A few thoughts

So we’ve electioneered. And some things have happened. Unsolicited thoughts below the jump.

Read the rest of this entry »

PKI Revisited

A little more than two years ago, I set up a PKI and did a post on it. The main goal was to get a certificate on my EdgeOS router to get proper HTTPS support without the annoying red X. When I did it, however, I didn’t do it quite right, and so I decided to redo it all. Some of the major problems:

  • The cert for my router expired after two years. Hence, I as of today I need a new cert anyway.
  • The intermediate cert also expired after two years. Lame!
  • To trust the chain, I had to import the intermediate cert into Windows, not the root cert. I should just need the root cert.

So I decided to do it right, and do it all over again for posterity, again largely following this post from Didier Stevens and again having the same old issues. Details below.

Read the rest of this entry »

  • Current Mood: Fall

Netflow and Splunk

Yesterday, I told the tale of getting netflow data out of my EdgeOS router. Once I started actually receiving data, I wanted to get it into Splunk. I figured that I would have to set up a directory for netflow log data from nfdump, then set up a reader to have Splunk ingest the data. After doing some Googling, though, I found the Splunk Add-on for NetFlow, which handles all of that automatically! Once you get it up and running, that is.

Read the rest of this entry »

EdgeOS and Netflow

I’ve written a lot about getting stuff working on my Ubiquiti EdgeOS router. Recently, I got the idea in my head to enable netflow on the router to do some traffic analysis. My router does support exporting netflow data, so I thought it would be fairly simple to set up. In the end, it wasn’t too hard, but it did take some research and at least one dumb mistake.

Read the rest of this entry »

2015 Tax Incidence

Hey, it’s tax time again!

Read the rest of this entry »

Encrypt All The Things

I am a security guy, and my profession is to protect the good guys – all of you – from the bad guys. Although the world is not full of bad guys, there are a lot of them, and the funny thing about information security is that the most poorly-skilled bad guy out there only has to wait for one smart person to “hack” something, and then everybody can do it regardless of skill level. That’s why, as Bruce Schneier says, “Attacks always get better, they never get worse”. It is for this reason that I am firmly on the side of Apple, because no matter who comes up with the attack, be it the FBI for ostensibly good reasons, or a hacker for all the wrong reasons, those attacks quickly spread to everybody, and put everybody at risk.

Read the rest of this entry »

  • Current Mood: Mathy

Flat ain’t simple

Long time no blog, eh? There’s been a lot of politicking going on lately, what with the presidential campaigns and debates and all, and lots of talk about tax plans. A favorite talking point about a tax plan is the argument that a flat tax will make taxes simpler. A flat tax is many things, first and foremost a great way to give the wealthiest in this country huge tax breaks, but making taxes simpler ain’t it. To illustrate, I’ll use the much-loved 1040 form. The first form is a quick and dirty attempt to show all the ways in which your income and taxes are adjusted through various schedules, deductions, credits, and so forth. These forms and adjustments are what make taxes so complicated and time-consuming. As you can see, it’s a lot!


A flat tax, on the other hand, would make one change: it would alter the number you put on one line, namely the tax you owe (and if your income is really high, then that number is going to go way, way down):


I’m all for tax simplification. If you are honestly for it, though, that means you have to be willing to give up deductions and adjustments like the mortgage interest deduction, student loan deduction, and a lot of other popular things. Switching to a flat tax doesn’t make anybody’s taxes simpler, it just makes a lot of people’s taxes lower. A lot of particularly wealthy campaign donor’s taxes, to be precise.

  • Current Mood: Cold

New Sonja Pictures

I don’t always post when I upload new Sonja pictures, but I will in this case. I just uploaded a bunch of pictures from this weekend when we were in Wisconsin with my brother and his girlfriend. They are located here.

EdgeOS and IPv6 Revisited

About a week ago I noticed that my browsing was no longer using IPv6. How, you ask? I use IPvFoo, a Chrome extension that shows you in your address bar whether you are browsing a site using IPv4 or IPv6. True, only Google and Facebook are the sites that I browse regularly that use IPv6, but I still noticed that something was amiss. Not a high priority, I forgot about it for a few days until I saw a thread in the IPv6 subreddit which solved the mystery for me: Comcast had stopped giving out /60 address blocks to residential customers.

Read the rest of this entry »

Monitoring my UPS with Splunk

Last time, I had set up my UPS monitoring software on my CentOS logging server. But I wanted more: what good is having a UPS if I can’t monitor things like voltage, battery charge, and load on an ongoing basis? Of course, the answer to this is to log to Splunk, which is what I ended up doing.

Read the rest of this entry »

« Older Entries