So the new mass surveillance law will be going into effect from the 1st of January.

Of course, since I'm very keen on my security/privacy, I'm going to implement some precautions.

- A few vps's connecting to tor, i2p and VPN provider so that I can always use a secure connection.

- Setup anti tracker/ads/etc etc shit on the VPS's. Probably through DnsMasq and the hosts file.

- Use Tor browser by default. I've tried this for a while now and damn, the tor network has become way faster than only even a year ago! Some pages literally only take a few seconds to load.

- Wipe my laptop, encrypt the harddrive and at least put QubesOS on it together with probably a few other systems.

- Ungoogle my new phone, use it with VPN by default.

- Get rid of all non encrypted communication services. I think that only leaves me with a few account removals because I haven't chatted unencrypted for nearly a fucking year now.

If anyone has any more ideas, please share!

YAY.... fuck you Belkin!
Just found out my router is vulnerable to CVE-2017-14491.

For all you not following these issues, this one allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device aka: the devices login/password, the Wi-Fi passwords, and configuration data just by sending malformed DNS packets to the device.

Now this is all well and good, except Belkin haven't released firmware since 2013, which is strange... seeing how the damn thing was "NEW" out of the box in 2016.

Last time i buy a fucking router from these lousy assholes.

Why does noone implement autoupdater, especialy on linux side? Is there a reason i dont get? Sure, most system stuff is better in apt, but if i install servers, i do not want to wait for these stupid linux release timings! If it were hard, id understand. But most of this is possible with something like GitHub API and 20 Minutes of time. I mean, yeah backwards compatibility and what not, but then handle that internaly.

Example: I use dnsmasq on a raspberry pi. RPI is running raspbian. Raspian is debian 8. Debian 8 has a version of dnsmasq with a pretty annoying bug, which prevents me from using dnssec, as i cant open any cloudflare pages. Why, o why isnt this updated at MY will? Then, if it isnt, why is it so impossible hard to compile this myself, no docs for that, no binaries, NOTHING? Dear server devs, please add atleast basic autoupdate functionality without having to rely on the base os.

Or, give me easily deployable binaries, if you cant write something integrated.

I have dnsmasq running on my laptop to speed up dns resolution, never been so glad I didn't turn my laptop off. cause I'm one of the few actually watching this hack and wondering what kind of system is going to be thought of to replace dns

When the fuck did valet go from .dev to .test. Fucked me over bug time. Needed up breaking dnsmasq and had to rest the whole system. Sys noob. I can program though 😂

I have been working on a long time, low progress project of mine that keeps on giving and giving.

Let's begin like two years ago where I dipped my toes into "more then gigabit" networking thanks to a Linus Techtips video about infiniband.
I had the dream of booting my Workstation from my NAS, a so called diskless setup.

Well, since I run FreeNAS on my Nas , a very nice Freebsd based Nas OS, everything's gonna be good.

In the beginning, there was no infiniband support.
Turns out, you don't need it, since the mellanox CX2 nics can do ETH too.
Yay.
Just took me a few weeks of anger.

So, to be able to boot something over the network, you need firmware that finds the bookable stuff and loads it.
That protocol and firmware is called PXE.
PXE needs a DHCP telling it what to do, and what is where and etc.

Freenas here I come! Installing dnsmasq on the actual freenas install turned out to be not that great of an idea because freenas thinks of itself as being an "appliance" that you don't fiddle with. So things work, until you update/ upgrade when everything will basically be wiped, except what you have done through the ui.
Ok. So I gona use a jail, a container like thing for that.
Everything is great, jail has internet, everything Installs fine, what could go wrong?
Dnsmasq can launch and work, but not as dhcp server. Some thing about permissions.
Turns out, jails have permission like things.
A few days of head scratching later, it has ALL the permissions.
Dnsmasq still can't work as DHCP server though, why you ask?
Because it needs a specific kernelmodule that isn't contained in the jail. Since jails are kind of like a docker container, they run on the same OS kernel, who does not have this module, I'd need to patch the freenas, which is an appliance, so fuck that.

Like a year later, freenas has finally added good VM support, so why not make a VM for the dhcpserver?

Well, about a year ago, I didn't know that the virtual Intel nic is a fucken unstable piece of garbage, crashing nearly any OS at some point.

So that was it for a while again.

Now to the last few weeks.
Finally dnsmasq is running in a freebsd VM with a good and working configuration which is rather simple, if those tutorial fuckers out there would explain shit instead of just telling you to copy, paste and replace X.

Now back to the PXE side.
I'm using iPXE because I have no clue how to boot anything over tftp so iSCSi it is, since that is what I can relate too.
The idea behind iscsi is to fake a SCSI disk over the network. Attached devices appear as if they are actually directly connected to the machine instead of over the network.

iPXE gets a lease from the server, can connect to it, everything is fucken great. Finally.
Except that if it "sanBoots" the iscsi drive, it can't find anything to boot.
Well fuck.
If I attach a Linux live USB over iscsi, it boots, finds grub, and crashes because the live iso isn't configured for network-boot.
But it boots.
So what's so different?

Well iPXE is booted in legacy mode, where as the content of the target is windows 10 in efi mode.
Ffff.

Ok. Can I get iPXE to boot in EFI mode?

Well yes, after like 3 days fiddling with it.
But it only finds the onboard Intel nic instead of the new Mellanox CX3 cards, and can't even connect to the target....

Sooo, I guess my options are as follows.
Either, get PXE efi to work on the network cards directly, its called flexboot and might be able to since I just found some firmware options for that.

Or give up on efi and install windows in legacy mode.
Which isn't that easy when it has to end up on a drive on my nas.