Page MenuHomePhabricator

cwadge (Chris Wadge)
User

Projects

User Details

User Since
Nov 13 2017, 9:38 PM (45 w, 1 d)

Recent Activity

Dec 19 2017

cwadge added a comment to T422: Packages server and downloads should be available via HTTPS.

Awesome. :) Let me know if you ever need an extra pair of hands on the infrastructure front.

Dec 19 2017, 8:17 PM · Infrastructure
cwadge added a comment to T422: Packages server and downloads should be available via HTTPS.

If you can at least get a strong hash sum of the ISO from the master, that should be sufficient regardless of where the binary is downloaded from. Of course, if the master is compromised, all bets are off.

Dec 19 2017, 8:08 PM · Infrastructure
cwadge added a comment to T422: Packages server and downloads should be available via HTTPS.

This begs the question about the mirror mechanism. My mirror supports TLS, but most don't.

Dec 19 2017, 7:56 PM · Infrastructure

Dec 16 2017

cwadge added a comment to T429: Pi-Hole or similar feature.

Sorry for the unsolicited feedback, but... BUT... ;-) Honestly, I think the way the Pi-Hole stack is put together does not lend itself well to a firmware-like platform like VyOS. In fact, personally I can't even suggest it for anything more than home use. Frankly, it's a bit cludgy on the back-end. Further, it increases the potential attack surface of your router, which is in general bad security practice. IMO the best course, even if by some twist of fate Pi-Hole WAS integrated into VyOS, would be to run Pi-Hole as a separate service. DNS is one of those things that's easy to run alongside routers; there's no compelling reason I can think of to run it ON the router. Buy a $35 Pi, run a tiny VM on existing hardware, etc. and serve that DNS server to DHCP clients via VyOS. That's my $0.02, adjusted for inflation.

Dec 16 2017, 11:11 AM · VyOS 2.0.x

Nov 28 2017

cwadge added a comment to V5: Should we keep web proxy functionality in base 1.2/1.3/2.0?.

Web proxies are relatively complex by nature and offer an attractive attack surface. I don't like having such software on routers at all, even if they are properly maintained. Better to relegate this functionality to a system which is external to the router.

Nov 28 2017, 11:34 PM · VyOS 1.3.x, VyOS 1.2.x
cwadge triaged T455: Add haveged package as Wishlist priority.
Nov 28 2017, 4:10 AM · VyOS 2.0.x, VyOS 1.2.x

Nov 13 2017

cwadge created T455: Add haveged package.
Nov 13 2017, 10:04 PM · VyOS 2.0.x, VyOS 1.2.x