Pi-hole DNS Server

Vote For Your Favorite New Pi-hole Logo - Pi-hole®: A ...
Network-wide Ad Blocking

I have had a Pi-hole set up near my cable modem for at least 1-2 years now? Time moves differently for me for the last 18 months. Regardless, my Pi-hole device just sits there, filtering out ads from the network. I highly recommend setting up a Pi-hole for your home. It’s cheap, easy, effective and efficient!

What is it?
A cheap Raspberry Pi computer with an SD card. Gets power from a phone charger and connects with a simple Ethernet cable. Runs passively without any fans at about 37 degrees C.

How do you use it?
You can set it up as a Wifi source, or you can add the IP address in your wifi settings for DNS server. Use the same IP address in your web browser to see a web interface. From there you can modify the whitelist/blacklist and see in real time how many ads are being rejected.

Pi-Hole on Docker using OMV Raspberry Pi 4 "Network Wide ...

How do you set it up?
There are many guides. Here is a good one:
https://www.instructables.com/Pi-Hole-Setup-Guide/

Essentially, what is involved?
You flash a linux OS for Raspberry Pi onto your SD card using something like the Balena Etcher. I prefer “dietpi”, which is a low resource Debian distro.
https://dietpi.com/
A simple 8GB or higher card will suffice. Then you install Pi-hole on it.

How do you maintain it?
Every now and then, it’s good to log into it with SSH and run a “sudo apt update/upgrade” (if you choose a Debian distro). That’s it.

I have over 4 million domains on my blocklist and it makes a HUGE difference when I load websites without Pi-hole DNS configured in my wifi settings.

Bonus: You can SSH into it and install lynx, mc and any other useful linux terminal programs and have fun with it. As a double-bonus, you could even host web services like subsonic or ftp using it!

Big Tech Monopolies

If you do not like the Big Tech stranglehold on the economy, your privacy and your free speech, there’s only one way to take that control back and it might be uncomfortable. But if you care at all about winning in this fight, it’s worth it. Here’s how:

Your wallet, your data, and your time.

Don’t give them your money, access to your data and any of your time! They will die on the vine. This means not having/using a google account. This means carrying a flip phone when you travel outside the home. This means not using apps on IOS and Android that have full access to your contact list, camera, SMS messages, etc. This means canceling your social media accounts. By all means, never give these oligarchs your money! That includes cloud data usage, app purchases, online movie rentals, stock purchases, etc. If you say to yourself, “who cares, I have nothing to hide”, you will fall prey to their Artificial Intelligence as they collect *all* of your data, from your intimate sleep patterns, political/religious beliefs, sexual orientation, shopping habits, etc. They will use all this information against you in many ways and control every aspect of your life!

Spend your money, and time somewhere else. Do business with people and companies you trust. Ditch IOS/Android “apps” and start using your browser if you can’t give up your “smart” phone. The Brave Browser is a great one. Start using a good VPN like the one offered by Proton VPN or Private Internet Access (not sponsored, just ones I use and trust). Use Linux on your home computer, even if that means having one computer for business and a Linux computer for personal use. We can fight the big tech monopoly but it only starts when we divorce ourselves from them.

My next cellphone

My next cellphone will not be an Apple iPhone.
I will not be using Google either.
After the app store app removals, de-personing, de-platforming, labeling, banning, demonizing, data-sharing, general manipulation and censorship by big tech companies like Facebook, Twitter, Google, Apple, Amazon and others, I’m OUT.

Once my current phones (an iPhone 11 and a Samsung Galaxy S9) run their course, I’ll be de-googling a Pixel or Moto phone, buying one from Rob Braxman, buying a Pine64, OR just using a flip phone. I’ll keep you posted.

My Galaxy phone has been factory reset and I’m running it with neither Samsung nor Google Play stores. I’m using open source apps from F-Droid. That’s the best I can do for now. With the iPhone it will have to be enough to run certain apps for my job and a handful of others.

