I was hacking on a personal project over the weekend that I’m deploying using Google’s Container-Optimized OS. Container-Optimized OS is quite convenient for hosting small services that don’t quite fit a web request/response workload: it is (mostly) stateless, it auto-updates, it has systemd, and (as the name implies) it runs Docker containers. It is a nice fit for one-process programming.

For debugging, I want to SSH directly into the VM instance. Especially after recently learning from a coworker how easy it is for blackhats to search the public internet for known vulnerabilities, I don’t want to leave an SSH port open continuously. Even with regular security updates, I’d rather avoid the attack surface. In the past, I would modify my Google Cloud project’s firewall temporarily to allow SSH traffic while debugging and then (hopefully) remove the SSH traffic rule after I finished. This has been cumbersome, but there hasn’t been another solution that’s quite as simple.

Enter Tailscale! Tailscale creates a peer-to-peer Virtual Private Network (VPN) with very little fuss. While Container-Optimized OS is mostly designed for running containers, I found I can run the Tailscale static binary with a little kludging.

Cyber security has become critical to ensuring public safety in the US. There’s an absence of good coherent information, and people are rightfully scared and confused. I’m drafting another article that explains cyber security principles in greater depth, but it’s not ready yet. Until then, I’ll get straight to the practical tips:

1. Encrypt your phone. Instructions from CNET. This protects someone from looking at your phone’s storage without knowing the passcode. If you only follow one step from this guide, follow this one.
2. Use Signal for communications. Messages and voice calls made through Signal are encrypted such that only the two devices communicating can read the messages. However, if you don’t encrypt your phone, then the messages can be compromised with physical access to the phone. Encrypt your phone!
3. If you think you are about to be detained by police, turn off your phone. Police can legally coerce you to touch the fingerprint scanner, but cannot legally make you divulge a passcode (source). By turning off your phone, your phone “forgets” the decryption key to the storage, thus requiring the passcode on boot. If you are participating in protests or other situations requiring elevated security, disable fingerprint scanning for sign-in.
4. Be cautious of apps you install and use a phone from a reputable manufacturer. I trust Apple and Google, but use your own discretion.

Beyond this, the usual security advice applies — don’t visit sites you don’t trust and use HTTPS where possible. Stay safe!

As I’ve discussed before, computer security is an important part of running a functional system. Many people have asked me after my initial posts about how to remove viruses on their computers after a catastrophic infection. I held off on recommending one tool, but after yet another computer cleanup, I finally have a recommendation:

Malwarebytes’ Anti-Malware

My other roommate’s computer also became afflicted with a rogue anti-virus (this one was dubbed “Antivirus Soft”), and after using this program, everything was removed successfully, without having to revert to a system restore. The free version just removes malware, but doesn’t actively check for it—so my ClamWin recommendation still stands. These two together are a terrific toolset.