-
Docker networking part four – hacking around docker limitations.
After part 3, my setup was pretty good, and I was pretty sure I had come to the end of the road. There was just one thing that was bugging me: I needed to do NAT (MASQUERADE) in my firewall to get around the fact that docker routing table management is pretty limited. And with…
-
Docker Networking Part 3 – removing the unintended escape routes.
At the end of the part two I showed that all the docker networks I had created were, in fact, bridge interfaces, which would bridge traffic out of docker. When the interface, that lives on the outside of docker, also has an ip address in that network, I can connect to services that listens to…
-
Docker Networking Part 2 – what happens in docker stays in docker.
After having created my docker DMZ in part 1, I realized that if I just connected the networks of the docker-containers I wanted to access from the internet to the firewall container, I could avoid exposing their ports to the underlying machine altogether, thereby reducing the number of open ports on the server itself. I…
-
A virtualized DMZ with docker
Being somewhat of a minimalist, having only one server at home, but still trying to make a good, secure and stable infrastructure, it bothered me to forward network traffic directly to my server. Granted, most of the services exposed was running in docker, but it still was forwarding it directly into my «red zone». A…
-
AI Image Analyzers – a duel between Google Bard and ChatGPT (GPT-4)
Having scanned some 1700 slides of various quality, various age (from 1964 up to the 90’s), and with sometimes dubious labelling and sorting, I decided to do some research into whether the current crop on publically available AIs can be of some help. Both Google Bard and OpenAIs ChatGPT now has image analyzing capabilities, so…
-
Partiprogram for Folkets Faktaparti.
(Dette innlegget ble skrevet i et øyeblikks frustrasjon over faktaresistente mennesker, særlig i kjølvannet av pandemien)
-
Microsoft – incompetent or malicious?
A couple of days before christmas, mail sent from my mail server to people hosting their mail in the MS Office365 platform started bouncing: <NN@xyz.no>: host xyz-no.mail.protection.outlook.com[104.47.18.74] said: 550 5.7.511 Access denied, banned sender[X.X.X.X]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [AM6EUR05FT044.eop-eur05.prod.protection.outlook.com]…
-
Changing partitions and zfs disklayout without downtime?
When setting up my SSD zpool – which I basically wanted because I wanted *no* constant disk-access to my disk-based zpool, I was lazy. Laziness almost never pays off. Before starting with ZFS, I had almost my full SSD as an LVM physical volume (except the bootdisk). Then, I added my external disk cabinet and…
-
Todays hack: Integrating a proprietary alarm and lock system into home assistant
Last week, we got our alarm system from alarm.com (yup. I dare say which vendor. Security by obscurity is no such thing) set up. We’ve had a code lock from ID Lock for a while, but until we got the alarm system, it was totally standalone. Now, there exists ways to have it communicate over…
-
Keeper Password Manager – a small technical review
Last year, the company I work for signed up for Keeper Enterprise. A good password manager was something I’d been vouching for at work for a while, for a few reasons: Security policies often dictate practises that simply isn’t feasible to follow. Even though sharing passwords is discouraged, sometimes it just can’t be helped. There…