How to merge: the overlooked key to a good git strategy
Blog post ⋮ January 2023
Amid debates on the optimal git strategy, an important aspect is often overlooked. It is not the strategy that determines the maintainability of your repository, but the way you handle your merges.
Axing the leap second is not science — it is a defeat against it
Blog post ⋮ November 2022
After years of debate, leap seconds will be abandoned as of 2035. The decision calls for science to come up with a solution, where in fact, it is a total defeat - in order to protect an obsolete Unix design.
Insecurity by transparency
Blog post ⋮ February 2022
Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.
Configuring StrongSwan through swanctl.conf
Blog post ⋮ November 2021
StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.
Sending and processing ARP requests/responses using BPF (updated)
Blog post ⋮ November 2020
Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.
Prevent your OpenBSD shared-memory objects from being axed by daily(8)
Blog post ⋮ June 2020
The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.
Building an OpenBSD VPN server with iked and OpenSSL
Blog post ⋮ April 2020
OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.