?

Log in

When you're setting up your VPN connection, the most comprehensive way is to do it through your router.

The problem is that if you want to reach anything inside your LAN from the internet - say, SSH, a webserver at your personal domain name, a file server, MPD streaming radio, whatever.

You could use iptables. Here's a nice example page that covers most scenarios that you need, though it's written for Tomato routers.

Instead, I'm going to use policy based routing with DD-WRT (How to supercharge your router with DD-WRT). The same should apply to any other router that can handle both OpenVPN and policy based routing.

This is definitely in "advanced user" territory, though I'm going to do my best to make this as simple as possible.

As I previously mentioned, I use Private Internet Access. If you use another VPN, they should have a setup guide for your router. Here's PIA's guide for DD-WRT. The key part is assigning static IP addresses for your servers (something you've probably already done if you have a home server!) and telling the router to route EVERYTHING ELSE across the VPN.

What you'll want to find is the section in your router's OpenVPN setup labeled "Policy Based Routing".




As you can see, there's a range of IP addresses in there. In my case, 192.168.1.104 (not really) is where my server lives. So I went to http://www.ipaddressguide.com/cidr and put in the IP ranges of everything else that my router assigns as IP addresses in there. From that point, it was a simple cut-and-paste, reboot of the router, and then only the server was available directly from the internet without going across the VPN tunnel.

This is useful, because my server is already pretty hardened against attack. And because I have Apache2 running on that server (something you can do with the inexpensive CHIP or Raspberry Pi) that gives you a lot of flexibility.

That's via Apache2's proxy capabilities. When you enable mod_proxy in Apache, you can use it to forward ports and all sorts of stuff. For example, this guy used Apache to proxy his SSH requests.

Let's say you have Icecast running on 192.168.1.123, with port 8000, but your home server is a different machine (192.168.1.101, for example) at http://example.com . You set up the policy based routing above to route everything except 192.168.1.101 over the VPN. Then, in proxy.conf on 192.168.1.101, you put these lines:

#MyIceCastProxy
ProxyPass /icecast http://192.168.1.123:8000/mpd.mp3
ProxyPassReverse /icecast http://192.168.1.123:8000/mpd.mp3

This actually makes it easier for you, because now you can reach your IceCast stream at http://example.com/icecast with no port number. Additionally, it means that you're providing an extra layer of protection for your LAN from the wider internet.

If you have to deal with iptables - for example, if your router's firmware doesn't support it, or if you just want to, give it a try. Here's a few guides I referred to but couldn't get to work:

https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1000964&sid=7159499f6f7dd2c03ad86c81ab6caed9

https://charleswilkinson.co.uk/2016/05/14/selective-routing-using-ddwrt-and-openvpn/

https://superuser.com/questions/753736/accessing-a-webserver-hosted-behind-vpn-with-closed-ports-remotely

Finally, speed. You will experience slowdown with speed when using a VPN. It's partially the encryption, though OpenVPN is usually the best protocol. You may need to tweak your MTU, which server you connect through, or even what ports to optimize your speed.

Additionally, your router might be struggling with the computational requirements of the encryption for a VPN. In such a case, you might be better off having the individual machines run the VPN separately. That turned out to be the case for me (after all the researching and work I'd done). Luckily, PIA allows 5 devices simultaneously, so there's no need for me to buy a new router yet.

Here's some comparison speeds to keep in mind (and switching to TCP instead of UDP made no difference):

Type: Ping | Download / Upload
Regular: 32 | 23.83 / 2.36
VPN on PC: 47 | 22.43 / 2.21
VPN on Router: 35 | 5.82 / 2.28
So your browsing history and more can now (unless Trump does something unexpected) be sold by your ISP without them needing your consent.

The first thing you should do is find (and use!) a VPN. Sometimes that isn't feasible, or is beyond your technical prowess. Fair enough. Changing your DNS servers, though, is a fairly simple matter. (If you know what you're doing and want the DNS server addresses, skip to the bottom.)

If you don't know, DNS is pretty much the "address book" of the internet. Most ISPs modems and routers default to giving you their DNS servers. To strain the analogy a little bit, that's like your computer or phone calling their operator every time you look up anything online. Giving them that data literally gives them a record of everywhere you've decided to point your web browser. Also, it makes it really easy to censor the internet when you control the "address book".

