Categories
Posts

Icebox finally!

Custom queue is disabled as well, so, it took a few attempts at Spike Rush to get to the map.

Categories
Posts

Turn off IPL background noise using Krisp

I started watching IPL today, and I noticed that Hotstar feed is introducing an ambient background “fan noise”. The idea seems to be that it gives viewers a real match experience.

For some context, matches are happening in UAE, and it’s just the players at the stadium. Fans are not allowed for COVID-19 reasons.

However, the background noise was doing more damage than goodness. Especially as a hard of hearing person, I couldn’t hear any commentary. I found similar comments from other Hotstar users:

I searched a bit more, and I found that it’s not actually a feature from Hotstar, but is coming from their upstream provider.

Krisp to the rescue

Some of my colleagues use Krisp at work. It’s a noise-cancelling app that’s commonly used with Zoom, Hangouts and other communication apps. I was curious to see if it might work with streaming services, and it does!

Krisp’s available as a desktop app, as well as in the form of a browser extension.

I tried the browser extension, but it didn’t work, as it appears Krisp needs the tab to introduce a “microphone stream” to enable noise-cancellation. Hotstar doesn’t require microphone access, which in turn means that noise cancellation cannot work.

Basically, the extension works with any web page that is using a microphone stream. All you need to do is to turn on the “Mute Noise” toggle and Krisp will start working on all the tabs that are currently using a microphone. 

Source – Krisp help page.

And, the desktop app (Windows in my case) works well! I use Windows 10, and I ran into some issues in marking it as the primary output device on Sound settings. Marking it as the primary output device didn’t save properly.

Turns out this is intentionally done. I spoke to their support and they pointed me at a workaround, which involves setting app-level output on Windows settings. In my case, I marked Krisp for Brave browser, under Windows sound settings:

It works well!

Categories
Posts

My network setup

I have written about my DNS setup in the past, but that setup is a bit outdated that I wanted to write a new post. I continue to use NextDNS as my primary DNS service. On the VPN side of things, I have switched from NordVPN to Mullvad.

I have stopped using Cloudflare Warp as well. It’s not a VPN; they disclose IP to websites hosted on Cloudflare. They do claim it’s not a VPN, and I appreciate that transparency.

Android

On Android, I use NextDNS’ DNS-over-TLS (DOT) address on Android’s private DNS setting. That setting is available on Android 9 and above. Marking my private, secure, encrypted resolver as such ensures that it works even when I am connected to Mullvad.

I use Wireguard Android client to use Mullvad, as I have noticed Mullvad’s official app to disconnect often.

Mac

Since I switched from NordVPN (they announced a Wireguard-based implementation as well!) to Mullvad, I started using Mullvad’s Wireguard implementation. It’s as simple as downloading the Wireguard configuration file from their website, and adding it to the Wireguard client app.

Since I run NextDNS CLI, I setup that local resolver address 127.0.0.1 as my choice of DNS on the Wireguard config.

As an additional measure, I use 127.0.0.1 as my resolver on Mac’s network settings as well. This ensures that NextDNS continues to be used when disconnected from Mullvad.

Taking this one step further, I have a Keyboard Maestro macro that periodically ensures that 127.0.0.1 is my Mac’s DNS resolver. This is not a great way to implement DNS leak checks, but it works for me.

Windows

Windows was an issue when I was using NordVPN. I could define NextDNS’ IPv4 addresses, but that’s not encrypted DNS. I wanted both encrypted DNS and VPN at the same time, which is when I learned about YogaDNS. It’s network interface-independent and works great with Mullvad. As usual, I use Wireguard Windows client for Mullvad.

iOS

iOS is an issue at this time. I can either use NextDNS or Mullvad. The problem is, DNS implementation is done as VPN tunnels, and when NextDNS tunnel is active, Mullvad VPN cannot be. This is changing with iOS 14!

Pi-hole

I haven’t shut down my Pi-hole yet. It’s active and running, and serves all guests that connect to my home WiFi.

Categories
Posts

Of emails and aliases

I have been thinking a lot about emails and aliases in the last few days.

Emails are the core identity of one’s online presence. They are everywhere, and form the base for any online service.

For years, I have used a Gmail address.

While it’s convenient and free, it isn’t the best choice for a privacy-focussed individual like me. In the last couple of years, I have started reading more about privacy online and opsec. I have gradually made changes to my workflow, including getting a custom domain based on my name.

My address is hosted on ProtonMail with a custom domain. In my opinion, ProtonMail is the safest email can get, thanks to their built-in PGP encryption and published security details.

