Deploying Pi-hole

During the process of managing my Home Assistant server, I discovered a neat little tool named Pi-hole and decided to give it a whirl. It's a DNS server which uses blacklists to block ads and various flavors of crapware. So far it's been working really well, without any negative side effects that I've noticed.

Among the things I've discovered by browsing the reports:

  1. Google Chrome sends out a handful of DNS requests for random domains every time it starts up, to try and detect DNS hijacking
  2. My son's phone goes bonkers at midnight and requests a few thousand Google ads. I'm thinking maybe there's a bad app installed on there. That alone counts for 80% of the blocked requests.
  3. There are a lot of apps that phone home to the mother ship. I knew it happened, but I'm blown away by the actual scale of it. It's ridiculous. Not just the advertising, but the privacy leaks.
  4. Just from DNS, there is a lot you can infer about site a person is visiting. TLS won't help you there.

My next step is deciding whether to deploy this via VPN on my phone. I like the idea, but not sure if I want the hassle of it.

Asterisk IAX User Matching

I spend another couple hours tonight banging my head on the keyboard fighting a "No authority found" error in Asterisk. This seems to come up pretty regularly when I bring up new IAX trunks, but this one was an old trunk I was trying to recover. I'm not sure if this is a new feature in Asterisk 13 or what, but turns out that incoming matching rules only look at "type=user" (or "type=friend") entries. That's different from SIP channels which will match on either one. So lesson learned.

tags: 

Asterisk "(null)" SDP

I configured a trunk between two Asterisk boxes. The one is behind a NAT and was able to register to the other with no problem, but calls failed with a cryptic message that DNS resolution for "(null)" failed. Looking at a SIP packet capture, I saw something to this effect:

Contact: <sip:s@(null);transport=TCP>

tags: 

Blank Page After Owncloud Upgrade

OwncloudI upgraded Owncloud from version 7 to version 8 using the Debian package repos. In the process, something must have gone wrong because the website now showed just a blank page. Curiously, the app continued to work.

Nothing showed up in the Apache server logs, nor anywhere else that I could find. Finally I opened up index.php and started tracing through the code. Turns out I was getting an exception with a description of

SSL Is Finally Dead

Today news broke that SSL 3.0, the last version before TLS was released, has been thoroughly cracked. The protocol itself was exploited, not just a bug in an implementation. That means that no software which supports SSL3 is safe. Most notable in this class is Internet Explorer 6 and Windows XP. Anyone still using either of those, of course, should have moved off of them long long ago.

su: cannot set user id: Resource temporarily unavailable

When attempting to use su, you may receive the following error:

# su - otheruser
su: cannot set user id: Resource temporarily unavailable

This is caused by the PAM limits.conf file. Often (always?) it's because the target user has exceeded the max number of processes allowed. You can verify this with ps.

# ps -eLF |grep otheruser |wc -l
1127

In this case, 1127 is greater than the max allowed of 1024. To fix this, set the nproc limit higher, or stop any unwanted processes.

Pages

Subscribe to zmonkey.org RSS Subscribe to zmonkey.org - All comments