For users on limited cellular connections or in regions with expensive data, downloading gigabytes of updates is simply not sustainable.

View this post on Instagram about Solving the Bandwidth Bottleneck, Threat Intelligence One

From Instagram — related to Solving the Bandwidth Bottleneck, Threat Intelligence One

The solution lies in Incremental Zone Transfers (IXFR), defined in RFC 1995. Rather than downloading a full list every time a change occurs, IXFR allows the firewall to download only the specific changes between versions. According to Michael Tremer, IPFire’s lead developer, this is crucial because full downloads of malware and phishing lists can reach roughly 100 MiB per update.

This shift toward incremental updates is a critical trend for the “edge” of the internet. As more devices move to the network perimeter, the ability to push updates every five minutes without saturating the connection is what allows security teams to combat the short lifespan of phishing sites, which may only remain active for a few hours.

Pro Tip: If you are migrating from a separate Pi-hole or an older URL Filter, remember that custom block and allow lists do not transfer automatically. Use the web UI to copy and paste your domains directly into the new DNS Firewall interface to maintain your custom security posture.

Hardening the Attack Surface: The “Less is More” Philosophy

Modern security is not just about adding new features; We see about removing unnecessary ones. A growing trend in open-source distributions is the aggressive pruning of unused packages to reduce the “attack surface”—the total number of points where an attacker could potentially find a vulnerability.

Infoblox DNS Firewall: Understanding APT Malware

We are seeing this in practice with the removal of non-essential components. For example, the removal of Rust packages no longer required by the distribution and the dropping of the 7zip add-on (due to a lack of upstream maintenance) are strategic moves. By cutting build overhead and removing unmaintained code, developers can ensure a leaner, more secure environment.

This philosophy extends to the toolchain itself. Updating to the latest versions of core components—such as glibc 2.43, OpenSSL 3.6.1, and OpenVPN 2.6.19—ensures that the firewall is leveraging the most recent security patches and performance optimizations.

The Future of Automated Reporting and IDS

As network environments grow more complex, the way we handle security alerts must also evolve. The move toward customizable recipient configurations for Intrusion Prevention System (IPS) reports—splitting daily, weekly, and monthly cadences—reflects a need for better organizational routing.

In the future, we can expect these reports to become even more granular, potentially integrating with AI-driven analysis to separate “noise” from actual threats, ensuring that the people responsible for review intervals are not overwhelmed by false positives.

Frequently Asked Questions

What is DNS-layer domain blocking?
It is a security method that checks DNS queries against a blocklist before a connection is made. If a domain is listed as malicious, the firewall returns an NXDOMAIN response, preventing the device from connecting to the site.

Do I still need a Pi-hole if my firewall has a DNS Firewall?
While Pi-hole is a powerful tool, integrated DNS firewalls provide similar functionality (blocking malware, phishing, and ads) without the need for additional hardware or complex configuration.

What is IXFR and why does it matter?
IXFR stands for Incremental Zone Transfer. It allows a system to download only the changes to a blocklist rather than the entire file, which significantly saves bandwidth and allows for more frequent updates.

Does the DNS Firewall require HTTPS inspection?
No. Because it operates at the DNS level, it does not need to inspect encrypted HTTPS traffic or handle certificates, making it more privacy-friendly and easier to deploy.

Are you upgrading your home or business firewall this year? We wish to hear about your setup. Do you prefer a consolidated firewall approach, or do you still rely on separate hardware for DNS sinkholing? Let us know in the comments below or subscribe to our newsletter for more deep dives into open-source security.

April 28, 2026 0 comments

Business

LightInk – An ESP32-based, solar-powered E-ink smartwatch with up to 10 months of battery life

by Chief Editor April 26, 2026

written by Chief Editor

The Shift Toward Ultra-Low Power Architecture

The future of wearables is moving away from power-hungry boot sequences. Traditionally, processors like the ESP32 seize approximately 28 ms to boot, consuming several milliamps of power before performing any actual tasks. This overhead is a significant barrier to achieving true long-term battery life.

