Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
254
hpr_transcripts/hpr3799.txt
Normal file
254
hpr_transcripts/hpr3799.txt
Normal file
@@ -0,0 +1,254 @@
|
||||
Episode: 3799
|
||||
Title: HPR3799: My home router history
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3799/hpr3799.mp3
|
||||
Transcribed: 2025-10-25 05:31:18
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 3,799 for Thursday the 23rd of February 2023.
|
||||
Today's show is entitled, My Home Router History.
|
||||
It is hosted by Norrist, and is about 32 minutes long.
|
||||
It carries a clean flag.
|
||||
The summary is, Recent Router Maintenance makes me remember all the fun I've had with
|
||||
my home network router.
|
||||
So I recently had to update my home router and I had to rebuild it and I was thinking
|
||||
about all the different sort of iterations I've had for a home router and I thought it
|
||||
might make an interesting HDR episode so I'll kind of start from the beginning, maybe
|
||||
working my way forward a little bit.
|
||||
So the first thing I can kind of remember doing that was even sort of like a home internet
|
||||
router was around 2000-ish, we still had dial-up and only went computer, but we started
|
||||
getting additional PCs around the house and with dial-up we would have to connect one
|
||||
computer at a time.
|
||||
So if one computer knew the other internet, the other one knew the other internet, just
|
||||
connect and connect it and I remember figuring out or learning that there was a way to share
|
||||
internet connection even if it was dial-up and you'd have to buy like a special ethernet
|
||||
cable, like a crossover cable and connect one to the internet and then connect the other
|
||||
one to the internet, connect the computer via the crossover cable and then I remember
|
||||
in Windows they had something called connection sharing that you could use or if you didn't
|
||||
have a wind modem and you could actually connect it to a dial-up I SP on Linux, you could
|
||||
use IP masquerading to connect and you could have sort of multiple computers sharing
|
||||
and internet connection.
|
||||
So this was faster internet starts becoming available, start thinking about how can we
|
||||
kind of share connection with the things like DSL and cable modems are starting to come
|
||||
out and then to share you know you need a ethernet card for your network connection to
|
||||
the internet and if you want to share it with another computer you've got to have two
|
||||
network cards, that's a big deal from two network cards in the same computer, right?
|
||||
So I've gotten cable and wanted a way to figure out how to obviously use multiple PCs with
|
||||
the cable internet connection so I've gotten, I've found a start looking on eBay for like
|
||||
cheap computers and found something for like, it was like 50 bucks, but then like for
|
||||
sitting with 50 bucks, it was still probably the best deal I could find or the most affordable
|
||||
thing I could find and then got it to Nick on it.
|
||||
I remember experimenting with a few different Linux distributions setting up the connection
|
||||
sharing, you know there were tools or guides for using just plain old IP masquerading kind
|
||||
of generic Linux server, but I don't, I couldn't get it to work.
|
||||
So the first thing I remember actually working well was a distribution of Mandrake called
|
||||
the multi-network firewall and it almost seems like a dream because I know I use this, I
|
||||
know it existed and I know it worked, but it's really hard to find any documentation
|
||||
or any website owner, but I know the Mandrake multi-network firewall existed, I know it
|
||||
used it, but I don't think it was maybe, maybe only got a single release, but it worked
|
||||
really good just like everything else Mandrake, another distribution I remember using a lot
|
||||
was one called IPCOP, IPSpace, CLP, and it was, it was pretty nice, it had like a web,
|
||||
UI to manage it, so you could put, you know just get any PC with 2 or 3 network cards in
|
||||
it, configure it and it had all the settings that you needed to use, to do it for DSL, I remember
|
||||
DSL having some extra things, you had to do a cable use plug-in, plug in the modem, but
|
||||
for DSL you had to have some extra user name and password and stuff, but IPCOP had all that
|
||||
stuff built in and you could manage it with the web interface.
