Activate swap more earlier in linux 6 and above

in linux 5
initial script
# Use half physical memory
memkb=$(awk '/MemTotal/ {print $2}' /proc/meminfo)

# must set minimum free memory watermark to __setup_per_zone_wmarks
minwater=$((memkb / 8))
if [ "$minwater" -gt 262144 ]; then
    minwater=262144
fi
sysctl -w vm.min_free_kbytes=$minwater
# low watermark = min watermark + distance, distance calculate from scale factor
sysctl -w vm.watermark_scale_factor=100
# setting 0 to 200 allows the system to more actively utilize compressed space
sysctl -w vm.swappiness=100
# read ahead 2^n page, n=0 page=1
sysctl -w vm.page-cluster=0

in linux 6
1. 
initial script as linux 5

Zram memory compress in embedded linux 5/6

1. Kconfing
gedit ~/linux-6.6.x/drivers/block/zram/Kconfig
choice
    prompt "Default zram compressor"
    ###default ZRAM_DEF_COMP_LZORLE
    default ZRAM_DEF_COMP_ZSTD
    depends on ZRAM

Web3 Smart Contract Escrow Payment Simulation (The best mechanism to reduce cross-border transaction defaults)

 The 2026 solution for "the absence of arbitration in disputes" is "Hybrid Arbitration." While Smart Contract Escrow (Code is Law) has fundamentally resolved the pain points of "payment default risks" in Open Account (O/A) transactions and the "contraction of bank L/C credit," the following is required to ensure this workflow operates smoothly in practice

System Configuration & Implementation Guide

https://wizard.openzeppelin.com/
Select Custom -> Access Control -> Ownable (Enabled) via OpenZeppelin Wizard.
click  [Open in Remix]
Remix'File Explore need 2 files
mockusdt.sol and mytech_escrow.sol

Quantum addition and operation in python and c++

############
###python###
############
from qiskit import QuantumCircuit, QuantumRegister, ClassicalRegister
from qiskit_aer import AerSimulator

def Half_Adder():
    #Half Adder: inputs q0,q1 -> outputs q2=Sum, q3=Cout#
    # Initialize local simulator
    sim = AerSimulator()

Zero-knowledge in Risc-V virtual machine(zkVM)

Ethereum has thousands of nodes, each potentially running on different hardware and different operating systems. Once a transaction is executed, all nodes must arrive at exactly the same result — otherwise consensus cannot be reached.
Node A (Linux x86)        ┐
Node B (macOS ARM)   ├──► Same Smart Contract → Results must be bit-for-bit identical
Node C (Windows x64)  ┘

SP1 is a zero-knowledge virtual machine (zkVM) developed by Succinct Labs. It is designed to prove the correct execution of programs compiled for the RISC-V architecture.

https://github.com/succinctlabs/sp1

Amd hardware signature TPM to prevent file tamper(anti-hacking)

1. linux defconfig
CONFIG_TCG_TPM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y

2.
preinstall openssl

3.download source
tpm2-tss-4.1.3.tar.gz
https://github.com/tpm2-software/tpm2-tss/releases

tpm2-tools-5.7.tar.gz
https://github.com/tpm2-software/tpm2-tools/releases

Linux LSM security hook flow

 //include/linux/types.h
struct hlist_head {
    struct hlist_node *first;
};

//lsm_hooks.h
struct security_hook_heads {
    struct hlist_head binder_set_context_mgr;
    struct hlist_head binder_transaction;
    struct hlist_head binder_transfer_binder;
    ...
    struct hlist_head secid_to_secctx; // Entry point for the secid_to_secctx linked list
    struct hlist_head file_permission; // Entry point for checking file permissions
    struct hlist_head inode_permission; // Entry point for checking inode permissions
    struct hlist_head task_alloc; // Entry point for checking process creation
    ...
};

Apparmor for linux 5 and above(anti-hacking)

apparmor 3.1.7 for linux 5.10 and 6.6 is the best
https://gitlab.com/apparmor/apparmor/-/releases

full source
https://gitlab.com/apparmor/apparmor/-/tree/master/libraries/libapparmor

1. ########### defconfig ###########
CONFIG_AUDIT=y

CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_PATH=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_DEFAULT_SECURITY_APPARMOR=y
CONFIG_LSM="lockdown,yama,apparmor"

# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_SECURITY_APPARMOR_PARANOID_LOAD is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_SAFESETID is not set
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_SECURITY_LANDLOCK is not set
# CONFIG_INTEGRITY is not set
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
# CONFIG_DEFAULT_SECURITY_DAC is not set

Defense hacker using overflow attack

#include <unistd.h>
#include <string.h>
#include <stdint.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys/socket.h>

int s_serverSocket;

void hacker_shell() {
    printf("The system has been taken over by hackers /bin/sh...\n");
}

void safe_handler() {
    printf("Safely end.\n");
}

struct NAS_Memory_Block {
    char* buffer;
    void (*error_handler)();
};

Deploy language models to embedded system

wget --continue https://huggingface.co/bartowski/SmolLM2-135M-Instruct-GGUF/resolve/main/SmolLM2-135M-Instruct-Q8_0.gguf
wget --continue https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-tiny.bin

git clone --recursive https://github.com/ggerganov/llama.cpp
git clone --recursive https://github.com/ggerganov/whisper.cpp
git clone --recursive https://github.com/skeskinen/bert.cpp