August 21, 2022
Baseboard Management Controller is implemented on “enterprise” systems and along with several satellite controllers facilitates access via a platform management system. IPMI is a set of specifications for interacting with these systems. Typically the BMC provides a web interface, but there is also ipmitool which facilitates access over an ssh server running on the BMC.
There are “taps” in place to allow for serial based interaction between the BMC and the primary host metal.
...
August 17, 2022
Talking with a handful of people about mobile phones and what to do about them. There is genuine interest in using simpler devices while on the move for communication but there isn’t a ton of options. Seems like we’ve landed in a local optimum of what our devices are capable of doing and why we carry them around. These devices provide significant utility, but they also come at a cost that {mentally, behaviorally} is becoming more apparent.
...
April 11, 2018
WireGuard aims to be as easy to configure and deploy as SSH. You establish a VPN connection by simply exchanging public keys, and the rest is transparently handled by WireGuard.
There are many other technologies, however wireguard is uniquley interesting for:
cryptokey routing: the first principles simply mapping public keys and sets of allowed addreses, making wireguard easier to grok for deployments. endpoints and roaming: also initial principles that facilitate NAT traversal and utilization of dynamic addressing through keepalives.
...
October 29, 2017
If you want to be truly paranoid about authentication to services, you can implement your own Public Key Infrastructure (PKI). Many large organizations that are privacy focused have developed a digital/physical PKI strategy, for example the DoD’s Common Access Card. OpenSSL is a software that can be used to setup a “simple” PKI, however it’s command complexity is easy to get lost within. In this guide we’ll set up a “simple” PKI that we’ll use to authenticate users with, while still using the legitimately issued Let’s Encrypt Domain Validation certificates.
...
May 16, 2017
Dynamic DNS is an essential tool if you’re your provider is unwilling to provide you with a static address. On almost all residential connections with the large providers you’re not going to be able to obtain a static address unless you convert over to one of their business accounts, then pay some hefty amount like 15USD monthly.
I’ve used several DNS providers and have been with Cloudflare for a good while now due to their literal speed.
...
May 16, 2017
I’ve written before about network hardware selection, where I surmise that Ubiquiti’s EdgeMax products are what I typically rely on when building out a network. Here I’ll lay out what I think is a good design for a home network using some of the inexpensive EdgeMax and Unifi products. It might seem silly that I would include Unifi in a discussion of implementation with EdgeMax, but really you don’t have a better choice for wireless access point than what Unifi offers.
...
May 16, 2017
ssh is an amazingly prolific tool that is used extensively by anyone who manages systems. It’s a tool that many of us trust to provide the ultimate command and control access to devices we manage, and on many commercial systems it can be marginalized by being updated infrequently. If you’re able to run modern OpenSSH you have access to a new feature named ProxyJump, which makes using a jumphost much simpler.
...
April 19, 2017
It has been a personal desire to have mobile broadband connectivity with a laptop and not have a requirement for peripherals like MiFi or PAM, for half a decade. When I first experienced using a Panasonic Toughbook it had a Qualcomm Gobi that was an insane challenge to get working in Linux. In every incantation of laptop acquisition I’ve made sure to option for LTE modem connectivity, however its typically marginalized by most manufactures as an edge requirement.
...