Posts by Recluse

Re: The guy's here...

Many years ago, on logging onto a website and being advised that I was required to change my password (and as a recent convert to the joys of the password database) I rather smugly decided to update my password to a super secure (so I thought) 30 digit one (system specified a minimum length of 10 characters).

Auto generated new password and cut/pasted into requisite field, which was duly accepted and confirmed updated. Completed my business on site and logged out and happily went on my way.

Next time I came to logon my password was rejected as invalid - impossible I thought as its recorded in a database and was copied/pasted.

So I used the reset password link and updated my password once again, however next time I came to logon again history was repeated - updated password invalid.

It was only much later I discovered that said system not only had a minimum length but also a maximum field length ... which I consistently exceeded, presumably it arbitrarily shortening my input.

That will teach me to be smug (would still wish to shoot the developer - where was the error checking?)

Re: Check out Pi-Hole - run on a VM if necessary

I basically block anything Microsoft related at my pfsense firewall until such time as I need to update my Windows VM at which point I temporarily enable access.

Note there are wider implications in blocking Microsoft eg Azure hosted websites etc. This can be overcome by segmenting your network devices into access lists - appreciate I am a bit of a tin foil hat in this regard. Unfortunately privacy requires some effort (and occasional inconvenience).

ASN numbers listed for Microsoft shown here

https://whois.arin.net/rest/org/MSFT/asns

If you are using pfsense firewall this article describes how to block ASN numbers

https://dannyda.com/2021/04/22/how-to-block-asn-autonomous-system-number-with-pfsense-firewall-how-to-block-an-organization-using-pfsense/

Re: To: support@ionos.co.uk

An alternative registrar ?

Mythic Beasts - see here https://www.mythic-beasts.com/domains

(and as an added bonus in the forthcoming vote, they have already declared to oust the current Nominet squatters)

Re: Smug bastard is smug.

Or indeed pfblockerNG on pfsense (which IMHO. is a pihole on steroids)

See here (article is a couple of years old)

https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

Re: Recommendations please

Yes likewise - highly recommend Mythic Beasts as well

ASN blocking, not individual IP, is the way to go

@Binraider

If I have understood your intentions correctly, I think that blocking individual Microsoft IP addresses will be akin to "wack a mole" much better to block at the ASN level.

As indicated in my original post one of the third party packages I use in pfsense is called pfblockerNG (pfBlockerNG-devel v2.2.5_33) which allows DNS and ASN blocking. Amongst its killer features is it will automatically check and update ASN lists so as additional subnets are added/removed from an ASN it will update the firewall block lists without any further intervention.

Looking at my firewall logs this morning (post Windows 10 VM boot) I can see the following IP addresses (all Microshaft) on port 443 blocked

52.114.75.79

13.69.68.25

13.80.7.77

52.114.132.73

These are different from those I listed yesterdays and would not be blocked via DNS (no entries listed for IP's)

Personally, if you can, I would recommend switching to pfsense full stop. It is very sophisticated and also free open source software! While pi-hole is good (and has a very low hardware requirement) pfsense is IMHO streets ahead in functionality.

For pfsense higher specification hardware will be required but its still relatively modest. I use an Intel NUC (see here https://www.mini-itx.com/~JBC313) which is powered by a 36w supply. Whatever hardware you use for pfsense its strongly recommended that it has Intel NIC’s and AES-NI on the chipset.

Frankly (whilst I am only a home user) I would feel naked without pfsense. Its also excellent for configuring VPN inbound/outbound connections.

Re: Good & Bad

Interesting article entitled “ A New Needle and Haystack: Detecting DNS over HTTPS Usage“ on the SANS Institute here

https://www.sans.org/reading-room/whitepapers/dns/needle-haystack-detecting-dns-https-usage-39160

IMHO for those who like to see what’s going through their networks and the security conscious, it does not make for happy reading ...

Re: Not been a fan of Logitech for some years.

Whilst I do not disagree with the sentiments of the previous poster, to provide some balance, at least as regards Logitech Media Server, I would observe that they still maintain the infrastructure to support the associated mysqueezebox.com

Also (as I understand it) on discontinuing their hardware products they released the Logitech Media Server (aka Slimserver) software under a GNU Public Licence. Then of course we still have the indefatigable support of Logitech developer Michael Herger in their forums, who also works on the open source side as well.

Logitech Media Server software IMHO is a peach of a product. The outcome could have been worse ... and all is not bad as regards Logitech

Just to clarify (in case anyone is looking for “Gattacre” in the BT bumph) Mr Norton has spelled Gateacre as it as it is pronounced locally in Liverpool).

Startpage tarnished ?

Worried about your privacy ? there are suggestions that Startpage is no longer "clean ... sort of gamekeeper turned poacher.

"Recently there has been lots of talk about Startpage being acquired (or at least partially acquired) by a US company called Privacy One Group, which is a division of System1, a “data science” company that specializes in targeted advertising"

More here

https://restoreprivacy.com/startpage-system1-privacy-one-group/ and here https://blog.privacytools.io/delisting-startpage/

Re: Makes logitech look like....

When there are excellent open source solutions available, I have always struggled to see what was the attraction for Sonos equipment (beyond its supposed plug-n-play setup) but that is unlikely to be a concern for the techies here. An earlier poster has commented about the continuing availability of the excellent Squeezeserver (aka Logitech Media Server) and I would likewise highly recommend the software and its underlying ecosystem.

My home music system runs on multiple Raspberry Pi 3 Model B's with added combined DAC/AMP HAT running PiCorePlayer OS with Logitech Media Server on my NAS. Add in iPeng running on any Apple Device (and a set of loudspeakers) and you have a fully functional system that can play synchronised music across my whole house.

Added hi-lights

Multiple plugins available for added functionality eg Tidal, BBC iPlayer, Spotify etc ...

Active and incredibly responsive developers (donating their time free)

For anyone interested in exploring further I have posted some links below to various sites (this is only really scratching the surface as the possibilities are almost infinite)

(A) Logitech Media Server (LMS) https://forums.slimdevices.com/forumdisplay.php?27-Logitech-Media-Server

(B) LMS Plugins https://forums.slimdevices.com/forumdisplay.php?4-3rd-Party-Software - a particular shout out for Micheal Herger (LMS & Spotify) and BPA (BBCiPlayer and iPlayExtra)

(C) PiCore Player OS download https://www.picoreplayer.org/ plus wider explanation of your multiple options

(D) PiCore Player support https://forums.slimdevices.com/forumdisplay.php?3-Linux-Unix

(E) iPeng http://penguinlovesmusic.de/ipeng-8/ (check out iPeng support thread within forum link B above (This is NOT free but well worth the modest charge - my only connection is as a happy user)

(F) DAC and AMP HAT http://iqaudio.co.uk/hats/9-pi-digiamp.html (other suppliers are available eg https://www.hifiberry.com/shop/)