Security

Router Upgrade From Hell

The day started with a plan. I would upgrade to the latest OpenWRT release with minimal disruption to the home internet, planning out the steps beforehand, and being careful not to totally mess things up. And as always reality had other ideas about how the day would go. The Original Plan I’m running OpenWRT on a PC Engines APU4 with way more disk space than it needs. The APU4 boots from the SSD like a traditional PC, not like a router booting from dedicated Flash storage, so I wasn’t sure exactly how the OpenWRT upgrade procedure would work and I wanted to make sure I had a working install to fall back on.

Overly Complex Doorbell

I wanted to add some kind of doorbell indication to my office, and was almost ready to start buying parts for wired doorbell sensor like this one on hackaday.com , but I wasn’t sure how well it would work with the Beagle Bone Black that’s running my digitemp sensor network in the garage. I’d have to run about 20’ of wire over to the sensor from the Beagle and that was bound to effect the reliability.

Hidden chat with Whonix and socat

Back in 2013 I wrote about using socat with Tor to setup a Hidden Service chat. It was pretty simple to setup and I wanted to see how much harder it would be to do with Whonix , since the Gateway handles Tor and the Workstation should run socat. Ends up it isn’t hard at all. On the Gateway you need to edit /usr/local/etc/torrc.d/50_user.conf (as root) and add a Hidden Service to it:
Running Whonix using QEMU as a user

Running Whonix using QEMU as a user

Whonix has released version 14.0.0.9.6 of their XFCE KVM build . Whonix is a Debian based operating system that routes all network traffic through the Tor network . It is included as part of Qubes OS or you can run disk images using your favorite virtualization solution. Their KVM release includes xml files for importing into libvirt , but sometimes that’s a bit too heavy of a solution and you want something simple where you don’t need to be root to set it up or run it.

Using OpenVPN on an iPhone

You are being tracked. It is now no secret that on every level your cellphone is being used to compromise your privacy. Not only are the cellphone providers injecting tracking headers they have been selling off your location data to 3rd parties with lousy website security . We have no way to know how much of this data was archived, or who may have access to it. There is no way to ensure that it is all deleted.
Setup oath ssh login on Fedora

Setup oath ssh login on Fedora

There are occasions where I’d like to be able to ssh to a system without using the password or having to setup a ssh key. Another alternative for authentication is the pam_oath module which allows you to use OATH applications like FreeOTP or Google Authenticator for 2-factor logins. Start by installing the required packages. This is specific to Fedora, other distributions will be similar but slightly different in fun and challenging ways.

https is now the default protocol

On June 5th the EFF called for people to ‘Reset the Net’ and do something to enhance their privacy on the net. I have put off switching to https for my sites because I host them using S3 and CloudFront , and up until recently it was extremely expensive to use a SSL certificate with your site. But now, thanks to SNI support in CloudFront , the cost is just slightly more than for http requests.