A community member opened a bug the other day related to a weird networking behavior in the Cloud VPS service, offered by the Cloud Services team at Wikimedia Foundation. This VPS hosting service is based on Openstack, and we implement the networking bits by means of Neutron.
I would like to give a brief update on the status of Netfilter software packages for Debian Buster.
Before getting into details, worth noting that back in 2016, I spearheaded the creation of a Debian packaging team to reunite all packaging efforts related to Netfilter software in Debian. The team materialized finally, but in practice every maintainer works in their own packages mostly.
This week I had to deal with a setup in which I needed to distribute additional static network routes using DHCP.
The setup is easy but there are some caveats to take into account. Also, DHCP clients might not behave as one would expect.
The Debian operating system serves many purposes and you can do amazing things with it. Apart of powering the servers behind big internet sites like Wikipedia and others, you can use Debian in your PC or laptop. I’ve been doing that for many years.
One of the great things you can do is some multimedia editing. It turns out I love nature, outdoor sports and adventures, and I usually take videos and photos with my friends while doing such activities. And when I arrive home I love editing them for my other blog, or putting them together in a video.
This weekend we had Netfilter Workshop 2018 in Berlin, Germany.
Lots of interesting talks happened, mostly surrounding nftables and how to move forward from the iptables legacy world to the new, modern nft framework.
In a nutshell, the Netfilter project, the FLOSS community driven project, has agreed to consider iptables as a legacy tool. This confidence comes from the maturity of the nftables framework, which is fairly fully-compliant with the old iptables API, including extensions (matches and targets).
The other day Google published the list of accepted projects for this year round of Google Summer of Code. Many organizations were accepted, and there are 3 that are specially interesting to me: Netfilter, Wikimedia Foundation and Debian.
Today it’s my first day working at the Wikimedia Foundation, the non-profit foundation behind well-known projects like Wikipedia and others.
This is a full-time, remote job as part of the Wikimedia Cloud Services team, as Operations Engineer.
Similar to the problem described in the post Google Hangouts in Debian testing (Buster), the Spotify application for Debian (a package called
spotify-client) is not ready to run in Debian testing (Buster) as is.
Google offers a lot of software components packaged specifically for Debian and Debian-like Linux distributions. Examples are: Chrome, Earth and the Hangouts plugin. Also, there are many other Internet services doing the same: Spotify, Dropbox, etc. I’m really grateful for them, since this make our life easier.
Problem is that our ecosystem is rather complex, with many distributions and many versions out there. I guess is not an easy task for them to keep such a big variety of support variations.
Do you know what’s happening in the wires of your network? There is a major FLOSS player in the field of real time intrusion detection (IDS), inline intrusion prevention (IPS) and network security monitoring (NSM). I’m talking about Suricata, a mature, fast and robust network threat detection engine. Suricata is a community driven project, supported by the Open InfoSec Foundation (OISF).
For those who doesn’t know how Suricata works, it usually runs by loading a set of pre-defined rules for matching different network protocols and flow behaviours. In this regards, Suricata has been always ruleset-compatible with the other famous IDS: snort.
I was invited to attend the Netfilter Workshop 2017 in Faro, Portugal this week, so I’m here with all the folks enjoying some days of talks, discussions and hacking around Netfilter and general linux networking.
The Coreteam of the Netfilter project, with active members Pablo Neira Ayuso (head), Jozsef Kadlecsik, Eric Leblond and Florian Westphal have invited me to join them, and the appointment has happened today.
Today I noticed the internet buzz about a new alleged Linux malware called OutlawCountry by the CIA, and leaked by Wikileaks.
The malware redirects traffic from the victim to a control server in order to spy or whatever. To redirect this traffic, they use simple Netfilter NAT rules injected in the kernel.
Most routers/switches out there store their configuration in plain text, which is nice for backups. I’m talking about Cisco, Juniper, HPE, etc. The configuration of our routers are being changed several times a day by the operators, and in this case we lacked some proper way of tracking these changes.
Some of these routers come with their own mechanisms for doing backups, and depending on the model and version perhaps they include changes-tracking mechanisms as well. However, they mostly don’t integrate well into our preferred version control system, which is
Debian has many years of history, about 25 years already. With such a long travel over the continuous field of developing our Universal Operating System, some myths, false accusations and bad reputation has arisen.
Today I had the opportunity to discuss this topic, I was invited to give a Debian talk in the “11º Concurso Universitario de Software Libre”, a Spanish contest for students to develop and dig a bit into free-libre open source software (and hardware).
Debian Stretch stable includes the nftables framework, ready to use. Created by the Netfilter project itself, nftables is the firewalling tool that replaces the old iptables, giving the users a powerful tool.
Back in October 2016, I wrote a small post about the status of ntables in Debian Stretch. Since then, several things have improved even further, so this clearly deserves a new small post :-)
subscribe via RSS