Categories
Links 1

NextDNS iOS 14 build coming soon

Update: It’s available now! In my test with Mullvad app, it doesn’t work. Mullvad’s DNS takes precedence. But it works flawless with Wireguard app instead. So, that’s what I am using, with Mullvad-generated config.


You must know that I am eagerly waiting for encrypted DNS on iOS 14. Last night, I came across NextDNS devs’ comment on reddit that their test build is pending Apple’s approval!

NextDNS test build running encrypted DNS system-wide on iOS 14, without configuring a VPN tunnel

With that news, I updated my iPad to iOS 14 public beta 2. This is my first time running a beta build. Going by Twitter, this beta is stable.

I also reached out to NextDNS devs on their Intercom, to know more about this build. They let me know that it’d be announced on their reddit, when Apple approves it.

Categories
Posts

My network setup

I have written about my DNS setup in the past, but that setup is a bit outdated that I wanted to write a new post. I continue to use NextDNS as my primary DNS service. On the VPN side of things, I have switched from NordVPN to Mullvad.

I have stopped using Cloudflare Warp as well. It’s not a VPN; they disclose IP to websites hosted on Cloudflare. They do claim it’s not a VPN, and I appreciate that transparency.

Android

On Android, I use NextDNS’ DNS-over-TLS (DOT) address on Android’s private DNS setting. That setting is available on Android 9 and above. Marking my private, secure, encrypted resolver as such ensures that it works even when I am connected to Mullvad.

I use Wireguard Android client to use Mullvad, as I have noticed Mullvad’s official app to disconnect often.

Mac

Since I switched from NordVPN (they announced a Wireguard-based implementation as well!) to Mullvad, I started using Mullvad’s Wireguard implementation. It’s as simple as downloading the Wireguard configuration file from their website, and adding it to the Wireguard client app.

Since I run NextDNS CLI, I setup that local resolver address 127.0.0.1 as my choice of DNS on the Wireguard config.

As an additional measure, I use 127.0.0.1 as my resolver on Mac’s network settings as well. This ensures that NextDNS continues to be used when disconnected from Mullvad.

Taking this one step further, I have a Keyboard Maestro macro that periodically ensures that 127.0.0.1 is my Mac’s DNS resolver. This is not a great way to implement DNS leak checks, but it works for me.

Windows

Windows was an issue when I was using NordVPN. I could define NextDNS’ IPv4 addresses, but that’s not encrypted DNS. I wanted both encrypted DNS and VPN at the same time, which is when I learned about YogaDNS. It’s network interface-independent and works great with Mullvad. As usual, I use Wireguard Windows client for Mullvad.

iOS

iOS is an issue at this time. I can either use NextDNS or Mullvad. The problem is, DNS implementation is done as VPN tunnels, and when NextDNS tunnel is active, Mullvad VPN cannot be. This is changing with iOS 14!

Pi-hole

I haven’t shut down my Pi-hole yet. It’s active and running, and serves all guests that connect to my home WiFi.

Categories
Links 2

Arctic Code Vault Contributor 2020

Look at this shiny new badge on my GitHub profile!

Calypso was probably the first OSS project that I contributed to. I am super grateful for all the feedback that I have received through the years, even though they were minor changes like CSS and copy.

If you haven’t starting contributing to OSS yet, start today! Maintainers are always happy to help. 💛

You can read more about GitHub’s archival program here.

Categories
Links 3

Back on Tumblr 👻

The blog you’re reading at the moment was originally a Tumblr site. I moved it to WordPress when I joined Automattic. That was two years ago.

I was curious to see what has changed recently. Tumblr is very different from what I knew two years ago. I think I’m enjoying the experience so far.

On that note, I’ve a new blog called mostly for reblogs. I’ll be using it for posting thoughts on shows that I watch. I just finished season 1 of Dark on Netflix.

The current blog will continue to exist as my primary site.


This post is composed entirely on WordPress Android with Gutenberg.

Categories
More links

Encrypted DNS on iOS

Apple announced encrypted DNS (DOH and DOT) for iOS! This is by far my most favorite announcement at WWDC 2020.

Right now, my DNS provider, NextDNS app for iOS, implements their feature as a VPN tunnel, which makes it impossible to use another commercial VPN like NordVPN/Mullvad at the same time.

