Blog posts

Axing the leap second is not science — it is a defeat against it

Blog post ⋮ November 2022

New After years of debate, leap seconds will be abandoned as of 2035. The decision calls for science to come up with a solution, where in fact, it is a total defeat - in order to protect an obsolete Unix design.

Insecurity by transparency

Blog post ⋮ February 2022

Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.

Configuring StrongSwan through swanctl.conf

Blog post ⋮ November 2021

StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.

Sending and processing ARP requests/responses using BPF (updated)

Blog post ⋮ November 2020

Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.

Prevent your OpenBSD shared-memory objects from being axed by daily(8)

Blog post ⋮ June 2020

The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.

Building an OpenBSD VPN server with iked and OpenSSL

Blog post ⋮ April 2020

OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.