Revenge of the Quarantinewhile

So It’s been a minute…. Like 21 days since the last post and in the last post I mentioned some rather large changes that were temporarily on hold until the whole Covid-19 thing cleared up. Well things with the Covid cloud are finally to a point of clearing up that I feel comfortable talking about what has been going on since the end of February. Settle in, this is going to be a longer post than usual from me.

So a while ago I had a general unease about my home network setup, I’m pretty typical in that I run a private network behind a cable modem that has a single public facing internet routable IP. In addition to this I also typically use some sort of Dynamic DNS (DDNS) system to give my home connection a name I have a actual shot at remembering.


If anyone is curious I really like DYN-DNS, they seem to have the best features to reliability to price that I’m looking for. I’ve also had really good luck with the DDNS re-director included in my Synology RT-2600AC router. Particularly around the use of Lets Encrypt for a SSL cert


OK with all that in mind I was forever getting a million hits on my external IP from places all over the world. This is totally normal, that’s what we call a bot not looking for unsecured devices that open up to the internet. And this is where I started having some pain and consternation, I have a fair number of IoT devices and they live on the LAN network space as my Macs and PC. I’ve run my Macs with drive encryption turned on for a couple of years now, the PC doesn’t have that option (stupid Win10 Home). The PC doesn’t leave the house and I don’t keep any of my cloud document (iCloud and OneDrive) on the PC unless I’m actively working on them. For the PC I’m ok with the risk window of someone stealing it and getting my spreadsheets on what bad movies I watched.

The other side of the coin was my true IoT devices where I couldn’t log into the devices at all to a command line level. Think things like any of your smart thermostats, smoke detectors, door locks, TV’s, speakers, and gaming consoles. All of which I had in my house and still do for the most part. So it became less a matter of if and more a matter of WHEN one of those devices would be compromised.

Ok but who cares if someone hacks your thermostat? Well I do since I pay for the power bill. More importantly though once you have the compromised device on the network that is a foothold and much like cancer once it’s in there it’s a real pain in the ass to do anything other then just cut the whole damn thing out. Especially when you start talking about higher CPU devices like a Xbox One or a Playstation 4 that have X86 chips running branches of commercial operating systems. It doesn’t take much to get TCPDump working on in memory writing to a “/tmp” partition and then exfiltrate that network data out for analysis. Do I sound paranoid… I sure do… why? Because given enough time and automation everything is breach-able.

OK so lets talk risk mitigation (i.e. how much pain and misery am I willing to put up with to secure home network)

  • Remove the IoT devices and get a printer from 2004
    • Nope not happening, some I can get rid of (I’m looking at you thermostat and smoke detectors) but others I’m not wiling to give up (looks longingly at Xbox and smart door lock)
  • Block outbound connections except for internal IP’s from your computers and trusted devices.
    • Nope, I bought these things for remote management of my house… if I do that I still have to poke so many holes in a firewall I may as well just not bother.
  • Buy a second router and put all of the IoT stuff on there and give it a second address space that can’t be accessed by the “secure” side
    • Hey that’s not half bad idea… I don’t think I want to deal with another router but I can do a network firewall.

OK so network firewall one side has the IoT stuff the other side has my secure stuff.

So have you ever tried to look for a consumer grade network router with the capability of doing a firewall between two sets of devices? No? You should… it was frustration in abundance for most of 2019. I did find a number of roll your own solutions using PFSense however those presented the problem of being more admin then I cared to put into the whole endeavor and while rolling your own may be fine for certain folks (and I certainly should be one of them) this is one device where I want to know that my configuration is solid. So I kept an eye out and found a couple of solutions that were close but not quite there.

Flash forward to this month and I finally pulled the trigger on a UnFi Dream Machine from Ubiquity Networks. Is it overkill for what am I doing? Yup sure is… do I regret it? No I do not.

It met my requirements of having a network firewall in place between the IoT side and the “secure” sides of my network. Along with the ability to run multiple SSID’s and VLANs which while tend to be high maintenance to setup don’t require much care and feeding once they are stable. In the course of my research it was brought on multiple occasions by multiple sources that doing this kind of setup would limit functionality between devices on the secure side and devices on the IoT side. I was very ok with this as the only thing that I was really concerned about was that my Sonos speakers and Apple TV work.

  • For the Sonos speakers I found this really excellent walk through from gentleman who walked through the whole firewall rule setup and port opening for the Sonos speakers over here
  • As a side effect of the first rule in the firewall allowing traffic from Secure to IoT, but not back all of my Apple stuff sees my AppleTV no problem.

In concept the biggest difference I have seen is that when bringing up the Sonos app on my phone, it takes about 10 seconds to hook up with the speakers where as before it was sub 2… that is a penalty I’m willing to deal with. The biggest problem I have run into is manually entering the IP address of my Roku TV’s to control them remotely because I block advertisements from the IoT VLAN to the Secure VLAN.

