http://hydra.azilian.net/blog Personal Blog Sat, 18 Oct 2025 23:04:22 +0000 http://backend.userland.com/rss092 en I was asked, what is the correct way to drop privileges in Linux. So here is a list of things I usually do, when implementing unprivileged sub process: fork in some cases you would also want to do these: clear the environment(leave only the ... http://hydra.azilian.net/blog/2020/07/dropping-privileges/ If you need to SNAT local processes over a specific interface(for example a tunnel) there are a few things you have to do and this artical describes the required steps. = Sysctls = net.ipv4.ip_forward=1 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0 More specific, you need to disable the rp_filter over the interface you are receiving the traffic. ... http://hydra.azilian.net/blog/2019/12/snat-local-process-over-specific-interface/ At the office we have this joke, that the shortest program, that produces "Segmentation fault" is: $ echo Segmentation fault (core dumped) Segmentation fault (core dumped) We had this joke, after a collegue of ours debugged that exact program for 20min, before he realized that it actually printed sefgault :) However, one of the ... http://hydra.azilian.net/blog/2019/11/the-shortest-segfault-program/ My new expensive toy just came to life :) localhost#show version Arista DCS-7050QX-32-F Hardware version: 02.11 Serial number: JPE1523XXXX System MAC address: 001c.73XX.XXXX Software image version: 4.14.5FX.2 Architecture: i386 Internal build version: 4.14.5FX.2-2328441.4145FX2 Internal build ID: ... http://hydra.azilian.net/blog/2017/09/arista-7050qx/ If you want to do A/B split testing with nginx, you usually are directed to the split clients module. However, most of us don't have this module compiled into their nginx installations and this usually results in using our code to do the actual A/B spliting. Here is how you can do ... http://hydra.azilian.net/blog/2017/07/ab-split-testing-in-nginx-without-additional-modules/ I'm using bird on my routers for a few years now, and every time I setup a new router I add these shell functions to help me monitor and debug network issues: function bgp_states { for i in $(birdc show protocols|sed 's/\s\+/|/g'|grep BGP); do ... http://hydra.azilian.net/blog/2017/04/bird-useful-shell-helpers/ I was featured at PerlAdvent calendar 2016 with my article about controlling Linux Containers with Perl The PerlAdvent calendar is a very nice way to countdown the days till Christmas :) http://hydra.azilian.net/blog/2016/12/perladvent/ Since CentOS 6.x is an old distro it lacks newer GCC and thus you can't use things like stack protector and some of the PAX security stuff :( What you can do however, is to install the SCL repo and from there the devtoolset-4: # yum install centos-release-scl.noarch centos-release-scl-rh.noarch # yum install devtoolset-4 ... http://hydra.azilian.net/blog/2016/11/building-grsec-kernel-on-centos-6x/ After yum or apt-get upgrade you are left with services that need to be restarted in order to start using the new libraries you have just upgraded. Sometimes you know what to restart but if you haven't done upgrade in a while it is highly possible that you can miss a ... http://hydra.azilian.net/blog/2016/11/find-what-services-need-to-be-restarted/ Yesterday I had a very interesting conversation about congestion control and how it affects long lived connections. So I decided to do a very simple comparison. I created a 100MB file(dd if=/dev/zero of=test-file bs=1M count=100). Scalable: test-file 100%[==============================================>] 100.00M 5.13MB/s in 23s 2016-02-28 19:40:55 (4.35 MB/s) - ‘test-file’ saved [104857600/104857600] Illinois: test-file 100%[==============================================>] ... http://hydra.azilian.net/blog/2016/02/congestion-control-mechanisms-compared/