Big tech has revealed themselves to be a part of a corrupt establishment. The only way to defeat them is by opting out. Half-measures will not do anything long term.  It’s obvious the government will do nothing to stop the corruption of these companies; they are coming from the same perspective and batting for the same team. This includes canceling streaming and cloud accounts as well. Take back your privacy, your data and your dignity!

Using ProtonVPN with Ubuntu 20.04

If you are using ProtonVPN for your cell phone, you can also use it on an Ubuntu Linux installation. Here is the official guide, and I can confirm that it works and the guide is excellent.

Essentially installation on Ubuntu 20.04 involves going into your Ubuntu settings and selecting “network”, and hitting the “+” at VPN. From there you will “Import from file” and select the VPN config file you downloaded from the official guide. Once this file is selected, you can enter in your ‘OpenVPN / IKEv2 username’ from the ProtoVPN Dashboard “Account” section. Your new VPN configuration is ready and can be selected in the upper right-hand network icon.

Ubuntu Server: Configure the firewall with “ufw”

Ubuntu Server’s firewall is called ufw. If you are running an Ubuntu Server, you definitely want to enable some kind of firewall to keep intruders out of your ports. They likely will perform a port scan and try to find weaknesses. You can prevent this by enabling ufw and then configuring it to open ports that need access and close ones that don’t.

Enable ufw:

sudo ufw enable

Check ufw status:

sudo ufw status

Allow a service to run (example: ftp, telnet, ssh, http):

sudo ufw allow http

Open a port:

sudo ufw allow 22

Close a port:

sudo ufw deny 22

Open a range of ports and specify TCP or UDP:

sudo ufw allow 300:310/tcp

Close a range of ports and specify TCP or UDP:

sudo ufw deny 300:310/tcp

Delete a service:

sudo ufw status numbered
#creates a numbered list of services, example:

[ 1] 21/tcp                     ALLOW IN    Anywhere                  
[ 2] 22/tcp                     ALLOW IN    Anywhere                  
[ 3] 80/tcp                     ALLOW IN    Anywhere     

sudo ufw delete 3
#replace 3 with the service you want to delete

List applications that ufw can open service for:

sudo ufw app list
#will generate a list similar to this:
Available applications:
  Apache
  Apache Full
  Apache Secure
  CUPS
  OpenSSH
  plexmediaserver
  plexmediaserver-all
  plexmediaserver-dlna

Enable an application such as Apache. This is extremely important for a WordPress installation!

sudo ufw allow in "Apache Full"

Disable ufw:

sudo ufw disable

If you somehow screwed your ufw permissions up, you can reset them all. If you are configuring with SSH, make sure to enable your SSH service before re-enabling ufw!

sudo ufw reset

Hopefully, you have configured all of your services appropriately and have a good working firewall. If somehow this exercise is messing your server up, you can always disable it with “sudo ufw disable” until you can get more help or have more time to experiment. Happy and safe computing!

Static IP address for Ubuntu Server 18.04 “netplan”

If you are using Ubuntu Server version 18.04 LTS and want to configure a static IP address, the procedure has changed for network interface configuration.

We used to configure /etc/network/interfaces but now the system uses something called netplan. If you try to configure the old “interfaces” file, it will point you to this new netplan network configuration.

Here’s how we change the network interface to use a static IP address. Edit “50-cloud-init.yaml“, replacing the text with the text below. Replace the IP address with your own (192.168.1.100 used as an example) and then save:

sudo nano /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        enp0s3:
            addresses: [192.168.1.100/24]
            gateway4: 192.168.1.1
            nameservers:
              addresses: [8.8.8.8,8.8.4.4]
            dhcp4: no
    version: 2

Apply the changes and then reboot.

sudo netplan apply
sudo reboot

iPhone & Safari Ad Tracking

Despite what Apple says about privacy (“What happens on your iPhone, stays on your iPhone”), ads most definitely track you on your iPhone and iPad. They also track you in every web browser, including Safari. False advertising from Apple regarding ads.

