Categories
Google Misc

The opposite of coherent

[…]

Carrying an extra passport

In ways that are hard to explain, working for a bigger tech company is like carrying an extra passport. Everyone else has to commute to work. You get driven in an air-conditioned private bus with dedicated wifi. Work visa failed to renew? No worries, do an intra-company transfer to one of several global hubs.

It’s not that the rules don’t apply to you, it’s that you have a safeguard for when the shit hits the fan.

And this week, that’s exactly what happened. The Supreme Court of the US overturned Roe v Wade and a bunch of tech companies rushed in to reassure their employees. Yes, the law of the land just changed. But, don’t worry. We will fly you out of state, we will approve relocation if you wish, we will take care of you. You will be insulated against the worst of anti-choice laws, regardless of where you live. This is a massive change in reproductive freedom for Americans, but not for you.

We’re not opposed to employers taking care of their employees. We’re not even upset that companies got gold stars for their employer brand in an otherwise hot talent market. But the extra passport is tricky. It has two profound impacts and whether those things are intended or not is hard to say.

An extra passport can make you feel like you have a perpetual plan B. Like whatever is going on in the world is someone else’s problem to solve. That untethered, unmoored thing means you pay less attention to the fucked-up-ed-ness of San Francisco. You can always move to Miami. Or Austin. Taxes are lower there anyway. Pulled all the way through, tech people resemble locusts. We come, we eat, we leave at the first signs of blight. Even when it’s blight we caused.

The other reason it’s tricky is that it reduces scrutiny on the issuing body. The company paying for the air conditioned, wifi-enabled shuttle or the round trip airfare to a blue state. Don’t look a gift horse in the mouth. They are doing all of this to take care of you. And it’d help out a whole awful lot if you didn’t ask what the public policy team has been up to for the past few years.

[…]

Incoherent answers

So here we are. Faced with this disastrous ruling. And it makes us wonder: how coherent are your organization’s actions on this one? We heard about the relocation policy, what other actions are they taking? Do they line up? Or are they shielding their employees from a political reality with one hand, while they help bankroll that reality with the other? The twitterverse has been quick to call out the companies whose statements don’t match their political spending. But that critique, lobbed at a brand’s social account, often stops at the social media manager.

It’s harder for organizations to ignore the questions that come from their own people. It’s harder to ignore questions from you.

What are our company’s policy/lobbying priorities right now?
Which candidates have we donated to that helped make this mess, and have we cut off that support?
How are we making our position clear, and what concrete steps are we taking to advance that position?

Those questions may produce some awkward shifting in seats. If this were about product strategy, the conversation would be all coherent actions and strong point of view. But when it comes to their role as political actors, many executives have shown that they don’t have the range. So, when you ask these questions, you may get a patronizing smile, and some version of, “we can’t do that. Donating across the board is how you play the game. If we want influence on the things we care about, we need to be in the room.”

You deserve better answers than that. You deserve better than to have your employer tell you that criminalizing abortion is “playing the game.” Some of you, when you push, will find out that your labour has been supporting an organization that helped fund what’s unfolding right now. And when you discover that, you deserve better than, “we don’t claim to get everything right.” You deserve better than, “we’re not all going to agree on everything anyway.”

We don’t need you to agree on everything. But, if you are one of those lucky humans who found yourself with an extra passport you didn’t know you had, we’re invoking Spiderman rules.

That company-issued passport affords you a set of privileges. Like the ability to flit between jurisdictions when the need arises. It also comes with an extra set of responsibilities. We need you engaged, informed, and asking tough questions at this week’s all hands. Even if you’re not American, or married to an American, now is a good time to get clear on how your organization is using its influence in the world. Particularly when your company’s public stance and their actions don’t line up.

Source: Jonathan & Melissa / rawsignalgroup
Categories
Apple Google Hardware

Custom CPUs

Google developing own CPUs for Chromebook laptops“.

Interesting to see that many years after Apple started creating their CPUs for the iPhone (and now laptops/desktops), so many companies are following. Google is not new to building their chips (TPU, Titan (used in security keys and as encryption module for servers/Pixel phones), and likely more), but quite new to more generalised computing CPU for phones and laptops.

And it makes sense — a lot of the generic CPUs were too generalist and not that great at their job (and are plagued with bugs). It came with heavy power usage. Having a ML/AI chip, a GPU chip, a generalist CPU chip (or two, one focussing on high performance, and one on efficiency, like the M1), one for security/encryption (Titan/T2), etc.