And finally because I like logs and apparently network administration I put two 8 port UniFi network switches on my network as well. To not only have as many things running wired as I can, but to also be able to manage the switches or devices if needed. I’ve been running the setup for a week now and after the initial setup of a hour or so (creating accounts, updating firmware and devices, and getting familiar with the system) I spent probably 10 hours actually configuring VLANS and firewall rules and only that much time because I did it a couple of times from a couple of different sources before I found the walk through that worked for me mentioned above.

So yeah I had a pretty eventful thing there….

Also I quit my job in Phoenix, sold my house, lived with my parents for two weeks, moved to Colorado, and start a new job in a few days. Don’t worry I still do IT stuff at a hospital.

Hello I’m Johnny Cash…

You know maybe just maybe I shouldn’t use the line from whatever song is playing on iTunes when I start writing… you know it may be a good idea… but you have admit I have your attention now don’t I?

So I took a few days last week and just checked out of reality for bit… and by checked out of reality I mean I had a “staycation” and by “staycation” I mean I’m to f*cking cheap to go anywhere with out a damn good reason. And even then there is going to be alot of damn whining.

From here on out we are going to call the “staycation” what it really was… “Tom fucking around” (Tfa).

So on my little Tfa excursion, I had two markedly different experiences for the about the same price…. on one side I went a picked up “Medal of Honor” for the PC… on the other side I got some zombie novels. Guess which one I enjoyed infinitely more?

First “Medal of Honor” not the greatest game ever, but decent for a single player campaign and lets face it these things are built to be multiplayer and almost no attention is played to the single player experience. I have to say after playing this game it was almost enough to turn me off to first person shooters set in anything close to the real world at anytime. It’s hard to describe and honestly I don’t want to write about it anymore.

OK so after the depressing experience that was “Medal of Honor” my brother had texted me and said I need to check out “Day by Day Armageddon” he then tells me that since I liked “World War Z” I will really like this (great now my brother is amazon.com). So I pick it up on the kindle (more about that in a minute) and sometime around noon on Friday I sat down to start the book… my plan was to read for a hour and then text Curtis to see if he wanted to go shoot guns… As Curtis will tell you he got no such text. I honestly didn’t put down the damned kindle until the battery ran out at around 6 that night. I finished it the next day. So on Sunday I’m going through zombie withdrawal and pop on to amazon to see if there is another book coming out soon, and to my pleasant surprise there is another book available on the damned kindle. Amazon one click purchase for digital goods is very dangerous… especially for zombie books. I read the second book in a afternoon it was just as awesome as the first book. Now granted I don’t have high standards for zombie books, but if you thought “World War Z” was good you will probably like “Day by Day Armageddon”

OK so now a word about digital books… I find that I’m having the same issue with digital books that I had with digital music some years ago. My first issue is apparently I’m not to be trusted with books in digital form since when I went to go “loan” the “Day by Day Armageddon” books I found there were not eligible for loaning, then I started looking at all of my kindle books and sure enough none of them are enabled for loaning. What the hell I thought Kindle could loan books now… so a quick search through the Amazon FAQs section reveals that loaning books is restricted by publisher…. well hell I guess I’m not going to be buying the next book on Kindle. Which now leaves me at a interesting crossroads… while I enjoy having books digitally across multiple devices I have to say the no loaning part (for the most part for me) is a major impediment to the platform. I know that nook has some sort of loaning functionality but I need to research that more before I think about going down that path.

Lets be honest if I got a nook color I would so hack it and put android on it….. On which I would read my Kindle books 🙂

And the winner is…

OK so the big game is over… the Pro Bowl is done (not that I watched it) and I have finally coughed up a couple of boxes of Nilla Wafers so that some long running jokes can finally be put to bed…. or at the very least be made to suffer with a few other jokes that should have died along time ago… like “YOUR MOM!!”

Exactly…

I do have a couple of ponderous thoughts for you loyal readers this evening so won’t join me for a few moments and ponder these thoughts….

1. Why can I not get 2GB of RAM on a Windows XP based Dell netbook?   Just curious really I can get 2GB if I went with Ubuntu but that defeats the purpose of me getting a USB HD TV adapter and using the thing for tailgating next year.  Since all of the damn adapters only support Windows and not Linux… also note that this will probably be the only time you see me preferring Windows over anything.

2. How come there is no cheap pay as you go wireless data infrastructure?    I’m looking for 3G wireless data speeds and not wanting to pay $60 a month for it… I would like to do something similar to a pay as you go phone and only pay for data on days that I use it and when I pay for data I don’t want it to be a 10MB cap or something small like that I want it to be a 500MB or 1GB cap you know so I could actually get some work done if I had too.  Also I want said data network to cost me in the neighborhood of $5 a for 24 hours of usage and be reasonably reliable.

