20150416

Just the Privacy and Security part

from ipduh privacy and the https search fix

Many computer users think that by installing and using some browser plugin they will magically protect their privacy --which is false.

Every time you install a browser-plugin you run yet more brilliant xor stupid and good xor evil code that expands the attack surface on your system and your privacy and adds features or bugs or backdoors.

Actually, privacy-wise disabling javascript is OK, installing random plugins that run tones of "obfuscated" javascript or compiled closed code that you have no clue of what it really does in your browser is usually not. Plugins like flash, java, quicktime, itunes, silverlight, adobe reader, windows media player may be more dangerous for your privacy or your security than javascript plugins.

In addition, every time that you do not look like an average human using an average system you stick out and many of your plugins are visible if you are running javascript.

In most modern web browsers you do not need special browser plugins in order to disable cookies or javascript. Try it out. You will soon realize that most of the web is broken without javascript even though ipduh is not very broken.

When it comes to modern web browsers I consider Chrome and Mozilla based browsers put together by companies or groups I "trust" (Google, Mozilla, Debian) more secure than Microsoft Internet Explorer and Opera and IE and Opera more secure than the rest ...
don't ask me for a formal proof ... it is an opinion ...

However, Chromium and Mozilla based browsers ( Chrome , Firefox , Seamonkey , Iceweasel etc ) , Safari , Internet Explorer , Opera and the rest of the modern web browsers are ridiculously complex pieces of software used by millions if not billions of humans. There you have both opportunity and motivation for profit, control and power. Hence, all modern browsers are insecure. Put together or read thoroughly the source of a basic text HTTP(s) client if you are really paranoid.

Certain three letter agencies may have exploits or backdoors that compromise your browser and your privacy ( accessing your system ,even gaining administrator privileges, and certainly seeing 'your' first public IP address ) even if you do not run javascript or plugins. And they may be able to do that without even having you visiting a website they (p)own. Connecting to the Internet and firing up your web browser may be enough.

Up untill recently I had a little 'java applet' that would reveal your private and your first public IP address in the anonymity checker. If an one man weekend software shop can do this, imagine what larger software shops, the software shops that put together your web browser or government agencies can do.

Unfortunately many incompetent or devious folks are in the business of talking privacy or selling privacy. If you are concerned about your privacy you should take the matter in your hands and not leave to me or anyone else. Use a common up-to-date browser put together by someone you 'trust' that does not stick out and use a combination of privacy tools like Tor or some sort of VPN which is used by many users and not just you.

A VPN, a proxy or an intermediate 'dark net' like Tor or I2P may harm your system or compromise even more your privacy if it is misused by you or purposely configured by its operators to do so.

Combine and alternate privacy tools and test settings and tools in many ways. An easy privacy test is the ipduh anonymity checker.























Just the Privacy and Security part



















20150410

added the MAC address to vendor tool to apropos



A while ago I put together a little tool
that maps EUI-48 and EUI-64 Media Access Control ( MAC ) addresses to Vendors
eg 00:00:0C:DE:FE:DC



I just added it to apropos
and it works with : and - delimiters
eg 00:00:08:02:11:B0 or 00:00:08:02:11:a0



MAC to Vendor from apropos

ipduh privacy and the https search fix





If apropos gets a query not related to inter-networking technology stuff like ip , dns , etc
sends it to a custom google

The ipduh custom google search is using google APIs and javascript pulled from google.
By mistake the google javascript URI was using always HTTP even when someone was using ipduh over HTTPS --my bad. I am sorry.

Due to my mistake, javascript run by your browser and some ipduh queries were traveling the internets in plaintext even when you were visiting ipduh over HTTPS. My mistake is fixed now and the google javascript is being always downloaded from a TLS encrypted URL.

If you are concerned about your privacy you should at least visit ipduh over HTTPS.
It is safe to trust and install the ipduh Certificate Authority if you trust me. I am certainly less evil and more skilled than many managers of CAs installed in your browser or your OS by default.

However,there is not an established trust path to ipduh and someone in between you and an ipduh server may serve you another ipduh server cerificate or CA certificate the very first time.

If you want to be sure that you installed the original ipduh CA certificate verify the certificate's fingerprint at https://github.com/ipduh/ipduhca.
My github CA repository provides only a way to verify the certificate fingerprint through an established trust path and has nothing to do with my TLS.

Provided that you trust me and that you installed the original ipduh server certificate or CA certificate in your browser, the authentication of ipduh and the encryption between ipduh and you is the same with the authentication and encryption provided by keys signed by Certificate Authorities like Comodo, Thawte etc.
Authenticating the ipduh servers is just a little tougher the very first time.

Many computer users think that by installing and using this or the other browser plugin they will protect their privacy --which is false.
Every time you install a browser-plugin you run yet more brilliant xor stupid and good xor evil code that expands the attack surface on your system and your privacy and adds features or bugs or backdoors.
Actually, privacy-wise disabling javascript is OK, installing random plugins that run tones of "obfuscated" javascript or compiled closed code that you have no clue of what it really does in your browser is usually not.
Also, every time that you do not look like an average human using an average system you stick out and many of your plugins are visible if you are running javascript.

You may disable cookies and even javascript for ipduh. This way you will evade some of the ipduh analytics and the google ads and still get a somewhat usable site. ( ipduh analytics have absolutely nothing to do with google analytics )
I do my best to provide a service that does not depend on javascript and I tried from the beginning to accommodate scripts and automated tools provided they do not abuse my service.