View this post on Instagram about Hardware, The Shift Toward Ultra

From Instagram — related to Hardware, The Shift Toward Ultra

A emerging trend is the use of “wake stubs”—function pointers in the RTC memory. By allowing the core to run code in microseconds and bypassing the flash entirely, devices can boot, send data, and update display buffers in less than 1 ms. This approach allows the system to return to deep sleep almost instantly, drastically reducing energy draw.

Did you know? Standard ESP32 boot sequences create a massive energy overhead. By reimplementing SPI communication within a wake stub, active time can be reduced to under 1 ms.

Optimizing Hardware for Efficiency

To maximize longevity, engineers are removing high-power-consumption components. This includes eliminating dedicated battery-charging ICs and accelerometers, which often draw unnecessary quiescent current.

The integration of specialized components, such as the TPS63900 buck-boost converter with a 75-nA IQ, allows devices to operate dynamically at voltages like 2.6V or 2.9V, ensuring that every micro-amp of harvested energy is used effectively.

Solar-First Design: Beyond the Charging Cable

We are seeing a return to the philosophy of 90s solar digital watches, but with modern smart capabilities. The trend is shifting toward “solar-first” operation, where a solar cell is not just a secondary charger but the primary power source maintaining a small battery.

By pairing a solar cell with a modest 100mAh battery, it is now possible to achieve an operational lifespan of 6 to 10 months. This eliminates the need for frequent plugging-in and reduces the device’s reliance on the power grid.

Pro Tip: To maintain precise timekeeping in ultra-low-power devices, implement manual drift calibration for the RTC. Targeting 1ppm (parts per million) ensures the watch remains accurate over months of operation.

The Evolution of E-Ink in Wearables

E-paper displays are becoming the gold standard for wearables where battery life is prioritized over high refresh rates. A 1.54-inch B/W e-Paper panel (such as the GDEH0154D67) provides high visibility with minimal power consumption.

The key to the next generation of E-ink devices is “ultra-fast partial updates.” Instead of refreshing the entire screen, which is energy-intensive, devices only update the specific pixels that change. This enables the device to remain in deep sleep whereas the display refreshes, further extending the battery life.

Integrating Specialized Off-Grid Connectivity

Future wearables are expanding beyond simple Bluetooth and Wi-Fi. The integration of LoRa (via transceivers like the Wio-SX1262) and GPS allows for communication and navigation in areas without cellular coverage.

This combination of LoRa, GPS, and solar power transforms a simple smartwatch into a resilient tool for outdoor and off-grid use, all while maintaining a compact 3D-printed form factor.

Open-Source Hardware and Community Iteration

The development of high-efficiency wearables is increasingly driven by open-source collaboration. Platforms like GitHub and Hackaday allow developers to share ESP-IDF firmware, EasyEDA hardware designs, and 3D printable models.

This community-driven approach allows creators to build upon existing projects—such as the SQFMI Watchy—to specifically target improvements in power efficiency and feature sets without increasing the physical size of the device.

Frequently Asked Questions

How long can a solar-powered E-ink watch last?

Depending on the design and solar supplement, devices like LightInk can operate for approximately 6 to 10 months on a 100mAh battery.

What is a wake stub in the context of ESP32?

A wake stub is a function pointer in the RTC memory that allows the processor to execute code immediately upon waking, bypassing the flash boot process to save time, and power.

Why use LoRa in a smartwatch?

LoRa provides long-range, low-power communication, making it ideal for wearables intended for off-grid use where Wi-Fi or cellular networks are unavailable.

Want to dive deeper into open-source hardware? Let us know in the comments which ultra-low-power features you’d want in your next wearable, or subscribe to our newsletter for more embedded engineering insights!

April 26, 2026 0 comments

Tech

NVIDIA GTC: The Future of AI is Open & Orchestrated Models

by Chief Editor March 30, 2026

written by Chief Editor

The Rise of the AI Orchestra: Why NVIDIA’s Huang Says Open and Proprietary AI Must Coexist

Artificial intelligence is rapidly evolving from a promising technology to the core infrastructure of businesses worldwide. But the future isn’t about a single, monolithic AI – it’s about a diverse ecosystem of models, both large and small, open and closed, generalist and specialist. This was the central message from NVIDIA founder and CEO Jensen Huang at a recent session on open frontier models at NVIDIA GTC.