3.  I hate Phoenix sports writers… I don’t know if it’s just the teams this year but I seriously am starting to dislike all of them.

4.  Also my loathing of the MPAA and all thing that involve me not having control OVER MEDIA I LEGALLY PURCHASED WITH MY OWN MONEY… grew to new levels. So this has generally made me think that this is the only measure I can really take to make sure my stuff is open and compatible.

Its so right on sooo many levels.
It's so right on sooo many levels.

Pigs (three diffrent ones)

So with the recent demise of HD-DVD as a viable High Definition physical video format I’ve been kicking around the idea of making the jump to Blu-Ray and all of it’s glory.  This thought was helped when my brother bought a PS3.  And since he is not a game one can only assume that he bought it for Blu-Ray movies.  And over the course of the last month or so as I’ve mulled this decision over in one form or another I kept hearing about how integrated the PS3 was and all of the other normal chest thumping when the users of one particular technology smell blood and indecision in the water.

I honestly had not been bombarded with so many reasons as to why the PS3 was superior to every other platform out there since Jr. High when Donny Witt and I used to spend hours on end taunting each other as to which was the greater the 16-bit system Super Nintendo or Sega Genesis.  Hey when your 13 these things make a difference.  And just for the record the Super Nintendo still kicks the Sega Genesis’s little white butt!!!1!11!!0ne

However I digress, so through some weird combination of coworkers, an alignment of stars, and a promise to not hack or break anything I have been loaned a PS3.

Que jaw dropping… for those of you keeping track the last time I owned a Sony system willingly was 1996 when I bought the then state of the art Sony Play-station using money from my job at Albertson’s.  I had sold it within a year and bought a N64 which I still have to this day.  I do have a PS2 that my brother gave to me, however I have not hooked it up and have made no attempt to.   In the ten years since I sold that first Play-station   I’ve bought two other Nintendo systems and when I’ve played them I’ve enjoyed them immensely.  Key phrase “when I play them”.  I’m a PC gamer and I hold a special place in my game playing heart for all things Nintendo as I’ve often stated here I don’t care much about games other then are they fun?  And my general experince with Nintendo games is I often find them to be immensely fun!

So what gives with the change of heart?  First off, at $400 the PS3 is a bargain of Blu-Ray player right now and will be BD 2.0 compliant when that spec comes out.  And since Blu-Ray is a Sony format you know damn well that any future profiles will be supported by the PS3.   Second it’s backwards compatible with that gianormous library of PS2 games and more then a few are sure to classics when we look back on them in 10 or 15 years (classics in the way I see “Super Metroid” and “The Legend of Zelda a Link to the Past” as great games of my youth).  Finally all of the new gaming platforms support some sort of link to your PC so you can play movies, show pictures, and stream music to your living room (sorry Windows only apparently Mac/Linux et all don’t want to support or just don’t care to support anything that would make their platforms accessible to the box in the living room (yes Tivo does run a Linux Kernel, but it’s heavily modified and we will get to why that is not a media platform in a bit)).

So for the past 5 days I’ve been playing with a PS3…

It’s more fun then I expected so it’s got that running for it.   The downloadable games from the Play-station Network makes ALOT of sense and I do I really like it.  Even if the selection is somewhat limited at the current time.  Hooking up with my home network was no worse an experince then the Wii or the Tivo was.  It’s a good media server  for the front room of the house and I could see me streaming things to the PS3 with out to much of a stretch of the imagination.    The games were “OK” I had a couple loaded onto the Hard Drive (Teken 5 being the closest thing to a “A” title and unless your a 12 to 18 y/o male a fighting game won’t hold your interest for long).  Teken has held up suprisingly well over the last decade or so and I have to give the the developers credit it’s still the fighter to beat.  “Call of Duty4” was a abysmal experince…. the game looked good, but I’ve never liked FPS type games on a console with the loan exception being the “Metroid” games.  I’m a PC gamer first and foremost and “COD4” on the PS3 reminded me of why this is in spades.

So what finally turned me completely off to the PS3?  My cable provider!  One of the big points of the PS3 is that you can stream music and videos off of it onto your PSP over the wireless network in your home or the internet!  And the PSP can play Tivo To Go files too!  Imagine my utter dismay when I was presented with the following screen.

Content you can't touch....

And this is true for about 85% of the shows on my Tivo, there doesn’t appear to be any rhyme or reason other then for some obscure reason Cox sees fit to set the copy protection flag on certain programs.  Ultimately this what led me away from the PS3/PSP combo more on principle then problems with technology.  Since if you look on current TIVO and PSP advertising they each tout how you can transfer tv shows from your Tivo to your PSP!  This killed it for me right here.

