How hard-coding your DNS can improve your security

I’ve long recommended hard-coding your DNS settings as a performance and reliability enhancement–here’s my guide for that–but it turns out it can be a security enhancement too.

Botnets targetting routers aren’t new at all, but there’s a particularly nasty one named Moose running around right now. Among other things, it changes routers’ DNS settings to point to rogue DNS servers that allow the attackers to steal your social media credentials, furthering the bot. Read more

The world’s fastest budget PC

So, a relative’s PC was getting a bit aged, and runs Windows XP, barely, so I talked them into an upgrade. I noticed that Micro Center had HP/Compaq DC5700s for $99. They were standard issue office PCs a few years ago, and there are a lot of them in the refurb channel. We went and got one over the weekend.

“What are you going to do with that?” the sales rep asked. “We only use them as cash registers.”

“Word processing,” I said.

“You sure you want to run Windows 7 on an 8-year-old PC?”

“I wrote the book on running Windows on older PCs. Literally. It’ll be fine.”

I hate calling rank like that, but sometimes it’s what you have to do.

And really, for $99, it’s awfully good. Web browsing is plenty fast, Libre Office runs fine on it, and think about it. Windows 7 retails for $100-$109. So it’s like getting the hardware for free. Or Windows for free, however you want to look at it.

Read more

More about Pfsense, the alternative to the crappy consumer router

I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe it or not, an ancient Netgear 10/100 card with the late, lamented DEC Tulip chipset on it. Great card for its time, but, yeah, nice 100-megabit throughput, hipster.

If you actually configure your routers rather than just plugging them in, you can do this. Plug in a couple of network cards, plug in a hard drive that you don’t mind getting overwritten, download Pfsense, write the image file to a USB stick, boot off the USB stick, and follow the prompts. Then, to add wireless, plug in a well-supported card like a TP-Link and follow the howto. Read more

Consumer routers are the security vulnerability of the year, so far

Today I found an article in PC World that gives a somber assessment of the state of consumer routers, like the device that probably sits between you and the Internet.

I’m glad this is getting attention. There’s a lot more to it than what’s in the PC World article, but I’ve droned enough about what’s bad about consumer routers. It’s bad now, and it’s going to get worse before it gets better. Kudos to PC World for providing a bit of an action plan.

What if you want to go beyond what PC World is talking about? I’m glad both of you asked. Read more

We\’ll have to wait longer for PCI RAMdisks

In case nobody noticed, it’s August. July came and went, and there’s no Gigabyte I-RAM on the market yet.

But there are a few benchmarks out there, and Anandtech has an article that, once you get past the usual rambling and over-the-top introduction, has some useful insights.I was going to say the first problem is the somewhat disappointing speed, but actually, there are two bigger problems:

Availability. Now they’re saying it’ll be out sometime in August. And they’re initially only going to make 1,000 of them.

Price. The original $50 MSRP is out the window; now this thing is going to cost $150.

Can anything else be wrong? Unfortunately, yes. The speed is a bit disappointing. The SATA interface is the bottleneck. The very newest hard drives can come close to saturating the SATA interface for short periods of time, so the RAMdisk doesn’t outperform it by much. If this drive were using an interface with more bandwidth, there wouldn’t be as much problem, but squeezing more bandwidth out of the 33 MHz PCI bus is tough. We’re at the point now where the PCI bus is a much bigger bottleneck than the ISA bus was in 1994. The theoretical limit of the PCI bus is 132 megabytes per second, which isn’t much higher than the sustained throughput of 100 megabytes per second that the I-RAM delivers.

The combination of PCI Express and a faster disk protocol has the potential to resolve this issue, but at the expense of limiting the device’s market even further.

I’m disappointed by the review in a couple of regards, though. First, they compare the I-RAM to the fastest SATA drive available at the time of the review. That’s not necessarily what every would-be purchaser would be using. I believe that an I-RAM used to replace (or in conjunction with) a drive that’s a couple of years old would be a mind-blowing upgrade.

Second, they don’t take fragmentation into account. Enthusiasts are more likely to defragment their hard drives twice a day than everyone else, so fragmentation may not be an issue for them. But my wife, mother, and mother-in-law don’t know what fragmentation is. Well, maybe my wife does because she’s probably overheard me talk about it. The thing about the I-RAM is that it makes seek times irrelevant, so it’s never going to slow down due to fragmentation. Translation: For people who have lives, this thing could be phenomenal.

The review complained constantly about the drive’s capacity. So I’m disappointed that they didn’t test the drive with NTFS compression enabled. While data compression is still taboo, and it increases CPU usage, when you’re out of room it’s your only choice. While its effectiveness is unpredictable, it’s fairly safe to bet compression will get you another gigabyte or two of usable space on a 4-gig model. But just as importantly, under some circumstances, compression can actually increase performance. I want to know if increasing the amount of data you’re flowing over the saturated bus makes up for the increased CPU usage.

WordPress Appliance - Powered by TurnKey Linux