Do you use a Mac? Is it running OSX?

Do you use pi-hole, but on devices and not for the whole house DNS?

If this very specific situation is familiar then maybe you are my doppelgänger.

If you are not, but are tired of the 12+ clicks it takes to switch DNS to get to a site when you need to unsubscribe or there is just a weird thing caught and you need to check DNS, because it’s always DNS – then this little switcher is for you.

This little command will switch back and forth to your hearts content.

  1. Download it
  2. Fill in DNS that works for you.
  3. Set as executable
  4. Move it to somewhere in your PATH
  5. Switch!
dnsswitch in action

YOU: “Wait, dude. Why is this a command line program?”

ME: “Don’t we all always have the terminal open?”

Oh, it’s just me? Oh well. Feel free to download it where all my stuff is ( , and set up a quick Automator Script or something to call it from a GUI or turn it into a menulet. I’m happy with typing it in real quick.

Thanks for reading! If you do make something cool with it – let me know.

Is there really a better way to study for an AWS cert then to set up some services on a locally owned vm service? I think not.

So, before I forget what I did I am going to document it. The good. The bad, the new commands, and the ugly.

The goal is to publish some flask apps over the web, using ssl, on Ubuntu.

I have been crashing and burning with Apache. I just really don’t want to figure out nginx today so cobbled together info I found around to get it up and running.


First up. The cert. I use clouldflare for DNS, so ran through the directions for setting up certbot with cloudflare. This ran rather smooth and let me know where my certs were.

*I also had to run certbot a second time, because there is a piece of the website that is serving static data from apache. I will use those certs to run the Flask apps as well.

For a few days I had been running my Flask apps inside of Docker, but with these certs I was really breaking security best practices trying to get this to work and decided to find a simpler way.

gunicorn will run with certs and after trying to get it to run inside docker I decided to go with the setting things up as a service. It’s needed if I ever want to get these running with apache or nginx, but for now I can run them stand alone.

I found a great guide to setting up startup scripts on the Ubuntu box. This and making some modifications to the gunicorn configs have left me with a pretty reproducible way to set up and tear down test apps pretty quick.

As long as I remember to renew my certs, I should now be able to spring up and pull down small test apps.

  1. Have certs. Good start.
  2. Make app
  3. copy config and set ports
  4. make service
  5. deal with all the security implications of how I did things

Want to play with the apps? Check ’em out at

A while ago I ran a test against the FBI Fit Test looking to see what if any data it sent when in use. The short answer is in my short test using one piece of software, I saw nothing.

So, why not take a look at the new COVIDaware MN app? We’ve heard that a lot of them are leaking data like sieves. I haven’t seen anyone show the leaked data but I also haven’t looked very hard.

First, I download the app. Simple enough. I’m using the iOS version.

I fired up Zap and started to see what came through when I started the app for the first time.

It was bare. Only my email that runs in the background every time I want to screenshot the data I get.

I piddled around to see if anything would go through and nothing did, so I chose to Check for Exposures.

This got us a ding. Well, it kinda has to doesn’t it?

So it connects to two servers (the blue is my email) and only does GET requests.

One server looks like it’s telling the app the parameters to look for.

While the other downloads the exposure data to ramble through.

Zap tells us they are using Azure to hold the data.

I export some data since it’s only zipped data.

Unzip the data and find 2 files.

A quick look at export.bin pops up something to use the interwebs to search for. EX Export v1

First result looks promising…

And to read about that Google has some pretty in depth documentation.

What happens when someone presses the Report Result button? For that I have no idea. I’ll let someone else take a look at that. Same for how it communicates over bluetooth.

Will I keep this on my phone? Yes.

Should you download and install it? Why are you asking me? The data I found is above. If that makes you feel comfortable, great. If you need more info, be on the lookout for others who also will be doing run downs on the app and see what you can learn.

Who remembers your first secret message? Was it a note to a friend, a family member, a crush where it was caught by the teacher?

I just finished reading Gregor the Overlander to one of the kids.

Without spoiling a 13 year old series I will just say there was a great part in the series that has introduced my son to ciphers and cryptography.

Then last night at the dinner table, talking about Minecraft (as usual) he just popped up with a riddle: “What’s the opposite of A?”

I said, “Z”. I was right!

Then he asked, “What’s the opposite of X?”

I said, “C?”. I was right again!

“We can make secret messages like this.” Yes, yes we can.

“Do you want to learn how to do it in python?”

