I was hacking on a personal project over the weekend that I’m deploying using
Google’s Container-Optimized OS. Container-Optimized OS is quite convenient
for hosting small services that don’t quite fit a web request/response workload:
it is (mostly) stateless, it auto-updates, it has systemd, and (as the name
implies) it runs Docker containers. It is a nice fit for one-process programming.
For debugging, I want to SSH directly into the VM instance. Especially after
recently learning from a coworker how easy it is for blackhats to search the
public internet for known vulnerabilities, I don’t want to leave an SSH port
open continuously. Even with regular security updates, I’d rather avoid the
attack surface. In the past, I would modify my Google Cloud project’s firewall
temporarily to allow SSH traffic while debugging and then (hopefully) remove the
SSH traffic rule after I finished. This has been cumbersome, but there hasn’t
been another solution that’s quite as simple.
Enter Tailscale! Tailscale creates a peer-to-peer Virtual Private Network
(VPN) with very little fuss. While Container-Optimized OS is mostly designed
for running containers, I found I can run the Tailscale static binary
with a little kludging.
Cyber security has become critical to ensuring public safety in the US. There’s
an absence of good coherent information, and people are rightfully scared and
confused. I’m drafting another article that explains cyber security principles
in greater depth, but it’s not ready yet. Until then, I’ll get straight to the
Encrypt your phone. Instructions from CNET. This protects someone from
looking at your phone’s storage without knowing the passcode. If you only
follow one step from this guide, follow this one.
Use Signal for communications. Messages and voice calls made through Signal
are encrypted such that only the two devices communicating can read the
messages. However, if you don’t encrypt your phone, then the messages can be
compromised with physical access to the phone. Encrypt your phone!
If you think you are about to be detained by police, turn off your
phone. Police can legally coerce you to touch the fingerprint scanner, but
cannot legally make you divulge a passcode (source). By turning
off your phone, your phone “forgets” the decryption key to the storage, thus
requiring the passcode on boot. If you are participating in protests or
other situations requiring elevated security, disable fingerprint scanning
Be cautious of apps you install and use a phone from a reputable
manufacturer. I trust Apple and Google, but use your own discretion.
Beyond this, the usual security advice applies — don’t visit sites you don’t
trust and use HTTPS where possible. Stay safe!
As I’ve discussedbefore, computer security is an important part of running a functional system. Many people have asked me after my initial posts about how to remove viruses on their computers after a catastrophic infection. I held off on recommending one tool, but after yet another computer cleanup, I finally have a recommendation:
My other roommate’s computer also became afflicted with a rogue anti-virus (this one was dubbed “Antivirus Soft”), and after using this program, everything was removed successfully, without having to revert to a system restore. The free version just removes malware, but doesn’t actively check for it—so my ClamWin recommendation still stands. These two together are a terrific toolset.