Proxies like unotelly may send more of your traffic through their service than you would like. You can protect your traffic but still use the tunnel if you only send bbc.co.uk DNS lookups to unotelly.
Here's how to do this in Ubuntu 12.04. The DNS has changed in 12.04 to use NetworkManager, which makes the process more convoluted than it should be. The below instructions could be improved but it'll get you some BBC Olympics coverage.
$ nslookup bbc.co.uk
# you should see a UK IP e.g. 212.58.241.131
$ vi /etc/NetworkManager/NetworkManager.conf
# comment out dnsmasq
#dns=dnsmasq
# save+quit
$ vi /etc/dhcp/dhclient.conf
prepend domain-name-servers 127.0.0.1;
$ service network-manager restart
# create a new dnsmasq.conf with unotelly California DNS 184.169.139.227 206.214.214.28
# note that server=192.168.11.1 is my router (which handles my upstream DNS) and you'll need to change that IP.
$ vi /etc/dnsmasq.conf
I lived abroad for years and was double taxed on part of my income. The tax treaties and exclusions are limited to certain dollar amounts. He's likely well above those limits.
@Michaelochurch great response! Where do you work?
@HN I've been a hiring manage for years. Take the advice about what to avoid with a grain of salt, and be sure to read some of the other excellent comments in this thread.
Anecdotal, but a few of the best software engineers I've known did not have CS degrees. You certainly do not need one to write a CRUD app in Rails/Django.
It's ironic that the top voted comment in this thread is about how wonderful Ubuntu is, followed by how we no longer need "ops" for linux, while further down we have problems like this bootloader update failure that no normal user could surmount.
Yeah, the Internet is the saving grace for many of these Gnu/Linux distributions for finding bug fixes. The OS should be Gnu/Linux/Internet as it would be a cripple without it.
"The market's meteoric rise is typically justified in the popular culture by some superficially plausible "new era" theory that validates the abandonment of traditional valuation metrics."
Hopefully you change your employer more frequently than your spouse, hobbies, family, or friends. :)
The vast majority of people in the world do not have the luxury of loving their work. For those, 25% of their lives working for someone else in a job they tolerate but do not necessarily enjoy is a means to an end. Maybe it's 20 years of comfortable retirement, or the relative security of a regular paycheck to support their spouse and children.
Most of us on HN are lucky enough to enjoy coding and are well compensated for it. We get caught in the feedback loop of tech chatter and forget that the majority of our friends and family, outside the blissful tech world, do not enjoy their work.
Is it really that easy to hack someones gmail account?
I realize phishing and key loggers are easy ways to grab a password, but if you avoid typing your gmail password at public internet kiosks and the like, is it really that easy for someone to get at? Assuming you use a reasonably long and impossible to guess password, the captchas would prevent brute forcing.
An attack targeted specifically at you will inevitably succeed but most of us are not that special.
The article's advice seems far too easy to lock yourself out (losing my wallet with my magic paper codes and my phone could do it). The additional inconvenience does not seem worth it.
Most of us have used physical 2 factor authentication (like RSA SecurID) for banking and work related VPN access. This works well because the provider (your office, your bank) has a vested interest in getting you back into your account if you get locked out. Google, Yahoo, MS, etc. have no such obligation.
A _startlingly_ large number of people are (still) re-using passwords across multiple sites. The Gawker/Sony(/PerlMonks for me) compromises revealed a _lot_ of email addresses and passwords, some significant portion of which almost certainly allowed attackers access not only to the specific website that was attacked, but also to the email service of the exposed user.
I'm pretty sure none of Jeff's advice helps you against a government-agency level attack agains you specifically, but following it _will_ protect your email even if some other random website you once registered for exposes the login details you used there. I _hope_ that's not a problem for any HN readers (any more), but what about your partner/children/parents/coworkers? I'd bet good money that _someone_ you know and care about is reusing their email account password on random website signup forms.
My name is Alan Byrne, I work in IT and I'm a password re-user :(
On that note, does anyone know of a secure keysafe app that will sync across my various PCs, iPad and Android phone? This is what is stopping me from going the single use password route.
Me too. Just remember to set the load-factor quite high. I've got it set to about 8 million rounds which is about one second on my beefy work computer, two on my private laptop and ~eight on my Android phone. The last bit is a bit annoying but at this point my key database is a pretty high value target - and I can't revoke access to it remotely if I lose my phone.
Here's how to do this in Ubuntu 12.04. The DNS has changed in 12.04 to use NetworkManager, which makes the process more convoluted than it should be. The below instructions could be improved but it'll get you some BBC Olympics coverage.
# https://gist.github.com/3202101
Ubuntu 12.04
$ nslookup bbc.co.uk # you should see a UK IP e.g. 212.58.241.131
$ vi /etc/NetworkManager/NetworkManager.conf # comment out dnsmasq #dns=dnsmasq
# save+quit
$ vi /etc/dhcp/dhclient.conf
prepend domain-name-servers 127.0.0.1;
$ service network-manager restart
# create a new dnsmasq.conf with unotelly California DNS 184.169.139.227 206.214.214.28 # note that server=192.168.11.1 is my router (which handles my upstream DNS) and you'll need to change that IP. $ vi /etc/dnsmasq.conf
server=/bbc.co.uk/206.214.214.28212.58.241.131 server=/co.uk/206.214.214.28 server=/bbchdsodsecure-f.akamaihd.net/206.214.214.28 server=/bbchdsodsecure-a.akamaihd.net/206.214.214.28 server=/bbchdsodsecure-b.akamaihd.net/206.214.214.28 server=/bbchdsodsecure-c.akamaihd.net/206.214.214.28 server=/bbchdsodsecure-d.akamaihd.net/206.214.214.28 server=/bbchdsodsecure-e.akamaihd.net/206.214.214.28 server=/bbc.co.uk.edgesuite.net/206.214.214.28 server=/bbcfmhds.vo.llnwd.net/206.214.214.28 server=192.168.11.1
# save+quit
$ nohup /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/etc/dnsmasq.conf --cache-size=0 --proxy-dnssec &
$ tail -f /var/log/syslog
$ nslookup bbc.co.uk # you should see unotelly proxy servers e.g. uk-cluster.unostructure.com