Fri 11 September 2020
Thu 12 March 2020
Who do you trust? And do you trust them indefinitely far into the future?
If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.
In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.
Wed 15 May 2019
Mon 22 October 2018
Several people have asked me recently what hardware I would buy today for use as a home firewall.
- Partaker N3050 B5
- N3050 CPU
- no RAM (1 slot DDR3L up to 8GB)
- no SSD (room for mSATA + 2.5" SATA disk)
- 2 x gigE + wifi 802.11 b/g/n
- 2GB DDR3L RAM
- 2GB RAM
- Kingston 120GB mSATA SSD
- 120GB mSATA SSD
for a total of $176, including shipping. Links were accurate as of October 22, 2018.
This gets you a tiny box, similar in size to random commercial house router/firewall/wifi access points, which can run a standard Linux operating system with a complex firewall running at 1 Gb/s in and out, more RAM than strictly necessary, and an SSD which is both very large (and therefore can last a very long time) and boot the system quickly enough that you can do a reboot without losing TCP sessions.
I would also recommend a medium-sized USB thumb drive to set up as an emergency booting and backup device. Call it another $15 or so.
Sat 20 October 2018
Fri 21 September 2018
One problem: we have built an immense network of supercomputers that is essentially a Commons. An abuse of this Commons that would be ridiculously unprofitable if it had to be carried out by humans – say, an expected return of one one-hundredth cent per attempt – is highly attractive to unscrupulous actors …
Sun 12 November 2017
Wireguard is a new open source VPN system being initially developed on Linux. I have two major use cases for such a thing: site-to-site protection, and backhauling traffic from a laptop or phone to my house.
Small codebase, because there are very few options. For example, there …
Sun 11 June 2017
Mon 15 May 2017
Tue 28 February 2017
Sun 22 January 2017
Fri 13 January 2017
Wed 30 November 2016
Nintendo’s 3DS pocket-sized game system includes “Streetpass”, a method of sharing your high scores, Mii avatars and other game information with random strangers who also have 3DS systems. That includes the levels designed by Super Mario Maker, which are a few megabytes apiece.
The swap happens anonymously and automatically …
Tue 22 November 2016
Thu 29 September 2016