Ubiquiti Security GateWay

So my trusty EdgeRouter LITE died a sad death recently. No data on the console and the ethernet ports flash green and then stick amber. This of course meant this site was down for a few days. This is a 3 port router. Each port handles 1 Gigabits of traffic. It’s perfect for connecting your ISP with your LAN with a spare port left over. This is a router for technical people, it’s not for others as the setup is tricky.
Read full post

GoAccess improvements and the importance of error checking

GoAccess is an open-source real-time web log analyzer. It sports curses and web interfaces. It looks really pretty and I like that :) Upstream has already accepted my patch to allow a build on NetBSD which is nice. However, there is still a serious issue - GoAccess burns a LOT of CPU. With older versions it wasn’t too onerous, but now it uses 4 threads and CPU was going through the roof on my poor web server.
Read full post

Happy New Year, Happy New Site

Welcome to the new blog for 2021! It’s powered by Hugo and I’ve selected the Geekblog theme to power it. This handily matches the Geekdoc theme to power my separated out project documentation. I did this because my blog was rapidy becoming a series of release annoucements and started to take away from my ramblings. It also opens up the possibility of allowing contributors to the project documentation while keeping my blog to me.
Read full post

Capsicum vs Pledge Final Thoughts

Following on from Capsicum vs Pledge Part 2 I thought I would post my final thougts on the topic as the development on these sandbox technologies draws to a close in dhcpcd. But first, let us discuss … The POSIX Resource Limited sandbox POSIX documents setrlimit(2). Disabling the ability to open new files, sockets, etc, or create new processes is actually pretty powerful. Thanks to the privsep dhcpcd now has to support both Capsicum and Pledge, this turned out to be pretty easy to implement.
Read full post

Capsicum vs Pledge in a Network Management Tool ... Part 2

A few days ago I posted about Capsicum vs Pledge in dhcpcd. Well, I finished the Capsicum integration yesterday so I thought I would take some time to revisit my findings. Capsicum is hard to develop for It’s either on or off. You can limit each FD with capabilites mode off, but I’m not sure what that gains as it’s mainly there to allow the FD to be used in the restricted world so we can treat it as either on or off really.
Read full post