That and after watching “300” on Blu-Ray I could not tell a difference in picture quality, but the sound did seem improved.  Not enough of a reason to switch physical media formats.  But enough to give me faith that Apple may be onto something with the Apple Tv.

Good night and good luck.

Wind w/ Fire!

So I’ve been dicking around with my Linux server this weekend…

It’s pissing me off.

That is all I will write about Linux… needless to say the thought of lighting several DVD’s on fire to exercise my Linux frustrations is really appealing to me right now.

While dicking around with said Linux box I wandered back to the ole website of long ago (rollingskull.com) which really didn’t come into existence until I moved down to Phoenix but for all intents and purposes it’s the same damn sight I had when I was in Kingman and doing this with Frontpage and Geo-cities.

I got to reading the old posts and I had forgotten how much I enjoyed opening up the old semi-journal to random emails from readers (all 3.2 of you). I got to thinking that I should do something like that again… then I thought if Curtis AND my brother both have a blog then there really is no point.

So while my install of CentOS 5 died for the 5th time in a row I was thinking…

Maybe what I should is something along the lines of that post card site where people mail their post cards in anonymously… it’s sometimes a riot other times really sad and typically it’s both on the same day.

So maybe I should open this thing up to a anonymous emails of whatever? (Thanks to Eve who reminded me it’s postsecret.com is what I was thinking of)

I like the idea… and it gives you (all 3.2 of you) a little bit of interactive opportunity.

So here are the rules (I know always rules)

1. Send the email anonymously…. ideally from a one time use site it’s up to you how you want to do it. If your to lazy to do that and send me an email from your regular address that kind of defeats the purpose doesn’t it?

2. Send the email to cignus20 at hotmail dot com use the subject line “Wind w/ Fire!”

3. I will post received emails (if I get any at all) up here…

If you don’t like the rules you don’t have to email.

The shape of things to come…

Driving home from work I saw a interesting sight. It was a repo truck for other cars and the license plate was “UBWALKN”. Great just what the world needs repo guys with a sense of humor. Next thing you know there will be bloggers out there talking about things like the license plate they saw on the drive home from work… oh wait….

So yeah…. about that those bloggers great people eh?

Ok time to move on. So with my moving from a Dell PDA back to Palm I’m once again free from the tryanny of Outlook (at home). I also have a PDA for sell if anyone is interested. Actually for the record just about everything I have is for sale. That is just the kind of guy that I am.

Anyway I’m free from Outlook since I’m only syncing my calendar with the Treo and can do that with Palm Desktop. Sweet I finally have a thrown free all of my bonds from the Windows Platform!

OH look a shackle with a large lock that’s got alot of gum in the key hole… oh yes gaming my Achilles heal.

/sigh

I have considered going back to Thunderbird but honestly I just don’t like it’s interface very much and I find it’s database system to be more susceptible to corruption then Outlook. I know Mr. Open Source likes a Microsoft product. Yeah I know let me turn in my geek cred badge at the door.

Then again when your into Linux you run into these type of things all of the time. You know the idealouges who want to a “perfect open source system” and the cold harsh reality of “the business world

Hmmm maybe I need to find a woman who apperciates the term “free as in beer or free as in speech

WWJBD?

Today is a day of pondering, today was full of those questions that you always ask your self but they never make it past the formative stage to the fully vocal stage. Normally the questions I pose get squashed by the higher learning centers of our brains. I’m happy to report that I’ve neutralized the higher processing centers of my brain to bring you these droppings… I hope you are happy.

OK first up… automatic paper towel dispensers. Yes these lowly devices that bring you drying goodness after you have finished doing your doing your business. I find these to be odd contraptions they give you half as much material that you need to use to properly dry yourself and make you wait 30 seconds for the next bit of paper. Granted your time and amount dispensed will vary depending on which Mexican restaurant or hospital you are at. I mean honestly whats the point? I think other then driving certain people up the wall these devices have no real function.

Also in the interest of full disclosure this particular issue was brought to my frontal lobes by a consultant at work who I found reads the pile of crap known as this blog. John Smith (not his real name) this one is for you.

Ok next question… I ordered a LINUX fish from Thinkgeek, so this thing weighs damn near nothing but it comes in a box that looks like the one to the left. Now there is nothing special about this box other then it contained my LINUX fish and alot of packaging material. So my question is this why couldn’t the fine folks at thinkgeek just ship me my damned fish via a padded envelope? Is it really that hard?

Also in case you were worried that I would be putting the LINUX fish on the back of my truck. Don’t worry I might be a geek but even I have my limits. I would like to get laid again sometime in this decade.

Does Eve (the woman not the game) watch “Digging for the truth” with Josh Binswanger with the same disdain that I watch most computer and technology shows?

How could the Charges lose they have the LT!

Will the Cardinals ever come in at .500?

Will the Suns ever win a championship?

Hey look my beer.