Recent Articles

1. Playing around with Kubernetes

   Containerizing an application and deploying to Kubernetes Engine on Google Cloud Platform

   For last weekend's coding exercise, I played around with Kubernetes Engine on Google Cloud Platform. GCP offers a nice trial period where you get USD300 worth of credits on top of the already free monthly resource allotments. Definitely …

2. Make DKMS sign kernel modules for secure boot on Ubuntu 16.04

   Ubuntu, DKMS and Secure Boot

   Starting with Ubuntu 16.04, the kernel will refuse to load unsigned modules. This is pretty reasonable from a security point of view; a chain of trust is established starting from a set of keys in the system ROM. The kernel will refuse any unsigned …

3. Wifidog 1.3.0 released!

   We released version 1.3.0 of the Wifidog gateway yesterday.

   Here's the changelog:

   • Add delta traffic stats (#211)
   • Add config options for popular servers (#78, #203)
   • Add SNI support for SSL (#226)
   • Add option to save pid file (#217)
   • Fix build with MUSL (#221)
   • Fix wolfSSL detection for --enable-cyassl …

4. Paper accepted at NAACL 2015!

   I am extremely happy to announce that a paper written by Yannick Versley and me was accepted at NAACL HLT 2015:

   Michael Haas and Yannick Versley (2015) Subsentential Sentiment on a Shoestring: A Crosslingual Analysis of Compositional Classification. In Proceedings of NAACL-HLT 2015.

   The submission is partially based on my …

5. Wifidog 1.2.1 released!

   We released version 1.2.1 of the Wifidog gateway yesterday. I'm extremely happy with this release. We put in lots of polishing and fixed a lot of bugs.

   Here's the changelog:

   • Fix build (#127, #128)
   • Integrate with Travis CI
   • Integrate with Coverity Scan
   • Fix several memory leaks and other …

6. Hardening Wifidog with Linux capabilities

   Hardening Wifidog

   Wifidog run as root and that's bad. The omnipotent superuser allows Wifidog to do absolutely everything on (and to) the system. An attacker who is able to remotely execute arbitrary code can easily take over the whole system.

   Capable of Less

   Enter Linux capabilities (man 7 capabilities). Capabilities …

7. Stunnel 5.14 in OpenWRT Chaos Calmer

   Stunnel 5.14 Update

   Somewhere along the way, I became the new maintainer for the stunnel package in OpenWRT.

   I had initially needed stunnel because my auth server for wifidog only speaks TLS. In my testing, I required a more version of stunnel (for some reason I forgot).

   At that …

8. Automated Load Testing for Wifidog

   Wifidog and the dreaded memory leaks

   I've recently made quite a few contributions to the wifidog project. It has been a lot of fun to see the project coming back to life after being almost dormant for the last couple of years. Now the bug tracker on Github is fuller …