How to block web browser-based localhost port-scans
Websites are port-scanning your localhost. Here’s how to stop random websites from knowing what services are running on your device.
Networking
P2P apps’ connection amnesia makes them less fault-tolerant
Peer-to-peer apps forget the IP addresses it communicated with in the last session and rely on peer-discovery all the time. Caching can make them more robust.
How to switch firewalls from FirewallD to UFW
A quick tutorial for migrating from FirewallD and getting started with the Uncomplicated Firewall (UFW).
Where are the managed IP-anycast VPS service providers?
VPS service providers have data centers located all over the world. You need managed anycast IP-addresses to direct users to the nearest VPS location.
How to disable outgoing mDNS broadcasts on Linux
Tutorial for quieting Multicast DNS using various firewall front-ends for Linux’s iptables firewall.
Distributed web not ready for Runet cutoff from the Internet
Russia to test disconnecting from the global Internet. Peer-to-peer distributed internet alternatives won’t survive after the Runet cutoff.
Enable both .onion and .i2p routing with Proxy Auto-Configuration
Two competing proxy anonymity proxy services can live side-by-side when configured with a PAC.
Android apps time out connections after setting up a PAC proxy
An over-aggressive power-savings system causes Android devices configured with a PAC proxy configuration file to lose networking.
Turkey blocks BunnyCDN; Ctrl blog and 14 000 websites inaccessible
Ctrl blog was inaccessible in Turkey for five days as the country blocks the BunnyCDN content delivery network.
Tor anonymity gateway-maker InvizBox chases VPN subscriptions down rabbit hole
InvizBox wants some of that sweet VPN subscription service revenue. Abandons Tor Onion network anonymity in favor of a more lucrative venture.
Scaleway seems too good to be true
The French VPS provider Scaleway doesn’t deliver promised features like IPv6, reverse DNS, or Linux distribution availability.
DNSLink and IPNS availability survey
I surveyed millions of websites to discover which domains were IPFS P2P DNSLink-enabled websites.
Why we need the distributed web
The web has become too centralized. The distributed peer-to-peer (P2P) web can help tear down the walled gardens erected by big tech companies.
How to monitor system bandwidth usage statistics with Darkstat
Set up network monitoring and measure bandwidth consumption using Darkstat on Fedora Linux with systemd service management.
Actually secure DNS over TLS in Unbound
Resolve a common DNS over TLS configuration mistake in the Unbound DNS server that makes you vulnerable to man-in-the-middle resolver interceptions.
What is Lenovo Wi-Fi Security and should you enable or ignore it?
Lenovo Wi-Fi Security sends information about your device and the networks it joins to an Isreali company called Coronet Cyber Security. But is it any good?
How to randomize DNS resolver selection in Knot Resolver
Improve your privacy by spreading DNS resolution requests out among many recursive DNS resolvers. No single provider will know all you do online.
VPN root certificates leaves you more vulnerable to snooping
Many VPNs require you to install their root certificates to use their service. This also enables them to intercept your encrypted web traffic.
How to work around the IKEv2 EAP authentication issue in Windows 10
Bugs in the Windows Settings app cause problem when setting up VPN connections with IKEv2 EAP authentication profiles.
How to get faster and more secure DNS resolution with Knot Resolver on Fedora
A tutorial for setting up a recursive DNS over TLS resolver with Know Resolver on Fedora Linux.
Certbot certificate renewals through a NAT+UPnP router
Set up Let’s Encrypt certificate renewals with Certbot punching-through a NAT router/firewall to reach the internet.
How to allow UPnP port mapping of 80 or 443 on MikroTik RouterOS
MikroTik RouterOS doesn’t allow mapping ports 80 or 443 over UPnP. Quite a few games need this port, though. Here is how to make it assignable.
Vilfo VPN router review: Conclusions – Part 4/4
The final part and conclusions in my review-series for the Vilfo VPN router. Is it worth the premium price tag?
