I’ve been pretty happy with the Unifi wifi access points I picked up a few months back, but one of the things I hadn’t managed to replicate over my old setup was a guest wifi network.

If I went all-in and bought a Unifi router, this would probably be fairly trivial to set up. But I wanted to build on the equipment I already had for now. Looking at some old docs, I’d need to get trunked VLAN traffic to the APs to separate the main and guest networks.

A while back I bought some UniFi access points. I hadn’t gotten round to setting up the Network Controller software to properly manage them though, so thought I’d dig into setting that up.

Last week I gave a talk at Perth Linux Users Group about building IoT projects using Ubuntu Core and Snapcraft. The video is now available online. Unfortunately there were some problems with the audio setup leading to some background noise in the video, but it is still intelligible:

The slides used in the talk can be found here.

While working on a feature for snapd, we had a need to perform a "secure bind mount". In this context, "secure" meant:

1. The source and/or target of the mount is owned by a less privileged user.
2. User processes will continue to run while we're performing the mount (so solutions that involve suspending all user processes are out).
3. While we can't prevent the user from moving the mount point, they should not be able to trick us into mounting to locations they don't control (e.g. by replacing the path with a symbolic link).

The main problem is that the mount system call uses string path names to identify the mount source and target. While we can perform checks on the paths before the mounts, we have no way to guarantee that the paths don't point to another location when we move on to the mount() system call: a classic time of check to time of use race condition.

One of the options available when configuring the my ThinkPad was an Infrared camera. The main selling point being "Windows Hello" facial recognition based login. While I wasn't planning on keeping Windows on the system, I was curious to see what I could do with it under Linux. Hopefully this is of use to anyone else trying to get it to work.

The camera is manufactured by Chicony Electronics (probably a CKFGE03 or similar), and shows up as two USB devices: