On August 30th, my work on Ansible modules for managing Solaris/illumos networking was merged into ansible-modules-extras repository. This functionality will be available in the next release of Ansible. Following modules were contributed: dladm_etherstub dladm_vnic ipadm_if ipadm_prop flowadm This also marks a major milestone for automating the deployment of Solaris/illumos zones with Ansible. There already was a module for creating/deleting zones and manipulating their state - solaris_zone. However, there was not a way to manage the networking aspect of zones until now.
Introduction In this blog post, I will show how one can create a mirror of OpenIndiana IPS repositories. IPS repositories hold packages coming from multiple sources, most notably from illumos-gate and oi-userland. Every time user runs pkg update on his OpenIndiana installation, pkg contacts IPS repository to fetch catalog metadata and determines if there are any new updates available. If updates are available, pkg downoalds only changed files over HTTP. IPS application server is written in Python and CherryPy web framework.
After a while, my blog finally received love it deserved. The biggest change is that I migrated the blog from Octopress to Hugo, which is a fast static site generator written in Go. The overall feeling stayed the same, but the blog maintenance is much easier for me. I am still finding my way around Hugo, but so far it works nicely. Another change is that this site is being hosted on Github Pages.
I arrived at CCH in the afternoon and headed directly for NOC Review talk. Guys did really wonderful job, although the Wifi was a problem. I really liked some network facts: ~70 access points, great signal coverage 3059 concurrent wireless clients connected during peaks traffic usage of 8.2 Gbps 40% of traffic being IPv6 Video can be found here. The 29C3 was really nice experience and I will definitely return back to 30C3.
Third day of the Congress was filled with some number of interesting talks I visited. I started with a talk, in which I was interested the most - An Overview of Secure Name Resolution - DNSSEC, DNSCurve and Namecoin. Speaker gave great introduction into DNSSEC and also talked about its deployment rate. He also spoke DNSSEC’s use in amplification attacks and suitable countermeasures. DNSCurve and Namecoin was discussed as well. From this talk, it is clear that DNSSEC is the way forward.
I started this day with visiting talk by Axel Arnbak titled Certificate Authority Collapse. Axel talked about the current model being completely broken (nothing new in the security community) and that the change is needed. He described the DigiNotar incident. The European Union wants to address this issue by regulations, which do more harm than good. If the CA model is broken, it should be fixed technically and not by law.