Category: tips, tricks and howtos

using openvpn to bypass NAT firewalls

OpenVPN is a free, open source, general purpose VPN tool which allows users to build secure tunnels through insecure networks such as the internet. It is the ideal solution to a wide range of secure tunnelling requirements, but it is not always immediately obvious how it should be deployed in some circumstances. Recently, a correspondent …

Continue reading

Permanent link to this article: https://baldric.net/2012/10/27/using-openvpn-to-bypass-nat-firewalls/

iptables firewall for servers

I paid for a new VPS to run tor this week. It is cheaper, and offers a higher bandwidth allowance than my existing tor server so I may yet close that one down – particularly as I recently had trouble with the exit policy on my existing server. In setting up the new server, the …

Continue reading

Permanent link to this article: https://baldric.net/2012/09/09/iptables-firewall-for-servers/

debian on a DNS-320

Back in 2009 I bought, on impulse, a D-Link DNS-313 thinking it was sufficiently similar to the 323 to enable me to install debian with some ease. As I noted at the time, however, I’d made a slight mistake and then had to settle for a compromise installation from a tarball rather than a full …

Continue reading

Permanent link to this article: https://baldric.net/2012/08/21/debian-on-a-dns-320/

avoiding accidental google

Even though I set my default search engine to anything but google (usually ixquick, but sometimes its sister engine at startpage) I have occasionally been caught out by firefox’s helpful attempts to intervene if I mistakenly enter a search option in the URL navigation field (or just hit return too early). Firefox’s default action in …

Continue reading

Permanent link to this article: https://baldric.net/2012/07/31/avoiding-accidental-google/

gpg key upgrade

Following a recent discussion about gpg key signing on my local linux user group email list, one of the members pointed out that several of us (myself included) were using rather old 1024-bit DSA GPG keys with SHA-1 hashes. He recommended that such users should upgrade to keys with a minimum size of 2048 bits …

Continue reading

Permanent link to this article: https://baldric.net/2012/07/20/gpg-key-upgrade/

rockbox rocks

Some time ago my wife bought me a Sansa Sandisk Clip+ music player. When she asked me “what kind of MP3 player” I would like, I specifically specified the Clip+ because it could handle ogg vorbis encoded audio files. All my audio disks are encoded in this format. Picky I know, but there you go. …

Continue reading

Permanent link to this article: https://baldric.net/2012/04/16/rockbox-rocks/

android mail client is broken

In January of this year I wrote about t-mobile’s apparent policy of actively looking for and blocking any TLS-secured SMTP sessions over their network. At the time I believed this to be a cockup rather than a deliberate policy. I still prefer to believe that, but the episode left a rather sour taste in my …

Continue reading

Permanent link to this article: https://baldric.net/2012/03/24/android-mail-client-is-broken/

moxie’s proxy

image of googlesharing proxy

Moxie Marlinspike, a security researcher probably best known for his SSL proxy tool, likes google even less than I do. His googlesharing website says: “Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google …

Continue reading

Permanent link to this article: https://baldric.net/2012/01/22/moxies-proxy/

tails in a spin

When I first tested running a tails mirror on one of my VMs, the traffic level reported by vnstat ran at around 20-30 GiB per day. I figured I could live with that because it meant that my total monthly traffic would be unlikely to exceed my monthly 1TB allowance. However, when I checked the …

Continue reading

Permanent link to this article: https://baldric.net/2012/01/12/tails-in-a-spin/

tunnelling X over ssh

OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note. Firstly, X is not exactly a secure …

Continue reading

Permanent link to this article: https://baldric.net/2011/12/19/tunnelling-x-over-ssh/

webcam mark II

Upgrading the slugs to squeeze killed the webcam. At first I thought that squeeze was missing the necessary gspca drivers, but no, a quick look in /dev revealed an entry for video0 and “lsmod” reported “gspca_zc3xx” loaded correctly. This is a different driver to that which my camera loaded in lenny (spca5xx) but a quick …

Continue reading

Permanent link to this article: https://baldric.net/2011/09/27/webcam-mark-ii/

squeezing the slugs

Debian 6 (squeeze) has been the current stable version since February 2011. The latest version (6.02) was released in late June. I have put off updating my slugs from lenny (old stable) for a while because I wanted to see how others faired before committing myself. Indeed, initial reports on the debian arm list indicated …

Continue reading

Permanent link to this article: https://baldric.net/2011/09/26/squeezing-the-slugs/

wordpress setup

I have just added a couple of new plugins to this blog and tidied up some old cruft that I had been meaning to get around to for a while. One of the plugins I have added is a really rather good statistcs tool called Counterize II. It provides a very quick (and impressively comprehensive) …

Continue reading

Permanent link to this article: https://baldric.net/2011/01/24/wordpress-setup/

a graphical web of trust

I recently stumbled upon sig2dot, a gpg/pgp keyring graph generator. In fact this seems to have been around for some time, but I’d never come across it before. It can be used to generate a graph of all of the signature relationships in a GPG/PGP keyring, and, like other visualisation tools, this graphical image producing …

Continue reading

Permanent link to this article: https://baldric.net/2010/09/12/a-graphical-web-of-trust/

update to autossh – or how ServerAliveInterval makes this unnecessary

I had a couple of comments on my earlier post about autossh which suggested that I should look at alternative mechanisms for keeping my ssh tunnel up. Rob in particular suggested that setting “ServerAliveInterval” should work. Oddly I had tried this in the past whilst trying out various configuration options and I swear it didn’t …

Continue reading

Permanent link to this article: https://baldric.net/2010/08/27/update-to-autossh-or-how-serveraliveinterval-makes-this-unnecessary/

autossh – or how to use tor through a central ssh proxy

Since I first set up a remote tor node on a VPS about this time last year, I have played about with various configurations (and used different providers) but I have now settled on using two high bandwidth servers on different networks. One (at daily.co.uk) allows 750 Gig of traffic per month, the other (a …

Continue reading

Permanent link to this article: https://baldric.net/2010/08/01/autossh-or-how-to-use-tor-through-a-central-ssh-proxy/