It seems there’s a service for everything, but sometimes you simply learn more by doing it yourself. If you haven’t enjoyed the somewhat anachronistic pleasures of running your own server and hosting your own darn website, well, today you’re in luck!
Yes, we’re going to take an old computer of some sort and turn it into a web server for hosting all of your projects at home. You could just as easily use a Raspberry Pi –even a Zero W would work — or really anything that’ll run Linux, but be aware that not all computing platforms are created equally as we’ll discuss shortly.
Yes, we’re going to roll our own in this article series. There are a lot of moving parts, so we’re going to have to cover a lot of material. Don’t worry- it’s not incredibly complicated. And you don’t have to do things the way we say. There’s flexibility at every turn, and you’re encouraged to forge your own path. That’s part of the fun!
Note: For the sake of space we’re going to skip over some of the most basic details such as installing Linux and focus on those that have the greatest impact on the project. This article gives a high level overview of what it takes to host your project website at home. It intentionally glosses over the deeper details and makes some necessary assumptions.
We have to admit, it was hard not to be insufferably smug this week when Facebook temporarily went dark around the globe. Sick of being stalked by crazy aunts and cousins, I opted out of that little slice of cyber-hell at least a decade ago, so Monday’s outage was no skin off my teeth. But it was nice to see that the world didn’t stop turning. More interesting are the technical postmortems on the outage, particularly this great analysis by the good folks at the University of Nottingham. Dr. Steve Bagley does a great job explaining how Facebook likely pushed a configuration change to the Border Gateway Protocol (BGP) that propagated through the Internet and eventually erased all routes to Facebook’s servers from the DNS system. He also uses a graphical map of routes to show peer-to-peer connections to Facebook dropping one at a time, until their machines were totally isolated. He also offers speculation on why Facebook engineers were denied internal access, sometimes physically, to their own systems.
It may be a couple of decades overdue, but the US Federal Communications Commission finally decided to allow FM voice transmissions on Citizen’s Band radios. It seems odd to be messing around with a radio service whose heyday was in the 1970s, but Cobra, the CB radio manufacturer, petitioned for a rule change to allow frequency modulation in addition to the standard amplitude modulation that’s currently mandatory. It’s hard to say how this will improve the CB user experience, which last time we checked is a horrifying mix of shouting, screaming voices often with a weird echo effect, all put through powerful — and illegal — linear amps that distort the signal beyond intelligibility. We can’t see how a little less static is going to improve that.
Can you steal a car with a Game Boy? Probably not, but car thieves in the UK are using some sort of device hidden in a Game Boy case to boost expensive cars. A group of three men in Yorkshire used the device, which supposedly cost £20,000 ($27,000), to wirelessly defeat the security systems on cars in seconds. They stole cars for garages and driveways to the tune of £180,000 — not a bad return on their investment. It’s not clear how the device works, but we’d love to find out — for science, of course.
There have been tons of stories lately about all the things AI is good for, and all the magical promises it will deliver on given enough time. And it may well, but we’re still early enough in the AI hype curve to take everything we see with a grain of salt. However, one area that bears watching is the ability of AI to help fill in the gaps left when an artist is struck down before completing their work. And perhaps no artist left so much on the table as Ludwig von Beethoven, with his famous unfinished 10th Symphony. When the German composer died, he had left only a few notes on what he wanted to do with the four-movement symphony. But those notes, along with a rich body of other works and deep knowledge of the composer’s creative process, have allowed a team of musicologists and AI experts to complete the 10th Symphony. The article contains a lot of technical detail, both on the musical and the informatics sides. How will it sound? Here’s a preview:
And finally, Captain Kirk is finally getting to space. William Shatner, who played captain — and later admiral — James Tiberius Kirk from the 1960s to the 1990s, will head to space aboard Blue Origin’s New Shepard rocket on Tuesday. At 90 years old, Shatner will edge out Wally Funk, who recently set the record after her Blue Origin flight at the age of 82. It’s interesting that Shatner agreed to go, since he is said to have previously refused the offer of a ride upstairs with Virgin Galactic. Whatever the reason for the change of heart, here’s hoping the flight goes well.
It is a problem as old as the Internet. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. There are many ways to solve this problem and some of them are better than others.
A lot of routers can report their IP address to a dynamic DNS server. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. Some of them disappear, too. If your router vendor supplies one, that might be a good choice, until you change routers, of course. OpenWRT supports many such services and there are many lists of common services.
However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. I’m going to show you how I do it with an accessible Linux server running Bind. This is a common setup, but if you have a different system you might have to adapt a bit.
There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. The problem is, I have a lot of client computers and many are set up differently. I wanted a system where the only thing needed on the client side was ssh. All the infrastructure remains on the DNS server.
Talk about buried treasure: archeologists in Germany have – literally – unearthed a pristine Soviet spy radio, buried for decades outside of Cologne. While searching for artifacts from a Roman empire settlement, the archeologists found a pit containing the Soviet R-394KM transceiver, built in 1987 and apparently buried shortly thereafter without ever being used. It was found close to a path in the woods and not far from several sites of interest to Cold War-era spies. Curiously, the controls on the radio are labeled not in Cyrillic characters, but in the Latin alphabet, suggesting the radio was to be used by a native German speaker. The area in which it was found is destined to be an open-cast lignite mine, which makes us think that other Cold War artifacts may have fallen victim to the gore-covered blades of Bagger 288.
Good news for Betelgeuse fans, bad news for aficionados of cataclysmic cosmic explosions: it looks like the red giant in Orion isn’t going to explode anytime soon. Betelgeuse has been dimming steadily and rapidly since October of 2019; as a variable star such behavior is expected, but the magnitude of its decline was seen by some astronomers as a sign that the star was reaching the point in its evolution where it would go supernova. Alas, Betelgeuse started to brighten again right on schedule, suggesting that the star is not quite ready to give up the ghost. We’d have loved to witness a star so bright it rivals the full moon, but given the times we live in, perhaps it’s best not to have such a harbinger of doom appear.