Beyond Open vs. Closed: A Hybrid Approach

Huang emphatically stated that the debate isn’t about choosing between open and closed innovation. Instead, it’s about recognizing that both approaches are essential. “Proprietary versus open is not a thing. It’s proprietary and open,” he explained. This signals a shift in thinking, acknowledging the strengths of both models and the necessitate for collaboration.

The Need for Specialized AI Systems

Every industry faces unique challenges. Healthcare, finance, and manufacturing all require AI tailored to their specific data and workflows. A one-size-fits-all approach simply won’t operate. The solution? Systems of models, finely tuned and specialized for different tasks, working together to solve complex business problems.

NVIDIA is actively contributing to the open-source AI movement, now being the largest organization on Hugging Face, with nearly 4,000 team members. The company recently launched the NVIDIA Nemotron Coalition, a global collaboration of AI labs focused on advancing open, frontier-level foundation models through shared expertise and resources.

AI Agents: The Future of Work?

A key takeaway from discussions at GTC was the growing capability of AI agents. According to Cursor CEO Michael Truell, “We’re soon going to witness agents really be coworkers that can grab on tasks that take many hours or many days, and do incredibly complex workloads.” This suggests a future where AI handles increasingly sophisticated tasks, freeing up human workers to focus on more strategic initiatives.

Orchestrating the AI Ecosystem

Perplexity CEO Aravind Srinivas envisions a future where AI isn’t about selecting the “best” model, but rather orchestrating a “multimodal, multi-model and multi-cloud orchestra.” The system itself will intelligently delegate tasks to the most appropriate model, simplifying the process for users.

Trust and Accessibility Through Open Systems

Open systems are gaining traction due to their inherent trustworthiness and accessibility. AMP PBC’s Anjney Midha noted, “At the end of the day, you’re delegating trust…and it’s much easier to trust an open system.” This transparency fosters confidence and allows for wider adoption of AI technologies.

The Importance of Both Generalist and Specialist AI

Just as a hospital relies on both general practitioners and specialized surgeons, society needs both generalist and specialist AI. Open foundations combined with proprietary data allow organizations to unlock unique value and drive innovation in both academia and business. Ai2’s Hanna Hajishirzi emphasized that open access accelerates progress and democratizes AI, ensuring broader participation and benefit.

Black Forest Labs’ Robin Rombach added that both frontier models and specialized open models have exciting potential, and that all of them should have some open component.

FAQ

Q: What is the NVIDIA Nemotron Coalition?
A: It’s a global collaboration of AI labs working to advance open, frontier-level foundation models through shared expertise, data, and compute.

Q: What is the key message from Jensen Huang regarding open vs. Proprietary AI?
A: It’s not an either/or situation. Both open and proprietary AI are essential and should coexist.

Q: What role will AI agents play in the future?
A: They are expected to develop into highly capable coworkers, handling complex tasks and workloads.

Q: Why is specialization important in AI?
A: Different industries have unique challenges that require tailored AI solutions.

Watch the GTC session highlights on YouTube and start building with NVIDIA Nemotron open models.

March 30, 2026 0 comments

Business

PineTime Pro smartwatch to feature dual-core Cortex-M33 MCU, 2.13-inch AMOLED, GPS, and more

by Chief Editor March 30, 2026

written by Chief Editor

PineTime Pro: A Leap Forward for Open Source Smartwatches

Pine64’s upcoming PineTime Pro smartwatch is generating significant buzz, promising a substantial upgrade over the original PineTime. This isn’t just a spec bump. it represents a growing trend towards accessible, customizable wearable technology. The Pro boasts a dual-core Cortex-M33 MCU, a vibrant 2.13-inch AMOLED display, and integrated GPS – features previously unseen in the PineTime lineup. This move positions the PineTime Pro as a compelling alternative to mainstream smartwatches, particularly for developers and privacy-conscious users.