We’ve talked about doing things in python before. As he’s getting more comfortable typing he’s starting to learn more. This seemed like a good time to work on some ideas.

I put together a little module with arrays, dictionaries, and functions. Great fun and learning opportunities if we want.

The module is only fun though if you can use it. I put together a little interactive game…

As well as a way to use it with simple text to scramble and descramble…

We are currently playing around with it, having some fun.

Want to? Go grab it at

Just remember, it’s for fun. Don’t be rolling your production apps with this and calling it secure.


School is going to be a bit different this year.

It’s not going to be the chaos of pre-Covid19 learning, and will hopefully not be the caught off guard chaos once it hit. No matter what happens we are doing things a bit differently this school year.

One of our children attends a small charter school. I’ve learned charter school means a bit less bureaucracy and a lot more involvement. Like most schools, there is a Fall Festival, some early in the year get together so everyone can start building that community.

How do we do that with a global pandemic? How do we do that and keep everyone safe?

We are working on it. A great team of people thinking of and putting together ideas of how to (now) digitally connect and out tangible things in the families hands as well.

It’s up to me to find a platform to host this event. One that’s safe, easy to get to, and doesn’t need 10 techs to keep running for a couple of hours. This one I am working on.

My other job was to create BINGO cards so we can do a virtual BINGO game. BINGO cards? What? That can’t be fun.

Oh silly. Of course it can.

I spend my days thinking up different ways to make data accessible to management. Yeah, I also get to do some real cool stuff and make data accessible for workers like me too, but this… I get to think of a real cool problem and work it out.

First I needed to learn a little bit about BINGO. Oh, I’ve played it and I know how to win and how to lose, but I didn’t know what numbers went where. That part is kinda important when making cards.

Great. I learned that (15 numbers per letter).

Now, I needed to make sure that each number was only on the card once. My make things complicated mind was racing with this one. Random numbers, then check to see if that number was used already, and if so do another random number, because random isn’t always random, so this can happen a lot…

Slow down. Pop a number out, sort the new list after each pop and no number will overlap.

Account for the FREE SPACE. Put a nice little pic of the school logo in there.

Voila. 500 of this available to print in a matter of seconds, because computers are a lot faster than me.


It was fun. It was nice. It was cool to make something that only took an hour or so to work out and not weeks and months and lots of regiggering.

It felt like a first project, like a I want to learn python and I need a project to make it real. So for that, I’ve put the code up on github for anyone who wants to make their own cards as an experiment. Trust me, I am sure there are better ways to do it than I did it, but mine worked.

Also, if anyone just wants 500 BINGO cards, here you go. No branding, just a FREE SPACE.

500 BINGO Cards (pdf)

The children are our future.

I don’t know how many people saw that the kids punk’d the president of the United States this weekend. Not all news sources reported on it.

To be fair – they did not make it so the crowd was empty. It was just that there aren’t enough people there to fill the stadium during a pandemic.

But what they did do was take a stand and make their voices heard by making people look the fools.

The kids of today, shit on like the kids of the past do have a voice and aren’t afraid to use it. They will make their concerns heard and will fight to make a better life.

Hip Hip Hooray!

‘Cause, we done mucked it up. Again. Another generation that had grand plans and wanted to save the world from our evil parents and grandparents. Yup – we are the same.

We try.


We do more complaining than trying.

Hopefully we donate and support.

I don’t really expect them to listen to me. I’m an old white dude, lost most of my hair and listen to music that everyone thinks is old – but I want to whisper one thing and hope it comes back as the kids grow up… don’t let the dream die.

Look for this movie. It’s gotta be out there somewhere. I know it gets crap ratings, but really, be like Cheech.

So, you want to keep the family safe and secure, and your data private online.

This list is not exhaustive, but more based on what I do at home to be comfortable and make my family comfortable – and still let the use of computers be an easy thing, because if it’s too hard, people will find a way around it to make it easier. Easier always wins!


A good password matched with two factor authentication can do a lot to help you keep your account under your control. Passwords are kinda like a lock on the door, many people know how to get past them, but they are a small deterrent. Add two factor authentication and it puts a deadbolt on the other side which makes it not really with the effort unless there is something really juicy on the other side.

When using a password use a password manager. There are many of them. Unfortunately we are in capitalisms era of the subscription model so you will have to pay monthly/yearly instead of just for the software. I’ve used LastPass and 1Password. I am sure 1Password goes beyond the Mac now a days. A good manager lets you set up a family or sharing of passwords and lets you integrate into your browser/OS, to make it simple. ‘Cause if it’s not simple, you aren’t going to use it and use passwords like myPassword.

