Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.

Since this class of bug just bit me, I figured I would write it up in the nearly futile hope that it might prevent me from making it again.

This bug is most often evident when we have a software stack that has varying levels of configuration available in each layer, ranging from simple components that are either installed or not to complex components with configuration stored in files.

Today’s example is my home theater computer, which has these relevant layers:

forked-daapd is an audio streaming server and webclient for same; it offers compatibility with:

The scientific method goes boing.

1. Form a question.
2. Observe evidence.
3. Form hypotheses.
4. Create experiments.
5. Observe results.
6. Compare hypotheses.
7. Be critical.

The scientific method runs off the rails in step 2 and explodes into uncertainty in step 3. It turns out that observing evidence is rarely easy or straightforward: it’s a great big universe, and we’re all really puny. And “forming hypotheses” is synonymous with “make guesses” – potentially educated, informed guesses, but still a creative process that is likely to baffle AI for decades to come.

That brings us to today’s problem: why does Netflix hate me?

Work asks that I bring home an Apple laptop so that I maintain some sort of fluency with the systems that the majority of our employees use. For the last while this has been a 2011 MacBook Pro with 20GB of RAM and an SSD. The keyboard finally sputtered its way to an unusable state (most of the modifier keys, shift/ctrl/alt/command/option/super/meta/hyper…) were unpredictably triggering or failing to trigger) and I asked for a replacement.

“Whatever has a functioning escape key, please.”

So they signed out a 2015 MacBookPro to me. It has 8GB of RAM (not upgradable) and an SSD (ditto).

If you have a Linux system that was using systemd as its init system, and you changed it to something else, and now nearly everything is incredibly slow:

Remove libnss-systemd; check for and remove systemd options from /etc/nsswitch.conf.

As you will no doubt recall, that config controls the methods that the system uses for various lookups. Most things are files, which is to say the system should look in the appropriate config files. hosts is usually files followed by DNS. If you have Kerberos or LDAP or some other networked signon system, this is where it would be configured.

Who knew that systemd wanted control of that, too? Not I.

The Google Nexus 6P was an excellent phone, until it developed severe battery issues when it was about a year old. Google did me the courtesy of replacing it with the Pixel XL, which was a reasonably good phone until two years in, when it developed moderate battery issues which …

Centralized facilities are easier to manage. Centralized facilities are easier to control.

Distributed facilities are harder to manage, harder to control.

Centralized facilities need expensive, difficult redundancies to maintain function during a partial outage. Distributed facilities need coordination.

Centralized is cheaper than distributed if you don’t pay for the things that can make it reliable.

If a previously reliable gigabit connection is suddenly working at 100 Mb/s, you probably have a flaky cable. Replace it. Yes, I know it hasn’t moved in months or years so there can’t possibly be any mechanical stress. Kill it with scissors.

This is a reminder that spinning storage is still useful for large data dumps, media, backups, and other bulky things that you don’t need to change continuously.

But mostly, it’s cost-effective. The two current sweet spots for capacity/performance (assuming brand-name, non-sale, 7200RPM SATA3 3.5" disks) are at 4TB (about $75) and 10TB (about $270).

I also remind you that you want RAID for reliability, but it’s not backup by itself.

Via Rick Thomas on the Debian Users mailing list:

In any case, the solution I came up with is

apt-get --purge install -y sysvinit-core dbus- glib-networking- libgtk-3-0-
apt-get --purge autoremove

Note the trailing minus-signs on dbus- glib-networking- libgtk-3-0- These packages need to be deleted in the same pass as sysvinit-core …

It seems increasingly unwise to allow an Intel-made CPU to talk to the outside world. But the NUC-style machines are almost exclusively Intel. What should we do for a new firewall?

You’ll recall that I prefer firewalls to run Debian Stable, so that security updates are available promptly. While …

I recently ordered a dozen things from Amazon from six vendors. All the things were pretty technical – ethernet switches, fiber optic cables, transceivers, things like that. This is normal.

Four of the six vendors asked me to review their products. Two asked me multiple times over the same order.

Here’s my policy, and I urge you to consider the same one:

I will only leave a review on a commerce site if I have an unusual experience to report. An unusual experience is either surprisingly good or exceptionally bad. I won’t give any feedback for a transaction in which I paid the agreed amount of money, received the product in a reasonable time, and the product worked as expected.

Adding reviews outside of that policy has two negative effects: it adds useless noise to the review section, and it tends to inflate star-system grades.

Let’s name a thing: dominant data formats.

A data format is a specification for how to turn information into a digital encoding that a computer can work with, and of course how to reverse that back into a human-readable method.

A dominant data format is one that is used …

Somehow, without me being consciously aware of it, every device in the house that I use to play music has become capable of playing FLAC.

(FLAC is the Free Lossless Audio CoDec. A CoDec is a compressor/decompressor, a method of potentially squeezing lots of data into less data. Lossless …