Curious to see how much of a head start Apple really has, and very eager to finally see some real innovation in the CPU space (sorry AMD with Ryzen: too little, too late).

Let’s see if Intel and AMD will be able to adapt and reinvent themselves and what it means for ARM (and the ARM IP issue in China), and if other architectures like MIPS are making a chance.

Categories
Google Linux Networking

NextDNS + EdgeRouter + Redirecting DNS requests

Realised I haven’t updated this in a long while (life happened).

Couple of weeks ago I started to play with NextDNS — and I really recommend anyone that’s something privacy minded and cares about the stuff happening on their network.

I’ve set up several configs (home, parents, FlatTurtle TurtleBox (the NUCs controlling the screens)) and Servers. Once it’s out of beta and better supported on Unifi and Ubiquiti hardware I might deploy it to our public WiFi (well, most access points don’t look like that — but you get the point) networks too.

Looking at the logs was an eye-opener seeing what goes through your network. You can play around and block (or whitelist) certain domains.

I figured out my Devialet does an insane amount of requests to cache.radioline.fr for example. This domain has a 30s TTL. It shows that the majority of my DNS requests are actually automated pings and not in any way human traffic.

Anyhow — I’ve since installed the NextDNS CLI straight on my EdgeRouter Lite acting as a caching DNS server and forwarding using DoH.

I’ve turned off dnsmasq (/etc/default/dnsmasq => DNSMASQ_OPTS="-p0") and have NextDNS listen to :53 directly.

Note that every EdgeOS update seems to wipe out the NextDNS installation, and requires a fresh install… Pain in the ass and doesn’t seem like that’s fixable.

This is my ERL NextDNS config (/etc/nextdns.conf)

hardened-privacy false
bogus-priv true
log-queries false
cache-size 10MB
cache-max-age 0s
report-client-info true
timeout 5s
listen :53
use-hosts true
setup-router false
auto-activate true
config 34xyz8
detect-captive-portals false
max-ttl 0s

The explanation of every flag is explain on their Github page and they are very responsive via issues or through their chat on my.nextdns.io.

All right — next thing I’ve noticed is that my Google Home devices are not sending any DNS requests — which means the devices use hard coded DNS servers.

I have a separate vlan (eth1.90) for Google Home (includes my Android TV, OSMC, Nest Home Hub and all other GHome and Chromecast devices). For this vlan I set up a deflector to be able to cast and ping/ssh from my “main” network/vlan to GHome vlan.

Using this guide I redirected all external DNS traffic to the ERL so I can monitor what’s happening. The important part was the following:

[email protected]# show service nat rule 4053
destination {
port 53
}
inbound-interface eth1.90
inside-address {
address 10.3.34.1
port 53
}
protocol tcp_udp
type destination

This allows to “catch” all UDP and TCP connections to :53 and redirect them the ERL DNS server (10.3.34.1). The GHome devices were acting a bit weird after committing the change, but a reboot of the device fixed it.

Note that you need to set this up per vlan. If you want to catch DNS requests for your Guest or IoT vlan, you’ll need to do the same.

Categories
Google Hardware

Yard Sale: Nexus 6

Nexus 6

  • Details
  • New device from end of September (used for one month; I’ve owned a N6 for a longer time, but due to a battery problem, Google swapped it for a brand new device; then I swapped to a Nexus 6P)
  • Midnight Blue edition
  • 64Gb
  • 4G and stuff (side note: reception & signal is a million times better than a Nexus 5)
  • You do of course receive the Moto TurboPower charger with it
  • Bought via Google Play store (comes with warranty, support, etc), original phone bought July 2015, so plenty of warranty left
  • No scratches or anything
  • Comes with Android 6
  • Selling because I own a Nexus 6P
  • Price: offer
  • 2dehands

Includes original packaging/boxes.

Email: [email protected]

IMG_20160716_113744  IMG_20160716_113752

Categories
Google Linux Networking

Postfix delete mails from/to one address

Monit suddenly sending 18.000 e-mail? Gmail blocking your mx IP & getting all other incoming emails to your Gmail account (as it’s getting forwarded to Gmail) delayed?

Have no fear…

mailq | grep [email protected] | cut -d' ' -f1 | xargs -rn1 postsuper -d

Edit the e-mail address.

Note: mainly a reminder for myself. 😉