|
||||
I started getting a little nervous about using IPCOP, it went a long time without any updates,
|
||||
and after a few months when you're using a project that's kind of small and you start
|
||||
to wonder is it not getting updates because that doesn't need any updates or is it not
|
||||
getting updates because the developers have stopped paying attention, so I just wasn't
|
||||
sure and I wanted to do something different, so I just started looking around, I'm not
|
||||
sure how I heard about OpenBSD, other than just being on internet, being around OS forms
|
||||
looking for Linux info, but I knew OpenBSD had a strong reputation for security and that
|
||||
it was a good choice of operating systems for networking and firewalls, so I found some
|
||||
instructions for setting it up, there's always been, OpenBSD has always had a very good documentation
|
||||
and there was a guide, there's always been part of the FAQ, some instructions for setting
|
||||
up a small router using OpenBSD, so I don't remember exactly when it was, probably around
|
||||
2010ish when it installed OpenBSD with some of these sort of junker servers that I had
|
||||
around, I had the one mentioned earlier that I bought off eBay and there was another one
|
||||
that I found out on the street that I picked up and sort of coupled together, but at this
|
||||
point, I've sort of moved away from dedicated firewall distributions and I moved to use
|
||||
an OpenBSD as my own router and it was nice, again, I had a good feeling because it had a regular
|
||||
release cadence, every six months you get a new release and it's fairly active projects on
|
||||
you that there was being maintained and I knew this being kept up to date and I knew that unless
|
||||
I did meet some really silly misconfiguration that I was going to have a secure network router,
|
||||
so to go along with the network router when I started to get started by devices that had the
|
||||
capability of getting on my thought, I had purchased one of the links as routers that were
|
||||
specifically sold to run Linux where the WRT distribution was to 54GL model, I had it around
|
||||
and I had it running a tomato firmware and for the most part I would only use it as an access point,
|
||||
but because the hardware that I had about firewalls on was kind of chunky,
|
||||
sometimes I don't have a hardware failure and I have to sort of promote the links as router from
|
||||
access point to sort of primary home router. I remember mostly having hardware issues with
|
||||
power supplies, I remember having a stack off in the corner like 304 PC power supplies,
|
||||
just sort of hot standbos because those things always seem to go bad and then also at the time all
|
||||
the hard jobs were IDE and like spinning IDE jobs while reliable they can get banged around
|
||||
too much when they're not, so between the hard jobs and the power supplies, usually a few times a
|
||||
year I would have to do some hardware replacement and in the meantime I used the links as router as
|
||||
the primary home router. At some point I decided it would probably be a worthwhile investment to
|
||||
go ahead and buy some hardware that was meant to run as firewalls, it was meant to be used as a
|
||||
firewall and I had looked at Socrus, I don't remember how to spell that, but I kind of felt like
|
||||
they were a little overpriced and underpowered, so I heard about a company called PC engines
|
||||
and they had a hardware loan called Alex or Alex and they're small,
|
||||
a 386 compatible about the size of a links as router and they have like three network cards on
|
||||
and like a 800 megahertz or 400 megahertz processor something like that, not very powerful,
|
||||
only like a quarter of a giga RAM, but it would have three really good network cards on it
|
||||
or really good for the network cards on it and they supported and opened BSD, a lot of people
|
||||
would buy them to run open BSD on it, so I picked up one off eBay, one thing about the PC engines
|
||||
lawn is they don't have video, there's no like the GA portal or anything on them,
|
||||
it's all, you do all the admin by serial and I had this, it's not anything I'd ever done before,
|
||||
this was new to me at the time, so I had to kind of learn how, you know, how does it work when
|
||||
you plug in, when you connect a couple computers with a serial port, one of the keyboard and monitor,
|
||||
you can, how do you get a console, no one that does it, but I eventually got it figured out,
|
||||
and the original Alex lawn PC engines it wouldn't boot off USB, so if you didn't have our
|
||||
operating system already installed on it, the only way to install it was to set up a TFTP server
|
||||
and fix the boot, so again relying on the open BSD documentation, they had that
|
||||
process documented well, so it wasn't pretty hard, they had, there was a page in FAQ about how to
|
||||
set up a open BSD pixie boot TFTP server, so you could pixie boot these Alex devices,
|
||||
and what it would do is when the device would boot up it would get its
|
||||
IP address via DHCP, and then it would ask for, you know, is there, or DHCP would tell it,
|
||||
hey, if you need to boot, there's a file you can boot from, and then it would pull it via TFTP,
|
||||
and what it was actually pulling was the open BSD installer edge,
|
||||
so once you do it up in an installed works great, after the initial install,
|
||||
you know, the twice a year updates from the open BSD project, it was easy to update from one
|
||||
release to the next, so I use that for a few years, no real issue, but there are some kind of
|
||||
hardware limitations with Alex lawn, one is that the network devices are only 100 megabit,
|
||||
and at the time that was fun, but I could sort of see into the future,
|
||||
where, you know, a lot of my devices around the house were gigabit, but I couldn't really
|
||||
get really used gigabit, because my mate router wasn't gigabit yet,
|
||||
and then the other hardware issue was that the discs on the Alex lawn were compact flash,
|
||||
so there was nothing wrong with compact flash, it worked well, but by the time I had this
|
||||
Alex router, compact flash was falling out of favor, it was really hard to find
|
||||
a replacement compact flash cards, and if I knew, you know, if I did have to replace the compact
|
||||
flash, I have to go back and do the TFTP and install all that stuff again, so I did buy a spare
|
||||
Alex on eBay, there's certainly been really cheap, so I bought another one just like I had
|
||||
on eBay, just in case, something did happen, I wouldn't have any problems with it, but I knew
|
||||
that it would be a lot of trouble to set back up again, if I did have trouble with it, so I went
|
||||
ahead and since I found one cheap, bought it just kind of kept it around as a hot spare.
