Other articles

1. DNS Over HTTPS

   With much of the web switching to HTTPS and at least some people becoming more concerned about privacy, DNS has recently come into the spotlight because it provides an ISP with the ability to monitor which websites a user visits. Multiple mitigations have been proposed - Android for example is going …

   read more

2. Web Service Security

   As a developer, I've used lots of web services and also implemented plenty myself. I've seen services with IP-based security provided by network firewalls, services protected by standard HTTP Authentication, TLS with client and server certificates and custom mechanisms using API keys. Recently, OAuth 2.0 has been added to …

   read more

3. Preventing Cascading Failure

   With the advent of reactive programming and frameworks like Netflix' Hystrix, classic stability patterns like Nygard's Circuit Breaker Pattern have entered mainstream software development. The circuit breaker is used inside your clients to cut the connection to a collaborating system (the server) once you notice the server doesn't answer in …

   read more

4. Living in the Future with IPv6

   It's not quite flying cars, but since yesterday I'm living in the future. IPv6 has arrived at my home network after I switched to a new VDSL contract. I had to activate it manually in my FritzBox home router though, but as far as I can tell, things are working …

   read more

5. Setting Up a SOCKS Proxy Using OpenSSH

   Web browsing on a public Wifi network is a security risk as it's quite simple to capture network traffic. Even if you only connect to SSL-protected sites, people can still find out which web sites you're accessing. Fortunately, there is a quick way to protect your privacy - all you need …

   read more

6. Setting Up a Web Proxy with Squid

   Setting up a Squid forward proxy can be a pretty daunting task since Squid is an extremely flexible piece of software. In this article, I'm going to provide a minimal non-caching, authenticated configuration. I have tested this with Squid 3.1.12 on Ubuntu 13.04, but with minor adjustments …

   read more

7. Getting Started With Kerberos

   Recently, I have been playing with Kerberos, a popular Single Sign On system (SSO) that is used in many large organizations. My first contact with Kerberos has been at university in a network security course, but that only covered the cryptographic part, not the more practical issues like setting up …

   read more

8. Sharing Files Revisited

   It's amazing how sometimes problems solve themselves. Since my last article, I got a new home router (a FRITZ!Box Fon WLAN 7320) that nicely solves the problem of accessing network devices with dynamic addresses even without Zeroconf.

   My router also acts as a DNS proxy and provides a few …

   read more

9. Sharing Files With Android Devices

   Occasionally I want to transfer a file from my Linux desktop machine to one of my Android-based devices via my home network. Shouldn't be a problem, there are lots of networking protocols for this, right? In practice, many solutions you think of aren't convenient enough for daily use.

   Services like …

   read more