Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.

Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.
Continue reading

Privacy issues hit all branches of government at once

In a rare confluence of events, all three branches of the federal government are weighing changes that would affect when and how personal data is accessed.The approaches are somewhat contradictory: Some moves would protect citizen privacy, while others could result in more access by government agencies to records kept by businesses and smartphone users about personal information. Encryption technology is usually at the center of the discussions, with intelligence officials eager to find ways to detect communications on smartphones used by criminals and terrorists.Various actions are taking place in the federal judiciary, before Congress, as well as the executive branch.To read this article in full or to leave a comment, please click here

Defense Dept. wants your help in imagining the worst

Uncle Sam wants your brain power, technical expertise and imagination to help defend the U.S. No enlistment required.The Department of Defense says it needs to understand how everyday objects and available technologies can be used by terrorists.The range of technologies is so vast that the military's main scientific agency, the Defense Advanced Research Projects Agency (DARPA), says it needs input from as many technical people as possible.The agency has put out an open call for anyone from a credentialed professional to "skilled hobbyist" in all technical areas, including IT.INSIDER: 5 ways to prepare for Internet of Things security threats DARPA, in its announcement, wants people to show it "how easily-accessed hardware, software, processes and methods might be used to create products or systems that could pose a future threat."To read this article in full or to leave a comment, please click here

How far have we come with HTTPS? Google turns on the spotlight

HTTPS is widely considered one of the keys to a safer Internet, but only if it's broadly implemented. Aiming to shed some light on how much progress has been made so far, Google on Tuesday launched a new section of its transparency report dedicated to encryption.Included in the new section is data highlighting the progress of encryption efforts both at Google and on popular third-party sites."Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the Web even safer for everyone," wrote HTTPS evangelists Rutledge Chin Feman and Tim Willis on the Google Security Blog.To read this article in full or to leave a comment, please click here

How far have we come with HTTPS? Google turns on the spotlight

HTTPS is widely considered one of the keys to a safer Internet, but only if it's broadly implemented. Aiming to shed some light on how much progress has been made so far, Google on Tuesday launched a new section of its transparency report dedicated to encryption.Included in the new section is data highlighting the progress of encryption efforts both at Google and on popular third-party sites.MORE: Agony & Ecstasy of Google I/O 2016 Invite Day"Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the Web even safer for everyone," wrote HTTPS evangelists Rutledge Chin Feman and Tim Willis on the Google Security Blog.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Wi-Fi-tracing delivers vast insights into behavioral patterns

Collecting Wi-Fi data on pedestrians as they move around can provide analysis on infrastructure, to a depth that’s never been seen before, think scientists.Collecting breadcrumb data, as people go about their daily business can be used to discover human motivations, predict how individuals react to change, and where to locate simple resources, such as automated teller machines, the researchers from Swiss university Ecole Polytechnique Fédérale de Lausanne (EPFL) believe.“We have statistics and numbers on people who drive and take the train, but pedestrian behavior is often a mystery,” says Antonin Danalet of the school in a university website article. “Understanding the use of pedestrian infrastructure at music festivals, museums and hospitals” could be useful too, he says.To read this article in full or to leave a comment, please click here

This one patch panel trick will make all your cables the right length

Remember that one time the cable you grabbed from the box was exactly the right length for the run from patch panel to server shelf?What if every patch cable you picked up were just the right length?That's the goal of 1-year-old Austrian company PatchBox, which wants to eliminate tangles and speed up network moves, adds and changes with its system of retractable cables in rack-mountable cassettes. It's showing the product in the start-up hall at the Cebit trade show in Hanover, Germany, this week.PatchBox sells kits of 24 cassettes that slot into a 1U module just under the patchboard, right where you would usually put your horizontal cable management system. Each shelf comes with four Patch Catches -- essentially cable posts that mount on the sides of the rack, around which you can route the cables on their way between patch boards.To read this article in full or to leave a comment, please click here

This one patch panel trick will make all your cables the right length

Remember that one time the cable you grabbed from the box was exactly the right length for the run from patch panel to server shelf?What if every patch cable you picked up were just the right length?That's the goal of 1-year-old Austrian company PatchBox, which wants to eliminate tangles and speed up network moves, adds and changes with its system of retractable cables in rack-mountable cassettes. It's showing the product in the start-up hall at the Cebit trade show in Hanover, Germany, this week.PatchBox sells kits of 24 cassettes that slot into a 1U module just under the patchboard, right where you would usually put your horizontal cable management system. Each shelf comes with four Patch Catches -- essentially cable posts that mount on the sides of the rack, around which you can route the cables on their way between patch boards.To read this article in full or to leave a comment, please click here

Reaction: More Encryption is Bad?

This week I was peacefully reading the March 9th issue of ACM Queue when I received a bit of a surprise. It seems someone actually buys the “blame the victim” game, arguing that governments are going to break all encryption if we don’t give them what they want.

These ideas are all based on the same principle: If we cannot break the crypto for a specific criminal on demand, we will preemptively break it for everybody. And whatever you may feel about politicians, they do have the legitimacy and power to do so. They have the constitutions, legislative powers, courts of law, and police forces to make this happen. The IT and networking communities overlooked a wise saying from soldiers and police officers: “Make sure the other side has an easier way out than destroying you.” But we didn’t, and they are.

reaction-3If you don’t get the point, it’s simple: the only way to really have secure communications is to give the government the keys. Once again, my inner philosopher threw up (as I recently said on a Network Break podcast). The reason I find the line of argument above so horrifying is simple: it’s just true enough to Continue reading

1 3,048 3,049 3,050 3,051 3,052 3,795