Finally, changing your DNS server might speed up your internet a bit, so yay!

If you're using a VPN, you're probably already using their DNS servers, so you're covered.

If you're mostly worried about speed, you can check out the Namebench tool at https://code.google.com/p/namebench/.

Often, people just talk about Google's public DNS or the OpenDNS system (now owned by Cisco). There's other offerings that don't log or censor your DNS request. DNS.watch seems to be a good offering as well as Free.DNS's open free, and public offerings. You might also want to check out the OpenNIC project, which I just learned about while researching this post.

There's guides from Google, the How-To Geek, Lifewire, OpenDNS, or Greycoder to set up your system appropriately; the nice thing is that when you know the numbers to put in, whatever guide makes more sense for you will work.

IMPORTANT: I have not included IPv6 servers below. If you're using IPv6 please check to make sure your DNS requests aren't leaking.

IMPORTANT: If your router or computer has more than two entries for DNS and the provider you choose only has two entries, you have these options:


0.0.0.0 to fall back to your ISP DNS (DO NOT WANT!)
10.0.0.0 (a non-usable IP) if you don't want to use any other servers
Another DNS server of your choice (Do not duplicate one of the first two DNS's or it will default to 0.0.0.0)
Google DNS servers:
8.8.8.8
8.8.4.4

OpenDNS servers:
208.67.222.222
208.67.220.220
208.67.222.220
208.67.220.222

DNS Watch Servers
84.200.69.80
84.200.70.40

Free DNS servers
37.235.1.174
37.235.1.177

OpenNIC servers
138.197.25.214
45.32.230.225
50.116.23.211
96.90.175.167
So Congress just killed your internet privacy.

What next?

The first - and perhaps most important - step is to learn about and use a VPN. What's a VPN? As Lifehacker put it:

The most important thing you need to know about a VPN: It secures your computer's internet connection to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes.

Not only is this something you should be doing with your home computers, but it is definitely something you should be doing with your smartphone and laptop. Aside from ISPs snooping on (and selling) your private information, there's plenty of tools to snag information from others who are connected to the same public wifi point. This has been the case for a while - I wrote about it in 2012 - but it's even more urgent now. Even if you don't care about your privacy (though I do), you want to make sure that you stay safe on public wifi points.

I personally use Private Internet Access. I've found the service to be excellent, and like that they not only offer OpenVPN access (and apps for Android and iOS), but also support IPSec/L2TP, PPTP, and SOCKS5. And the price is right - as low as $3.33 a month.

Yes, those are all affiliate links - but that's because I use the service. If you don't want to use their app, the support guides are clear and well written for all the operating systems I've used. They also have sites to test your VPN - regardless of what service you use. You can see if your DNS is leaking your IP address, if your IPv6 settings are telling everyone where you went, or even if your e-mail tells others where you're connecting from.

Again, getting a VPN service you can trust - and using it - is one of the single most important things you can do to protect your privacy.

Check out the comparisons at PCMag and the roundup of privacy guarantees at Torrentfreak to see what services work best for you.



If you need to know why this is a big deal, check out this post: http://www.ideatrash.net/2017/03/stop-talking-to-your-wiretap-in-2017.html
I happened to catch CNN today just as David Nunes was refusing to recuse himself from the Russia probe.

Three things occurred to me.

1. The business ethics "training" I've had at my day job isn't all that great. But hot damn, it makes pretty clear what a conflict of interest is, and also makes it absolutely clear that a perceived conflict of interest can be as bad or worse than an actual one. One would hope that a Congressperson leading a committee looking into wrongdoing would have better training in business ethics than me.

2. In eight years, Obama had relatively few scandals - and the ones there were (such as the "Fast & Furious" and "IRS targeting" scandals) were not ethics ones involving the actual administration. 1 While Brietbart claims that there were 18 scandals, they're including stimulus spending as a scandal as a "waste of taxpayer money". At this point, I'm hard pressed to think of a member of Trump's cabinet or inner circle that doesn't have some kind of scandal - or sheer incompetence - attached to them. And if you're going by Brietbart's standard of "waste of taxpayer money" being a scandal, Trump's weekly golfing trips to his own resort are each and every one a scandal.

