Some Ubuntu 18.04 problems fixed today

Posted by Jesse Johnson on 13 February 2019, 8:00 pm

I’ve drafted but not published a long list of problems I’ve experienced with Ubuntu 18.04. In short it’s been one of the worst desktop releases of Ubuntu I’ve used. My experience on servers has been fine. Anyway I haven’t looked into the details of these patches but:

libwebkit2gtk-4.0-37:amd64 (2.22.6-0ubuntu0.18.04.1)
libjavascriptcoregtk-4.0-18:amd64 (2.22.6-0ubuntu0.18.04.1)

These package releases seem to have fixed some of my issues that have been present since May 2018. In particular Liferea has been broken on my desktop for that long. Better late than never I guess.

Shopping for a wired router

Posted by Jesse Johnson on 9 February 2019, 9:08 pm

I’ve often run a wired router at the front of my network (well immediately behind the modem). The only other topology has been a linux server at the front of the network. Then I like a network behind that where a wireless router can live. I keep my wireless router turned off when not in use, which is an uncommon setup it seems. Anyway, for 1 network I’m managing I’m considering replacing the linux system with a wired router. Wired routers are not super popular for SOHO uses as mos tpeople seem to prefer a wireless router to do everything. Because there is not a huge market options can be limited. Here are some products I’ve investigated.

Specs:
- 4 gigabit ethernet ports
- cost <= $100
TP-Link TL-R600VPN
- I’ve had good experiences with TP-Link wired routers in the past. However, this router is believed to be vulnerable to VPNFilter malware so that makes it too risky at this time.
- TPLink routers affected by VPNfilter malware?
Ubiquiti ER-X
- I’ve had no first-hand experiences with Ubuquiti products.
- POE passthrough support.
Cisco RV042G
Grandstream GS-GWN7000
Cisco RV130
Research
Networking Companies Country of Operation
- TP_Link – China
- MicroTik – Latvia
- Cisco – United States
- Ubiquiti – United States
- GrandStream – United States
- TrendNet – United States
Other Products
- TRENDnet TW100-S4W1CA – 10/100 only
- D-Link – no gigabit products in price range
- Netgear – no gigabit products in price range
- Linksys LRT214 – outside price range
Further research
- There are many more options above $100.

Even More Facebook Awfulness

Posted by Jesse Johnson on 15 November 2018, 3:54 am

Making the Internet Better (For Yourself)

Posted by Jesse Johnson on 14 November 2018, 3:50 am

Install uBlock Origin in all of your web browsers
Configure uBlock Origin in each of your web browsers
- enable Fanboy’s Social Blocking List
- add the following to “My filters”
  - disqus.com
    disquscdn.com
    instagram.com
    twitter.com
    facebook.com
Enjoy a better internet

Recent Talks I’ve watched

Posted by Jesse Johnson on 30 October 2018, 3:55 am

Securing NTP Servers

Posted by Jesse Johnson on 17 October 2018, 4:18 am

Rarely am I using ntpd to serve ntp information. It is more useful for clock-correction than a strict ntp/sntp client. Thus I don’t want the service listening on a wildcard address, even when there is certainly a firewall in place. I prefer the service to not be listening at all, or listening only to the loopback interface. Here is how to configure that in ntpd and chrony.

ntpd

interface ignore wildcard

chrony

bindaddress 127.0.0.1
port 0
bindcmdaddress 127.0.0.1
cmdport 0

How can I make chronyd more secure?

NTP Servers

Posted by Jesse Johnson on 17 October 2018, 2:20 am

There are many NTP server implementations now. Here are some:

ntpd
chrony
ntpsec
openntpd
sntp clients
- systemd-timesyncd
- sntp
also:
- ntimed – appears abandoned

Resources:

Securing Network Time
- A security review of three NTP implementations
- concludes chrony is probably the best choice of ntpd, ntpsec, and chrony
A rift in the NTP world
Chrony: Comparison of NTP implementations
NTPSec: Differences from NTP Classic
NTPsec is not quite a full rewrite

I plan to give chrony a try.

More Facebook Awfulness

Posted by Jesse Johnson on 27 September 2018, 9:56 pm

Facebook Is Letting Job Advertisers Target Only Men
- Companies utilizing this feature: Uber, Boeing, T-Mobile
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
- ad-targeting using people’s phone numbers
prior reporting from Kashmir Hill:

Firefox Monitor

Posted by Jesse Johnson on 26 September 2018, 6:51 am

I’m quite happy with my initial use of Firefox Monitor. I’ve recommended it to family, friend, co-workers. I recommend signing up for continuous monitoring. Anyone who has had a password compromise should consider that password and permutations there-of to be public knowledge.

https://monitor.firefox.com/

For me the near constant data breaches we’ve seen in recent months is more evidence that strict regulation of retained personal information is necessary in the US and that it would be wise for more websites to consider whether storing passwords is even wise. I have argued that most websites should not be storing user passwords.

Blocking Countries By IP

Posted by Jesse Johnson on 25 September 2018, 6:44 am

This is not exactly the best strategy given that malicious actors probably have access to IP addresses from other countries. I was asked to research this and this is what I found.

High Tech Sorcery

Technology Indistinguishable From Magic