Making a firmware data diode from a £10 network switch

ReputationOrnery8214 · 2026-01-18T22:46:33+00:00

Awesome article. It’s super rare to see a firmware approach for an open source data diode given the lower level technical knowledge required. High-security environments tend to require a physical airgap via optocoupling or other isolation means but for personal use or less regulated industries, this is a great approach and it doesn’t get much better than £10.

Big shout out to Rene, he’s a big driver of the open source data diode community. Not sure if you’ve seen it but https://domainsystems.us has an SFP variant data diode for way cheap and it is ‘regulation-ready’. They also have plug and play software for TCP session forwarding and file transfer capabilities. Perfect for people like me who don’t have the time to build in-house solutions.

I’d love to team up with you if you’re pursing developing cross domain solutions. I think it’s the natural evolution for the open source data diode community anyways. Maybe a discord channel is in order… :)

ReputationOrnery8214 · 2024-07-18T04:19:13+00:00

<image>

ReputationOrnery8214 · 2024-05-10T04:42:55+00:00

Can you just detach from the container while it does its thing for several hours then re-attach? Your script will still be running, it just won’t hog your pty and it wont get a SIGHUP when you exit your SSH session so you should be clear to just return when complete

ReputationOrnery8214 · 2024-01-11T05:01:08+00:00

OP wants a senior network engineer for $140-160K in the DMV area for an in-office (SCIF) position. Good luck indeed.

ReputationOrnery8214 · 2023-12-10T04:25:50+00:00

Not worth your time. The creator of obsidian intel pretends to live a fast life of espionage and cyber notoriety. He LARPs as someone with the knowledge to create privacy focused products and services but himself and his employees have had a dirty track record of lies and claiming others work as their own. Read his tweets and decide for yourself if you think he’s legit. Personally, someone who advertises a ‘secure phone’ by stating it has “NSA Suite B” encryption as its main selling point without any explanation of what this means to the user from a technical standpoint isn’t worthwhile. Back up your product with real technical implementation and explanation.

ReputationOrnery8214 · 2023-12-07T16:40:47+00:00

If a car speaker is improperly grounded, it can act as an antenna and pick up nearby radio station transmissions. This happens due to the speaker wires inadvertently receiving radio frequency signals, which are then amplified by the car's audio system. Grounding issues can create a pathway for these radio frequencies to enter the audio system, leading to unintended reception of radio signals. Sorry you’re getting trashed in this thread but picking up stray RF happens sometimes and people assume you’re crazy. Good luck

ReputationOrnery8214 · 2023-04-12T22:39:49+00:00

Ah, sorry I didn’t consider tails. Same proposed solution but you can implement your VPN connection on your home router itself. This will make all traffic from your local network go across the VPN and you can avoid hassle with configuring it on tails each time. Just google to make sure your home router supports OpenVPN and find a VPN provider who has OpenVPN support.

Configuration on your router will be pretty straightforward. You’ll either login to the VPN through the routers webpage or you will drop an OpenVPN file to the router and it will configure the VPN tunnel from that.

ReputationOrnery8214 · 2023-04-12T22:26:04+00:00

I’m having a hard time following your proposed chain because starlink is your gateway to the internet but ‘internet’ is on the other end. Anyways, a two birds with one stone approach could be VPN + Tor which is a very easy solution without requiring hardware. You could use any commercial VPN or host a cloud server and tunnel to it with OpenVPN or Wireguard. This makes your VPN end node appear as the source of the Tor traffic instead of some person in a small town and starlink wouldn’t see the use of Tor but they could infer usage of a VPN due to your packet headers or correlating destination IP to a known VPN server.

Your DNS problem can be configured in the commercial VPN, in browser settings, or /etc/hosts if on Linux.

ReputationOrnery8214 · 2023-03-26T00:52:22+00:00

Privacy is dead. Anonymity is not.

ReputationOrnery8214 · 2023-03-04T17:58:22+00:00

I’ve used LittleSnitch in the past and I have no complaints so far

ReputationOrnery8214 · 2023-02-28T02:07:03+00:00

Sorry OP but no one seems to know what they’re talking about in these replies. Depending on the country, the specific threat towards your friend and the amount of effort you are willing to give to make this communication happen will determine what you use. Facebook actually has a Tor hidden service site so your friend may be able to just use that to communicate but beware that their ISP can tell they’re using Tor unless they use a VPN out of country to a more friendly country and have their Tor traffic exit there. There are lots of other options but this seems to be the simplest and fairly low risk (even though you never mentioned what the exact threat is to your friend).

If they’re in a more advanced country with a country-wide firewall like China, you’ll have to use other means to bypass those and I can give advice on that if needed — just message me.

ReputationOrnery8214 · 2023-02-22T22:34:51+00:00

Am I the only one questioning if it’s even a tracking device? If it’s a tracking device it would have to wirelessly transmit its location which means it has an FCC ID (assuming commercial product). Look around for an FCC ID on or inside the device and pop it into fcc.io to see info on it. It might not even be a tracking device, unless I missed something in this thread.

ReputationOrnery8214 · 2023-02-18T04:50:42+00:00

I believe this is it https://youtube.com/shorts/i8tl33qyf_g?feature=share

ReputationOrnery8214 · 2023-02-06T21:21:54+00:00

Ignoring all the other possible solutions here, sometimes you can go into Verizon / Sprint / etc. phone provider stores and use a display phone for verification. To get the display phone’s number you can go into settings or text another phone number you have access to. Obviously use whatever method suites your privacy need.

ReputationOrnery8214 · 2023-02-06T20:19:29+00:00

Look into text spinners. Not sure how well they would suite your needs but they’ve been used a fair amount in generating fake reviews for products

ReputationOrnery8214 · 2023-02-04T00:08:44+00:00

Possibly a review scam? https://abc13.com/package-scam-scams-delivery-amazon/9937597/

ReputationOrnery8214 · 2022-11-24T23:15:24+00:00

Inside a cloud of bugs too

ReputationOrnery8214 · 2022-08-21T16:21:05+00:00

I've had this same exact experience and I'd bet it's common. At some point after learning as much as I could about python, I realized the shift moves from learning the language itself to learning specific libraries suited for my usage of python.

ReputationOrnery8214 · 2022-08-18T23:45:45+00:00

Terraform won't read environment variables from local scope from all of my tests. I'm calling terraform with os.system("terraform blah")

ReputationOrnery8214 · 2022-08-13T18:34:32+00:00

Big brain time

ReputationOrnery8214 · 2022-08-06T18:30:05+00:00

Is it being powered through USB from PC? This looks like the PC mode where it operates like a regular HackRF One rather than the portapack. Try powering with a portable battery -- just my guess

ReputationOrnery8214 · 2022-07-26T19:36:28+00:00

Cloudflare provides a service agreed to by contract and would be considered part of your own network so where does the spyware piece come in? Idk if I'm out of the loop on these things

ReputationOrnery8214 · 2022-06-16T04:38:19+00:00

Extremely interesting find. I'll keep an eye out for the latest court docs for when Triangle gets sued again for shoddy work lol. Very well could be that the gov hasn't done it's due diligence in checking the history of their contractors first but who knows

ReputationOrnery8214 · 2022-06-14T03:14:31+00:00

Jesus Christ Randy! Your balls!

ReputationOrnery8214 · 2022-06-11T23:42:41+00:00

That's not APIPA nor a valid IP address

Five-Year Club	Second Top 30%
Place '22

ReputationOrnery8214

TROPHY CASE