|
||||
So PC engines came up with a new line of hardware called the APUs, specifically the APUs to
|
||||
about one of those, and I think 2015 or 2016, and it was a pretty significant improvement
|
||||
over the Alex line that I had had before from the same company PC engines,
|
||||
was still, didn't have a video, still serial only, but by this point, that wasn't a problem,
|
||||
but it did have gigabits, network adapters, and it had an emsata for the
|
||||
drive, so I felt a lot better about the availability of storage for it,
|
||||
so I had updated, got the new hardware, these boot off USB, so I got the OpenBSD installed,
|
||||
I think I believe it was OpenBSD 5.6, it was the version I installed, and it has three network cards,
|
||||
I didn't mention this before, but Alex also had three network cards, but I would set up like three
|
||||
networks, or one network card was for the internet, and then I had two networks in the house,
|
||||
one for trusted devices, and one for untrusting devices,
|
||||
so OpenBSD is really cool, it's not too hard to use, but it's not like some of the
|
||||
purpose-made router software distributions, there's no web GUI or anything like that,
|
||||
so you have to, it can do everything that the web GUI wants to do, but you have to kind of get in
|
||||
there and rename pages or write config files and stuff like that, so one thing that I was really
|
||||
sort of missing from a router-specific distribution, was the ability to have reserved DHCP
|
||||
assignments, so you could put in, you could tell the router, you know, a MAC address, and say,
|
||||
always give this MAC address, this Hump address, and at the same time you could also
|
||||
provide a name for that device, and then you could also set up the DHCP assignment, and also set up
|
||||
a local DNS server, so I wanted to do something like that with OpenBSD, and all those things are
|
||||
possible, I just got to know how to do it and set up some configs for it, I got tired of kind
|
||||
of doing it manually, I wanted sort of an easier way to do it, so I set up, I didn't
|
||||
HBR episode about this, 3187, so if you want some details you can go back and listen to
|
||||
HBR 3187, but synopsis is, I would make a CSV file, it would contain a MAC address,
|
||||
IP address, and a host name, and then we'll have a playbook that would read the CSV file, and then
|
||||
write the configs, the appropriate config files for OpenBSD, and then restart all the services, so
|
||||
now set up a GUI, I just have the CSV file, I could fill out my IP address, MAC address,
|
||||
host name, and then we'll get the DHCP reservation and the local DNS,
|
||||
so I was using OpenDNS to do content filtering, and I won't go too deep into how OpenDNS works,
|
||||
but you can, it's a DNS server that you can limit specific content, it kind of like Pile does,
|
||||
with hats, but it's an interesting product, you know, that's something you're interested in, but
|
||||
so I had OpenBSD router set up a caching DNS forwarder, so when a client on the network requests
|
||||
a DNS, well has a DNS request, you know, it would return the cache result if it had it, and if not,
|
||||
it would forward it to open DNS servers, DNS resolvers, so I wanted to make sure that,
|
||||
you know, nothing on the internal network was able to pop-ass the DNS server on the router,
|
||||
so I added some PF roles to capture any traffic on port 53 that wasn't going to localhost,
|
||||
redirect it from where it was going to the localhost, and then it would look up the requests from
|
||||
OpenDNS, I would also use the router to limit internet access to certain times for certain devices,
|
||||
so the OpenBSD firewall is called PF, and PF has something called tables that you can store
|
||||
IP addresses in, and you can load IP addresses into the tables at run, you know, at run time,
|
||||
but put them in the config, or you can just create an empty table and then add and remove
|
||||
IP addresses later, so what I did was have a PF role that would block all traffic to anything
|
||||
