Oct 27 2012
OpenVPN is a free, open source, general purpose VPN tool which allows users to build secure tunnels through insecure networks such as the internet. It is the ideal solution to a wide range of secure tunnelling requirements, but it is not always immediately obvious how it should be deployed in some circumstances. Recently, a correspondent …
Permanent link to this article: https://baldric.net/2012/10/27/using-openvpn-to-bypass-nat-firewalls/
Sep 09 2012
I paid for a new VPS to run tor this week. It is cheaper, and offers a higher bandwidth allowance than my existing tor server so I may yet close that one down – particularly as I recently had trouble with the exit policy on my existing server. In setting up the new server, the …
Permanent link to this article: https://baldric.net/2012/09/09/iptables-firewall-for-servers/
Aug 21 2012
Back in 2009 I bought, on impulse, a D-Link DNS-313 thinking it was sufficiently similar to the 323 to enable me to install debian with some ease. As I noted at the time, however, I’d made a slight mistake and then had to settle for a compromise installation from a tarball rather than a full …
Permanent link to this article: https://baldric.net/2012/08/21/debian-on-a-dns-320/
Jul 31 2012
Even though I set my default search engine to anything but google (usually ixquick, but sometimes its sister engine at startpage) I have occasionally been caught out by firefox’s helpful attempts to intervene if I mistakenly enter a search option in the URL navigation field (or just hit return too early). Firefox’s default action in …
Permanent link to this article: https://baldric.net/2012/07/31/avoiding-accidental-google/
Jul 20 2012
Following a recent discussion about gpg key signing on my local linux user group email list, one of the members pointed out that several of us (myself included) were using rather old 1024-bit DSA GPG keys with SHA-1 hashes. He recommended that such users should upgrade to keys with a minimum size of 2048 bits …
Permanent link to this article: https://baldric.net/2012/07/20/gpg-key-upgrade/
Apr 16 2012
Some time ago my wife bought me a Sansa Sandisk Clip+ music player. When she asked me “what kind of MP3 player” I would like, I specifically specified the Clip+ because it could handle ogg vorbis encoded audio files. All my audio disks are encoded in this format. Picky I know, but there you go. …
Permanent link to this article: https://baldric.net/2012/04/16/rockbox-rocks/
Mar 24 2012
In January of this year I wrote about t-mobile’s apparent policy of actively looking for and blocking any TLS-secured SMTP sessions over their network. At the time I believed this to be a cockup rather than a deliberate policy. I still prefer to believe that, but the episode left a rather sour taste in my …
Permanent link to this article: https://baldric.net/2012/03/24/android-mail-client-is-broken/
Jan 22 2012
Moxie Marlinspike, a security researcher probably best known for his SSL proxy tool, likes google even less than I do. His googlesharing website says: “Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google …
Permanent link to this article: https://baldric.net/2012/01/22/moxies-proxy/
Jan 12 2012
When I first tested running a tails mirror on one of my VMs, the traffic level reported by vnstat ran at around 20-30 GiB per day. I figured I could live with that because it meant that my total monthly traffic would be unlikely to exceed my monthly 1TB allowance. However, when I checked the …
Permanent link to this article: https://baldric.net/2012/01/12/tails-in-a-spin/
Dec 19 2011
OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note. Firstly, X is not exactly a secure …
Permanent link to this article: https://baldric.net/2011/12/19/tunnelling-x-over-ssh/
Sep 27 2011
Upgrading the slugs to squeeze killed the webcam. At first I thought that squeeze was missing the necessary gspca drivers, but no, a quick look in /dev revealed an entry for video0 and “lsmod” reported “gspca_zc3xx” loaded correctly. This is a different driver to that which my camera loaded in lenny (spca5xx) but a quick …
Permanent link to this article: https://baldric.net/2011/09/27/webcam-mark-ii/
Sep 26 2011
Debian 6 (squeeze) has been the current stable version since February 2011. The latest version (6.02) was released in late June. I have put off updating my slugs from lenny (old stable) for a while because I wanted to see how others faired before committing myself. Indeed, initial reports on the debian arm list indicated …
Permanent link to this article: https://baldric.net/2011/09/26/squeezing-the-slugs/
Jan 24 2011
I have just added a couple of new plugins to this blog and tidied up some old cruft that I had been meaning to get around to for a while. One of the plugins I have added is a really rather good statistcs tool called Counterize II. It provides a very quick (and impressively comprehensive) …
