I have no favored party among the ones named in this article, but this one quote stuck with me:
It’s because the only other person who is able to subvert and defeat a white woman (and her white privilege and white tears) is another fellow white woman.
This is important to remember in identity politics if you are a person of color who will be working with white people, or viceversa.
There is still the fact that the parties involved might be just playing the media at large using their fans to generate untold income.
A new sign of the digital apocalypse is the new Equifax breach. I’m not sure if I’m affected but the company is certainly not making any effort whatsoever to help anyone out. The other two credit bureaus, Experian and TransUnion are probably savoring this and will keep doing so until they get hit.
So for the cleanup, there’s this post written by someone with experience in the matter. Not a lawyer, but knows enough to help one on the way.
And just like techdirt say… it will get worse.
The default of your credit identity starting from now on is “stolen”.
Taken at Vesuvio Cafe
Taken at Nightingale
I’ve toured all the note-taking apps: Evernote, Simplenote, OneNote, Google Keep… and I’ve found them all wanting. These past few months I’ve gone back and forth between Keep and Tiddlywiki trying to figure out exactly what I want I think I finally realized what I want:
- The speed of Google Keep when it comes to creating and saving new notes.
- The speed of Pinboard when it comes to tagging.
- The formatting facilities of Simplenote, which uses markdown. The version control is also nice.
- The file attachment ease of OneNote when it comes to binary blobs. You can put anything in those notes.
- For images… well, pretty much everything sucks, but I guess WordPress is a good starting point.
- The interlinking ease of Tiddlywiki. WikiWords kick ass.
- The ubiquity of Keep. It’s on your phone, your desktop, your tablet. Which goes back to it being fast.
Reading through this and apparently no one makes a version of Keep that has better text formatting, lets you attach images and decide where they’ll appear, while letting you travel from note to note via tags or WikiWords so you can remember the flow of though that led to that thought sequence.
Paper does not work for having to remember related thought separated by time and space. Plus writing for more than five minutes annoys me.
They say most programming projects start from a developer scratching their own itch. I guess it’s true.
And as soon as I think I figured out the issues with Debian the decision was made to get an specialized router device, so that’s that.
Going to do better things with my time now.
Just like a Hollywood movie, it’s time to do a reboot. Fucking around with the networking stack after every reboot got old real fast. But this time around it looks like the remake is actually better than the original.
The router is still my trusty Thinkpad T60. Other than a couple of scares because of its age it still works! Just need to replace the CPU fan sooner rather than later.
Sources for this were:
- The Debian Wiki.
- The Ars Guide to building a Linux router.
- Arch Linux wiki.
- Hostapd documentation.
- Gentoo hostapd documentation.
- My own pain and suffering due to shit just breaking randomly after every update. Thanks systemd.
Yes, this writing assumes you know what you’re doing on the command line.
Install Operating System
Whatever your version of Debian is, make sure that it’s up to date and that you install the stuff you’ll need:
# aptitude install hostapd rfkill dnsmasq fail2ban
Switched away from BIND and ISC-DHCP because they’re a pain in the ass to deal with. Maybe in the future I’ll use them again, but for the time being… this will do the trick.
Something I keep doing and forgetting to document is changing
sshd port from 22 to something else and switching from password authentication to key-based authentication. Fail2ban is useful in blocking people trying to force their way in.
I had to add both
wlan1 manually. Why? Dunno. I suppose they only get added automatically when you’re installing Xorg, which I’m not. Here’s my
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp # Intel PRO/Wireless 3945ABG (Golan) Rev 02 #auto wlan0 #allow-hotplug wlan0 #iface wlan0 inet dhcp # Qualcomm Atheros AR922X Wireless Network Adapter (rev 01) auto wlan1 allow-hotplug wlan1 iface wlan1 inet static address 192.168.1.1 netmask 255.255.255.0
/etc/sysctl.conf and uncomment the line for ipv4 packet forwarding:
/etc/network/if-pre-up.d/iptables with the following contents:
#!/bin/sh /sbin/iptables-restore < /etc/network/iptables
Change permissions and make executable:
# sudo chown root /etc/network/if-pre-up.d/iptables # chmod 755 /etc/network/if-pre-up.d/iptables
/etc/network/iptables and put the following in it:
*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] # eth0 is WAN interface -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # Forward traffic from wlan0 (LAN) to eth0(WAN) -A FORWARD -i wlan0 -o eth0 -j ACCEPT # Service rules -A INPUT -j ACCEPT # Forwarding rules -A FORWARD -j ACCEPT COMMIT
This part remains unchanged from my the initial post. If you want it to do a more thorough job of filtering packets the Ars post is a good place to start.
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. no-resolv # Never forward addresses in the non-routed address spaces. bogus-priv # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=wlan1 # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.1,192.168.1.100,24h # Set nameservers to use server=192.168.1.1 server=184.108.40.206 server=220.127.116.11 server=18.104.22.168
Then restart the service with
# service dnsmasq restart.
Much, much simpler than trying to configure both BIND and ISC-DHCP just for local networking. The options I included are pretty self-explanatory. If you're going to be assigning IP addresses on more interfaces, make sure to add them.
The great big bad. If your card doesn't support Master mode, just stop trying now and go get yourself a plain old router.
For me these are the settings that work on my Atheros card. You will need to figure out what settings work on your own based on your hardware; you can query its capabilities with
# the interface used by the AP interface=wlan1 # a means 5GHz, g means 2.4GHz hw_mode=g # the channel to use. Using 0 will make the AP use ACS to search for the channel with least interference channel=0 # limit the frequencies used to those allowed in the country ieee80211d=1 # the country code country_code=US # ieee80211n: Whether IEEE 802.11n (HT) is enabled ieee80211n=1 # QoS support wmm_enabled=1 # SSID (name of the AP) ssid=SSID # 1=wpa, 2=wep, 3=both auth_algs=1 # WPA2 only wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP wpa_passphrase=KEY
I tried using
hw_mode=a but then OSX and iOS devices have a hard time connecting and staying connected to the network, so I switched bands to 2.4GHz. It's slower but far more stable. You'll want to configure the
ht_capab command to better make use of your NIC.
After this is done, edit
/etc/default/hostapd, and change the
DAEMON_CONF line to match the location of the hostapd config file:
Make sure to test out the configuration file by actually running hostapd and making sure it runs:
# hostapd /etc/hostapd/hostapd.conf
If you run into issues here you'll have to determine where the issue is coming from:
- Network card driver
- Hostapd configuration
In that case run hostapd with one of the debug switches (
hostapd -d /etc/hostapd/hostapd.conf) to figure this out. For maximum driver support the best option is to use Atheros-based cards using the ath5k, ath9k and ath10k drivers. Various cards from other suppliers will work, but will require fiddling with the configuration. They're worth a shot if you need to share Internet access with others around you quickly.
Yes, you'll actually want to reboot at this point. Why? Because the point of a router is that when you turn it on everything works automatically, without you having to manually start a service. So reboot, and check that
- All services come up by themselves
- You're able to have the system act as a router
- You're not having latency/DNS/throughput anomalies
That's pretty much it. It's a better setup than the first one and it's much easier to control with much less software installed.