At least in Mozilla based browsers you do not need special browser plugins in order to disable cookies or javascript. Try it out. You will soon realize that most of the web is broken.

Plugins like flash, java, quicktime, itunes, silverlight, adobe reader, windows media player may be more dangerous than javascript plugins.

When it comes to modern web browsers I consider Chrome and Mozilla based browsers put together by companies or groups I "trust" (Google,Mozilla,Debian) much more secure than Opera, Microsoft Internet Explorer and the rest. However, Chrome and Mozilla based browsers ( Firefox , Seamonkey , Iceweasel etc ) are ridiculously complex pieces of software used by millions if not billions of humans. There you have both opportunity and motivation for profit, control, power. Hence, all modern browsers are insecure. Put together a basic text HTTP(s) client if you are really paranoid.

Certain three letter agencies may have exploits or backdoors that compromise your browser and your privacy ( accessing your system ,even gaining administrator privileges, and certainly seeing 'your' first public IP address ) even if you do not run javascript or plugins.

Back to logging at ipduh.
Most ipduh usage analytics are based on connection logs from layer 3 up to HTTP(S). I am not using google analytics or any other third party web analytics service.
( I am using google analytics at alog though :) )
At ipduh I am the only one who looks at logs and only when something bad happens.

Many incompetent or devious folks are in the business of talking privacy or selling privacy. If you are concerned about your privacy you should take the matter in your hands and not leave to me or anyone else. Use a common up-to-date browser put together by someone you 'trust' that does not stick out and use a combination of privacy tools like Tor or some sort of VPN which is used by many users and not just you.

A VPN, a proxy or an intermediate 'dark net' like Tor or I2P may harm your system or compromise even more your privacy if it is misused by you or purposely configured by its operators to do so.

Combine and alternate privacy tools and test settings and tools in many ways. An easy privacy test is the ipduh anonymity checker.







ipduh https search fix and privacy stuff ...







20150405

Greek ISPs Caching DNS









A list with DNS servers provided by the Greek Internet Service Providers.

sl.ipduh.com/gr-isp-dns

gr-isp-dns (the actual ipduh-list URI)



Most caching name servers operated by Greek ISPs answer only to DNS queries coming from their own networks. You will need to use Public DNS Caches or your own recursive-resolver if you need caching DNS that works everywhere.











Nameservers-DNS for Greek ISPs

20150107

GLBer

GLBer Notes



GLBer Creates the RouterOS configuration commands and a RouterOS script for the g0 Load BalanER aka GLBer. Then the Mikrotik RouterOS Router with the multiple point-to-point or point-to-multipoint uplinks balances the traffic among all uplinks without using source based policy routing.



You need to copy the configuration commands and the RouterOS script that GLBer produces from a host that has bash to the RouterOS router e.g. from a bash shell in a Terminal to a winbox terminal in the RouterOS.



RouterOS flushes the routing table every 10 minutes and then there is a good chance to reset the masqueraded connections. The RouterOS script created by GLBer runs every 10 minutes and resets the equal cost multipath route raising more the chance for the masqueraded connections to reset in a 10 minutes period.



Install GLBer
# wget https://raw.githubusercontent.com/ipduh/glber/master/glber -O /usr/bin/glber && chmod 755 /usr/bin/glber




Create the RouterOS GLBer Configuration For 3 point-to-point uplinks
$ glber 

GLBer, g0 2014
Quick How-To: http://sl.ipduh.com/glber

Enter gateways: alfa beta gama
Enter interfaces: 

If all the uplink interfaces are point-to-point just enter their names when asked for gateways and just hit enter when glber asks you for interfaces.



Create the RouterOS GLBer configuration for 4 point-to-point uplinks and an uplink available in the LAN through the router's eth5 interface.
$ glber 

GLBer, g0 2014
Quick How-To: http://sl.ipduh.com/glber

Enter gateways: 10.21.241.101 alfa beta gama delta
Enter interfaces: eth5 alfa beta gama delta





GLBer logs all runs in ~/glber/UTC-UNIX-EPOCH.log

To Clean a RouterOS from the GLBer configuration find the UTC-UNIX-EPOCH in the RouterOS created by GLBer e.g. for the epoch 1420624338 you would run
$ glber file ~/glber/1420624338.log
and run the GLBer RouterOS commands under
###RouterOS commands to remove the GLBer configuration###
in the RouterOS terminal.











old glber



glber

20150102

Virtualbox or VMware vmdk to KVM qcow2

Migrate Virtualbox or VMware guest (on vmdk) to KVM




See disk image information.
# qemu-img info lwa-flat.vmdk 
image: lwa-flat.vmdk
file format: raw
virtual size: 50G (53687091200 bytes)
disk size: 50G




Convert the vmdk image to a qcow2 image.
# qemu-img convert -O qcow2 lwa-flat.vmdk lwa-flat.qcow2




Create a guest definition and start guest.
# virt-install --connect qemu:///system --import -n lwa \
--vcpus=1 --ram=2048 \
--disk path=/home/vm/fromvbox/lwa-flat.qcow2,device=disk,format=qcow2 \
--vnc --noautoconsole --os-type linux --description lwa \
--network=bridge:b0 --hvm




Migrate VMware or Virtualbox vmdk to KVM qcow2



20141230

ipduh v3

Finally! done "upgrading" ipduh to v3 ...


Some of the most noticeable changes-improvements are:










ipduh v3