3. How long are we going to wait before calling for impeachment? How much evidence do we really need of Trump's collusion with Putin? How many times are we really going to sit there and be outright lied to when there's literally video evidence of the lies?

Look, I know how it feels when the person you supported doesn't live up to your expectations. As much as I approved of Obama as a president, there were a good number of times that he did things I highly disapproved of. (Drone strikes, anyone?) The temptation to circle the wagons is high.


Maybe it's because I grew up at the end of the Cold War, but I'm really having a hard time with understanding how conservatives are okay with these ties to a foreign government - and especially when it's Russia.

It's only been a few months, and every time you turn around there's another person associated with Trump who has connections (and has lied about them - Sen. Sessions, I'm looking at you) with Russia.

Impeach the motherfucker already.


1 If you're going to say "Benghazi" at me, there was no evidence of Clinton being culpable or did anything wrong. Others did, but not people in the Cabinet.
The right-wing attempts to suppress views they don't like isn't just being
done by shutting down talk show hosts.

It's also being done on college campuses in a stunningly hypocritical
fashion.

You've probably heard rumblings about this, but it's hard to actually see
examples of how the right-wing wants to control speech. But this exchange
happened online, showing exactly how hypocritical the arguments are, and
how they're clumsily trying to use the same tools we've used to protect
minorities.

Here's what happened first: A college student said she's afraid of being
stereotyped because she's a Republican in college.


As a Republican in college, I am genuinely afraid to speak about my
conservative views in fear of being stereotyped or labeled negatively
— michelle shampton (@michelle_sham) March 17, 2017

...which already should have you scratching your head. "I'm afraid of being
labeled as or associated with other people who have the same views I do
when I speak about my views" is a tortured bit of logic.

My pal Patrick Tomlinson pointed out that our LGBT friends are genuinely
afraid of being murdered.


@michelle_sham That's terrible. My lgbt friends are genuinely afraid of
being murdered by Republicans. But your fear is totally important.
— Patrick S. Tomlinson (@stealthygeek) March 22, 2017

And another student (at least, she is according to the "Daily Caller") says
that fearing being murdered is a "personal problem".


@stealthygeek @michelle_sham sounds like a bit of a personal problem
— Melissa Bailes (@mamabailez) March 22, 2017

My Patrick Tomlinson ripped into them at that point.

It's arguable that Patrick was rude to these two self-labeled conservatives.

But we're seeing a huge metric ass-ton of hypocrisy here, and in an attempt
to make it so these conservatives don't feel judged for... well, doing
things like calling fearing murder a "personal problem".

Oh, and to just answer their later claim that one shouldn't
feel "threatened by an opposing viewpoint", it's not the viewpoint that's
threatening, it's the real-world violence that's on the rise.

Here's a quick factchecking note: Hate crimes are up by a 20% - 50% in the
United States. Source, source, source, source. You can find more - this was
just what was on the front page when I did a web search.

Oh, and then there's also this kind of relevant article:

LGBT People Are More Likely to Be Targets of Hate Crimes Than Any Other
Minority Group

This would have disappeared into the wilds of Twitter except that the Daily
Caller decided to make a stink about it. (If you're not familiar with
this "news" site, Ann Coulter is a columnist for them, which probably tells
you all you need to know.)

This whole exchange is important, because it shows the kind of argument
that conservatives are using to silence others by misusing the protections
designed for minority groups. Luckily, the "logic" here falls apart pretty
quickly if you restate it clearly.

So let's summarize this again.

When told that people are genuinely (and legitimately) afraid of being
murdered because of certain views, these two self-described conservatives
say it's a "personal problem".

And then the students, the Daily Caller, and a bunch of commenters proceed
to be super upset that a guy on Twitter called them names.

The hypocrisy is not just that they're ignoring the hate crimes and real
world violence to LGBT people (and all sorts of minorities).

They're also ignoring the Bill of Rights. It guarantees you the right to
free speech. You do not have a guarantee that nobody will be upset by what
you say.

