Daenney's blog

My home WiFi router is an ASUS RT-AC66U. It’s a great device with a tolerable manufacturer provided UI and quite a lot of advanced features. Though it’s marketed as a WiFi router I use it as a WiFi access point and switch, it doesn’t route. I have a Linux box that does that. Since a lot of my devices are wireless a lot of my traffic flows through my WiFi access point.

One of the issues I run into when running a server, at home or anywhere else, is the crazy amount of random attempts at SSH logins. My SSH configuration is strict enough that most of these attempts just die on the key exchange, they never even get past the handshake. Then there’s fail2ban ensuring you get temporarily blocked if you’re obviously trying to brute force anything. Looking at the auth.log a lot of these attempts stem from Russia, China, various other parts of Asia, Africa and South America.

My ISP (Telia) doesn’t do native IPv6 yet (like most ISPs unfortunately). However, they do support something called IPv6 Rapid Deployment, also known as 6rd. What it does is fairly simply, it encodes in the information you get from your ISP during a DHCPv4 chat the information needed to set up a 6to4 tunnel with an endpoint provided by your ISP. Getting native v6 would be the best but this is probably the closest I’m going to get in a while.

Over the past few months I’ve started to reassemble a home server. I managed to get a great server board with 2 Xeon E5’s and 128GB of ECC RAM (b/c why not?) and spent Saturday breaking in the hard drives, setting everything up to be nice and encrypted and so on. One of the things I like to have at home is a decent monitoring system. I’ve toyed with Prometheus before but never really used it.

This has been a hard blog post to write, but to me it feels like it’s been a long time coming. For the better part of the past 5 years my job and open source contributions have revolved a lot around Puppet. I’ve been a member of the community for a long time, contributing to a range of different projects and giving a variety of talks at associated events like Puppet Camps, Configuration Management Camp and PuppetConf.

Every now and then I find myself in discussions with people around which tools we should use for what job. This comes up especially often in the context of FOSS with regards to communication platforms. Do we use IRC, Slack, Gitter? Also, are mailing lists still a thing? Should we have a Discourse instead? Fairly often the reaction of people will be “no you can’t use Slack, use FOSS tools for FOSS projects”.

One of the things I find myself doing from time to time it to execute the whois command. This allows me to figure out to whom an IP(range) or domain belongs. However, when doing this on OS X, especially with IPv6 addresses I’m greeted with: $ whois 2a00:1450:400f:805::200e No match for "2a00:1450:400f:805::200e". >>> Last update of whois database: Tue, 07 Jun 2016 12:55:53 GMT <<< I figured I should explicitly ask it to treat this as IPv6 and found this in the man page:

I recently moved to a new place (because the rental market is cray cray here). Despite how annoying it is to move around a benefit of the new place is that it has fiber so I wasted no time and got a connection from Telia. I plugged in the ISP shipped router and while browsing through the admin interface I noticed an IPv6 address showed up. All excited I checked my devices but no one was getting v6 addresses assigned.

FOSDEM is a wonderful event. But as with any event with geeks people will try to sniff your traffic, mess with GSM, grab your credentials and what not. The best way to stay safe? Don’t bring electronics with you or have them in flight mode (laptop included). No Bluetooth, no WiFi, no GSM/3G/tethering, nothing. If that doesn’t sound all that practical there’s a few things you can do. Spin up a Streisand server so you can VPN all the things.

Update: I’ve long since given up on PGP. It’s just not worth it. Ignore this post. Over the years I’ve tried to use PGP multiple times. However, I’ve always failed miserably at managing keys and understanding the lifecycle involved. This is evident by searching the keyservers for my name, it’ll turn up a few rather idiotic and dubiously keys. None of them should be used except for one, 0x18D40820FA0EE03C. These failures with PGP are in part my fault for not correctly understanding what I was doing and part because of the horrendous UX of the gpg tools and the documentation that comes with it.