Security
OpenVPN DCO part of linux kernel Paid Members Public
openvpn dco will be part of linux kernel 6.16 - that's huge and you should have this on your radar to benefit from huge performance gains!
ingress-nginx 1.12 & allow-snippet-annotations Paid Members Public
If you need to use snippet annotations (why?) on ingress-nginx - you'll also need to adjust the annotation filtering.
Unexpected behavior of TUN devices in Kubernetes >= 1.31.3 Paid Members Public
Sometimes, security improvements in one project can cause problems in places nobody ever expected. In this case, we had to deal with one of these improvements.
Kubernetes, blockDevices & denied permissions Paid Members Public
Mounting (block)devices on containers might result in permission errors (Permission denied) if pods have applied a securityContext. It's possible to configure this on containerd and get both of best worlds - fast device access and reduced permissions on containers.
Linux kernel keyrings, container isolation and maybe some kerberos Paid Members Public
On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.
Create a TPM backed certificate request (on windows) Paid Members Public
Certificates are everywhere - sometimes you want to keep them even more secure than just on the filesystem (or operating system store). This guide shows how to create TPM backed certificates on windows.
Use openssl to verify certificates Paid Members Public
Certificates are essential for todays security needs. Sometimes it's required to revoke them, maybe because they are no longer needed or because they got even compromised. But how do you test manually if a certificate has been revoked?
pfsense - CRL has expired in openvpn server Paid Members Public
A few days ago we ran into an issue where pfsense appliances started to refuse openvpn connections by showing "CRL has expired" error messages. As it shows the reason is an overflow a date.