Axing the leap second is not science — it is a defeat against it
Blog post ⋮ November 2022
New After years of debate, leap seconds will be abandoned as of 2035. The decision calls for science to come up with a solution, where in fact, it is a total defeat - in order to protect an obsolete Unix design.
Insecurity by transparency
Blog post ⋮ February 2022
Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.
Configuring StrongSwan through swanctl.conf
Blog post ⋮ November 2021
StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.
Sending and processing ARP requests/responses using BPF (updated)
Blog post ⋮ November 2020
Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.
Prevent your OpenBSD shared-memory objects from being axed by daily(8)
Blog post ⋮ June 2020
The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.
Building an OpenBSD VPN server with iked and OpenSSL
Blog post ⋮ April 2020
OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.