The Evolution of Open Source Wearables

The original PineTime, launched in 2019, quickly gained a dedicated following thanks to its open-source nature. The availability of firmware like InfiniTime demonstrated the community’s ability to enhance and adapt the device. However, the initial hardware had limitations. The PineTime Pro directly addresses these, offering a significant increase in processing power and memory – 800KB of SRAM, plus 8MB of PSRAM and 8MB of QSPI flash. This expanded capacity opens doors for more complex features and a smoother user experience.

Key Specifications and What They Mean

Let’s break down the key specs:

Dual-Core Cortex-M33 MCU: This processor provides a substantial performance boost over the original PineTime’s Cortex-M4.
2.13-inch AMOLED Display: AMOLED technology delivers richer colors, deeper blacks, and improved energy efficiency compared to the IPS display on the original PineTime.
Integrated GPS: A crucial addition for fitness tracking and navigation, eliminating the demand to rely on a connected smartphone.
Heart Rate & Blood Oxygen Sensor: Expanding health tracking capabilities.
Bluetooth 5.2: Offers improved connectivity and efficiency.

The inclusion of a 6-axis IMU (Inertial Measurement Unit) further enhances the device’s sensing capabilities, potentially enabling more accurate activity tracking and gesture recognition.

The Power of Open Source and Customization

Pine64’s commitment to open-source software is a major differentiator. Developers are already working on adapting existing firmware like InfiniTime and WaspOS to the PineTime Pro. The increased hardware capabilities should make it easier to add new features and optimize performance. Pine64 has also collaborated with a Chinese smartwatch manufacturer to develop a custom chip and will release the SDK to the community, fostering further innovation.

The potential for PebbleOS compatibility has also been mentioned, though no official port is currently underway. This highlights the ambition of the open-source community to bring a wider range of operating systems to the platform.

Beyond the Pro: A Dual-Product Strategy

Pine64 intends to continue supporting both the original PineTime and the PineTime Pro. This dual-product strategy allows them to cater to different user needs and price points. The original PineTime remains an attractive entry-level option, while the Pro targets users who demand more advanced features and performance.

What Does This Mean for the Future of Smartwatches?

The PineTime Pro exemplifies a growing trend towards more open and customizable wearable technology. Consumers are increasingly seeking alternatives to the closed ecosystems offered by major tech companies. The success of the PineTime Pro could encourage other manufacturers to embrace open-source principles and provide users with greater control over their devices.

The collaboration with a Chinese smartwatch manufacturer suggests a potential shift in the supply chain for wearable technology. By partnering with established manufacturers, Pine64 can leverage their expertise and resources to create more sophisticated devices.

Frequently Asked Questions

Q: When will the PineTime Pro be released?
A: A launch date hasn’t been announced yet, but Pine64 hopes to release it later this year.

Q: Will the PineTime Pro work with my existing PineTime accessories?
A: This information is not currently available.

Q: What operating systems will the PineTime Pro support?
A: It will initially support InfiniTime and WaspOS, with potential for PebbleOS compatibility in the future.

Q: Is the PineTime Pro waterproof?
A: Water resistance details have not been released.

Q: Where can I find more information about the PineTime Pro?
A: Visit the Pine64 announcement for the latest updates.

Pro Tip: Keep an eye on the Pine64 forums and community channels for the latest development updates and firmware releases.

Stay tuned for further updates on the PineTime Pro and the evolving landscape of open-source wearables. What features are you most excited about? Share your thoughts in the comments below!

March 30, 2026 0 comments

Tech

NVIDIA DRA Driver: Open Source AI Infrastructure for Kubernetes | KubeCon Europe 2026

by Chief Editor March 24, 2026

written by Chief Editor

NVIDIA Opens Up AI Infrastructure with Kubernetes Donation: A Shift Towards Collaborative AI

Artificial intelligence is rapidly becoming a cornerstone of modern computing, and Kubernetes has emerged as the dominant platform for managing AI workloads. Now, NVIDIA is taking a significant step towards fostering a more open and collaborative AI ecosystem by donating the NVIDIA Dynamic Resource Allocation (DRA) Driver for GPUs to the Cloud Native Computing Foundation (CNCF). This move, announced at KubeCon Europe, signals a shift from vendor-controlled governance to full community ownership, promising increased transparency, innovation, and accessibility.

