E-Mail Spam Prevention

E-mail spam is still annoying as hell. Especially when someone else is sending e-mail on your behalf, and even more annoying if your e-mail address is used for phishing purposes.

From a protocol (SMTP) perspective, there's not much that can be done. SPAM wasn't something they thought of when they developed it in the early 80's. But there are several enhancements that can be used to prevent others by abusing your e-mail (domain). These enhancements are:

  • Sender Policy Framework (SPF)
  • Domain Keys Identified Mail (DKIM)
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)
Posted on May 10, 2017 .

Think Tank Retrospective 7 with Macbook Pro 13" (late 2016)

Screen Shot 2017-04-04 at 11.12.23.PNG

The Think Tank Retrospective 7 camera bag holds an iPad, 11" Macbook Air or something similar according to the specifications. But the new Macbook Pro 13" (from late 2016), also fits (like a glove) in the back compartment of the bag.

It does take some effort in inserting the Macbook Pro for the first time. Especially if the bag is brand new. But after inserting it a couple of times, the fabric loosens a bit and it becomes easier to insert and extract the laptop from the compartment.

NOTE: There might be some scratching involved on the laptop over time while opening opening and closing the zipper (because of the 'fits-like-a-glove' thing).

Posted on April 4, 2017 and filed under Photography, Review, Gear, Tips'n Tricks.

Juniper SRX and DHCP Client Challenge

A couple of years ago I wrote a post about a dual ISP config with a Juniper SRX firewall. At the time I ran into some challenges regarding the DHCP client functionality of the SRX. For some reason it couldn't get a lease from the Ziggo ISP DHCP servers. Any other DHCP server on my local network worked just fine. Since I created a work-around at the time (by using an additional NAT router and static IP addresses) I didn't give it much thought.... Until last week.

Last week I ran into a networking challenge that kinda freaked me out. For some reason my Apple TV wouldn't connect to my NAS, but it could connect to the Internet. For some reason my Apple TV got a public IP address while it was located on my internal network. The public IP address was completely unknown to me. So, WTF was giving my Apple TV a public IP address?

Posted on February 13, 2017 and filed under Internet, Security, Tips'n Tricks, Junos.

Configure NGINX as a Secure Reverse Proxy

NGINX (pronounced as engine-x) is a versatile (reverse) proxy service for Linux which can be used for many purposes. This post gives a relative small and easy example that I use at home for accessing insecure web services in my home. These are:

  • Domoticz
    Free and opensource Domotica software
  • SabNZBd
    Free and opensource software for downloading binaries from usenet. Available for multiple operating systems
  • Sonarr
    (former NZBDrone) is a so-called PVR (personal video recorder) for Usenet users, which checks multiple RSS feeds (also called Indexer) for new episodes of the shows you're following.

These services run on different platforms and are not protected by username/password or encryption. Something that's not done if you want to access this over the Internet.
To get secure access to these services you might want to use a VPN solution into your home, but you can also achieve this by using a reverse proxy that 'protects' these services.

I run my NGINX reverse proxy on Ubuntu Linux, but it will also run on the average Raspberry Pi.

Posted on January 29, 2017 and filed under Internet, Security, Tips'n Tricks.

Installing Python Matplotlib On MacOS Sierra

I recently 'upgraded' to MacOS Sierra (Apple's latest Operating System) by doing a clean install. This resulted in a couple of challenges, including some software that could not be installed, and for which I had to find some alternatives.

Another issue I ran into is that some Python3 scripts with matplotlib wouldn't run, because matplotlib wouldn't install correctly.
I could 'pip' all I wanted, but the result was always:

$ pip3 install matplotlib
[...]
The following required packages can not be built: freetype

Some googling pointed me to some articles that freetype is/was a part of the XQuartz (X11) software that's no longer (pre)installed on MacOS Sierra. And in the past I have always upgraded my OS. The times that I did a clean install on this machine.... Must have been ages ago.

After some frustrating hours of trying to get this 'freetype' thing installed, I ran into an article on yantonov.com which solved my issue finally.

First I installed 'homebrew'.

$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

After that I installed pkg-config and freetype:

$ brew install pkg-config
[...]

$ brew install freetype
[...]

And finally, I was able to successfully install matplotlib:

$ pip3 install matplotlib
Posted on January 11, 2017 and filed under Annoying, Apple, Operating Systems, Programming, Tips'n Tricks.

Internet of Things (IoT) and Ransomware

Unfortunately, and no matter how funny the cartoon may be, this may be what the future is going to bring us if we're not careful.

Below are some of the online appliances (just random picks from Google):

The only item I couldn't find was the Internet-connected broom. But I guess that won't take long. The other items can all be bought with some sort of Internet connectivity, and are therefore potential vulnerable for abuse.

Posted on October 10, 2016 and filed under Annoying, Gadgets, Hardware, Internet, Security.

VPN and Resolving Issues on OS X

We have a lab which we can access by using a VPN (Cisco ASA and Cisco AnyConnect). This setup has a so-called split DNS configuration, which means that only resources in the lab are accessed through the VPN tunnel. Regular Internet traffic uses my local DSL connection.

At my house I (like most folks) rely on DHCP for providing me with IP address, gateway and DNS servers. My local subnet uses 192.168.10.1 for DNS and 192.168.10.254 is my default gateway. So my clients are in the same subnet as my DNS server (directly-connected).

All these things considered I should be able to browse the Internet while I have a VPN running. Well, that's where you're wrong.

Posted on September 18, 2016 and filed under Annoying, Apple, Operating Systems, Tips'n Tricks.