Matthew Ernisse

April 12, 2022 @14:20

systat(1) pfstat on one of my OpenBSD firewalls I believe in a zero trust defense in depth approach to security. Every network segment has a firewall (mostly OpenBSD) that controls ingress and egress traffic and every machine that can also runs a local firewall that further limits ingress (and in some cases egress) traffic. This makes everything for an attacker harder. It limits lateral movement, complicates data exfiltration, and in some cases foils entire classes of attacks.

More (10%) …

March 19, 2022 @14:34

I think a lot about digital privacy and security. It is a subject that I care quite a lot about it and I am continually trying to optimize my posture in the ever changing landscape. A recent batch of phishing probes sent by IT security at $DAY_JOB got me thinking about the role of e-mail accounts in a person's over-all digital security posture. Even though e-mail is being used less and less for personal correspondence it is still the backbone of most online identity, either as the authentication identity itself or as the primary method (perhaps along side SMS or TOTP) for account recovery and and password reset. This makes it a particularly important vector and lots of account compromise and takeover attacks start with e-mail. It is also the primary method people get tricked into giving away their credentials in phishing attacks, opening it as a popular attack vector.

More (9%) …

February 25, 2020 @17:34

So DNS over HTTPS is coming to Firefox. For most people this is certainly a good thing. When I worked for a national ISP in around 2008 they started snooping DNS queries and sending them off to various ad networks and inserted those stupid advertising laden search pages into user's sessions instead of returning the correct and proper NXDOMAIN response when you mistyped a URL. There were executives which were very pleased with this extra revenue stream and got large bonuses as a result. This was over a decade ago so I can only imagine how this has gotten worse. DNS over HTTPS (and also DNS over TLS) makes this impossible, which is good.

More (22%) …

September 03, 2019 @21:48

Every now and then I decide to throw one of Apple's betas on one of my devices. This time I've been running the iPadOS beta on my iPad Air Generation 3 since the public preview started for 13.0. I like a lot of the features (ok, mostly dark mode) but as is the case with most of the betas there have been a few bumps along the way. The most notable is the behavior of the Home Control privacy setting that I noted back in the iOS 11.0 and iOS 11.2 releases.

More (35%) …

January 28, 2019 @21:01

Why are you a green bubble?

People often ask me why I have so much of the features of my phones turned off. My iPhone has iCloud, Siri, FaceTime and iMessage all firmly disabled and have since I originally setup the phone, my Mac has never signed into iCloud, and my Android phone has just about everything including Google Play Services disabled. My personal philosophy is that if it doesn't provide me with value, I disable it.

More (47%) …

Original: October 31, 2018 @21:50
Edited: August 15, 2019 @21:00

Getting Started

Tor in Containers I have been looking for reasons to try Docker on one of the random stack of un-used Raspberry Pis that I have laying around and thought it might be fun to build a little travel router. Somehow that morphed into lets get Tor working on here and then well if I can get a client, and a relay, why not an onion service?

More (4%) …

Subscribe via RSS. Send me a comment.