Wireguard is insanely great. Modern crypto, lightweight, in-kernel, UDP for everything and seamless roaming if your IP changes. What’s not to love?
But if you are just starting out with it and have a strong TCP/IP and Linux background, you might appreciate a concise explanation. This attempts to be that.
Wireguard creates a virtual network interface, the first of which is called
wg0, which encrypts and decrypts traffic. The kernel retains a list of peers and associated public keys. If the kernel get a packet destined to one of the peers, it gets encrypted and sent via UDP to the…
Let’s just start this off by saying ziplines are dangerous and I’m far from an expert. Don’t attempt this on your own. However, if you choose to ignore this warning, don’t blame me if you hurt yourself or others. This is dangerous — you have been warned.
When I was little, my father built a zipline for my siblings and me. It was an adventure from the familiar confines of our side yard into the darkest tree tops of the untamed woods next door. We had the quintessential “sloping away” landscape that left the rider high up one of the…
Since the 90’s I’ve had a filesystem which I call “Vault”. It contains all the bits I really don’t want to loose. It includes documents, code, (including my first efforts from the 80's) audio and video recordings and most importantly my photo archive. (both digitally originated and scans of film based photos from pre-digital camera era) I keep a copy of the Vault on a live filesystem that is network accessible, usually on a software RAID. This is handy to both be able to access the bits and as a place to easily drop new data that should eventually reach…
Some media players handle subtitles well and others… not so much. Rather than leaving it to chance, I like to render the subtitles right into the video.
ffmpeg is an excellent tool for this.
ffmpeg if you don’t already have it. In OS X you can use brew.
brew install ffmpeg
Or use a package manager in Linux:
apt install ffmpeg
Either way, you want to make sure you have the
libass (Advanced Sub Station) renderer in there. Most package manager versions have this but if you are compiling from source you want to
A popular format for…
I spent some time overhauling my home network. There was no way I was going to settle for the default WiFi access point you get from an internet service provider. (Verizon in my case) My house is big enough to need more than one access point anyway and I run some local servers so I needed a bit more flexibility. Additionally, I’ve started to deploy some IoT devices, mostly related to home automation, so I wanted some isolation from my user network should a device spiral out of control. (flooding the network / general security issues) All of these things…
If you build Node.js HTTPS servers as much as we do, you’ll know how easy it is to get things going. But we were surprised to find that we could quickly add client x.509 certificate checking in just a few lines of code.
Typically HTTPS servers do a basic TLS handshake and accept any client connection as long as a compatible cipher suite can be found. However the server can be configured to challenge the client with a CertificateRequest during the TLS handshake. This forces the client to present a valid certificate before the negotiation can continue. …