Perhaps those students - along with the Daily Caller - should go back to
their high school civics class.
I'm surprised this still needs to be explained, but judging from certain events and some of the comments on the Facebook post, it does.



Are you thinking of telling a woman to smile, or that she's prettier when she smiles? I've saved this Google search for your reference.

I mean, literally the entire first page of results for that question is "DON'T DO THAT."

Telling a woman to smile - especially if you tell her to smile because it makes her prettier - is a good way to tell everyone around you that you're a sexist asshat.

You're not a sexist asshat?

THEN DON'T TELL WOMEN TO JUST SMILE.

The thing here is where you're dictating to someone else how they're supposed to present for your pleasure.

If you're actually concerned about their well being, you'd ask if anything was wrong and if they wanted to talk about it.

If you like the women around you being happy, then do some shit that makes them happy and treat them like real people instead of objects.

Yes, I realize that people with good intentions have done this without realizing how much they seemed like a sexist jackass. Here's what those people should do:

STOP TELLING WOMEN TO SMILE AND TREAT THEM LIKE PEOPLE FROM NOW ON. CHANGE YOUR BEHAVIOR INSTEAD OF GETTING DEFENSIVE.
There's a lot of jargon out there in relationship-land, but my absolute favorite has to be brain weasels.



The term itself is needed. It describes a specific group of feelings or reactions that aren't always grouped together. By grouping them together in this particular way, it's easier to identify the root causes of the reaction or feeling and address it directly.



Second: It serves as a kind of safeword.



A safeword is "a word serving as a prearranged and unambiguous signal to end an activity". The activity here are the negative feelings and reactions. And by being a prearranged label, it can cut through whatever drama is going on in the moment and invoke that calmer time. It's a way of bringing someone out of their emotional fugue and back to clarity for a moment.



And it does all that without (linguistically) laying blame.



Brain weasels, linguistically, are their own entities. By naming them as something other than your sweetie, you've managed to address the problematic behavior without actually blaming the person. This allows the person doing the behavior to address the behavior themselves without having to worry about defending their ego.
So first, let me share this video with you. It's called "Sexual Racism", and was sparked by a question on a Q/A panel:


Someone from the audience asked if having partner preferences for a certain racialized group is a form of discrimination... As if "I will only date Mexicans, is that racist?"

Their answer - in one word - was "Yes". And I'm conflicted about that.

More after the video.



And that short answer - though it's followed up by explanation - makes me a bit uncomfortable, and not in a "challenge my assumptions" kind of way.



Because I would "Yes, and..." as an answer to that question.

Yes, I agree that racism has influenced who we are and are not attracted to.

I've noticed this in my own life: As a teenager (and overwhelmingly exposed to only white people), this was definitely true. Once I hit the wider world (and especially in the military) and was around people of many different ethnicities, that stopped being the case.

Acknowledging the unspoken social forces that shape our preferences is absolutely required. The institutional racism talked about here is definitely true and persists BECAUSE it is unexamined, or because people with good intent assume that being "deliberately racist" and "being racist" are the same thing.

So I'm in total agreement with those points.

AND... at the same time I've got two things about this video that make me uncomfortable.

First, there's a blurring between individual prejudice (and individual racism) and institutional racism that leaves some really big unanswered questions.

For example, they're largely talking about those who EXCLUDE a racial type. What about those who have a preference for a specific ethnicity? What if that preference is for a racial type that (according to the data cited, which I'm not disputing at all) is typically found "less attractive"? Wouldn't that be a good thing?

Ugh. Just writing that there's some racial types that are found "less attractive" makes me feel unclean.

Anyway, that blurring between the individual and societal also removes all the other elements in attraction, which seems to be a quick route toward further objectification.

Don't get me wrong. This video makes a compelling argument for broadening your horizons, and I completely 100% agree with that. In my own experience, I can look back at who I found "attractive" and see how that's grown, broadened, and shifted.

But that's why I've got a big "and..." attached to my agreement with this video. That shift did not occur due to objectification, but from getting to know different types of people as ... well, people.

