Someone just randomly joined my Tailnet
(reddit.com)
I think I became an owner of an organisation I don't own the domain of.
I think I became an owner of an organisation I don't own the domain of.
WiFi: "beamforming" only begins to describe it (2014)
(apenwarr.ca)
Wifi: "beamforming" only begins to describe it
Wifi: "beamforming" only begins to describe it
Apartment living to get worse in 5 years as 6 GHz Wi-Fi nears 'exhaustion'
(theregister.com)
Rapid growth in Wi-Fi use means the 6 GHZ band’s carrying capacity may soon be exhausted, according to CableLabs, the nonprofit networking think tank run by cable television operators.
Rapid growth in Wi-Fi use means the 6 GHZ band’s carrying capacity may soon be exhausted, according to CableLabs, the nonprofit networking think tank run by cable television operators.
Direct TLS can speed up your connections
(marc-bowes.com)
A few months ago, one of my Aurora DSQL teammates reported a curious finding.
A few months ago, one of my Aurora DSQL teammates reported a curious finding.
Should I Block ICMP?
(shouldiblockicmp.com)
Many network administrators feel that ICMP is a security risk, and should therefore always be blocked at the firewall. It is true that ICMP does have some security issues associated with it, and that a lot of ICMP should be blocked. But this is no reason to block all ICMP traffic!
Many network administrators feel that ICMP is a security risk, and should therefore always be blocked at the firewall. It is true that ICMP does have some security issues associated with it, and that a lot of ICMP should be blocked. But this is no reason to block all ICMP traffic!
How to Build an Anycast Network
(render.com)
Serving traffic as efficiently as possible, regardless of where it originates, is a critical requirement at Render. One answer to this challenge is to deploy a global fleet of servers to create an anycast network. What is an anycast network? What is it good for? How can you build your own? This post will answer all of these questions, but we’ll first need some background on the building blocks of global networking.
Serving traffic as efficiently as possible, regardless of where it originates, is a critical requirement at Render. One answer to this challenge is to deploy a global fleet of servers to create an anycast network. What is an anycast network? What is it good for? How can you build your own? This post will answer all of these questions, but we’ll first need some background on the building blocks of global networking.
The lack of a good command line way to sort IPv6 addresses
(utoronto.ca)
A few years ago, I wrote about how 'sort -V' can sort IPv4 addresses into their natural order for you.
A few years ago, I wrote about how 'sort -V' can sort IPv4 addresses into their natural order for you.
A Critical Look at "A Critical Look at MCP."
(docs.mcp.run)
I came across this post shortly after finishing support for the HTTP Streaming transport on mcp.run. After a week or so of banging my head against the matrix of OAuth RFC support and client transport support, I should be in a sympathetic frame of mind to receive a critique of the protocol. And yet! Here I am, defending MCP. After all, the good that interfaces do oft lay interred with their blemishes.
I came across this post shortly after finishing support for the HTTP Streaming transport on mcp.run. After a week or so of banging my head against the matrix of OAuth RFC support and client transport support, I should be in a sympathetic frame of mind to receive a critique of the protocol. And yet! Here I am, defending MCP. After all, the good that interfaces do oft lay interred with their blemishes.
Upgrading my 25gbit internet router to VyOS
(sschueller.github.io)
It has been a while since I setup my original router for my 25gbit internet connection. I decided it was time to upgrade but since I have some services running I did not want to be down for too long and purchased some new hardware which would allow me to experiment with VyOS without effecting my current setup.
It has been a while since I setup my original router for my 25gbit internet connection. I decided it was time to upgrade but since I have some services running I did not want to be down for too long and purchased some new hardware which would allow me to experiment with VyOS without effecting my current setup.
Jetrelay: A high-performance ATproto relay in 500 LOC
(asayers.com)
This post explains the design of jetrelay, a pub/sub server compatible with Bluesky’s “jetstream” data feed. Using a few pertinent Linux kernel features, it avoids doing almost any work itself. As a result, it’s highly efficient: it can saturate a 10 Gbps network connection with just 8 CPU cores.
This post explains the design of jetrelay, a pub/sub server compatible with Bluesky’s “jetstream” data feed. Using a few pertinent Linux kernel features, it avoids doing almost any work itself. As a result, it’s highly efficient: it can saturate a 10 Gbps network connection with just 8 CPU cores.
Setenv() isn't threadsafe and even safe Rust didn't save us
(geldata.com)
We're in the process of porting a significant portion of the network I/O code in EdgeDB from Python to Rust, and we've been learning a lot of very interesting lessons in the process.
We're in the process of porting a significant portion of the network I/O code in EdgeDB from Python to Rust, and we've been learning a lot of very interesting lessons in the process.
Forget IPs: using cryptography to verify bot and agent traffic
(cloudflare.com)
With the rise of traffic from AI agents, what’s considered a bot is no longer clear-cut.
With the rise of traffic from AI agents, what’s considered a bot is no longer clear-cut.
Show HN: Kasimba – Simple macOS app that converts Windows paths to SMB addresses
(github.com/taranntell)
A simple macOS application that converts Windows paths to SMB addresses. Useful for Mac users who need to access Windows network shares.
A simple macOS application that converts Windows paths to SMB addresses. Useful for Mac users who need to access Windows network shares.
Rustls Server-Side Performance
(memorysafety.org)
In past years, the Rustls project has been happy to receive substantial investments from the ISRG. One of our goals has been to improve performance without compromising on safety. We last posted about our performance improvements in October of 2024, and we're back to talk about another round of improvements.
In past years, the Rustls project has been happy to receive substantial investments from the ISRG. One of our goals has been to improve performance without compromising on safety. We last posted about our performance improvements in October of 2024, and we're back to talk about another round of improvements.
