September 28, 2022
This site is one of a couple static sites I’ve been maintaining. I’ve been deploying them locally on filesystem with rsync, then hosting a webserver to present the content. I’ve been using Cloudflare for a couple years for DNS specifically.
Over time they have released a portfolio of interesting products, providing source for many of their implementations. They have also been outspoken in the public about the uncomfortable role they play in censorship.
...
May 4, 2022
For a deployment recently we wanted to create an out-of-band circuit with a root bridge on a server that had the IPMI/BMC of several edge devices connected to it. There was a complexity in that one of the BMCs was remote and was being made accessible via a transparent bridge that had an arbitrary vlan tag set. Maybe its embarrassing to admit, but for these edge devices there was a need to be able to see both ssh (ipmitool) and http (graphical kvm), so these were exposed via wireguard.
...
October 15, 2018
A while back I’d opined on spending a couple years moving around different service providers in search of a couple objectives. The objectives, in short, were:
to be able to use the upstream distribution media for installation rather than deploying a pre-packed image. to be able to use distribution kernels to be able to use full disk encryption The rational for these things can be generally argued against based on preferences that one may have for their ecosystems, but these were the primary things I’d wanted to find in a provider for a long time.
...
April 11, 2018
WireGuard aims to be as easy to configure and deploy as SSH. You establish a VPN connection by simply exchanging public keys, and the rest is transparently handled by WireGuard.
There are many other technologies, however wireguard is uniquley interesting for:
cryptokey routing: the first principles simply mapping public keys and sets of allowed addreses, making wireguard easier to grok for deployments. endpoints and roaming: also initial principles that facilitate NAT traversal and utilization of dynamic addressing through keepalives.
...
February 6, 2017
After several deployments of varying size and complexity, an offered opinion on the advantages and disadvantages of choosing Ubiquiti hardware for your next project. Originally written in early 2017, there are some updates from early 2018 relating to technical/ideological facets that have come up in the last couple years of operating Ubiquiti equipment. The article makes some assumptions:
You’re growing tired of that ddwrt or tomato router you’ve felt so cool operating for the last several years.
...
February 1, 2017
Choosing a hosting provider when you want the familiarity and trust of your native distribution resources is actually quite difficult. Many of the juggernaut providers offer features that require them to have control over your kernel and boot-loader. We assume for this article:
You want to use VPS as a medium because you need full backups and snapshots You want to install from distribution supplied media into your VPS You want to have block level backup (in case using FDE via LUKS/Geli) You’re somewhat familiar with VPS providers rolling their own Kernels and customizing distribution, and you’re a bit uncomfortable with it The Saga (past years) # This is long and rambly, sorry.
...