OPNSense and One-to-One NAT
This is mostly a technical note to others struggling with One-to-One NAT on OPNsense. You want to setup public, routable IPs that map 1:1 to a private, non-routable IP. First, setup the Virtual IP on…
Continue reading...This is mostly a technical note to others struggling with One-to-One NAT on OPNsense. You want to setup public, routable IPs that map 1:1 to a private, non-routable IP. First, setup the Virtual IP on…
Continue reading...Passkeys are vendor lock in and tries to turn a few big tech companies into critical infrastructure. I started to write this post in October 2022 when there was a huge push about the coming…
Continue reading...In conversation with a Rust fanatic, we stumbled into the topic of operating systems. RedoxOS is an operating system written in Rust, from scratch. Everything is in rust, the core libraries, the kernel, the device…
Continue reading...Recently, my two 24-core servers were shutdown and replaced with a 6-core Pine64 RockPro64. There were three migrations. The first migration was from compiled-from-source binaries to docker containers. The second migration was one 24-core server…
Continue reading...If you're involved in computer security and authentication,you might know about the FIDO Alliance. If you haven't, you know about them now given the giant marketing push about the great cloud-controlled, passwordless future we have…
Continue reading...I noticed the other day that Firefox has 171 certificate authorities (CA) installed. Why do I need all of these? In normal browsing, which do I encounter on a regular basis? How many can I…
Continue reading...The Apple CSAM scanning highlights something many know but shrugged off, your data in the cloud is yours, and the providers. Unless you take strong measures to combat it, your data is yours and theirs.
Continue reading...In the past few years, my thinking on secure messengers is changing. Originally, it was about protecting the data from "the State". It turns out, based on 10 years of data, I should be protecting…
Continue reading...I setup NextDNS on a server. The idea was to test blocking all tracking when using a vpn. As far as the test, nextdns is quick and accurate. It's a nice system and works well. In…
Continue reading...Background In discussions with someone about cloud security, they were surprised to learn I store anything in the cloud. It's convenient to have my files synced between machines. I use syncthing, resilio, and cloud drives.
Continue reading...