Blog posts

How to merge: the overlooked key to a good git strategy

Blog post ⋮ January 2023

Amid debates on the optimal git strategy, an important aspect is often overlooked. It is not the strategy that determines the maintainability of your repository, but the way you handle your merges.

Axing the leap second is not science — it is a defeat against it

Blog post ⋮ November 2022

After years of debate, leap seconds will be abandoned as of 2035. The decision calls for science to come up with a solution, where in fact, it is a total defeat - in order to protect an obsolete Unix design.

Insecurity by transparency

Blog post ⋮ February 2022

Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.

Configuring StrongSwan through swanctl.conf

Blog post ⋮ November 2021

StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.

Sending and processing ARP requests/responses using BPF (updated)

Blog post ⋮ November 2020

Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.

Prevent your OpenBSD shared-memory objects from being axed by daily(8)

Blog post ⋮ June 2020

The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.

Building an OpenBSD VPN server with iked and OpenSSL

Blog post ⋮ April 2020

OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.