A similar limitation applies to Cloudflare’s 1.1.1.1 app.

However, with the new encrypted DNS model that Apple is announcing, it looks like NextDNS can be used in conjunction with the other active VPN tunnels.

I have reached out to the NextDNS developers to hear their thoughts. Future looks exciting for iOS!

Categories
Posts

Of emails and aliases

I have been thinking a lot about emails and aliases in the last few days.

Emails are the core identity of one’s online presence. They are everywhere, and form the base for any online service.

For years, I have used a Gmail address.

While it’s convenient and free, it isn’t the best choice for a privacy-focussed individual like me. In the last couple of years, I have started reading more about privacy online and opsec. I have gradually made changes to my workflow, including getting a custom domain based on my name.

My address is hosted on ProtonMail with a custom domain. In my opinion, ProtonMail is the safest email can get, thanks to their built-in PGP encryption and published security details.

Having a custom-domain based email also gives me the flexibility of moving to another email host should there be a need. In the event ProtonMail shuts business, I can always move that domain to a new email host and don’t have to update all of friends and family about a new address.

That’s the beauty of owning a domain-based email address — I get to carry that email identity until the end of the internet.

That’s a standard practice that everyone must adopt. However, isn’t always the case due to lack of domain knowledge.

HEY email is Basecamp’s bet in turning that around. They aim to offer a Gmail-like service that’s easy to get started and manage, and respect users’ privacy. Of course, it’s a paid email service.

I managed to secure my preferred address ([email protected]) on day 2, and it has been a little over a week.

So far, their features are okay. I cannot say they are marvelous. There is a learning curve to the product, as it’s not a traditional single-stream inbox. They have three feeds which constantly need to be juggled between. In particular, their Paper Trail feed doesn’t differentiate read vs unread emails, which is a road blocker, for me.

Most annoying part is probably that there is no way to have a sender’s emails arrive in two different feeds. Right now, all of their logic is based on sender’s email address. Some businesses user the same address for marketing emails and support. In that case, it’s hard to make sense of where to divert the emails – Imbox or Paper Trail?

The founders say all of this likely to improve in the coming months. As with any product, I know this can improve. Time will tell.

ProtonMail on the other hand, at a fraction of HEY’s cost, fares a lot better. Especially considering the fact that HEY does not offer PGP-encryption.


Encryption is one part of opsec.

I came across a tweet from Pieter many months ago.

He mentioned something an idea that was very intriguing:

Seeing emails as security keys too

What this means is that, in the event an email address gets leaked in a breach, it wouldn’t fall prey to credential stuffing attacks.

I briefly toyed with the idea of using a custom domain with random characters, but later discovered SimpleLogin and AnonAddy. Both services are much better implementations than what I was doing with a custom domain.

Categories
More links

Telegram stickers to Signal

I found an interesting Telegram bot last night. Signal Sticker bot helps you convert Telegram stickers to Signal. It’s as easy as it can get,

  • Initiate a chat with the bot.
  • Send a sticker, one that’s not animated.
  • Wait for the bot to generate a Signal-specific sticker pack link.
  • Click on it to install the pack on your Signal. 🤯
Categories
More links

BYE mail

Found this on my Twitter feed today. Copy and design are guaranteed to give you a laugh. 😂

And, look at this! ⬇️ 🤣

Jokes aside, they are actually donating these funds to a great cause — Black Girls Code.

Categories
More links

GitHub repository refresh

I received GitHub.com new design for repositories and I like it! 💯 🚀

Particularly like the latest release section on the right sidebar. I do WooCommerce support as well, and part of my job often involves downloading the latest copy of the plugin. It must be easier with this prominent placement on the right sidebar.

As I understand, this is not available for everyone yet. This is a feature preview that you can sign up for.

Categories
More links

Basecamp’s Hey and Apple

I generally do not like DHH’s tweets, but this case is a bit different.

For one, I am sad about how monopolies like Apple can crush software makers, small or big.

And, I am glad to see DHH voicing Basecamp’s concerns in the public. Members from the EU antitrust division are looking into this issue, other companies are sharing their stories as well, and in the event something positive comes out of this, it’s not just Basecamp that would benefit. It’d be all software developers publishing to the App Store.