Many places, like banks and email providers also allow you to set up Two Factor Authentication. Do this. It’s the extra step that you get used to real fast that allows you to keep your account.

But why? Who cares if someone gets into my EPIC games account? There is a chance that you use the same password if you haven’t been using a manager for many accounts and then can try that password for other things, like a bank or email. With two factor authentication it makes it harder. Not impossible, but harder.

I use the Authy app and haven’t tried any others. It may be the best. It may be the worst. It works with all the accounts I set up with it and can use it as a widget on my phone.


I’m not a big fan of ads and ad trackers. More trackers than ads since the ads have stopped popping up and being all flashy and noisy.

With that I try to limit the amount of ads that I see/deal with online daily. For this I use pi-hole to control my DNS and sink them.

*Quick sidebar primer: DNS is what helps convert names into places so things like our browser or app knows where to get things. Controlling the DNS allows us to control where the computer thinks an add or something else is coming from. We shall talk more about it in a minute.

Pi-hole does require a separate computer to be set up on or set up on your home router to effectively. This can be a barrier to entry, but also a learning opportunity. A less expensive way to run it is on a raspberry pi.

There are also services that will help “keep the bad guys away” with DNS. These can be helpful for parental controls and concerns about gambling sites etc. They are not 100% (I’m sure they aren’t 80%, but they add a level of comfort and security).

Cisco bought Open DNS a few years ago and now. They have a few free and paid options to set up your DNS for home “protection”. What this does is now route your DNS traffic through them, instead of your ISP and allows them to make decisions based on your preferences. They now, instead of your ISP has logs of all the places you looked up.

Wait – what? My ISP has all this data on me?

Yes. Yes they do. They have it and sell it to advertisers and data brokers and anyone who will buy it to so they can make some more money.

Wait – what? That’s insane! They can see everything I do. That’s creepy.

Yes, yes they can. My ISP will see when I publish this online and the see the URL of where I went. There is not a person sitting there watching the data go by and what you are doing on your screen. They keep it in logs for X amount of time, try to make some money off of it. Maybe some pass it off to the NSA for cataloging, but in the end, they just want to make their customers happy enough that we keep paying them so really just try to provide a service.

Why are you telling me all of this then?

To talk about VPNs. There are a lot of advertisements for VPNs. Keep yourself private they say! Your ISP knows who you are they say! I need a VPN!

No, you probably don’t.

Remote workers should use a VPN. See, VPN is a virtual private network – meaning that in the simplest terms, it keeps all the data in that network (there are other things to consider, like split tunneling, data leaking when starting the tunnel, etc, but we aren’t going to talk about them) and that’s important for work. Work data should remain there and most of the time not on a person’s home computer so yeah for the VPN!

Home use of a VPN can be tricky, ineffective and give a very false sense of security so I will not recommend any that I see out there. Not that they are bad, it’s how they are used that is important.

Let’s say I want to “mask” where I am (like in a bad episode of CSI). I use a VPN on my home computer and send out a nasty email with a weird email account to the president of a big business. I also check and use this email from my phone that is connected to my home wifi, or from work. Oh, cool – they now know who I am and can figure these things out. I did not hide anything. I just paid someone for a VPN service that didn’t protect me, because I didn’t protect myself.

Better off is to practice good internet etiquette and not do illegal things. I am not putting on the argument that if you have nothing to hide don’t fear people watching you – I am saying they are better at watching then you/I am at hiding things so don’t be mean to people and try to be anonymous or do illegal things and think you are gonna get away with it because of a VPN.

If you don’t want Google guessing everything about you based on your search history or Verizon knowing everything as you search Yahoo!, there are alternatives. Get off of Chrome and use Brave. Also you can use DuckDuckGo or Bing to search and things are a little cleaner.

Incognito/Private Browsing

This. This is so your partner or kid don’t see what you are getting them for their birthday. It is not for hiding things from the police or anyone who can see/log your traffic (think your pi-hole server log). If you wouldn’t do it in front of someone then this is not a way to mask that. Just remember that.

Serious Privacy/Anonymity

If you are an activist/whistleblower/someone in need of secure safety look up how to protect yourself in many ways and do that. A VPN is not for that. This whole post is not for that.

Secure Communications

Finally I’ll touch on secure communications, something a little more than a text message.