Having a custom-domain based email also gives me the flexibility of moving to another email host should there be a need. In the event ProtonMail shuts business, I can always move that domain to a new email host and don’t have to update all of friends and family about a new address.

That’s the beauty of owning a domain-based email address — I get to carry that email identity until the end of the internet.

That’s a standard practice that everyone must adopt. However, isn’t always the case due to lack of domain knowledge.

HEY email is Basecamp’s bet in turning that around. They aim to offer a Gmail-like service that’s easy to get started and manage, and respect users’ privacy. Of course, it’s a paid email service.

I managed to secure my preferred address ([email protected]) on day 2, and it has been a little over a week.

So far, their features are okay. I cannot say they are marvelous. There is a learning curve to the product, as it’s not a traditional single-stream inbox. They have three feeds which constantly need to be juggled between. In particular, their Paper Trail feed doesn’t differentiate read vs unread emails, which is a road blocker, for me.

Most annoying part is probably that there is no way to have a sender’s emails arrive in two different feeds. Right now, all of their logic is based on sender’s email address. Some businesses user the same address for marketing emails and support. In that case, it’s hard to make sense of where to divert the emails – Imbox or Paper Trail?

The founders say all of this likely to improve in the coming months. As with any product, I know this can improve. Time will tell.

ProtonMail on the other hand, at a fraction of HEY’s cost, fares a lot better. Especially considering the fact that HEY does not offer PGP-encryption.


Encryption is one part of opsec.

I came across a tweet from Pieter many months ago.

He mentioned something an idea that was very intriguing:

Seeing emails as security keys too

What this means is that, in the event an email address gets leaked in a breach, it wouldn’t fall prey to credential stuffing attacks.

I briefly toyed with the idea of using a custom domain with random characters, but later discovered SimpleLogin and AnonAddy. Both services are much better implementations than what I was doing with a custom domain.

Categories
Posts

My DNS setup

I have been obsessed (in a good way!) with DNS lately. Mostly around pihole and NextDNS.

Pi-hole is a free, open-source software that enables you to block or monitor DNS queries. It supports a variety of operating systems and is straightforward to setup. The community on reddit is helpful as well. It’s meant to be used on a private network, like your home WiFi. You could optionally pair it with a VPN, so that you have access to this pi-hole on the go. That means, you can block ads/DNS queries while on your tablet or smartphone as well.

I used it briefly, but I recently switched to NextDNS, because I want a public/online DNS resolver (as opposed to a local DNS resolver, which is Pi-hole) that can work with a commercial VPN like NordVPN or Cloudflare Warp. NextDNS is nothing but Pi-hole on the cloud. It’s in beta and free at the moment.

I wanted to write about my DNS setup across devices, here goes:

On Android: I use NextDNS’ DOT (DNS-over-TLS) setup. This is easy because of the “Private DNS feature on Android 9 and above. This also works well when I turn on NordVPN or Cloudflare Warp. I suspected that their own DNS servers would take precedence, but it doesn’t seem to be the case. That’s nice!

On Mac: I use NextDNS’ CLI app. This runs a NextDNS daemon locally and all DNS queries are encrypted.

On Windows: I see no CLI app for it, so, I use the official NextDNS Windows app. It seems to be work pretty well with wgcf for Cloudflare Warp. Because Cloudflare Warp is based on Wireguard protocol, so, is easy to use with the Wireguard Windows client. The wgcf app that I have linked to, can help generate a config file. NextDNS and Wireguard seem to be work well!

One point to note would be, remove all DNS resolvers that you have entered on your Wireguard config file. When you do that and save the changes, you will also see an option kill-internet switch.

Uncheck that.

Wireguard Windows client does not seem to fallback to the system-level or router-level DNS resolver when no DNS resolvers are listed on the Wireguard config file. Without unchecking it, all DNS queries/internet just stop working.

On iOS: I couldn’t get NextDNS to play well with NordVPN, Cloudflare Warp so far. This is mostly due to how iOS defines VPN settings – there are two kinds, “VPN configuration” and “personal VPN”. I haven’t got the hang of either so far; as and when I do, I shall publish a new blog post.

On router: So, I have setup NextDNS on invidual operating systems, but as a fallback, I have it setup on my router as well. This must also benefit all my guests when they connect to my home network. As I use pihole (running on a Raspberry Pi) as my DHCP server, I could enter any DNS resolver on its settings. I used NextDNS’ stubby configuration and it works like a charm.

Pi-hole settings indicating the DNS resolver in use

I found this blog post to be helpful in setting up stubby on pihole.