Free DNS alternative with privacy guarantees

Google, Twitter or Facebook products are not social media. Those products are made for a very specific purposes. No conspirancy theories, just business, all are offered for free in exchange of our privacy.

Lately has been broad knew the Facebook case with Cambridge Analytica. Not only Facebook, Google too closes Google+ without previous inform about profile and security leaks as WSJ reports in Google exposed user data….

In front of this, there’re movements promoting a different Internet, more citizen based, allowing sharing content without legal restrictions, decentralized and protecting out privacy. For instance I recommend you to have a look to the Free Software Foundation (or Free Software Foundation in Europe) or the lately Tim Berners Lee initiative called Solid.

The purpose of this post it’s only show how substitute the so called free services offered by private companies for an alternatives ones.

Google offers free DNS promising a fast, secure and reliable service, it’s probably true but I propose you to consider how much privacy are you giving.

It’s more easy than not use an also free, secure, reliable and which is more important, privacy guaranteed one. Here’s the one I’m testing lately: OpenNic with a long list of DNS free servers. It’s recommended to choose one close to you, obviously.

You may find how to configure OpenNic in their WiKi, fairly easy by the way. Try it and spread your experience.

CNTL when curl or wget is not enough

Simple retrieving from the Internet behind a proxy

There’re a couple of ways to go out your company via a proxy. Most common and simple it’s to retrieve a particular web using the command curl (or wget) and include your authentication in it, for instance:

curl --proxy-ntlm --proxy-user "MyDomain\ntlmtest:test" --proxy proxy.estest.intra:3128

(You may get more information at https://github.com/curl/curl/issues/954)

When curl or wget is not enough

Me needs has been wide than retrieve a single URL. If you’re using a Linux workstation behind a firewall you need; browse the Internet, to update your system, connect through ssh to an outside host, just to list the most commond ones.

The best solution I’ve found is to install on my workstation CNTL. It acts as a local proxy, you send to it all your connections to them and it goes via your proxy. But, what is really remarkable is that CNTL does a great job in terms of authentication with NTLM based proxies, in my opinion. Cntl is written in C, so is quite fast and light, your NTLM password are hashed, not in clear.

How to configure cntl?

I recommend you read carefully https://stackoverflow.com/questions/9181637/how-to-fill-in-proxy-information-in-cntlm-config-file/44238035#44238035 since it guides you step by step.

What files are required?

In Linux your configuration is stored at /etc/cntlm.conf

In order to let your apps and enviroment you have a localhost proxy you must fulfill this variables at your home files:

$export ftp_proxy=http://localhost:3128
$export http_proxy=$ftp_proxy
$export https_proxy=$ftp_prox

Command line in browsers for private modes

Not as usual as a double click on a icon, but useful too, you may type a command line for start a browser.

Some brosers have a richfull command line options. If you want to start browsers in a private / incognito mode type:

  • for Firefox: firefox -incognito
  • (for more information check this article from Mozilla about Command Line Options)

  • for Epiphnay: epiphany --incognito-mode
  • (Epiphany has its own man page, so may type man epiphany to stay up to date for the options in your installed version).

  • for Google-chrome: google-chrome --incognito (for more information check this post from SuperUser about Google-chrome awitches)

You may dig into your favourite search engine to no found how many options they offer us.

How to tell to fail2ban what init system are you running

I owed myself a fail2ban installation on the Raspberry Pi. A simple view of this log tell you many things:

Jun 17 07:54:15 raspberrypi systemd[1]: Starting Fail2Ban Service...
Jun 17 07:54:28 raspberrypi fail2ban-client[11687]: ERROR No file(s) found for glob /var/log/proftpd/proftpd.log
Jun 17 07:54:28 raspberrypi fail2ban-client[11687]: ERROR Failed during configuration: Have not found any log file for proftpd jail
Jun 17 07:54:29 raspberrypi systemd[1]: fail2ban.service: Control process exited, code=exited status=255
Jun 17 07:54:29 raspberrypi systemd[1]: Failed to start Fail2Ban Service.
Jun 17 07:54:29 raspberrypi systemd[1]: fail2ban.service: Unit entered failed state.
Jun 17 07:54:29 raspberrypi systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Jun 17 07:54:29 raspberrypi systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Jun 17 07:54:29 raspberrypi systemd[1]: Stopped Fail2Ban Service.
Jun 17 07:54:29 raspberrypi systemd[1]: Starting Fail2Ban Service...

You may notice I’ve tried to start up Fail2ban unsuccesfully. So let’s debug…
It appears an error that informs there’s no proftd.log. The second line points to the same log file, but related with fail2ban configuration (jail, here means fail2ban configuration).

After digging a lit bit I’ve found that fail2ban sets as auto its configuration and try to guess if your system is managed by systemd, traditional systemV init scripts or whatever. I edit the /etc/fail2ban/jail.conf, I set backend = systemd and fail2ban starts up succesfully.

How good it’s philosophy for being a developer?

It’s quite encouraging listening what Chris Lee says about mature people that starts to learn to programming. He says that lawers, philosophy degrees and musicians are logical and detail oriented professionals. Those attributes help them to learn to code and otherwise are skills the newies needs to develop.

You may listen the podcast (go to minute 20 more or less) in https://learntocodewith.me/podcast/fundamentals-first-with-chris-lee/

Chris Lee is running Launch School and he also share more interesting opinons, I agree with him for instance:

  • Mastery, rather than time spent, should be the goal
  • Don’t start by learning the frameworks. Learn from fundamentals and take your time.
  • Target the job you want, and then build something that shows what you’re capable of with that job in mind.