Recent comments on posts in the blog:

Great article to set-up a server and directly apply system hardening principles. Gave me some new ideas for open source security auditing tool Lynis, which you and your readers might find useful after setting up a server. If you are interested, Lynis can be downloaded via or GitHub.
Comment by MIchael Boelen
Instant Messaging + NoScript
With Firefox 41 there is a new instant messaging feature. Somehow it does not work properly for the one who inititates the conversation. I suspect that NoScript blocks this feature. However, I have no idea which domains to whitelist as the initiating party has no suggestion presented by NoScript.
Comment by Adoa Coturnix
Re: The point of network scanner
It does feel like a strange thing indeed but when server is not far from the client and happens to be running a more recent distro then it can be a good way to get a scanner working :)
Comment by francois
The point of network scanner
I am just curious, why do you use a network scanner? I have always been puzzled by that possibility, since a scanner is, by nature, something you have to physically move to in order to use it.
Comment by Elessr
I think ssh over Tor is even easier

Did you just tell the whole world how to attack your laptop?

I have provided ssh access with SixXS tunnels, but the ssh connections seem to drop after a while. I've had other issues with the tunnels also, but I still use it to run a Bind9 hidden master.

Recently I documented how to set up ssh through Tor with a stealth authentication cookie. I think it's easier than signing up for a tunnel provider, perhaps setting up a firewall etc... The latency of Tor can be a bit tedious for an interactive shell, but it works fine for our use cases.

Note if the https doesn't work, try http. I have been testing some things and have nginx running port 443 and Apache on port 80 and I may break TLS as I try out some things.

Comment by Chuck Peters
A simpler solution exists
In similar situations, I just say "use IPv6". If a tunnel is needed, miredo is already in Debian, and provides a reliable teredo server.
Comment by Alexander E. Patrakov

Hello, Maybe you can help me. I installed the OpenVPN on my tab (Samsung tab4 with Android lollipop) and the connection is OK. I see that there is a connection, I can even ping the tab from my VPNserver (router). The thing is now, not all traffic is flowing through the tunnel. I started a couple of applications and the registered data use is not increasing that much. Also some applications won't work because they only work in my own LAN. So my conclusion the tunnel is not used for several applications.

Questions: 1. How can I check if an application is using the tunnel or nog. 2. How can I config that all applications are using the tunnel. 3. Maybe something else I have to do ??

Thanks in advance.



Comment by JD
Android app

How about WiGLE Wifi Wardriving as a Free app for seeing local channel use?

In the UK, there's one generation of BT Home Hub which uses only three channels... and you can't colour a map with three colours so if there are too many in an area, welcome to WiFi interference hell.

Comment by MJ Ray
the least congested wifi channel

"Once your devices are set to the right country, you should scan the local environment to pick the least congested wifi channel."

But beware -- the least congested channel may be unused for a reason. In my office I can see the usual mess of overlapping wifi's but nobody uses 5/6/7.

And if you try you soon find out why -- something nearby emits huge amounts of noise at those frequencies and those channels just don't work at that location.

(Makes the "auto select" feature of many AP's useless).

Comment by John Hughes
Re: comment 3

Is there a possibility to getting it work with tap interface? The current openvpn binary doesn't work with Android Lollipop :(

I'm using it on Lollipop and I was able to set it up with a graphical app, not a command-line one.

Comment by francois