DNS Blocking with a Pi-Hole

Posted by JD 05/20/2020 at 01:00

Installed a pi-hole on the network here a few weeks ago. It is running inside an LXD container using next to no resources. Also set it up as the primary DNS server for the LAN here. It is not internet facing.

Anyways, after about 3 weeks, thought I’d share some data about the DNS queries it has been blocking by the types of network devices.

The Big Numbers

In the last 24 hrs, about 24,000 DNS queries have hit the pi-hole. That’s local and remote queries.
Just under 40% of the queries were blocked due to being in a block list. Most of the time, about 55% of the queries are blocked, so today my use was nicer, I suppose.

IoT Device Nutrition Labels

Posted by JD 03/23/2020 at 17:00

Computing & IoT devices need to have a few things printed on the box:

  • Support EoL date
  • Patch schedule
  • What works without internet connectivity
  • What requires internet connectivity to work
  • List of all {domains|IPs}:{ports} required for each network connection
  • List of protocols used for each external connectivity
  • 2FA standards supported
  • How new firmware is updated – USB flashing, network load, something else

Think of those items as the Nutrition Label on boxed foods.

What is missing from the Label?

Fun Printer Hacking

Posted by JD 02/27/2020 at 02:40

A little printer hacking for fun, not profit.

Flatpaks, Snaps, AppImage - Oh My!

Posted by JD 05/05/2019 at 03:18

I haven’t been a fan of snaps since the beginning. Why? Because they include all the dependencies in the install packages, AND those package versions are only used by the single snap/flatpak/appimage, the amount of waste is huge.

Snaps also have restrictions for which storage can be accessed. Snaps usually allow access to HOME and stuff under /media/, but nowhere else.
No, you can’t access NFS storage or CIFS storage that is mounted elsewhere.
No, you can’t access /tmp/.
I’ve found no way to override the compiled-in limitations.

How much disk and RAM waste is involved? An example, is the vidcutter tool. Normally, I’d use mkvmerge —split parts: to accomplish simple cutting, but sometimes a GUI is handy. The cuts will be on GOP boundaries anyway, so it isn’t like this is frame-accurate.

Security vs Freedom

Posted by JD 10/01/2018 at 17:03

Saw this on a forum by an AC today:

I think that my freedom is more important than my security.
I prefer to live in a free but insecure world than in a perfectly safe but not free world.

When govts try for a perfectly safe world, they need to be reminded of this stance.

Also, New Zealand has a law that fines someone refusing to unlock their electronics at the border with NZD$5,000. The claim is that they must have a good reason to demand access, but that is a little late. The article also said that the device would be in “airplane mode” for the searches.

Linux Container Security 2016 Videos

Posted by JD 01/23/2017 at 20:00

At Southeast LinuxFest 2016, there was a pretty great set of Container Security presentations. I took notes on most, but not all of them. Actually, the most important presentation, my notes only say to re-watch the video when it becomes available. Sadly, the SELF guys have been really busy and it is 7 months later – no videos posted.

What are we going to do about that? ….

Watch Live TV From Anywhere

Posted by JD 01/10/2017 at 18:00

Watch Live OTA TV from your home from anywhere in the world – big deal, right? Well, it could be. Let me explain.

  • No extra service provider needed.
  • 1-time costs for equipment that works at home AND remotely from anywhere
  • Get around sports blackouts with a friend outside the blackout areas. THIS is the biggy.

New Video Codecs Like VP9

Posted by JD 12/28/2016 at 18:00

I’d love higher quality videos at lower file sizes. Who wouldn’t?
But the answer isn’t really that easy. We have hardware that needs to play the newer codecs and that is the issue for many people.

Traveling Computer Security 5

Posted by JD 12/22/2016 at 17:02

7 things all travelers with smartphones and computers should do to be secure while traveling.

Got Plex Server and Raspberry Pi?

Posted by JD 11/03/2016 at 20:00

Got Plex Server and Raspberry Pi? You need rasplex. This is a plex playback distro designed to be installed into a Raspberry Pi v2 or later. While it can work on v1 Pis, playback is known to stutter on the older hardware. You need to connect to a Plex Server (the server runs on a different machine).

In the normal Raspberry Pi method, we just shove an image onto an SDHC card 4G+ and that is it. Put the card into your Pi, answer a few questions about your network and Plex Server.

It isn’t perfect. I find the remote inputs slow or ignored. Don’t like all the feedback screen overlays that block subtitles (pressing push brings up this screen so the subtitles cannot be read) and the lack of Folder View for all media. They spend too much screen room on being pretty, but not functional. For home movies that begin with the same long name, but just change the last part for the different parts, the filenames are useless. They cannot be seen.

There are many shows I don’t retain – just want to dump into a single directory and watch. Don’t get me started about the lack of m3u playlist support for video files either. Also, the pixel ratio seems off a little, but that could have been a few odd-sized videos.

Also miss all the addons that Kodi provides. Plex channels are poor in comparison. For example, the SyFy channel only shows clips through plex, whereas the Kodi addon will stream complete shows from syfy.com. This isn’t accessing illegal content, just shows available on the website.

Still, if you have lots of media stored inside your Plex server, this is the easiest way to access it from a silent Raspberry Pi. Playback is good and easy.

I would never have looked for this if PlexBMC was working well. Sometime in the last few months, it stopped working well. It usually works enough to start playing 1 video, but the addon crashes before the video ends. Playback is still handled by Kodi, so it finishes fine. And for playing lots of videos (not official media from studios), Kodi is still the best player I know.