urn:uuid:56d4048f-1bd7-558c-b11f-7d3358301e34 Topic: Networking – Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2021 Daniel Aleksandersen. https://www.ctrl.blog/assets/favicon/favicon.svg 2021-03-10T18:08:00Z weekly 10 urn:uuid:c3b95eae-b275-45dd-a13c-6314016017f1 2021-03-10T18:08:00Z 2021-03-10T18:08:00Z Jellyfin and metadata privacy The Jellyfin media server can enrich your media collection with metadata from online sources. The price may be free, but the cost is metadata for metadata. <p>I recently migrated my home media server to Jellyfin. One of the advantages of using it is that it can supplement your (mainstream) media collection with poster graphics and rich metadata pulled in from sources like The Movie Database (TMDb) and TheTVDB. As with everything that talks to someone else’s servers, this feature comes at a cost to privacy.</p> <p><a href="https://www.ctrl.blog/entry/jellyfin-metadata-proxy.html#src=feed">Read more …</a></p> urn:uuid:bbf047a2-7c3a-49af-b794-db70a04d186e 2021-02-12T20:02:00Z 2021-02-12T20:02:00Z systemd application firewalls by example <code translate=no>systemd</code> application firewalls by example Restrict Linux services’ network traffic with per-service systemd firewall rules. <p>An application firewall, unlike a gateway (router) or system level firewall, is meant to limit the networking of a single application. It can be used to prevent a compromised service from seeing into the local network, prevent programs from calling home, plug metadata leaks, or more tightly control a program’s network access.</p> <p><a href="https://www.ctrl.blog/entry/systemd-application-firewall.html#src=feed">Read more …</a></p> urn:uuid:2254757c-fd79-4119-b6a2-3e9036431bc7 2021-02-10T13:15:00Z 2021-02-10T13:15:00Z Don’t use RouterOS DHCP lease scripts to manage DNS MikroTik’s DHCP lease scripts don’t execute on DHCP renewals, causing issues with DNS registrations when devices suspend and rejoin the network later. <p>The RouterOS DHCP Server (MRDS) from MikroTik doesn’t natively support registering hostnames from DHCP leases to its DNS server. Instead, it supports executing a “DHCP lease script” when new leases are issued, released, or expires. You can use a lease script to manage DNS entries for DHCP leases. However, this isn’t the best solution for managing static DNS registrations for your network hosts.</p> <p><a href="https://www.ctrl.blog/entry/routeros-dhcp-lease-script.html#src=feed">Read more …</a></p> urn:uuid:25cb20c7-4838-413a-a3a5-78243a1c3e59 2020-09-12T13:05:00Z 2020-09-12T13:05:00Z Network routers are just computers Network routers are neither appliances nor magic; they’re computers and computers require ongoing maintenance and security patching. But whose job is that? <p>I want to clear up a common misconception about the network router in your home. It’s neither an appliance nor magic. It’s a small computer running software that handles local network management and routing between your devices and the internet. More specifically, it’s most often a miniature Linux server. But wait, aren’t servers hugely complicated devices that require ongoing maintenance and security patching? Who’s responsible for that for the server in your home?</p> <p><a href="https://www.ctrl.blog/entry/routers-are-computers.html#src=feed">Read more …</a></p> urn:uuid:aea65b00-0d5a-457f-87f5-00fcfa707db0 2020-06-09T04:30:00Z 2020-06-09T04:30:00Z How to block web browser-based localhost port-scans Websites are port-scanning your localhost. Here’s how to stop random websites from knowing what services are running on your device. <p>News surfaced last month about 30 000 websites — including eBay and many banks — performing port-scanning on localhost (the local device) when you visit their sites. The scans tried to determines what services are running on the local system. It has been speculated that this data is in turn used to detect signs of malware-infections and device-fingerprinting.</p> <p><a href="https://www.ctrl.blog/entry/block-localhost-port-scans.html#src=feed">Read more …</a></p>