Posts

  • What to expect in Debian 11 Bullseye for nftables/iptables

    Logo

    Debian 11 codename Bullseye is already in the works. Is interesting to make decision early in the development cycle to give people time to accommodate and integrate accordingly, and this post brings you the latest update on the plans for Netfilter software in Debian 11 Bullseye. Mind that Bullseye is expected to be released somewhere in 2021, so still plenty of time ahead.

    read more

  • Wikimania 2019 Stockholm summary

    Wikimania 2019 logo

    A couple of weeks ago I attended the Wikimania 2019 conference in Stockholm, Sweden. This is the general and global conference for the Wikimedia movement, in which people interested in free knowledge gather together for a few days. The event happens annually, and this was my first time attending such conference. Wikimania 2019 main program ran for 3 days, but we had 2 pre-conference days in which a hackathon was held.

    read more

  • Netfilter workshop 2019 Malaga summary

    Header

    This week we had the annual Netfilter Workshop. This time the venue was in Malaga (Spain). We had the hotel right in the Malaga downtown and the meeting room was in University ETSII Malaga. We had plenty of talks, sessions, discussions and debates, and I will try to summarice in this post what it was about.

    read more

  • The martian packet case in our Neutron floating IP setup

    Networking

    A community member opened a bug the other day related to a weird networking behavior in the Cloud VPS service, offered by the Cloud Services team at Wikimedia Foundation. This VPS hosting service is based on Openstack, and we implement the networking bits by means of Neutron.

    read more

  • Netfilter software in Debian Buster

    Logo Debian - Netfilter

    I would like to give a brief update on the status of Netfilter software packages for Debian Buster.

    Before getting into details, worth noting that back in 2016, I spearheaded the creation of a Debian packaging team to reunite all packaging efforts related to Netfilter software in Debian. The team materialized finally, but in practice every maintainer works in their own packages mostly.

    read more

  • Distributing static routes with DHCP

    Networking

    This week I had to deal with a setup in which I needed to distribute additional static network routes using DHCP.

    The setup is easy but there are some caveats to take into account. Also, DHCP clients might not behave as one would expect.

    read more

  • Things you can do with Debian: multimedia editing

    Debian

    The Debian operating system serves many purposes and you can do amazing things with it. Apart of powering the servers behind big internet sites like Wikipedia and others, you can use Debian in your PC or laptop. I’ve been doing that for many years.

    One of the great things you can do is some multimedia editing. It turns out I love nature, outdoor sports and adventures, and I usually take videos and photos with my friends while doing such activities. And when I arrive home I love editing them for my other blog, or putting them together in a video.

    read more

  • Netfilter Workshop 2018 Berlin summary

    Netfilter logo

    This weekend we had Netfilter Workshop 2018 in Berlin, Germany.

    Lots of interesting talks happened, mostly surrounding nftables and how to move forward from the iptables legacy world to the new, modern nft framework.

    In a nutshell, the Netfilter project, the FLOSS community driven project, has agreed to consider iptables as a legacy tool. This confidence comes from the maturity of the nftables framework, which is fairly fully-compliant with the old iptables API, including extensions (matches and targets).

    read more

  • New round of GSoC: 2018

    GSoC goodies

    The other day Google published the list of accepted projects for this year round of Google Summer of Code. Many organizations were accepted, and there are 3 that are specially interesting to me: Netfilter, Wikimedia Foundation and Debian.

    read more

  • New job at Wikimedia Foundation

    Wikimedia Foundation logo

    Today it’s my first day working at the Wikimedia Foundation, the non-profit foundation behind well-known projects like Wikipedia and others.

    This is a full-time, remote job as part of the Wikimedia Cloud Services team, as Operations Engineer.

    read more

  • Installing spotify-client in Debian testing (Buster)

    debian-spotify logo

    Similar to the problem described in the post Google Hangouts in Debian testing (Buster), the Spotify application for Debian (a package called spotify-client) is not ready to run in Debian testing (Buster) as is.

    read more

  • Google Hangouts in Debian testing (Buster)

    debian-suricata logo

    Google offers a lot of software components packaged specifically for Debian and Debian-like Linux distributions. Examples are: Chrome, Earth and the Hangouts plugin. Also, there are many other Internet services doing the same: Spotify, Dropbox, etc. I’m really grateful for them, since this make our life easier.

    Problem is that our ecosystem is rather complex, with many distributions and many versions out there. I guess is not an easy task for them to keep such a big variety of support variations.

    read more

  • Running Suricata 4.0 with Debian Stretch

    debian-suricata logo

    Do you know what’s happening in the wires of your network? There is a major FLOSS player in the field of real time intrusion detection (IDS), inline intrusion prevention (IPS) and network security monitoring (NSM). I’m talking about Suricata, a mature, fast and robust network threat detection engine. Suricata is a community driven project, supported by the Open InfoSec Foundation (OISF).

    For those who doesn’t know how Suricata works, it usually runs by loading a set of pre-defined rules for matching different network protocols and flow behaviours. In this regards, Suricata has been always ruleset-compatible with the other famous IDS: snort.

    read more

  • Netfilter Workshop 2017: I'm new coreteam member!

    nfws2017

    I was invited to attend the Netfilter Workshop 2017 in Faro, Portugal this week, so I’m here with all the folks enjoying some days of talks, discussions and hacking around Netfilter and general linux networking.

    The Coreteam of the Netfilter project, with active members Pablo Neira Ayuso (head), Jozsef Kadlecsik, Eric Leblond and Florian Westphal have invited me to join them, and the appointment has happened today.

    read more

  • About the OutlawCountry Linux malware

    netfilter_predator

    Today I noticed the internet buzz about a new alleged Linux malware called OutlawCountry by the CIA, and leaked by Wikileaks.

    The malware redirects traffic from the victim to a control server in order to spy or whatever. To redirect this traffic, they use simple Netfilter NAT rules injected in the kernel.

    read more

subscribe via RSS