Sagacious Himself — brevity in circumlocution: never blague — suffering genius

October 23, 2009

OpenDNS Deluxe needs more features and lower cost to justify purchase espcecially in light of TreeWalk DNS — should include power wildcards and RADIUS

Filed under: CIO,DARPA,overview,security,social engineering,Tagtastic — Sagacious Himself @ 11:22 am
Tags: ,

Paid versions of OpenDNS? Hmm OpenDNS is but one of your alternatives to your ISP poorly performing resolvers.  Is the Deluxe version of OpenDNS worth the investment of the home user (parents)?

No.

OpenDNS ought offer hosted RADIUS as part of that price especially as their primary audience has always been home users — WPA2-PSK AES is NOT sufficient anymore.  Hosted RADIUS is not currently priced for home use but there is a ‘vast’ untapped market of people who do not realize their need yet;  Those aware of the need are extremely unlikely either to buy a dedicated hardware appliance or build their own RADIUS server.

OpenDNS “Deluxe” as “free without ads and a smidge more” [not a quote] is not featured enough to justify $10 annually.  While increased space in blacklisting is tempting, and while whitelisting-only has certain parental applications (albeit in a complex bordering on chaotic implementation challenge),

For $10 or preferably less annually OpenDNS ought apply a few changes in offerings to home users:

OpenDNS free ought offer more blacklisting space and use expanded whitelisting as an upsell. — (crippling (porn) sites a far more effective deterrent than outright blocking and requires a much larger blacklist than 50 hosts)

OpenDNS deluxe ought offer FINE GRAIN control over the NXDOMAIN intercept page.  OpenDNS ought not use the NXDOMAIN intercept page in a deluxe of better panel as an upsell avenue nor should there be evidence of OpenDNS branding.

OpenDNS ought recognize the vast hoards in broken marriages and mixed families: one account six houses type scenario.

OpenDNS ought recognize some ultra broadband residential customers (fios) have multiple public IP addresses: a one house scenario.

OpenDNS deluxe ought offer wildcard support in white- and blacklisting.  Wildcards as prefix and suffix (por*.rain.tld / *tube.tld), wildcards in the middle of FDQN (cdn.*tube.tld / cdn*.*.*tube.tld), and single character wildcard “?”.

OpenDNS deluxe ought offer a wiki for home gateway configuration (filters or rules) to seize resolution requests

OpenDNS free is not suffient for most residential user (parental) needs, and OpenDNS does not add enough value to justify expenditure given TreeWalk DNS, OpenDNS alternative, is readily available without invoking irrational fear by uttering ‘bind’.  TreeWallk DNS (for windows) is free, easy enough to setup, and offers the home user (or parent) orders of magnitude more power and features (ConFetch).

I would have kept TreeWalk “to myself” but I hope to modify the OpenDNS deluxe  feature offering while reducing the annual cost for (complex) residential users. TreeWalk currently maintained by Zenobi.

“TreeWalk is a “free personal use”, automatically installed DNS name-caching only server which is similar to, but more efficient than using your default ISP’s DNS servers. A lookup only, non-persistent caching version called BIND-LE for Windows 95/98/ME/[2000/XP/2003] is also available from our Downloads page” [[If you’re using Windows7 (aka vista) you’re SOL twofold. Enjoy the sweet suffering you masochist.]]

I do NOT advocate switching to google’s “free” DNS;  all the “free” services from google are merely a methods for facilitating your (blissfully ignorant) quiet surrender of  yourself via packetization.  Google is not a philanthropic group; google is a giant relational database mining enterprise that also runs an ad deployment platform.  Participation in google projects is PURE FOLLY.

edit: see also Pirate bay P2P DNS, dot-p2p

[ Himself.wordpress.com ]

Advertisements

October 6, 2009

mobile phones: how is it as a phone?

Filed under: CIO,iTard,Motorola phone,sigh — Sagacious Himself @ 9:27 pm
Tags: , ,

Why is Motorola targetting the iTard market with the Motorola Droid?

