• New round of GSoC: 2018

    GSoC goodies

    The other day Google published the list of accepted projects for this year round of Google Summer of Code. Many organizations were accepted, and there are 3 that are specially interesting to me: Netfilter, Wikimedia Foundation and Debian.

    read more

  • New job at Wikimedia Foundation

    Wikimedia Foundation logo

    Today it’s my first day working at the Wikimedia Foundation, the non-profit foundation behind well-known projects like Wikipedia and others.

    This is a full-time, remote job as part of the Wikimedia Cloud Services team, as Operations Engineer.

    read more

  • Installing spotify-client in Debian testing (Buster)

    debian-spotify logo

    Similar to the problem described in the post Google Hangouts in Debian testing (Buster), the Spotify application for Debian (a package called spotify-client) is not ready to run in Debian testing (Buster) as is.

    read more

  • Google Hangouts in Debian testing (Buster)

    debian-suricata logo

    Google offers a lot of software components packaged specifically for Debian and Debian-like Linux distributions. Examples are: Chrome, Earth and the Hangouts plugin. Also, there are many other Internet services doing the same: Spotify, Dropbox, etc. I’m really grateful for them, since this make our life easier.

    Problem is that our ecosystem is rather complex, with many distributions and many versions out there. I guess is not an easy task for them to keep such a big variety of support variations.

    read more

  • Running Suricata 4.0 with Debian Stretch

    debian-suricata logo

    Do you know what’s happening in the wires of your network? There is a major FLOSS player in the field of real time intrusion detection (IDS), inline intrusion prevention (IPS) and network security monitoring (NSM). I’m talking about Suricata, a mature, fast and robust network threat detection engine. Suricata is a community driven project, supported by the Open InfoSec Foundation (OISF).

    For those who doesn’t know how Suricata works, it usually runs by loading a set of pre-defined rules for matching different network protocols and flow behaviours. In this regards, Suricata has been always ruleset-compatible with the other famous IDS: snort.

    read more

  • Netfilter Workshop 2017: I'm new coreteam member!


    I was invited to attend the Netfilter Workshop 2017 in Faro, Portugal this week, so I’m here with all the folks enjoying some days of talks, discussions and hacking around Netfilter and general linux networking.

    The Coreteam of the Netfilter project, with active members Pablo Neira Ayuso (head), Jozsef Kadlecsik, Eric Leblond and Florian Westphal have invited me to join them, and the appointment has happened today.

    read more

  • About the OutlawCountry Linux malware


    Today I noticed the internet buzz about a new alleged Linux malware called OutlawCountry by the CIA, and leaked by Wikileaks.

    The malware redirects traffic from the victim to a control server in order to spy or whatever. To redirect this traffic, they use simple Netfilter NAT rules injected in the kernel.

    read more

  • Backup router/switch configuration to a git repository


    Most routers/switches out there store their configuration in plain text, which is nice for backups. I’m talking about Cisco, Juniper, HPE, etc. The configuration of our routers are being changed several times a day by the operators, and in this case we lacked some proper way of tracking these changes.

    Some of these routers come with their own mechanisms for doing backups, and depending on the model and version perhaps they include changes-tracking mechanisms as well. However, they mostly don’t integrate well into our preferred version control system, which is git.

    read more

  • Debunking some Debian myths

    Debian CUSL 11

    Debian has many years of history, about 25 years already. With such a long travel over the continuous field of developing our Universal Operating System, some myths, false accusations and bad reputation has arisen.

    Today I had the opportunity to discuss this topic, I was invited to give a Debian talk in the “11º Concurso Universitario de Software Libre”, a Spanish contest for students to develop and dig a bit into free-libre open source software (and hardware).

    read more

  • New in Debian stable Stretch: nftables

    Debian Openvpn

    Debian Stretch stable includes the nftables framework, ready to use. Created by the Netfilter project itself, nftables is the firewalling tool that replaces the old iptables, giving the users a powerful tool.

    Back in October 2016, I wrote a small post about the status of ntables in Debian Stretch. Since then, several things have improved even further, so this clearly deserves a new small post :-)

    read more

  • openvpn deployment with Debian Stretch

    Debian Openvpn

    Debian Stretch feels like an excellent release by the Debian project. The final stable release is about to happen in the short term.

    Among the great things you can do with Debian, you could set up a VPN using the openvpn software.

    In this blog post I will describe how I’ve deployed myself an openvpn server using Debian Stretch, my network environment and my configurations & workflow.

    read more

  • IPv6 and CGNAT


    Today I ended reading an interesting article by the 4th spanish ISP regarding IPv6 and CGNAT. The article is in spanish, but I will translate the most important statements here.

    Having a spanish Internet operator to talk about this subject is itself good news. We have been lacking any news regarding IPv6 in our country for years. I mean, no news from private operators. Public networks like the one where I develop my daily job has been offering native IPv6 since almost a decade…

    read more

  • Netfilter in GSoC 2017


    Great news! The Netfilter project has been elected by Google to be a mentoring organization in this year Google Summer of Code program. Following the pattern of the last years, Google seems to realise and support the importance of this software project in the Linux ecosystem.

    I will be proudly mentoring some student this 2017 year, along with Eric Leblond and of course Pablo Neira.

    read more

  • About process limits, round 2


    I was wrong. After the other blog post About process limits, some people contacted me with additional data and information. I myself continued to investigate on the issue, so I have new facts.

    I read again the source code of the slapd daemon and the picture seems clearer now.

    read more

  • About process limits


    The other day I had to deal with an outage in one of our LDAP servers, which is running the old Debian Wheezy (yeah, I know, we should update it).

    We are running openldap, the slapd daemon. And after searching the log files, the cause of the outage was obvious:

    read more

subscribe via RSS