Syslog is unreliable – Use RELP instead

Assuming syslog guarantees message deliver is a common pitfall.

Neither syslog over TCP nor syslog over UDP implement any application layer confirmation of the receipt of any log messages. If anything occurs between the writing to the buffer or the sending of the log over the socket and the logs having been written to the disk on the receiver, those logs are permanently lost.

Continue reading “Syslog is unreliable – Use RELP instead”

pulseaudio module-echo-cancel beamforming

Here’s an example line for default.pa or similiar, or for running using pacmd. I haven’t tested it, but pulseaudio accepts this line just fine:

load-module module-echo-cancel use_master_format=1 aec_method=webrtc use_volume_sharing=1 aec_args=”analog_gain_control=0 digital_gain_control=1 beamforming=1 mic_geometry=-0.04,0,0,0.04,0,0 target_direction=4.71238898,0,0″ source_master=alsa_input.usb-046d_0821_FDA941A0-00.analog-stereo sink_master=alsa_output.pci-0000_43_00.1.hdmi-stereo-extra3 source_name=echoCancel_source sink_name=echoCancel_sink

Needs LC_NUMERIC=C in environment to be able to correctly read the mic_geometry. Using commas instead of periods doesn’t work.
if you use systemd, just use a drop-in (e.g. create one using systemctl edit)

iptables best practices

  • Don’t use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
  • Set your INPUT and FORWARD policy to DROP.
  • Don’t set your OUTPUT policy to DROP unless you really know what you’re doing.
  • If you’re going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
  • Allow all traffic on lo.
  • You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
  • Don’t use iptables -L
  • DON’T USE IPTABLES -L
  • Use iptables-save instead of iptables -L.
  • Don’t use ifconfig or any of the net-tools.
  • Use iproute2 (ip address, ip link, ip route, ip rule, …)
  • Always read the man pages that are installed on the system you’re trying to use the corresponding software on.

Summary page of the Netfilter related resources

Summary page of the Netfilter related resources

 nftables is considered production ready since 2019-06-27