Photo by Richard Patterson CC BY 2.0
Sending a message to a webmaster with his public key… The idea behind this I actually got from an April fools released by c’t magazine. To cut a long story short they claimed that weak GDPR phrasing could be a reason that common letter post might need to be properly encrypted. They even provided a tool that extracts a websites public key use it to encrypt a provided message.
You can find the article (in German) here and the tool here
Anyway. I was thinking how I could use this to send webmasters encrypted messages when they do not offer public keys emailing. And for some reason I do not was to ask them for keys. Maybe because I am incredibly clever and shy at the same time … never mind.
To get a basic understanding how symmetric and asymmetric encryption – to say the relationship between public and private keys – works just watch this video. I started adding captions in English. Hopefully they will be released into the wild soon.
THX @ @dunkelmunkel – Feel free to watch more of his videos 😉
Fun fact: This domain has been registered 4,285 days ago.
Preamble (just skip it or click and read it, whatever)
A quick way to get yourself your LAN – well not ad-free but way ad-less.
This blog post will be some weird mix between this existing post here, updates for it and less verbiage.
Just a side note: Browser-based ad blocking is way more efficient rather than filtering using DNS filter lists. The reason for this is that those in-browsing scripts can adjust the appearance of a website directly while DNS based blocking simply does not allow content from specific domains to be loaded. Depending on the used browser the result may vary.
So why wasting time and money to set something up like this? Three reasons:
- Especially on mobile devices you cannot simply install ad filtering software without enhanced access to your device (like ‘rooting’). Yes, there are apps like Block This! but maybe you need your VPN capabilities elsewhere
- Other apps do not depend on browsers and sideload their ads other way, like the YouTube app on Android or any ad-funded app. If you cannot attack the enemy from within you have to surround him.
- You have lots of devices and/or share your LAN/WiFi with others and want to serve your legacy of ad-free browsing with just being connected to the network
To be clear: This tutorial is way not bulletproof nor it is dedicated to total newbies and there will probably be tons of room for improvements. Some basic knowledge about Linux, especially Debian and networking is highly recommended. Though if you have questions do not hesitate to get in touch with me on Twitter. I may do a kind of bulletproof tutorial from scratch if someone sponsors me a new OrangePi One SBC or any other more expensive board :-P.
I decided to continue this in English as you may have noticed. Simply to get more reach.
As some of you might already have guessed I am doing electrical stuff in my employment, including electrical engineering. For this purpose our company utilised Eplan Electrical P8. Other examples for such an engineering software would be Elcad, AutoCAD Electrical or WSCAD and some more. Just Google for it if you want further information.
Eplan using USB dongles to protect their software from piracy. The dongle has to be connected to your computer in order to start the software and keep it running. Removing the dongle causing the software to stop working until you either reconnect the dongle or close it.
If you want to use Eplan on another PC you have to hand over your dongle. This is quite impractical especially if your company has multiple workstations in different places but does not want to invest in more of these quite expensive Eplan licenses.
The solution for this issue is buying a so called network license. You still will receive a dongle which has to be connected to any PC which later will serve as license server. Eplan utilizing DCOM services to achieve this.
From time to time I crawl through multiple websites around the world searching for a good-to-go every day carry pick kit. Unfortunately I could not find one that perfectly fits my needs.
No doubt there are lots of nice kits out there like the Peterson Eagles Nest, the Sparrows Tuxedo or even the Dangerfield Praxis pick. However all of them have disadvantages for my taste. For the examples shown the Peterson handles are very thick and bulky, so they would take up LOTS of room in the pick case. The Sparrows Tuxedo does not contain a pry bar and the Praxis Kit case is way too big.
It took quite a while but finally I received a package from the US containing the 7 Pin Ultimate Adversary Practice Lock from LearnLockPicking.com.
I will not go through all details as others already did a great job putting this into a video which I will include here. Simple press the red play button in the middle to start at the proper video position.
As you may have seen on Twitter I got myself a Master Lock model 410. These locks are known to be great training locks.
Master Lock is kind a huge contrariness. They have padlocks well resistant against physical attacks but contain poor cores. You all know the ML number 3 with their crappy four pin – no security pins – core.
Then they have very weak padlocks with plastic housing like the model 410. They can be sawed open in no time. However they contain a little bit more challenging key way, a fully populated six pin core and what is even more weird is that they are all security pins.
Anyways. As stated before I obtained one of these ML410 and picked it in a few minutes. But I wanted to dig a little bit further and know what is really inside and if I can reuse the core in a much tougher padlock.
So I gone ahead and sawed the adhesive joints and cracked the baby open.
Finally I managed to defeat the last of Bosnianbills padlocks he sent me over one year ago (I do not count the two Medecos also being in the pile because picking those is way beyond my skills. I managed to pick one pin but that was it. Anyway that is a story for another post).
No, I do not have a pinning tray. If you have one left over, please send it over ;).
The core itself came in this hugh and heavy Masterlock. I removed it and put it directly into my vise as the flapping of the core in the lock really throw me off.
It may not look like something very difficult. We have four out of six threaded chambers and a stock core. No undercut or threading. Three of six key pins were serrated, all drivers are serrated and serrated spools. The The bidding on the probably one of the best you can get.
However for a beginner as I am this combination brought some trouble and endless frustration with it.
I also have to admit that I disassembled the core before using the key. This last but not least disclosed me that there were six pins in the core for a five pin key. The last pin is barely riding on the very tip of the key. Bill, you are a nasty evil man.
So I kind a knew what I had to expect. However it did not help very much.
One thing that has changed with this picking attempt was that I took an advise from the LockPickingLawyer:
Use the heaviest tension possible.
That may sound silly on a lock with serrated stuff but for some reason it worked.
For picking I used one of mad.bobs pry bars and a 0.015 deforest diamond from the Dangerfield praxis kit.
Lucky enough to get this one finally opened. Now let’s get some beer or something.
The following text I actually wrote as base script for a YouTube video where I talk a little about the how and why I do lockpicking. Well, I never made the video and this text has already been published with a pseudonym in the context of competition at the Lock Labs Lock Picking Stories section.
Though it is still my story and as I recently got a few questions about that I decided to revisit this.
a few lots of fixes. Have fun reading.
Nachdem Pi-Hole nun knapp zwei Wochen im Einsatz ist hier ein paar Erfahrungswerte.
Nach der Einrichtung von Pi-Hole bemerkte ich, dass das Aufrufen von Webseiten auf meinem Mobiltelefon wesentlich langsamer funktionierte als zuvor. Zunächste dachte ich an ein Problem mit dem Drahtlosnetzwerk, aber auf weiteren Testgeräten hatte ich das gleiche Phänomen.
Zunächst erfolglos in der Ursachenforschung bin ich dann auf einen zu dem zeitpunkt taufrischen Beitrag im dortigen Forum gestolpert. Glücklicherweise hat doch ein anderer Nutzer seine Lösung für das Problem vorgestellt.