Skip to main content

Modern Day VPN

I recently read a G+ posting about VPNs that made my skin crawl. It seems clear to me that the unapologetic entitlement crowd has taken and repurposed the RFC. Clearly VPNs have a wide variety of features, however, when it was initially conceived it was about linking private distributed networks. Then with lower cost crypto appliances it became part of the remote workers hardware inventory and then as it made it's way into the mobile device stack it allowed workers to be mobile.

Let's be clear, it was not meant to (a) obfuscate locate network traffic (b) improve QOS (c) bypass regional service restrictions... although this is what each of the VPN service providers in the Google Play store would have you believe. (clearly there is no money in the traditional VPN, and by using a VPN mom and dad won't see that you spend all your time on porn sites.)

And so there is no ambiguity... I did a whois the top 4 VPN providers on google play.

  1. domain registered 2007
  2. domain registered 2013
  3. domain registered 2010
  4. domain registered 2011
I checked all of their websites... one is totally free. WHAT? How is that possible. Just the act of spinning up their website means that they have costs. If they offer a superior product then they have bandwidth costs too. Their upstream providers are not giving them resources for free. Clicking on their learn more button they make the claim that companies pay them to recommend software to their users. But since they don't have any advertising how are they actually doing that? The site is devoid of real facts and I'm left with the impression that they might actually be a man-in-the-middle and trojan horse wrapped in one.

To be fair the Google Play Store does host other VPN client apps and extensions which I consider more legitimate or traditional. Cisco, SonicWall, Citrix to name a few. These tools are meant to create a virtual network between your computer and the remote network and that's it. From that point forward one usually has to sign a "proper use" or employee manual document so that you're not using the company network to watch movies or download torrents.

Anyway, the big misconception.... While you might be hiding you IP address, obfuscating your browsing history, tricking your ISPs QOS mechanisms... all of your data is now being consolidated by a different 3rd party. Therefore; whatever secrets you thought you had before are no more secure. If you go to a public FTP server and you are not using SFTP or FTPs then your password and content will be in the clear for everyone at the VPN provider to see. 

Comments

Popular posts from this blog

Entry level cost for CoreOS+Tectonic

CoreOS and Tectonic start their pricing at 10 servers. Managed CoreOS starts at $1000 per month for those first 10 servers and Tectonic is $5000 for the same 10 servers. Annualized that is $85K or at least one employee depending on your market. As a single employee company I'd rather hire the employee. Specially since I only have 3 servers.

The pricing is biased toward the largest servers with the largest capacities; my dual core 32GB i5 IntelNuc can never be mistaken for a 96-CPU dual or quad core DELL

If CoreOS does not figure out a different barrier of entry they are going to follow the Borland path to obscurity.

UPDATE 2017-10-30: With gratitude the CoreOS team has provided updated information on their pricing, however, I stand by my conclusion that the effective cost is lower when you deploy monster machines. The cost per node of my 1 CPU Intel NUC is the same as a 96 CPU server when you get beyond 10 nodes. I'll also reiterate that while my pricing notes are not currently…

eGalax touch on default Ubuntu 14.04.2 LTS

I have not had success with the touch drivers as yet.  The touch works and evtest also seems to report events, however, I have noticed that the button click is not working and no matter what I do xinput refuses to configure the buttons correctly.  When I downgraded to ubuntu 10.04 LTS everything sort of worked... there must have been something in the kermel as 10.04 was in the 2.6 kernel and 4.04 is in the 3.x branch.

One thing ... all of the documentation pointed to the wrong website or one in Taiwanese. I was finally able to locate the drivers again: http://www.eeti.com.tw/drivers_Linux.html (it would have been nice if they provided the install instructions in text rather than PDF)
Please open the document "EETI_eGTouch_Programming_Guide" under the Guide directory, and follow the Guidline to install driver.
download the appropriate versionunzip the fileread the programming manual And from that I'm distilling to the following: execute the setup.sh answer all of the questio…

Prometheus vs Bosun

In conclusion... while Bosun(B) is still not the ideal monitoring system neither is Prometheus(P).

TL;DR;

I am running Bosun in a Docker container hosted on CoreOS. Fleet service/unit files keep it running. However in once case I have experienced at least one severe crash as a result of a disk full condition. That it is implemented as part golang, java and python is an annoyance. The MIT license is about the only good thing.

I am trying to integrate Prometheus into my pipeline but losing steam fast. The Prometheus design seems to desire that you integrate your own cache inside your application and then allow the server to scrape the data, however, if the interval between scrapes is shorter than the longest transient session of your application then you need a gateway. A place to shuttle your data that will be a little more persistent.

(1) storing the data in my application might get me started more quickly
(2) getting the server to pull the data might be more secure
(3) using a push g…