Recently, I had a look if and how Android uses DNS over TLS (Transport Layer Security), i.e. encrypted DNS queries, and if this is actually configured automatically. It turns out that there is a simple yet nifty automatic procedure in place.Continue reading DNS over TLS – Automatic Mode on Android
Back in December 2023 a number of interesting decisions were made at the World Radio Conference (WRC) in Dubai. One of the most important bands for which a number of decisions were made was the 6 GHz band. Today, spectrum in this band is already used for Wi-Fi, and it is pretty much the only remaining additional spectrum for cellular networks in the next 10 years. The decisions reached for this band make it look like all players took a big gamble.Continue reading Some Thoughts on the 6 GHz Band for Wi-Fi and Cellular
In the past two months, I’ve flown form Germany to Spain twice. With a flight time of over 2 hours, it’s actually worthwhile to jump through the hoops and connect to the in-flight Internet over Wifi. I can’t quite believe it, but my last post on in-flight Internet access in Europe is already back from 2018. Yes, Covid got in the way. So let’s have a look at how the system worked for me this time around.Continue reading Internet Access on Planes in Europe – 2024 Update
It’s been a while since I’ve been in North America, actually it must be close to 4 years. How time flies. Anyway, I might have the opportunity to go there again soon, so I started thinking a bit about the current spectrum situation there, particularly the 3 GHz range for 5G. Back in 2019, quite a number of countries in Europe had auctioned spectrum for 5G in 3GPP band n78 (3300 – 3800 MHz). Most network operators got additional spectrum between 80 and 100 MHz, with some network operators being even luckier and grabbing up to 150 MHz. This was massive compared to previous spectrum auctions for LTE, where channels of typically 10 or 20 MHz in lower frequency bands went on sale. In Europe, band n78 significantly pushed available capacity and network speeds, particularly in cities to previously unknown levels. So lets have a look what happened in the U.S. back then and in the meantime.Continue reading Some Thoughts on 3 GHz Bands n78 and n77 – Europe and the U.S.
In the previous post, I’ve taken a first look at how the Opportunistic Wi-Fi Encryption looks like for the user and how one can find out high level details on the shell. In short: OWE enables per device encryption in open Wi-Fi networks without the need to type in a password. In this follow up post, I’ll have a closer look at how OWE is advertised by the Access Point and then picked up by devices.Continue reading Open Wi-Fi OWE Encryption – Part 2
When I’m out and about I’m usually ‘bringing my own Internet’, i.e. I use my smartphone to tether my notebook and other devices. But every now and then I can’t avoid to use a hotel or other public Wi-Fi. And boy was I recently surprised when I used a hotel Wi-Fi that supported Opportunistic Wireless Encryption (OWE). I blogged about this in 2016 (!) but this is the first time I’ve actually seen it in the wild. Truth be told, I have no idea if OWE is something recent in practice or new, as I rarely use public Wi-Fi. But anyway here’s the story how I found it and how it works.
When I was recently at a hotel, I wanted to use their public Wi-Fi but found that little ‘lock’ sign next to their network name in my network list on Ubuntu 22.04. I clicked on the network anyway and started to look around in the room for a note with the password. I couldn’t find one, though, and when I looked on my notebook screen again, I noticed that I was connected to the Internet. Hm, I wondered, how could that be, there was a lock icon, so I should have been asked for a password!? A quick iwconfig revealed the following:Continue reading Open Wi-Fi and Opportunistic Encryption in the Wild!
As I hinted in my 37c3 post, I was using a bit of time at ‘Congress’ to improve the structure of my containers in the cloud. While I have quite a number of projects running in dedicated virtual machines, I have containerized others such as this blog, my MediaWiki, an OnlyOffice instance, Etherpads and a number of internal projects. Each app typically requires two or three containers, usually one for the app itself, and another one for a MariaDB or other kind of database. And, in addition, there’s a reverse web proxy on each host, so I can share a public IP address and have a central place that automatically gets and updates TLS certificates.
This is all nice and well but one thing that has been bugging me a bit is that each container can communicate with all other containers. Surely, there must be a way to isolate them!?Continue reading Container Games – Private Networks for Private Containers
A while back I read an article about new WordPress blogs getting attacked as soon as a TLS certificate is requested from a certificate authority. Here is an example. This is possible because there is a public certificate transparency log that shows for which domains a new TLS certificate was registered. This public log is vitally important to detect malicious actors getting certificates for web sites they don’t own. On the other hand, bad actors also get aware in almost real time of potentially new websites which are not yet properly secured. So is this actually misused? When I recently got a certificate for a new domain name, I had a close look at the http log to see what would happen.Continue reading Get a TLS Cert for a Domain Name and the World Visits You
Yes, I’m late to the game. A couple of months ago, I upgraded from Ubuntu 20.04 to Ubuntu 22.04. I’m late because by 2022, Canonical decided that the Wayland graphical display system was the way to go and X should be on the way out. At the time, I tried out Wayland to see how well it would work for a number of everyday scenarios I have, particularly with remote screen sharing and support. It turned out that Wayland had come a long way, but I found remote support with tools that only worked on X still had the advantage. So when I finally migrated my own notebook to 22.04, well ahead of the devices I support, I switched from Wayland to X to see how well Ubuntu 22.04 would ‘still’ run on X. Now a couple of months later, I can say that I didn’t detect any major problems, the system runs on X just fine.
In about 3 months, Ubuntu 24.04 will be out, and as far as I understand, it will still be possible to switch to X for the Graphical User Interface. Once the final version of 24.04 is out, I will revisit the Wayland vs. remote screen sharing topic again to see if it has improved in the meantime. If not, then I will repeat the X-exercise with 24.04 again and, if things still work smoothly, migrate the devices I support from 20.04 to 24.04 in one go.
Yes, I’m on the 6 GHz trail at the moment, because I want to find out how useful that band currently is and where the limits are. So here’s another post on the topic. In previous articles I have already mentioned that one 6 GHz capable notebook of mine simply refuses to use the band at all, no matter whether Window or Linux is running, and the second one gets easily fooled into switching off the 6 GHz band for a while when it sees ‘rouge’ access points. But unfortunately, there is more.Continue reading 6 GHz Wi-Fi Pitfalls in 2023/24