Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.

Since this class of bug just bit me, I figured I would write it up in the nearly futile hope that it might prevent me from making it again.

This bug is most often evident when we have a software stack that has varying levels of configuration available in each layer, ranging from simple components that are either installed or not to complex components with configuration stored in files.

Today’s example is my home theater computer, which has these relevant layers:

One of my kids wanted a new computer badly enough to pay for most of it, and I have been wanting to upgrade the main house server for a year or so. Parts for both arrived this week.

forked-daapd is an audio streaming server and webclient for same; it offers compatibility with:

The scientific method goes boing.

1. Form a question.
2. Observe evidence.
3. Form hypotheses.
4. Create experiments.
5. Observe results.
6. Compare hypotheses.
7. Be critical.

The scientific method runs off the rails in step 2 and explodes into uncertainty in step 3. It turns out that observing evidence is rarely easy or straightforward: it’s a great big universe, and we’re all really puny. And “forming hypotheses” is synonymous with “make guesses” – potentially educated, informed guesses, but still a creative process that is likely to baffle AI for decades to come.

That brings us to today’s problem: why does Netflix hate me?

Work asks that I bring home an Apple laptop so that I maintain some sort of fluency with the systems that the majority of our employees use. For the last while this has been a 2011 MacBook Pro with 20GB of RAM and an SSD. The keyboard finally sputtered its way to an unusable state (most of the modifier keys, shift/ctrl/alt/command/option/super/meta/hyper…) were unpredictably triggering or failing to trigger) and I asked for a replacement.

“Whatever has a functioning escape key, please.”

So they signed out a 2015 MacBookPro to me. It has 8GB of RAM (not upgradable) and an SSD (ditto).

If you have a Linux system that was using systemd as its init system, and you changed it to something else, and now nearly everything is incredibly slow:

Remove libnss-systemd; check for and remove systemd options from /etc/nsswitch.conf.

As you will no doubt recall, that config controls the methods that the system uses for various lookups. Most things are files, which is to say the system should look in the appropriate config files. hosts is usually files followed by DNS. If you have Kerberos or LDAP or some other networked signon system, this is where it would be configured.

Who knew that systemd wanted control of that, too? Not I.

Suppose that you are sending out email to all of your customers, letting them know about a thing that you are sure they will want to know about. Then you decide to send it from a fake email address, one named “no reply” or similar. You have immediately eliminated a route for your customers to ask you questions about your thing.

What was the point of your announcement if not to generate interest in the thing? Don’t do that.

Send your announcement from an account that routes into your customer support ticket system (you do have one, right? if you have more than five customers, you need a ticketing system) and prepare your customer support staff with a list of answers to likely questions, and a way for them to contact the experts on the thing.

Every time you close a method of contact, you lose an opportunity to talk to your customers. If you don’t want to talk to your customers, maybe you shouldn’t be sending them email at all.

The Google Nexus 6P was an excellent phone, until it developed severe battery issues when it was about a year old. Google did me the courtesy of replacing it with the Pixel XL, which was a reasonably good phone until two years in, when it developed moderate battery issues which …

Centralized facilities are easier to manage. Centralized facilities are easier to control.

Distributed facilities are harder to manage, harder to control.

Centralized facilities need expensive, difficult redundancies to maintain function during a partial outage. Distributed facilities need coordination.

Centralized is cheaper than distributed if you don’t pay for the things that can make it reliable.

I was chatting (via work’s internal chat system) to a coworker, answering a question when the CFO came in and got my attention. I swivelled my head and greeted her while finishing my response.

“Were you really typing just then?” she inquired.

“Yes, until I dropped my train of thought when you came in.”

I’m not a classical touch-typist; I mostly use six fingers or so, and I don’t really keep them over the home row – rather, I have two or three hand positions that I can feel properly, and that’s where I type from. My speed would probably be improved if I practiced proper touch-typing, but on the other hand, maybe I would lose my ability to type the arcane symbols of computer incantations that are not so common in the mainstream typing systems.

Do learn some form of typing; it’s ever so much more convenient for getting your thoughts out.

If a previously reliable gigabit connection is suddenly working at 100 Mb/s, you probably have a flaky cable. Replace it. Yes, I know it hasn’t moved in months or years so there can’t possibly be any mechanical stress. Kill it with scissors.

Do you have an X11 application that insists on using a font you hate?

Change that easily with fontconfig.

This syntax in your .fonts.conf will change the response for one font into an answer from another:

<alias>
 <family>Gentium</family>
 <prefer>
  <family>Tex Gyre Pagella</family>
 </prefer>
</alias>

Add as many stanzas as you like; then run fc-cache and restart your application.

/785 days ago:/

First post. I should tell you a little bit about myself… blah, blah, blah, so I set up this wordpress account. I plan on updating once a week or so.

/784 days ago:/

I solved this obscure technical problem with a for-loop in bash. Now, the syntax …