Perfectly reasonable security for GPG, SSH and password management using a Yubikey hardware device

Perfect security, if such a thing exists, probably involves a Faraday cage and no Internet connectivity. Increasing security usually comes at the cost of usability and if a computer system is so cumbersome to use that it isn’t used at all, then it serves no purpose. One must strike a balance between the two. I recently did, when I got myself a set of Yubikeys, a hardware authentication device. This is my setup for perfectly reasonable security.

Read More

GitBot - automating boring git operations with CI

Git is super useful for anyone doing a bit of development work or just trying to keep track of a bunch of text files. However as your project grows you might find yourself doing lots of boring repetitive work just around git itself. At least that’s what happened to me and so I automated boring git stuff using our CI system.

Read More

Validating data with YANG

Every now and then I hear about how difficult it is to use YANG to actually validate any data (we call this instance data). Since we in the TeraStream team do this quite a lot I thought I’d share how it can be done. This is using a process that we also employ in our CI pipeline.

Read More

Bootstrapping virtual Cisco XR routers

Cisco IOS XR virtual routers support something called CVAC which allows passing the initial configuration of the router via a virtual drive. It’s rather similar to Cloud-init, if you are familiar with that, or with what Juniper calls config-drive.

Read More

Free DDoS mitigation for all!

The number of DDoS attacks and the size of those attacks are ever-increasing and poses a threat to the Internet and in extension, our society. Without in-depth knowledge or prior experience, anyone can rent a DDoS botnet for tens of dollars an hour and attack anyone they wish with enough traffic to bring down the vast majority of potential targets on the Internet.

Read More

Cisco IOS XR 6.0 and YANG

IOS XR has featured a NETCONF interface for quite some time but it was only with the 5.3.0 release that Cisco coupled it with proper YANG modeled configuration and operational data. Before that they used XML Schema Definition (XSD) to describe the data transported over the XML agent / NETCONF interface.

Read More

NFV-Style DDoS mitigation using Snabb Switch

My employer arranged for a hack day last month. It meant anyone participating was free to hack on anything they wanted and at the end of the day we got to present our work during a 2 minute flash presentation to our colleagues as well as a number of students from KTH’s (Royal institute of technology) computer science program.

Read More