The FreeBSD-native-ish home lab and network
(antranigv.am)
For many years my setup was pretty simple: A FreeBSD home server running on my old laptop. It runs everything I need to be present on the internet, an email server, a web server (like the one you’ve accessed right now to see this blog post) and a public chat server (XMPP/Jabber) so I can be in touch with friends.
For many years my setup was pretty simple: A FreeBSD home server running on my old laptop. It runs everything I need to be present on the internet, an email server, a web server (like the one you’ve accessed right now to see this blog post) and a public chat server (XMPP/Jabber) so I can be in touch with friends.
Tailscale 4via6 – Connect Edge Deployments at Scale
(tailscale.com)
Tailscale lets you connect anything to anything — securely. But real-world deployments often come with messy networks: overlapping IPs, double NAT, and strict firewalls.
Tailscale lets you connect anything to anything — securely. But real-world deployments often come with messy networks: overlapping IPs, double NAT, and strict firewalls.
Show HN: MMORPG prototype inspired by World of Warcraft
(github.com/nickyvanurk)
Everwilds is a prototype and reference project that demonstrates how MMORPGs like World of Warcraft are programmed, focusing primarily on networking and netcode architecture.
Everwilds is a prototype and reference project that demonstrates how MMORPGs like World of Warcraft are programmed, focusing primarily on networking and netcode architecture.
Why is it so hard to find founders to bounce off ideas in city you are visiting?
(ycombinator.com)
I’m beyond frustrated, and I know I’m not alone. Every time I visit a new city—whether it’s for work, a conference, or just to explore—I try to connect with local founders to bounce ideas off, get feedback, or just nerd out about startups. But it’s like trying to crack a secret code. Unless you’re already in the “inside circle,” it feels impossible to get face time with anyone who’s actually building something cool.
I’m beyond frustrated, and I know I’m not alone. Every time I visit a new city—whether it’s for work, a conference, or just to explore—I try to connect with local founders to bounce ideas off, get feedback, or just nerd out about startups. But it’s like trying to crack a secret code. Unless you’re already in the “inside circle,” it feels impossible to get face time with anyone who’s actually building something cool.
WireGuard and Web UI and Adblock and DNS Caching
(github.com/nguyenanhung)
D.M ADS (Đ*t m3 advertising) is a fork of WireHole, which is a combination of WireGuard, PiHole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create and deploy a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities (via Pihole), and DNS caching with additional privacy options.
D.M ADS (Đ*t m3 advertising) is a fork of WireHole, which is a combination of WireGuard, PiHole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create and deploy a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities (via Pihole), and DNS caching with additional privacy options.
Open Hardware Ethernet Switch project, part 1
(serd.es)
One of my longest-running projects has been an open hardware Ethernet switch.
One of my longest-running projects has been an open hardware Ethernet switch.
eBPF Mystery: When is IPv4 not IPv4? When it's pretending to be IPv6
(gripdev.xyz)
This adventures starts with a simple eBPF program to transparently redirect DNS requests on port 53 for a single program (or docker container).
This adventures starts with a simple eBPF program to transparently redirect DNS requests on port 53 for a single program (or docker container).
Podfox: First Container-Aware Browser
(packett.cool)
A port conflict pushed me to abolish container port forwarding once and for all, making my Firefox talk to Podman's whole network. Also: containerizing dev environments for command-line addicts.
A port conflict pushed me to abolish container port forwarding once and for all, making my Firefox talk to Podman's whole network. Also: containerizing dev environments for command-line addicts.
QUIC restarts, slow problems: udpgrm to the rescue
(cloudflare.com)
At Cloudflare, we do everything we can to avoid interruption to our services. We frequently deploy new versions of the code that delivers the services, so we need to be able to restart the server processes to upgrade them without missing a beat. In particular, performing graceful restarts (also known as "zero downtime") for UDP servers has proven to be surprisingly difficult.
At Cloudflare, we do everything we can to avoid interruption to our services. We frequently deploy new versions of the code that delivers the services, so we need to be able to restart the server processes to upgrade them without missing a beat. In particular, performing graceful restarts (also known as "zero downtime") for UDP servers has proven to be surprisingly difficult.
Show HN: Using eBPF to see through encryption without a proxy
(github.com/qpoint-io)
Qtap: An eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.
Qtap: An eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.
Yggdrasil is an experimental compact routing scheme that is fully decentralised
(yggdrasil-network.github.io)
Yggdrasil is an experimental compact routing scheme that is fully decentralised and only requires a small amount of state to work.
Yggdrasil is an experimental compact routing scheme that is fully decentralised and only requires a small amount of state to work.
QUIC restarts, slow problems: udpgrm to the rescue
(cloudflare.com)
At Cloudflare, we do everything we can to avoid interruption to our services. We frequently deploy new versions of the code that delivers the services, so we need to be able to restart the server processes to upgrade them without missing a beat. In particular, performing graceful restarts (also known as "zero downtime") for UDP servers has proven to be surprisingly difficult.
At Cloudflare, we do everything we can to avoid interruption to our services. We frequently deploy new versions of the code that delivers the services, so we need to be able to restart the server processes to upgrade them without missing a beat. In particular, performing graceful restarts (also known as "zero downtime") for UDP servers has proven to be surprisingly difficult.
Cisco Pulls Together a Quantum Network Architecture
(nextplatform.com)
For decades, discussions around quantum computing has felt similar to family driving vacations, with someone in the back seat constantly asking “are we there yet?” And like those long drives, the answer usually has been “not yet, but soon,” with “soon” doing a lot of the work in the reply.
For decades, discussions around quantum computing has felt similar to family driving vacations, with someone in the back seat constantly asking “are we there yet?” And like those long drives, the answer usually has been “not yet, but soon,” with “soon” doing a lot of the work in the reply.