Jun 06 2020
My previous two posts discussed the need for encrypted DNS and then how to do it on a linux desktop. I do not have any Microsoft systems so I have no idea how to approach the problem if you use any form of Windows OS, nor do I have any Apple devices so I can’t …
Permanent link to this article: https://baldric.net/2020/06/06/encrypting-dns-on-android/
May 25 2020
In my last post I explained that in order to better protect my privacy I wanted to move all my DNS requests from the existing system of clear text requests to one of encrypted requests. My existing system forwarded DNS requests from my internal dnsmasq caching servers to one of my (four) unbound resolvers and …
Permanent link to this article: https://baldric.net/2020/05/25/encrypting-dns-with-dnsmasq-and-stubby/
May 06 2020
Any casual reader of trivia will be aware that I care about my privacy and that I go to some lengths to maintain that privacy in the face of concerted attempts by ISPs, corporations, government agencies and others to subvert it. In particular I use personally managed OpenVPN servers at various locations to tunnel my …
Permanent link to this article: https://baldric.net/2020/05/06/encrypting-dns/
Feb 27 2020
Well, I don’t think so. But for a while I was not entirely sure. Following the move last November of trivia from a VM on UK2’s datacentre in London to our new home on a faster VM on ITLDC’s network I have been making a variety of minor changes and doing some essential housework. One …
Permanent link to this article: https://baldric.net/2020/02/27/have-i-been-pwned/
Jan 22 2020
My move of trivia to a new VM last December prompted me to look again at my server configuration. In particular I wanted to ensure that I was properly redirecting all HTTP requests to HTTPS and that the ciphers and protocols I support are as up to date and strong as possible. Mozilla offers a …
Permanent link to this article: https://baldric.net/2020/01/22/tls-certificate-checks/
Jan 14 2020
I first started using Linksys NSLU2s (aka “slugs”) in early 2008. Back then I considered them quite useful and I even ran webservers and local apt-caches on them. But realistically they are (and even then, were) a tad underpowered. Worse, since Debian on the XScale-IXP42x hasn’t been updated for several years, the slugs are probably …
Permanent link to this article: https://baldric.net/2020/01/14/retiring-the-slugs/
Nov 28 2019
I have been using services from ITLDC for about three years now. I initially picked one of their cheap VMs based in the Netherlands whilst I was expanding my VPN usage, and frankly, I was not expecting much in the way of customer service or assistance for the very low price I paid. After all …
Permanent link to this article: https://baldric.net/2019/11/28/a-bargain-vps/
Jul 07 2019
In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …
Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/
Jun 26 2019
I have written about my use of OpenVPN in several posts in the past, most latterly in May 2017 in my note about the Investigatory Powers (IP) Bill. In that post I noted that all the major ISPs would be expected to log all their customers’ internet connectivity and to retain such logs for so …
Permanent link to this article: https://baldric.net/2019/06/26/one-unbound-and-you-are-free/
Dec 11 2018
It’s not often that I find myself agreeing with GCHQ, but ex GCHQ Director Robert Hannigan’s recent comments in an interview with the BBC Today programme struck a chord. Hannigan headed GCHQ from April 2014 until his resignation for family reasons last year. Whilst in post he pushed for greater transparency at the SIGINT agency. …
Permanent link to this article: https://baldric.net/2018/12/11/well-i-never/
May 12 2017
With the passage into law of the iniquitous Investigatory Powers (IP) Bill in the UK at the end of November last year, it is way past time for all those who care about civil liberties in this country to exercise their right to privacy. The new IP Act permits HMG and its various agencies to …
Permanent link to this article: https://baldric.net/2017/05/12/using-a-vpn-to-take-back-your-privacy/
Jan 24 2016
Last month Troy Hunt posted an interesting comment on his blog about the problems around the etiquette of allowing guests onto your home wifi network. In his post, Hunt notes that guests can be deeply offended at being refused access. This is understandable. If they are guests in your home then they are probably close …
Permanent link to this article: https://baldric.net/2016/01/24/guest-network/
Nov 10 2015
Yesterday, Kenneth Freeman posted a note to the tor-relays list drawing attention to a new resource called TorFlow. TorFlow is a beautiful visualisation of Tor network traffic around the world. It enables you to see where traffic is concentrated (Europe) and where there is almost none (Australasia). Having the data overlaid on a world map …
Permanent link to this article: https://baldric.net/2015/11/10/torflow/
Jul 30 2015
Dear Dave is at it again. Sometimes I worry about our PM’s priorities. Not content with his earlier insistence that UK ISPs must introduce “family friendly (read “porn”) filters”, our man in No 10 now wants to “see age restrictions put into place or these (i.e. “porn”) websites will face being shut down”. El Reg …
Permanent link to this article: https://baldric.net/2015/07/30/get-your-porn-here/
Aug 13 2014
My apologies that this is a few weeks late – but it still bears posting. John Oliver at HBO gave the best description of the net neutrality argument I have seen so far. Following that broadcast, the FCC servers were, rather predictably, overwhelmed by the outraged response from the trolls that Oliver set loose. Unfortunately, …
Permanent link to this article: https://baldric.net/2014/08/13/net-neutrality/
Apr 08 2014
This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …
Permanent link to this article: https://baldric.net/2014/04/08/heartbleed/
click image for full size