March 29, 2024
For many years, VPN companies have advertised their VPNs as a necessary tool for all people who want to preserve their privacy.
For the same amount of time, I tried to explain to the people that this view made no sense if not for those company’s sales.
As an example, Onavo, a Meta subsidiary, used to advertise its services, highlighting that, among other advantages, using their product “protects your personal info”.
This claim would not be a problem by itself, but it becomes one when a court finds out that this is not actually true and that new courts documents seem to indicate that the behavior was worst than initially thought.
Read More 
March 19, 2024 - Krakow, PL
Read More March 15, 2024 - Bologna, IT
Read More February 6, 2024 - Gent, BE
Read More 
December 31, 2023
Since the merge of Quadlet in Podman, I’ve been moving multiple services to Podman Systemd services.
I find them to be easy to create, manage, and automate.
I recently migrated a complex system to Podman Systemd, where multiple processes write in a folder, and one process reads the folder’s content.
Before the migration, everything worked properly since all the processes were running natively on the machine with the same user.
After the migration, there were some permissions issues.
This issue allowed me to dive a little more deeply into the whole implementation of SELinux for containers and realize a few interesting things.
Read More 
September 18, 2023
One of the aspects that I have always loved about Ansible is that it integrates very nicely with the rest of the system where it is running.
For example, you can easily configure all the SSH configurations directly by changing the ~/.ssh/config file.
I’ve seen multiple cases where the SSH configuration file needs to be tweaked.
A case that comes up occasionally is an environment configured in a way that requires Ansible to use a different SSH key for each machine it manages.
I’m aware that this is not an ideal setup since it is not increasing the security as much as the person who came up with such a rule was expecting.
Still, it is a requirement that some companies have for various historical reasons and, usually, it is impossible or impractical to challenge.
However, the same process applies to any other SSH connection tweaking that can be performed in the SSH configuration file, such as proxies, ciphers, host checks, etc.
Read More 
February 24, 2023
A few weeks ago, I was doing a security check on one of my machines to ensure that everything was secure when I noticed that there were some ports open that I was surprised to find out.
The way I discovered those ports was by checking some ports with netcat (nc -zv IP_ADDRESS PORT).
I was expecting those ports to be closed, and I got surprised when netcat claimed to be able to connect to them.
Read More 
December 21, 2022
Back in April, I announced the availability of gopass in the Fedora repositories.
In the last few months, though, gopass had multiple releases, many of which arrived in Fedora 38 but not Fedora 37.
Since Fedora 38 will be released in a few months, most users are not using it, and therefore those releases are not directly benefitting those users.
The reason for the delayed update for Fedora 37 is that the dependencies of gopass changed in the course of those updates, and the Fedora process makes updating packages with many dependencies changes more painful than it could be.
Read More 
November 28, 2022
As discusse in a previous post, I use nebula to create a VPN connection between the various machines I use.
Usually what I really care about this setup is the ability of consuming services those machine expose on my nebula network.
When I travel, I prefer to proxy my data through my nebula network.
This allows me to not have to care about the limitations imposed in those networks, as long as I’m able to open my tunnel.
The second advantage I have, is that I can choose the location where my traffic leaves my VPN, since I have multiple machines in multiple nations.
Another advantage is that I can be sure that no data is visibile by the network manager, even if this is becoming less and less relevant, since the majority of the traffic is encrypted nowadays.
Read More 
October 10, 2022
Every so often, I have a conversation with someone, and we end up in a sub-conversation around the differences between products and technologies.
This phenomenon frequently happens to me because I consider a product and a technology two completely different things.
At the same time, many people use them interchangeably when discussing IT products and technologies.
I think this distinction’s value is clearly distinguishing the solutions that are resilient to a single entity failure and those that are not.
Suppose the producer of a product goes out of business or, for any reason, will not do additional business with you.
In that case, you lose the ability to buy that product and, sometimes, even use it completely.
This limitation does not apply to a technology since you should be able to access it, regardless of the specific vendor.
Read More 
(Fabio Alessandro Locati|Fale)'s blog