Ben Tasker's Blog

Configuring Pi-Hole to update blocklists more regularly

By default Pi-Hole updates it's block lists once a week.

Broadly speaking, this is fine for blocking Ad domains (although the recent trend towards advertisers generating new domains does undermine that a bit).

But, if you've added a Phishing block list (as detailed in Building Your Own DNS over HTTPS Server), this is far less optimal - Phishing domains tend to do the majority of their damage during the first 24 hours, so only getting an update into the blocklist (potentially) 7 days later isn't much use.

In this post we'll walk through the (simple) procedure to have Pi-Hole update the gravity lists more frequently

Read more ...

The Importance of Provider Redundancy

Icon made by Smashicons from flaticon

Back in the days before cloud computing, it used to be accepted (if somewhat resented) by management types that having redundant systems in place was important if you cared - even a little - about uptime.

In today's industry, those same management types generally understand that it's still important to have multi-region availability, with instances running in completely distinct provider regions, so that an outage in one area doesn't impact your ability to do business.

What doesn't seem to be quite so widely understood, or accepted, though is the importance of ensuring that systems have redundancy across providers. It's not just management types who are making this mistake either, we've all encountered techies who are seemingly blind to the risk and view it as an un-necessary additional cost/hassle.

Rather than typing "the provider" throughout this post, I'm going to pick on AWS, but the argument applies to all Cloud providers.

Read more ...

Solution to my April 2016 Puzzle

It's been three years now, and although I've had many people complain about it giving them a headache, to my knowledge no-one has solved the puzzle I posted in April 2016. My other puzzles and crypto trails have all fallen in significantly less time, but I've watched people really struggle with this one, so I think it's fair to say that I made it just a little too hard.

It only seems fair, therefore, to explain the solution (while I can still remember it).

This post will do just that (there's a video of solving it below for those who don't want to read)

Read more ...

An argument in favour of application level name resolution

Recently I published some documentation detailing how to build and run your own DNS-over-HTTPS (DoH) server.

As I mentioned at the beginning of that documentation, there's been a certain amount of controversy about DoH vs DNS over TLS (DoT).

One thread of that argument is along the lines that name resolution should be handled at the OS level (so that all applications get the same result for a given name - improving troubleshooting - as well as giving some caching benefit, versus applications resolving names themselves).

Generally I've found that argument fairly persuasive, but also taken the view that DoH being implemented at the application level is the result of a general lack of availability/uptake of DoT at the OS level.

In other words, whilst it's not ideal for applications to be resolving names themselves, it makes an (arguable flawed) privacy-enhancing solution available now, rather than continuing to wait for an (arguably) better solution to actually get adopted (and ignoring whatever reasons led to that lack of adoption).

But, I've begun to change my mind on whether applications doing resolution themselves really is a problem, or whether it's actually more beneficial when considered alongside some of the aims of DoH

Read more ...

Beware USB Quick Charge Ports

In order to power a couple of thermistor controlled cooling fans, I use a pair of USB to 3 pin Molex adapters.

I noticed the other day that one of the fans wasn't working, so I detached it from it's mounting plate and brought it and the adaptor out to check.

Access is a bit... tricky... so I couldn't really test the adaptor against the other fan (and didn't want to risk breaking it if something odd had gone wrong). The fans I use are about £5 each, and it's always worth having spares, so I ordered some replacements, which arrived today.

I plugged one of the new fans into the adaptor and tried to power it on. Nothing. So, I dealt with the access issues in order to plug the new fan into the other adaptor to check the fan worked - it did.

The last remaining check then, was to verify that the issue didn't lie with the USB port the adaptor was plugged into.

Read more ...