The Verge published a nice piece that shows how to limit some of that tracking. Emphasis on ‘limit’; this will not eliminate ads. Still, it’s good to do everything you can to minimize or eliminate all forms of intrusion.

To limit ad tracking on your IOS device:
Go into “Settings” on your iPhone/iPad
Select “Privacy”
Select “Advertisements”
Turn on the “Limit ad tracking”

To limit ad tracking in Safari:
Go into “Settings” on your iPhone/iPad
Find the section titled “Privacy & Security”
Turn on “Prevent Cross-Site Tracking”
Turn on the “Block All Cookies”

Block apps from phoning home when you aren’t using them:
Go into “Settings”
Select “General”
At the top, select “Background App Refresh”
From here you can allow apps to phone home via wifi, cellphone data or not at all.
Select the back button and make sure all apps are turned off.

 

Beyond all this, it’s better to use a VPN and Firefox, along with the Firefox addons: “Ghostery”, “https everywhere” and “Noscript Security Suite.” Regarding the “Noscript” add on, you can select it to allow scripts on pages you trust.

Internet Security Habits, tips and tricks

Urban Knish discusses some good internet security habits in the age of data collection and man-in-the-middle attacks.

[soundcloud url=”https://api.soundcloud.com/tracks/619462590″ params=”color=#ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true&visual=true” width=”100%” height=”300″ iframe=”true” /]

Relevant links:
Firefox Browser, Ghostery Plugin, HTTPS Everywhere, NoScript
ProtonVPN, AstrillVPN, Private Internet Access VPN
Tor Browser for the computer
Tor Browser for IOS
Tor Browser for Android
TailsOS

Biometric data rollout and the implications of being chipped

Comerica Park baseball field in Detroit, MI is featuring a new way for sports fans to get through the lines quicker: fingerprint scanning. You can order a hot dog and a beer without carrying your wallet! Just register your biometric data and you are now in the system. They are promising the ability to use your fingerprint in other venues…

The company contracted out for the biometric data scanning is called Clear. Their biggest contract is with the Transportation Security Administration. This technology has been installed at airports, including Detroit Metro Airport. The company also specializes in eye scanning equipment.

What are the implications of mass use of biometric data? Sure the convenience is attractive, but can the technology be misused? Once you register your fingerprint and eye scan, you are in the system. The NSA and other government organizations will be able to run searches for individuals through this database. The more the system is in use, the more they can keep track of you and monitor what you are buying, who you are visiting and what events you attend. This data can be sold to advertising firms. They know you go to Jazz concerts and you love hockey. They also know that you like to buy expensive mixed drinks and go a chiropractor. Once all these pieces of information are indexed, they have a profile on you. Are you likely to commit a crime, get divorced, buy a new home, become delinquent with credit cards or need car repairs? They can tweak their ads, affect how much you pay for insurance and raise/lower your interest rates. Your value as a consumer or a citizen, not a human being will become a score. There will be no where to run or hide. Are you more likely to cheat on your taxes? The IRS will know. If you are trying to get custody of your children, the court system will access your data to find out if you can pay more and whether or not you are worthy enough to take care of your children. Imagine what it might be like to be on parole. They will be watching every location you visit, everything you buy etc.

Now imagine the implications of having a chip implanted in your hand. Threesquare Market, a technology company that makes devices for break rooms and small markets is in the process of implanting microchips in their employee’s hands. The employees will be able to enter secured areas, pay for food and access computers with the chips. Once this system is studied and the bugs worked out, how long before large companies like GE, IBM and Apple require this of their employees? How long before prisoners, government employees and school children be required to have them? Will newborn babies be implanted for their security? Once the ball is rolling, will it even be possible to live life without a chip implanted? Will the chip allow for universal access or we have multiple chips?

The chips use RFID technology. Your every movement can be tracked. Imagine if your employer had access to this kind of information. The implications of bio-metric data and implanted chips are incredible. Without a push-back from the public, a future where privacy is a myth is inevitable.