A Git repository simplifies the sharing of code to a team. Many teams opt to go the GitHub route but there might be an occasion when you need to spin up a quick repository that is only available to those team members working on your LAN.
When you need to deploy a Git repository on your LAN and you need to give other team members access to it, the goal is to do it quickly and securely. Thanks to git and Secure Shell (SSH), this isn’t nearly as challenging as you might think. And although this setup might not be an option for team members who work outside of your LAN, it’s great for a temporary repository offered to those within your company network.
How does it work? Let me show you.
What You’ll Need
To make this work, you’ll need the following:
A Linux machine with Git installed.
An SSH key pair.
A user with sudo privileges (if the minimum requirements aren’t installed).
That’s it. Let’s make some Git magic.
Installing Git
On the off-chance Git isn’t installed, here’s how you can take care of that:
Ubuntu-based distributions – sudo apt-get install git -y
Fedora-based distributions – sudo dnf Continue reading
The Secure Shell (SSH) isn’t just about allowing you to remote into servers to tackle admin tasks. Thanks to this secure networking protocol, you can also mount remote directories with the help of the SSH File System (SSHF).
SSHFS uses SFTP (SSH File Transfer Protocol) to mount remote directories to a local machine using secure encryption, which means the connection is far more secure than your standard FTP. As well, once a remote directory is mounted, it can be used as if it was on the local machine.
Consider SSHFS to be a more secure way of creating network shares, the only difference is you have to have SSHFS installed on any machine that needs to connect to the share (whereas with Samba, you only have to have it installed on the machine hosting the share).
Let’s walk through the process of getting SSHFS up and running, so you can securely mount remote directories to your local machine.
What You’ll Need
To make this work, you’ll need at least two Linux machines. These machines can be Ubuntu or Fedora-based, because SSHFS is found in the standard repositories for most Linux distributions. You’ll also need a user with Continue reading
By default (and design), Linux is one of the most secure operating systems on the planet. That doesn’t mean, however, that you can or should assume that the out-of-the-box experience gives you all the security you need.
I tend to assume this: If a computer is attached to a network, it’s vulnerable. You should always keep that in mind when considering the security of the desktop or server you are using and you should take any means possible to protect the data within and the data you transmit and receive.
At this point, you’ve probably heard of virtual private networks (VPNs). They’re everywhere. Of course, the VPNs of today aren’t exactly the same as the ones we used years ago. Back in the day, when you needed to connect to your company network (to access various resources), you connected to a VPN, and your local computer was treated as if it was a part of the remote network.
Although those types of VPNs are still in use across the globe, the type of VPN most people talk about today is more about privacy and security.
What Modern VPNs Do
Essentially, a modern VPN hides your IP address and Continue reading
At some point, you’re going to have a Linux server that includes directories that various users, developers, admins, or clients need to access from your network. If you depend on Linux, your best bet for this is Samba.
Samba is the Linux implementation of the
Imagine you’re developing an application for your internal network that requires a certain network speed to function properly. You could open a web browser and point it to one of the many network speed tests on the market but I’m sure you know what that does… it tests your connection to the outside world.
What if you’re looking to test the speed of your LAN itself? OpenSpeedTest comes in.
OpenSpeedTest is a free, open source HTML5 network performance estimation tool that doesn’t require any client-side software or plugin to function. Once deployed, the tool can be accessed from a standard, modern web browser. Even better, OpenSpeedTest can be deployed with Docker. It uses a combination of NGINX and Alpine Linux to use very little resources on your Docker server.
You can run OpenSpeedTest with or without
At some point in either your cloud- or container-development life, you’re going to have to share a folder from the Linux server. You may only have to do this in a dev environment, where you want to be able to share files with other developers on a third-party, cloud-hosted instance of Linux. Or maybe file sharing is part of an app or service you are building.
And because
TrueNAS SCALE might not be a distribution on the radar of most cloud native developers, but it should be. Although TrueNAS SCALE is, by design, a network-attached storage solution (based on Debian), it is also possible to create integrated virtual machines and even Linux containers.
TrueNAS SCALE can be deployed as a single node or even to a cluster. It can be expanded with third-party applications, offers snapshotting, and can be deployed on off-the-shelf hardware or as a virtual machine.
Gluster for scalable ZFS features and data management.
You’ll find support for KVM virtual machines, Kubernetes, and Docker.
Even better TrueNAS SCALE is open-source and free to use.
Latest Release
Recently, the company launched TrueNAS SCALE 22.12.1 (Bluefin), which includes numerous improvements and bug fixes. The list of improvements to the latest release includes the following:
SMB Share Proxy to provide a redirect mechanism for SMB shares in a common namespace.
Improvements to rootless login.
Fixes to ZFS HotPlug.
Improved Dashboard for both Enterprise HA and Enclosure management.
Continue reading
Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult.
That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration.
Take, for instance, the feature limitations found in the default NetworkPolicy, which are:
Policies are limited to a single environment and are applied only to pods marked with labels.
You can only apply rules to pods, environments, or subnets.
Rules can only contain protocols, numerical ports, or named ports.
When you add the Calico plugin, the Continue reading
Every so often, however, a new buzzword or acronym comes around that really has weight behind it. Such is the case with XDP (eBPF programming language to gain access to the lower-level kernel hook. That hook is then implemented by the network device driver within the ingress traffic processing function, before a socket buffer can be allocated for the incoming packet.
Let’s look at how these two work together. This outstanding example comes from Jeremy Erickson, who is a senior R&D developer with Sebastiano Piazzi on
Every network admin on the planet knows this dirty little secret: We’re running out of IPv4 addresses. This was an inevitability, given how wide-spread the network and network devices have become. Even on your LAN, you sometimes have to use subnetting, simply because you’ve found the devices on your massive enterprise network have gobbled up all the 192.68.1.x addresses.
It’s a problem.
Which is why IPv6 was developed. IPv6 offers a larger pool of addresses from which to use. The problem is that IPv6 isn’t nearly as easy to employ as IPv4. After all, 192.168.1.1 is much easier to remember than 0:0:0:0:0:ffff:c0a8:101.
But what’s a network administrator to do? Migrate all of those servers and various hardware devices from IPv4 to IPv6? In theory, yes, that is exactly what should happen. However, that’s not nearly as easy as one would like to think it would be. After all, you might have hundreds upon hundreds of devices and numerous locations. On top of which, there’s always that pesky DNS that must be updated (which could equate to downtime).
Oh, and let’s not forget that IPv6 is not backward compatible with IPv4. Why was this decision Continue reading
Imagine, if you will, you’re participating in a Eric Yuan has put a freeze on feature updates, in order to address the security issues. Zoom’s promise was to address the problem within the next 90 days, when Yuan said, “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”
Another writer for The New Stack, Jennifer Riggins Continue reading
The coming to the Linux kernel, much to the delight of Linux creator
“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,” Torvalds enthused, on the OpenVPN).
Another reason WireGuard is special is how it functions. Unlike the more complex competition, WireGuard functions in a similar fashion to SSH — by exchanging public keys. Once the keys have been exchanged and the connection made, there’s no need to manage connections or daemons, or be concerned about state or what’s going on under the hood.
For those that are interested in what’s going on under the hood, WireGuard makes use of the Curve25519, Poly1305, SipHash24, Jason Donenfeld’s prettysleepy1 from
Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered CVE-2019-9512 Ping Flood. This enables an attacker to send continual ping requests to an HTTP/2 peer, causing the peer to create an internal queue of responses. When this happens a server’s CPU and memory can be consumed, which can lead to a denial of service.
already issued patches that are found in the following builds:
Continue reading