Topics of the day
As I mentioned in both episode 135 and 136, I have made some changes to my network setup. I now have a nice private network between different sites setup using VPN. Multiple NAS:es has been setup and data is flowing freely in this private network. This is great.
During the setup of the network I realised that me and Michael by pure chance was using the same IP-network segments - and no it was not the 192.168.1.0/24 network that seems to be the one that everyone is using. To not break the routing - since a network cannot exist in two places at the same time - one of us had to change. And since I am a nice guy…
I looked through my configuration and there was actually just a few things that I really needed to change. It was the interface IP of the firewall and the IP-ranges that the local DHCP-server was serving. So as I sometimes say, no one remembers a coward, and changed the IPs. The network went down and didn’t go up again.
Reboot if the router. Reboot of the router. And I for saw a re-setup of the router and all the VPNs and everything. But by pure chance I tried to use my RoadWarrior VPN - and I was so surprised when that still worked. I was still able to connect to the router through that. I was also able to connect to the office on the other side of one of the VPN tunnels. But the local network was down.
I probably spent an hour or two troubleshooting. The setup just looked fine. There was nothing wrong with it. I checked DHCP-server, firewall rules, NAT . Yeah everything you could thing off. But no luck.
After a while I did the standard setup guide of the router. It makes the basic config of the router. And then the local network went up. For 2 minutes. Then it was down again. Did the setup guide again. Network worked for 10 minutes and went down. That was strange. But it made me think about the pfBlockerNG that I setup a few weeks ago to block TikTok traffic. That is the only thing I could think about that was doing anything on a time-base in the router. To be sure I disabled it and deinstalled it - and after that no problem with the network going down.
I still can’t explain what was causing it but when the rules engine ran to update the sites to block - it also blocked my internal network. Since this was an internal blocklist it was not visible to in the UI and hard to find. This is a thing that could take a long time to find and I am pretty happy that I did. I still haven’t reinstalled it and reconfigured the block-lists — that is a project for a calm weekend in the future. But it so brought back memories from the old days when I was working as a network technician setting up big networks.
The good thing is that I now have a new IP network range and we could configure the networks. Learning - next time - let Michael change his IP-range instead….
Update to the DuckDuckGo story
In episode 137 I talked about the new that DuckDuckGo got caught not blocking all 3rd party cookies in their browser but allowed Microsofts cookies. After releasing the episode I got pinged by Gabriel Weinberg, the CEO and founder of DDG. He stated that they do block 3rd party cookies from Microsoft and sent a link to a reddit article - of course linked in the show notes - where he explains in what way the do not do this.
The article states that they do block 3rd-party tacking cookies - e.g. the carrier of the individual id to be placed on the computer - even from Microsoft. They also have the capability to block 3rd-party scripts - e.g. the script that will put the cookie in the first place. They do this for most 3rd-party trackers but not for Microsoft. This means that Microsoft can still track your activity on a site where their tracking script is available - but they will have a much harder time to track you cross sites since their cookie identifying you will not be available. This will likely still give enough information to Microsoft to still identify you though different fingerprinting technologies.
So yes blocking third-party cookies but allow the 3rd party scripts from some providers. Splitting hairs in my opinion.
I am still thinking that DDG are genuinely trying to do a good thing but has gotten some issues since they are a private company that needs to pay their staff. The big failure here is still the lack of transparency - if they were just open and honest about what they do and don't do this would be a non-issue. They allow some scripts - we know about the Microsoft scripts - who else are they allowing and why. Just be open about it - it will be found and leaked any way.
And to iterate - this whole discussion is about the DDG browser not the DDG search. I see no problems with the search.