What Does This Mean for AI Developers?

Historically, managing GPUs – the engines that power AI – within data centers has been a complex undertaking. The NVIDIA DRA Driver aims to simplify this process, offering several key benefits for developers. These include improved efficiency through smarter resource sharing, support for technologies like NVIDIA Multi-Process Service and Multi-Instance GPU, and the ability to scale AI infrastructure massively using NVIDIA Multi-Node NVlink. The driver provides flexibility, allowing dynamic reconfiguration of hardware, and precision, enabling fine-tuned requests for specific computing power.

Pro Tip: The NVIDIA DRA Driver’s support for NVIDIA Multi-Node NVlink is particularly crucial for training large AI models on next-generation systems like those powered by NVIDIA Grace Blackwell.

Expanding Security with Kata Containers

Beyond resource allocation, NVIDIA is also enhancing the security of AI workloads. In collaboration with the CNCF’s Confidential Containers community, NVIDIA has introduced GPU support for Kata Containers. These lightweight virtual machines provide a stronger isolation layer, protecting AI workloads and enabling organizations to implement confidential computing to safeguard sensitive data.

Industry Collaboration Fuels Innovation

NVIDIA isn’t acting alone. The company is collaborating with a broad range of industry leaders – including Amazon Web Services, Broadcom, Canonical, Google Cloud, Microsoft, Nutanix, Red Hat, and SUSE – to drive these features forward. This collaborative approach underscores the importance of a unified ecosystem for accelerating AI innovation.

“Open source will be at the core of every successful enterprise AI strategy,” says Chris Wright, CTO and SVP of global engineering at Red Hat. “NVIDIA’s donation of the NVIDIA DRA Driver for GPUs helps to cement the role of open source in AI’s evolution.”

Beyond the Driver: A Wave of Open Source Contributions

The donation of the DRA Driver is just one piece of NVIDIA’s broader commitment to open source. Recent contributions include NVSentinel, a system for GPU fault remediation, and AI Cluster Runtime, an agentic AI framework. The KAI Scheduler, NVIDIA’s AI workload scheduler, has been onboarded as a CNCF Sandbox project, further encouraging community involvement.

NVIDIA is also expanding the Dynamo ecosystem with Grove, an open source Kubernetes application programming interface for orchestrating AI workloads on GPU clusters. Grove integrates with the llm-d inference stack, aiming for wider adoption within the Kubernetes community.

Future Trends: The Rise of Collaborative AI Infrastructure

This move towards open source and collaborative development signals several key trends in the future of AI infrastructure:

Standardization: Open source projects like the NVIDIA DRA Driver will drive standardization in high-performance computing components, making it easier for organizations to build and deploy AI solutions.
Increased Accessibility: By simplifying GPU orchestration, NVIDIA is making high-performance computing more accessible to a wider range of developers, and organizations.
Enhanced Security: The integration of GPU support for Kata Containers highlights the growing importance of security in AI workloads, particularly as organizations handle increasingly sensitive data.
AI-Powered Infrastructure Management: Projects like AI Cluster Runtime demonstrate the potential of using AI itself to manage and optimize AI infrastructure.

FAQ

Q: What is the NVIDIA DRA Driver for GPUs?
A: It’s a software driver that allows for more efficient allocation and sharing of GPU resources within a Kubernetes environment.

Q: What is Kata Containers?
A: Lightweight virtual machines that provide enhanced security by isolating workloads.

Q: Why is NVIDIA donating this technology to the CNCF?
A: To foster a more open and collaborative AI ecosystem and accelerate innovation.

Q: Where can I learn more about NVIDIA’s open source projects?
A: Visit NVIDIA’s GitHub page for a comprehensive list of projects.

Did you know? NVIDIA Dynamo 1.0 is now available, and the company is actively expanding its ecosystem with projects like Grove.

Developers and organizations can begin using and contributing to the NVIDIA DRA Driver today. Explore the possibilities and join the growing community shaping the future of AI infrastructure.

March 24, 2026 0 comments

Newer Posts

Older Posts