Permanent link to this article: https://baldric.net/2011/01/24/wordpress-setup/
Sep 12 2010
I recently stumbled upon sig2dot, a gpg/pgp keyring graph generator. In fact this seems to have been around for some time, but I’d never come across it before. It can be used to generate a graph of all of the signature relationships in a GPG/PGP keyring, and, like other visualisation tools, this graphical image producing …
Permanent link to this article: https://baldric.net/2010/09/12/a-graphical-web-of-trust/
Aug 27 2010
I had a couple of comments on my earlier post about autossh which suggested that I should look at alternative mechanisms for keeping my ssh tunnel up. Rob in particular suggested that setting “ServerAliveInterval” should work. Oddly I had tried this in the past whilst trying out various configuration options and I swear it didn’t …
Permanent link to this article: https://baldric.net/2010/08/27/update-to-autossh-or-how-serveraliveinterval-makes-this-unnecessary/
Aug 01 2010
Since I first set up a remote tor node on a VPS about this time last year, I have played about with various configurations (and used different providers) but I have now settled on using two high bandwidth servers on different networks. One (at daily.co.uk) allows 750 Gig of traffic per month, the other (a …
Permanent link to this article: https://baldric.net/2010/08/01/autossh-or-how-to-use-tor-through-a-central-ssh-proxy/
May 03 2010
Adding valid email addresses to web sites is almost always a bad idea these days. Automated ‘bots routinely scan web servers and harvest email addresses for sale to spammers and scammers. And in some cases, email addresses harvested from commercial web sites can be used in targetted social engineering attacks. So, posting your email address …
Permanent link to this article: https://baldric.net/2010/05/03/email-address-images/
May 02 2010
If and when the teething problems in 10.04 are fixed and the distro looks stable enough to supplant my current preferred version, I will be faced with one or two usability issues. In this version, canonical have taken some design decisions which seem to have some of the fanbois frothing at the mouth. The most …
Permanent link to this article: https://baldric.net/2010/05/02/ubuntu-10-04-minor-and-some-not-so-minor-irritations/
Mar 31 2010
I back up all my critical files to one of my slugs using rsync over ssh (and just because I am really cautious I back that slug up to another NAS). Most of the files I care about are the obvious photos of friends and family. I guess that most people these days will have …
Permanent link to this article: https://baldric.net/2010/03/31/webdav-in-lighttpd-on-debian/
Mar 30 2010
My earlier problems with the sheevaplug all seem to have stemmed from the fact that I had installed Lenny to SDHC cards. As I mentioned in my post of 7 March, I burned through two cards before eventually giving up and trying a new installation to USB disk. This seems to have fixed the problem …
Permanent link to this article: https://baldric.net/2010/03/30/unplugged/
Mar 21 2010
I last posted about ripping DVDs to PSP format back in November 2007. Since then I have used a variety of different mechanisms to transcode my DVDs to the MP4 format preferred by my PSP. A couple of years ago I experimented with both winff and a command line front end to ffmpeg called handbrake. …
Permanent link to this article: https://baldric.net/2010/03/21/psp-video-revisited/
Mar 07 2010
I’m still having a variety of problems with my sheevaplug. Not least of which is the fact that SDHC cards don’t seem to be the best choice of boot medium. I have had failures with two cards now and some searching of the various on-line fora suggests that I am not alone here. In particular, …
Permanent link to this article: https://baldric.net/2010/03/07/plug-instability/
Feb 28 2010
Well this took rather longer than expected. I intended to write about my latest toy much earlier than this, but several things got in the way – more of which later. About three or four weeks ago I bought myself a new sheevaplug. The plug has been on sale in the US for some time, …
Permanent link to this article: https://baldric.net/2010/02/28/from-slug-to-plug/
Jan 23 2010
I own a bunch of different domains and run a mail service on all of them. In the past I have used a variety of different ways of providing mail, from simple pop/imap using dovecot and postfix, through to using the database driven mail service in egroupware. Recently I have consolidated mail for several of …
Permanent link to this article: https://baldric.net/2010/01/23/life-is-too-short-to-use-horde/