Category: networks and networking

encrypting DNS with dnsmasq and stubby

In my last post I explained that in order to better protect my privacy I wanted to move all my DNS requests from the existing system of clear text requests to one of encrypted requests. My existing system forwarded DNS requests from my internal dnsmasq caching servers to one of my (four) unbound resolvers and …

Continue reading

Permanent link to this article: https://baldric.net/2020/05/25/encrypting-dns-with-dnsmasq-and-stubby/

encrypting DNS

Any casual reader of trivia will be aware that I care about my privacy and that I go to some lengths to maintain that privacy in the face of concerted attempts by ISPs, corporations, government agencies and others to subvert it. In particular I use personally managed OpenVPN servers at various locations to tunnel my …

Continue reading

Permanent link to this article: https://baldric.net/2020/05/06/encrypting-dns/

have I been pwned?

Well, I don’t think so. But for a while I was not entirely sure. Following the move last November of trivia from a VM on UK2’s datacentre in London to our new home on a faster VM on ITLDC’s network I have been making a variety of minor changes and doing some essential housework. One …

Continue reading

Permanent link to this article: https://baldric.net/2020/02/27/have-i-been-pwned/

TLS certificate checks

immuniweb result

My move of trivia to a new VM last December prompted me to look again at my server configuration. In particular I wanted to ensure that I was properly redirecting all HTTP requests to HTTPS and that the ciphers and protocols I support are as up to date and strong as possible. Mozilla offers a …

Continue reading

Permanent link to this article: https://baldric.net/2020/01/22/tls-certificate-checks/

retiring the slugs

I first started using Linksys NSLU2s (aka “slugs”) in early 2008. Back then I considered them quite useful and I even ran webservers and local apt-caches on them. But realistically they are (and even then, were) a tad underpowered. Worse, since Debian on the XScale-IXP42x hasn’t been updated for several years, the slugs are probably …

Continue reading

Permanent link to this article: https://baldric.net/2020/01/14/retiring-the-slugs/

a bargain VPS

I have been using services from ITLDC for about three years now. I initially picked one of their cheap VMs based in the Netherlands whilst I was expanding my VPN usage, and frankly, I was not expecting much in the way of customer service or assistance for the very low price I paid. After all …

Continue reading

Permanent link to this article: https://baldric.net/2019/11/28/a-bargain-vps/

openvpn clients on pfsense

In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …

Continue reading

Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/

one unbound and you are free

I have written about my use of OpenVPN in several posts in the past, most latterly in May 2017 in my note about the Investigatory Powers (IP) Bill. In that post I noted that all the major ISPs would be expected to log all their customers’ internet connectivity and to retain such logs for so …

Continue reading

Permanent link to this article: https://baldric.net/2019/06/26/one-unbound-and-you-are-free/

well I never

It’s not often that I find myself agreeing with GCHQ, but ex GCHQ Director Robert Hannigan’s recent comments in an interview with the BBC Today programme struck a chord. Hannigan headed GCHQ from April 2014 until his resignation for family reasons last year. Whilst in post he pushed for greater transparency at the SIGINT agency. …

Continue reading

Permanent link to this article: https://baldric.net/2018/12/11/well-i-never/

using a VPN to take back your privacy

network diagram

With the passage into law of the iniquitous Investigatory Powers (IP) Bill in the UK at the end of November last year, it is way past time for all those who care about civil liberties in this country to exercise their right to privacy. The new IP Act permits HMG and its various agencies to …

Continue reading

Permanent link to this article: https://baldric.net/2017/05/12/using-a-vpn-to-take-back-your-privacy/

guest network

Last month Troy Hunt posted an interesting comment on his blog about the problems around the etiquette of allowing guests onto your home wifi network. In his post, Hunt notes that guests can be deeply offended at being refused access. This is understandable. If they are guests in your home then they are probably close …

Continue reading

Permanent link to this article: https://baldric.net/2016/01/24/guest-network/

torflow

Map graphic of Tor network traffic around the world

Yesterday, Kenneth Freeman posted a note to the tor-relays list drawing attention to a new resource called TorFlow. TorFlow is a beautiful visualisation of Tor network traffic around the world. It enables you to see where traffic is concentrated (Europe) and where there is almost none (Australasia). Having the data overlaid on a world map …

Continue reading

Permanent link to this article: https://baldric.net/2015/11/10/torflow/

get your porn here

Dear Dave is at it again. Sometimes I worry about our PM’s priorities. Not content with his earlier insistence that UK ISPs must introduce “family friendly (read “porn”) filters”, our man in No 10 now wants to “see age restrictions put into place or these (i.e. “porn”) websites will face being shut down”. El Reg …

Continue reading

Permanent link to this article: https://baldric.net/2015/07/30/get-your-porn-here/

net neutrality

My apologies that this is a few weeks late – but it still bears posting. John Oliver at HBO gave the best description of the net neutrality argument I have seen so far. Following that broadcast, the FCC servers were, rather predictably, overwhelmed by the outraged response from the trolls that Oliver set loose. Unfortunately, …

Continue reading

Permanent link to this article: https://baldric.net/2014/08/13/net-neutrality/

heartbleed

This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/08/heartbleed/

good news for tor

The past couple of days have seen a flurry of news stories about Tor. Some of the news has hit the mainstream media, some of it hasn’t. Yet. A couple of day ago, a rather plaintive post to the tor-talk mailing list read: “looking for a way to contact silk road.Site shut down.money at stake.” …

Continue reading

Permanent link to this article: https://baldric.net/2013/10/05/good-news-for-tor/