I've been asked by SEED4.ME VPN to investigate the package leakaging issue in their environment raised after delivering new VPN features for Apple devices.
We've agreed that we do want not only to solve this particular problem with Apple IPsec, but
to build a fence system which can completely eliminate any packet leaking problems in future caused by any bug, feature, misconfiguration etc.
I hope results of this small project can be useful for other engineers facing similar challenges.
Problem: packet leakage
Packets belonging to private IP address space shall not appear in the network interfaces which do not belong to private networks.
Typical example is VPS hosted in the cloud. If it sends packets addressed to private IP address space through its external NIC, it usually means that something wrong is happening.
More providers started to implement BCP38 RFC for defeating Denial of Service Attacks which employ IP Source Address Spoofing.
They block such packets and complain to VPS administrators.
When web site is updated on a regular basis (as it happens with blogs) it becomes important to automate the process of uploading site to the hosting. Using cpanel or FTP is boring and
The goal is to be able to sync the static-generated content (e.g., _site directory generated by Jekyll) with just one command. My post refers to Jekyll and hostgator but the
methods suggested are not limited to these platforms — they are applicable to any static-generated web content.
Recall that the closure of Greece's banks was caused by the ECB's decision to do the opposite of what Walter Bagehot taught, which that to steam a bank run,
the central bank should lend against collateral that, but for the crisis, is solid. In Grece fearful people have wanted cash, but the banks have little cash left.
The normal course of action would be for the banks to get cash from the central bank, pledging their investments as security for the loan. But after Athens declared a referendum,
the ECB said no further such loans should (for now) be given.
Martin's article has a plenty of interesting and valuable comments. However, in order to see bigger picture it makes sense to examine Bagehot's rule a little bit deeper.
You've created web site with Jekyll and are trying to post links to the social network of your choice. Oops! No summary appears under your link!
The reason is that the service needs metadata for the page.
Meta data helps in a lot of ways. Sharing in social networks is just one example. Don't think that if you do not use social networks, your web site does not need meta data.
I will summarize important meta tags and the ways to add them to Jekyll-based site. If you have something to add — don't hesitate and leave your feedback in the comments, pls!