My tastes in what qualities or features I found attractive (and - importantly - in what I did or did not find un attractive) followed the shift in who I was exposed to. It was getting to know people of different types, ethnicities, religions, sizes, and [insert quality/descriptor here] first that caused the broadening in whom I found attractive.

And that's why I'm left uncomfortable with some of the video's end exhortations. Sure, don't set racial restrictions on your dating profile. That's cool. But (for example) to "swipe right on Tinder profiles if the person's from a racialized group you'd usually pass up"? That makes me distinctly uncomfortable.

Maybe because it reminds me a little too much of a few guys I've met over the years who were - and yes, this is AMAZINGLY offensive - keeping score of what races of people they'd slept with.





While I appreciate the intent of having people broaden their horizons and not excluding people of color, I am having a hard time seeing someone going out on a date with a person they're not attracted to as anything other than an offensive trainwreck 99% of the time.

I think that's because it brings me back to the point of objectification.

Again, I agree completely with examining and challenging your assumptions. In short, if you think you're not racist and you live in this culture, you're wrong.

That goes double if you say "I'm blind to race".

I've seen the effects of it in my own life, and I agree completely that you've got to expand your circles of what types of people you're exposed to. (I need to work on this again myself.)

I also recognize that any romantic and sexual relationship requires a certain amount of objectification. To quote Dan Savage 1 :


The historical problem with the objectification of women wasn't that women were treated like objects, ladies, but that women weren't treated like, or allowed to be, anything else... The urge to objectify is universal, and so long as it's fairly and respectfully indulged, it's not offensive, not a problem, and not news.

But if you're going on a date with - or even signaling potential attraction to - someone simply because they're of a different ethnicity? Or worse, forcing yourself to?

I'm not so sure that's a great idea either.


1 Slightly edited because the quote deals with a specific situation, though he's said the same thing elsewhere since.
While you shouldn't judge a book by a cover (well, maybe these), you probably enjoy the covers of many of the books in your Calibre library. And since they're eBooks, you probably want to see some of those covers more often.

I like using covers them as the "screensaver" on my eReader, and sometimes for backdrops or lock screens on my phone. But as nice as Calibre is, the way it stores the files makes it vaguely difficult to pull all the covers out and intelligently rename them. It's not a big deal, but it does take up more time than it should.

My script dollop-of-book-covers aims to fix that.

It's a bash script (*nix, probably OSX) that will search your Calibre library tree, pull out all the covers, and put them in the directory of your choice while renaming them with the author and title of the book.

Oh, and if you have ImageMagick (free, cross-platform), it will resize them to whatever width and height you specify.

You can read more about how to use it and snag the script over on GitHub at

https://github.com/uriel1998/dollop-of-book-covers
I saw this publicity still from Thor: Ragnarok of Jeff Goldblum's character and... well, here's where I ended up with it. (Marvel, feel free to steal this. Really. I want to see this. But it's gonna be headcanon for me.)



After "The Incident" and the revelations of Asgardian technology, a brilliant scientist manages to reverse engineer bits of it... y'know, like what happened in Independence Day when aliens showed up.



This isn't exactly new territory - Agents of SHIELD has been mucking about with alien tech for its whole run one way or another.



But we're just getting started.



See, our Goldblum-esque scientist doesn't just reverse engineer any old Asgardian tech. They reverse engineer Bifrost tech.



One of my favorite bits of Agents of SHIELD lately was when they were offworld. It was cool. It was bringing new realms into the show instead of just being a way to introduce other characters (Yes, I really loved the Ghost Rider in the show, but that's an exception.) You've probably already figured out where I'm going with this. Rather than a one-off alien rando teleporter macguffin, I want them to reverse engineer this:



You might think the portal they already had in Season 3 means they've traveled this road already, but with the addition of the Darkhold, this plants the possibility of a portal not just to ONE location, but a gate like the ones from Stargate.



And then, my friends... then things could get really interesting. You can have whatever kind of shows you want - exploration, sociological, overarching conspiracies... plus the regular AoS stories we're already doing. Plus the whole "how the hell would Asgard react to this" thing.



I know, it won't happen. But still, it'd be cool, wouldn't it?



Or maybe I just miss SG:U.