Mozilla announced this week that Firefox would turn on DNS over HTTPS (DoH) by default in the United States. DoH encrypts the DNS requests that are needed to translate a domain name to an IP address, which normally travel in clear text and are therefore easily observed. Easily readable DNS transactions are also key to content blockers, which has raised the hackles of regulators and legislators over the plan, who are singing the usual “think of the children” song. That DoH would make user data collection and ad-tracking harder probably has nothing to do with their protests.
And finally, sad news from California as daredevil and amateur rocketeer “Mad” Mike Hughes has been killed in a crash of his homemade rocket. The steam-powered rocket was to be a follow-up to an earlier, mostly successful flight to about 1,900 feet (580 m), and supposed to reach about 5,000 feet (1.5 km) at apogee. But in an eerily similar repeat of the mishap that nearly killed Evel Knievel during his Snake River Canyon jump in 1974, Mike’s parachute deployed almost as soon as his rocket left the launch rails. The chute introduced considerable drag before being torn off the rocket by the exhaust plume. The rocket continued in a ballistic arc to a considerable altitude, but without a chute Mike’s fate was sealed. Search for the video at your own peril, as it’s pretty disturbing. We never appreciated Mike’s self-professed Flat Earth views, but we did like his style. We suppose, though, that such an ending was more likely than not.
Openness has been one of the defining characteristics of the Internet for as long as it has existed, with much of the traffic today still passed without any form of encryption. Most requests for HTML pages and associated content are in plain text, and the responses are returned in the same way, even though HTTPS has been around since 1994.
But sometimes there’s a need for security and/or privacy. While the encryption of internet traffic has become more widespread for online banking, shopping, the privacy-preserving aspect of many internet protocols hasn’t kept pace. In particular, when you look up a website’s IP address by hostname, the DNS request is almost always transmitted in plain text, allowing all the computers and ISPs along the way to determine what website you were browsing, even if you use HTTPS once the connection is made.
The idea of also encrypting DNS requests isn’t exactly new, with the first attempts starting in the early 2000s, in the form of DNSCrypt, DNS over TLS (DoT), and others. Mozilla, Google, and a few other large internet companies are pushing a new method to encrypt DNS requests: DNS over HTTPS (DoH).
DoH not only encrypts the DNS request, but it also serves it to a “normal” web server rather than a DNS server, making the DNS request traffic essentially indistinguishable from normal HTTPS. This is a double-edged sword. While it protects the DNS request itself, just as DNSCrypt or DoT do, it also makes it impossible for the folks in charge of security at large firms to monitor DNS spoofing and it moves the responsibility for a critical networking function from the operating system into an application. It also doesn’t do anything to hide the IP address of the website that you just looked up — you still go to visit it, after all.
And in comparison to DoT, DoH centralizes information about your browsing in a few companies: at the moment Cloudflare, who says they will throw your data away within 24 hours, and Google, who seems intent on retaining and monetizing every detail about everything you’ve ever thought about doing.
Ever wondered what “cyberwar” looks like? Apparently it’s a lot of guessing security questions and changing passwords. It’s an interesting read on its own, but there are some interesting clues if you read between the lines. A General in the know mentioned that Isis:
clicked on something or they did something that then allowed us to gain control and then start to move.
This sounds very similar to stories we’ve covered in the past, where 0-days are used to compromise groups or individuals. Perhaps the NSA supplied such an exploit, and it was sent in a phishing attack. Through various means, the U.S. team quietly compromised systems and collected credentials.
The article mentions something else interesting. Apparently the targets of this digital sting had also been compromising machines around the world, and using those machines to manage their efforts. The decision was made by the U.S. team to also compromise those machines, in order to lock out the Isis team. This might be the most controversial element of the story. Security researchers have wanted permission to do this for years. How should the third parties view these incursions?
The third element that I found particularly interesting was the phase 2 attack. Rather than outright delete, ban, and break Isis devices and accounts, the U.S. team installed persistent malware that emulated innocuous glitches. The internet connection is extremely laggy on certain days, certain websites simply don’t connect, and other problems. These are the sort of gremlins that networking pros spend all day trying to troubleshoot. The idea that it’s intentional gives me one more thing to worry about. Continue reading “This Week In Security: Is RSA Finally Broken? The Push For Cloud Accounts, Encrypted DNS, And More Mobile Mayhem”→
Imagine for a moment that you’ve been tasked with developing a device for interfacing with a global network of interconnected devices. Would you purposely design a spring-loaded dial that can do nothing but switch a single set of contacts on and off from 1 to 10 times? What kind of crazy world would we have to live in where something like that was the pinnacle of technology?
Obviously, such a world once existed, and now that we’ve rolled the calendar ahead a half-century or so, both our networks and our interfaces have gotten more complex, if arguably better. But [Jan Derogee] thinks a step backward is on order, and so he built this rotary phone web browser. The idea is simple: pick up the handset and dial the IP address of the server you want to connect to. DNS? Bah, who needs it?
Of course there is the teensy issue that most websites can’t be directly accessed via IP address anymore, but fear not – [Jan] has an incredibly obfuscated solution to that. It relies on the fact that many numbers sound like common phrases when sounded out in Chinese, so there end up being a lot of websites that have number-based URLs. He provides an example using the number 517, which sounds a bit like “I want to eat,” to access the Chinese website of McDonald’s. How the number seven sounding like both “eat” and “wife” is resolved is left as an exercise to the reader.