Vilfo VPN router review: Not designed for security or privacy – Part 3/4
I found several privacy and security issues with the Vilfo VPN router during my review.
Vilfo VPN router review: Vilfo as a Wi-Fi access point – Part 2/4
The Vilfo VPN router has support for Wi-Fi but is too under-powered to serve as a Wi-Fi router.
Vilfo VPN router review: Overview and hardware – Part 1/4
The Vilfo router uses off-the-shelve hardware components but it isn’t top-grade stuff.
How to take back control of /etc/resolv.conf on Linux
Take manual control of your Linux system’s DNS resolution and keep programs from interfering with and overwriting your resolv.conf file.
Two steps backwards on IPv6 adoption in 2017
Ctrl blog lost IPv6 support after migrating to BunnyCDN. I lost IPv6 at home when migrating to Lynet Internett. I look back on other IPv6 issues in 2017.
Latest TP-Link updates resolve NTP data squandering firmware issue
TP-Link has issued firmware updates fixing its data-squandering NTP bug after my investigation. Devices won’t auto-update, however.
TP-Link repeater firmware squanders 715 MB/month
A design flaw in TP-Link Wi-Fi repeater firmware causes it to waste an excessive amount of bandwidth on NTP timekeeping. DDoS’ed public NTP servers in the process.
TP-Link serves outdated or no firmware at all on 30% of its European websites
Whether you get updated drivers for your TP-Link product or not depends on what country you’re checking from.
What is the difference between TP-Link RE650 and RE500? Firmware limits.
The TP-Link RE650 and RE500 are rated for different network speeds, but they’re really the same device.
Why is ‘IPv6 Control Message’ listed high in the Data usage report in Windows 10?
Windows 10 can show a background networking auto-configuration protocol as your device’s number one bandwidth hog.
What’s new in SSHGuard 2.1
New features and services in SSH brute-force protection utility SSHGuard version 2.1.
CDNSun, KeyCDN, and BunnyCDN; budget CDNs compared
Compare three budget content delivery networks to find which one gets you the most bang for your bucks.
Don’t register your domains with Automattic
I’d registered my Ctrl.blog domain with Get.blog. That service no longer exists and my domain was transferred to WordPress.com without notice.
How caching affects internet connectivity tests
An intermediary HTTP proxy-cache can interfere with how different devices detect whether they’ve got working internet access or not.
Review of IPFire as a home router
So is the Linux firewall distribution IPFire well suited as a home network router?
Trend Micro router security feature broke Steam
A “security feature” on my network router began blocking all downloads through Steam.
Network speed testing apps on Windows 10: Ookla or Microsoft?
Is Ookla Speed Test or Microsoft Network Speed Test the best for speed testing app for your Windows 10 device?
Review: ASUSWRT router firmware
A deep look at the ASUSWRT router firmware.
WordPress’ Jetpack plugin broke IPv6 support
Don’t blindly “cut off ports” after the first colon to “convert” a socket address (<IP>:<PORT>) to an IP address.
Review: Managed GeoDNS on a budget
A comparison review of six GeoDNS service providers. GeoDNS can help reduce latency by directing your website traffic to the nearest datacenter.
How to protect SSH remote login in Fedora with SSHGuard and FirewallD
Protect your Fedora/CentOS Linux-system against SSH brute-force credential-guessing with SSHGuard and FirewallD.
What’s new in SSHGuard 2.0
New features and services in SSH brute-force protection utility SSHGuard version 2.0.
How to enable, login to, or disable Microsoft SSH Server in Windows 10
Learn how to log in to and take control of Windows 10’s new SSH Server.
Tutorial: Configuring zones bound by source IPs in FirewallD
Set up source IP-specific or network-interface-bound firewall zones in FirewallD.
Linode DNS Manager pitfall: No TXT record normalization
Be wary when entering DNS TXT records in Linode DNS Manager.