Should not phones primarily BOTH

(1) have excellent signal reception/relay
AND

(2) have excellent audio fidelity / vocoders

???

YES!

Does the motorola droid? who knows?!  The engineers might not have bothered testing.  What has happened to the motorola name? merely YAPP (yet another phone producer)?

Does anyone test PHONE network connectivity or test PHONE voice quality anymore?

As long as a phone is SHINY, small, light, and run programs to delight the feckless surely it will be a winning selling product…

Soon the generation who inflicted contraceptives on society will in turn receive the similar gift of euthanaia. … iTards and useful idiots first.. then second generation iTards.. then public school employees and overseers…

I want a slimmer motorola e815.  HTC has one passable PHONE, but I am not interested in paying a $60/month verizon FINE.  One cannot opt-out of the verizon penalty fee.  I want to use the PHONE as a PHONE and nothing more (than the occasional SMS).

edit: even eWeek doesn’t bother to review PHONES  as a PHONE per se... seems like eWeek has moved to the iTards column

Where are the QUALITY PHONES????

edit:  droid “does” stuff but how well IS it a PHONE?


S.H.

October 2, 2009

Hazaa! how to disable SIP ALG on Westell 9100

Filed under: CIO,Hackery,How To,social engineering,verizon circumvention,voip — Sagacious Himself @ 4:26 pm
Tags:

Hazaa how to disable SIP ALG on Westell 9100em

ZERO help from verizon on this topic: ZERO help via phone, ZERO help via email, ZERO help via live chat, ZERO help via forum, ZERO help via paper mail.  All verizon avenues assert it is not possible to disable the SIP ALG in the 9100em westell.  Errrn! wrong.

Export conf, edit file, load conf, reboot.

advanced
yes
configuration file
save configuration file

remove ONE line: (alg(sip_udp))
save changes to file

advanced
yes
configuration file
load configuration file
advanced
yes
reboot

For a little more sanity modify the 9100em SIP service definition from only ONE UDP port, 5060, to include expected defaults-  or YOUR SIP and RTP ports.. you’ll be redefining the 9100 SIP service to be voip service as creating your own voip service definition will not suffice — thanks verizon for making “open” RG “better”.

Yes, delightfully you will be making multiple modifications in several locations in the config file: service, meh why ruin your fun you can find the rest right?  protocol(17) = UDP  protocol(6) = TCP.  For a little more joy craft some advanced filters (firewall settings, yes, advanced filtering) to allow traffic in, Initial Rules, from your ITSP server(s) or otherwise with the SIP/RTP ports you use. Enable rules logging to verify, syslog daemon preferred, but do not leave enabled.

Tested against
9100em hardware revision A
9100em hardware revision D

Only functional SIP ALG exists with Cisco (not linksys) and Juniper networks.  By default every NAT’ing device sold in a big box store has similar piss poor NAT.  PFsense for everyone!

@ verizon fios

Now that I have your attention.. I would like an option to receive an IPA lease from a netblock without correlation to my geographic position.  (this is not challenging for you to implement).  GeoIP location violates privacy and deters confident exercise of freedom of speech.

It would also be super to buy an additional IPA since this device was designed with that in mind.  That’d be easier than the solution for multi IPA I employ now which I won’t outline.

* 2010 update: the least painful way to escape fios cpe SIP ALG is to use SIP ports _other_ than 5060 on server (or proxy).  DEMAND your ITSP/VSP offer such ports or upgrade to one that does [viatalk].  DEMAND your VSP support SIP TCP & TLS.

* Sept 26 2010:  actual Cisco NAT & ALG

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/htsmpws.html
NAT Optimized SIP Media Path with SDP

.

[ Himself.wordpress.com ]

October 1, 2009

skipscreen to skip FFH junk, then injects junk?

Filed under: Download,firefox — Sagacious Himself @ 9:29 pm
Tags: , ,

 

 

 

disable two bits of nasty

(1) websearch hijacking:  set pref to false, and disable the JS

(2) change value of var ssResource in skipscreen.js to less nasty interstitial screen, or remove outright

Blog at WordPress.com.