November 21, 2017

Decentralized HA

Last week was Hackweek 0x10 at SUSE and I worked in this idea about how we could  have a web available, even in the most difficult scenarios, i.e. on a DDOS Massive Attack on the DNS.

I've been playing with different ideas until I came across namecoin, a decentralized DNS based on bitcoin technology.

Then, I had this idea about combining it with DNS Round Robin for High Availability, and so have Decentralized DNS Round Robin for High Availability, or in short, Decentralized HA.

Thus, I downloaded the namecoin daemon and namecoin clients from and started syncronizing the blockchain network... which was terrible slow, 48h!

In the middle of that I got impatient and I just bought the "namecoin domain" jordia65.bit from, which will add such domain into the blockchain for you (kind of a service proxy if you can't wait for the whole blockchain to be downloaded).

Note you can not use any domain but a special zone domain, which is .bit. More at

Anyway,  after buying the domain, they also gave me good support, as my request was a bit special. I didn't want just jordia65.bit to map into an IP address, but to map to 2 IP adresses, to mimic what I would do with a classic DNS Round Robin setup, which would be to have at least 2 A records.

This is the domain in the namecoin blockchain:

The 2 IP addresses are real servers running in a cloud. Actually they are floating ip addresses, but that is another story.

Until here, all good. Then the fun started :) . The trick is to use a DNS daemon which queries the namecoin daemon. namecoin already provides that, which is called nmcontrol *

However, that daemon was not expecting 2 IP addresses per domain, and here is where I did my contribution:

With that, I was able to put down one of the servers and firefox redirected me to the other one automatically. And the whole beauty of this, is that this does not require a central server for storing neither the domain name nor the list of IP addresses to balance, and this list can also be updated on a decentralized way.

Since setting up all this can be a bit difficult for a "regular user", I also did some tests on setting up an http proxy, with apache2, so that the proxy will be the one trying to resolve the jordia65.bit domain ... and it worked :) ! Also the HA part.

Thus, you could set up your firefox to use that proxy and you would be able to browse .bit domains with high availability.

However, as you may have guessed, adding a proxy has a drawback, which is that it introduces a "single point of failure". If the proxy is taken down, you would not be able to reach any internet at all.

All this is "experimental" and so it will need some more testing and engineering, but all in all, I am very proud of the results and I had a lot of fun with this project :)

(*) Actually it seems nmcontrol has been deprecated in favor of , but nmcontrol was easier to hack.

July 24, 2017

Ruby gems security issues: Have hackers lost their interest?

Security issues on rubygems have decreased over time, from 93 in 2013 to 8 in 2017 (expected).

Is it because ruby programming community has gotten more mature? Are developers better? Or is it that hackers and researchers have lost interest?

Whatever it is, here you have the numbers:

*data from

July 18, 2016

Rails maintainer job

Hi! Do you know what is Rails? Do you also know what is an RPM? And more important, are you looking for a job?

If your answer is "yes", "yes" and "yes", check this job offer

We are looking for you!

March 9, 2016

The simplest package ever

From time to time I need to some tweaking of our packages and then I need a simple package that builds lightning-fast in order to test stuff.

This is the package I am using

Feel free to "fork" it.