MMS and SMS messages are inherently insecure. They were created with security as an afterthought and that afterthought has been forgotten about.

iMessage is secure when all parties are using it. And this is how most secure messaging apps work. Many people use Facebook Messenger. I hear ya. Privacy can be turned on, but must be turned on and is run by Facebook, the company that provides a VPN so so they can see your traffic.

Facebook Messenger and What’sApp both use the technology developed by Signal as their underlying encryption, so why not just use Signal? You will actually be pretty surprised at home many people do use it. It has a good reputation and is actively being worked on for more features. If you have something you want to keep between you and the other person, this is a good option. I hear Telegram does much the same thing, but have not used it.

Is there ever an end?

This is not an exhaustive list or article and I know it’s missing things like links and footnotes to more reading, but things like privacy and security are always evolving and this is just the tip of my iceberg and what I do at home.

I didn’t even mention why Ring is a horrible thing and the IOT is a nightmare. see…

The guns.

The batons.

The the riot gear.

The tear gas.

The flash bombs.

The tasers.

The surplus military assault vehicles.

All of the weapons used by the police.

Lock ’em up for for the minimum a citizen would get for an assault and battery charge.

Now that all the police toys of intimidation are locked up, let’s let the police go do their job.

What? Do their job without guns and riot gear? Do their job without tear gas and surplus assault vehicles? How are they to keep the peace? How are they to uphold the law?

Well, let’s let them figure it out. Let’s let them spend time in the community. Let’s let them get to know the people they are to protect and serve.

Let’s let them learn to fix this without violence and intimidation – because really, it starts at home. One town and one cop at a time. Let the cop who knows how to do it show the one who doesn’t. Let them train how to be a peace officer and not a cop.

And if so many don’t want to do it any more, so many say it’s not gonna work, let them go – there will be people who come in and step up to the plate to take care of each other with doing harm.

So – lock ’em up. Lock ’em all up and hope we forget the key.

I know shit can be scary.

We live in a scary place.

But those of you in blue are not helping. You are supposed to. It says in on those cars you drive around in with all those guns and all that surveillance equipment in them.

Instead of seeing someone doing something wrong and stopping it, which I am pretty sure you are trained to do, you sit by, watch it happen then suit up to fight about it when the people call you out on it.

Not a good look and not a good way to win the long game.

It was real fast how you doubled down there. How fast you were able to mobilize all the blue lives.

It was real quick how fast you were able to get the tear gas and the face masks, the batons, and the rubber bullets ready to “defend” against the mourners and the protesters.

It was real quick how you were able to point out and hit the press when no one could see your face.

You did not just mess up by giving a person a bogus traffic ticket.

You didn’t fuck up by pulling in the wrong person for questioning and treating them badly.

You killed a man.

Instead of arresting the killer you suit up.

Instead of working with the community to right the wrong you dole out overtime to gas and shoot mourners and protesters.

This doubling down on the Blue Lives Matter shit is going to get a lot more people killed then needed.

If you really want to “man up”, then sit down, shut up, and take responsibility for your actions.

Oh look, I’ve written about this before. As I read back on these I am sad. Sad that things are not changing, and I need to do more. I need to learn more to make this a better world.

Set the stage:

It’s past bed time. The stalling has commenced. While I wait for the child to brush teeth I open my computer.

It is my fault.

He walks in. Toothbrush in mouth.

“Papa. How do you make the computer do things? Like, how do you make it answer questions?”

Ah, I remember. I was writing up a script the other day and he was asking about this. Because he knows how to play games. He knows how to search the internet.

So, I pull up a terminal, type python and he says, “Yeah! That!”.

Okay, so I know he’s stalling, but He also knows he’s got me.

We start with what a variable is and add up the kids ages. I type their ages and then he types in the command to add them up.

He then takes the keyboard and wants himself to be a bigger number. After he types it and tries to change his brother to a word we see what happens.

I teach him about the up arrow so he can take a few less seconds to type things and also see that only one variable has changed.

We talk about the error message and how strings need to be encapsulated.

He puts the string in quotes but gets a new error.

Not frustrated yet.

This is were I teach him about casting variables as a type. I should have taught him how to figure out a type, but I didn’t think about that until writing this. Oh well, there will be more times.

Seeing how he can concatenate the words he wants to make a silly word. he wants to make the word ‘malvin’

He changes the variables, remembering the quotes.

Ooops. Almost there. What went wrong I ask.

Figured that one out pretty quick.

What next?

Bed. That was a good start for the evening.