Fix the Windows 10 Data usage report when it stops counting data
Plenty of third-party firewalls and similar programs can break Windows 10’s Data usage counting. Here is how to make it count your data again.
When is it necessary to reload the FirewallD configuration?
Why and when do you need to run the ‘firewall-cmd --reload’ command after making changes to your FirewallD configuration?
Syndication feed delta updates help reduce feed subscription bandwidth costs
Feed delta updates strip away feed entries that the subscriber has already download and only transmits the update delta consisting of new entries.
PHP: Making file_get_contents() more routing-robust and dual-stack
Make your network-based file_get_contents() request more reliable by having it not give up so easily and try multiple network routes and protocols instead.
Manage Wi-Fi latency and dynamic power-savings on Linux
You decide the balance between Wi-Fi network latency and power-savings using the new llwr utility.
How to tell if your Chromecast is connected via an Ethernet adapter or Wi-Fi?
Identify which network interface your Google Chromecast is using to connect to the internet.
Blindly deploying IPv6? Watch your sales!
OnePlay’s website is available over IPv6 through Cloudflare. However, its backend servers blocked my purchases as they weren’t IPv6 ready.
How to set up PHP-GeoIP with automatic location database updates in Fedora/Ubuntu
Set up auto-updating GeoIP databases and enable the PHP-GeoIP extension in your favorite Linux distributions.
Set up a seedbox via distributed BitTorrent (DHT)
Ensure reliable and long-term content distribution over BitTorrent with a dedicated seedbox.
IP addresses as an authentication factor in the era of device roaming and IPv6
Stop relying on IP addresses not changing in an IPv6-enabled world were devices randomly change their address at least once a day.
Netcraft anti-phishing toolbar breaks on IPv6 enabled networks
IPv6-capable websites can break the website security information displayed in the Netcraft anti-phishing toolbar for Firefox and Chrome.
IPv6 support finally arrive in Fail2Ban 0.10
The popular SSH server brute-force login guessing protection utility Fail2Ban has finally added IPv6 support.
Change the default SSH port in Fedora
Reduce brute-force password guessing and scripted attacks on your SSH service running on a Fedora Server by changing away from the default SSH port number.
InvizBox review: Tor anonymity in a box
How needs a Tor-enabled Wi-Fi access-point, anyway?
3 freemium website uptime monitoring services compared
A group review of the free tier of the three uptime-monitoring services Site24x7 vs StatusCake vs UptimeRobot.
Replace the problematic Broadcom Wi-Fi module with an Intel model
How to swap out a poorly supported Broadcom Wi-Fi module in a laptop with a better and more modern Wi-Fi module from Intel.
android.net.Uri breaks IPv6 addresses in the wrong places
Use Java APIs instead of Android’s URI API to avoid Android’s mishandling of IPv6 literal addresses.
mDNS and DNS-SD slowly making their way into Windows 10
Windows 10 is working on adopting widely deployed network-discovery protocols used by every other device class.
Avahi 0.6.32 enabling IPv6 and Windows 10 log-silencing
Popular mDNS-utility Avahi sees first update in three years address multiple issues.
Reset an Asus RP-AC52 Wi-Fi range-extender
How to factory-reset an Asus RP-AC52 Wi-Fi repeater. For whatever reason, ASUS doesn’t tell you how to do it in the manual.
Wi-Fi Sense in Windows 10 to reduce users’ network security
Windows 10 introduces a new feature that freely shares all your Wi-Fi passwords with your Outlook, Skype, and Facebook contacts.
It’s high time Apple enabled the OS X firewall by default
Microsoft got trashed by the security community for failing to deploy a firewall by default in Windows. Why are Apple products not given the same scrutiny?
Resolve the battle for control over your DNS settings in Debian/Ubuntu
Two programs struggle for control over your resolv.conf of you’ve installed Debian from an IPv6-capable network.