in this PF table, and then I would have Chrome jobs that would load or unload IP addresses
|
||||
based on time, so, you know, at specific times, I could insert specific IP addresses into the
|
||||
another table, and it would cut off the internet access for those devices, and then later,
|
||||
whenever it was time, I would have another Chrome job that would in-key out the PF table,
|
||||
worked really good, so a couple of years ago I started running into some problems with this
|
||||
installation of OpenBSD, and I bought the APU from PC engines, I bought a 16-gig emsaid card for it,
|
||||
and that was fun for a long time, but OpenBSD changed how they use some of the partitions,
|
||||
and let me say that a different way. OpenBSD introduced some new security measures,
|
||||
specifically like they were rebuilt, the kernel, or re-link the kernel, every time it booted up,
|
||||
so every time you boot up, the kernel is just a little bit different, and that helps mitigate
|
||||
some vulnerabilities that depend on specific things, up the kernel being in specific memory addresses,
|
||||
but a downside of that is that it used a lot of disk space, specifically in the Slash user directory,
|
||||
so whenever I first installed OpenBSD, I always use whenever I install OpenBSD, it has an option
|
||||
to auto partition, and I always use that, I figure they know better than me, but the defaults
|
||||
with OpenBSD are always pretty same, so I stick to them where I can,
|
||||
but because of the kernel re-linking and the extra space that's being used during the process,
|
||||
the minimum requirements for Slash user have grown, and the original partitioning scheme,
|
||||
by this point, it's five years old, is not big enough to support all of the, everything that needs
|
||||
to go in Slash user, Slash user is too small, so one thing I had done over the last couple of years
|
||||
is I had some partitions that were the auto partition or created that I wasn't using, there's a
|
||||
couple of partitions that you need if you want to rebuild OpenBSD, there's a source directory and
|
||||
an object directory that are separate partitions, so I would convert those, like I would take
|
||||
user OBJ and convert it to user local or something like that, or user share, and I did that a
|
||||
couple of times and it saved me from having to re-partition because you know, user was getting full,
|
||||
but whenever the latest release of OpenBSD came out, you know, it said sort of as a minimum you
|
||||
need two gigs Slash user, and my Slash user partition was only one gig, so it didn't create them,
|
||||
it didn't meet the minimums, I probably could have forced it through the update process,
|
||||
but I wasn't going to do that, so I knew that I was going to have to at least re-partition,
|
||||
because I had 16 gigabytes, it would have been plenty, but I needed to rearrange it on the disc,
|
||||
and so to do that, I'm really the best way to do it, safest way to do it, it's just
|
||||
my opinion, you could pay if they say, and I figured if I'm going to do that, as well, go ahead,
|
||||
and buy a bigger disc, and then start working on the real project, so I bought a 120 gig
|
||||
Gemsaid, a cover art from PC engines, and then I had a ship to the house,
|
||||
and then I started rehearsing, or practicing, setting up OpenBSD from scratch,
|
||||
to sort of match what I had now, and I'm like I'm talked about, I've made a lot of unique things
|
||||
that I would do with the router, not even when I did the upgrade, I didn't want to miss any of those
|
||||
unique things, so I started digging around and Slash Etsy, or anyplace else, and looking
|
||||
in cronjoes, and stuff like that, trying to gather all this stuff up, and so I decided to make
|
||||
an Ansible Playbook, it would do, I found all these unique changes that I made to the OpenBSD,
|
||||
gather them all up, put them in a Playbook, in that way, whenever I reinstalled OpenBSD, I would have
|
||||
some, I would have Ansible to do all the reconfigure for me, and then, so to practice it,
|
||||
build OpenBSD virtual machine, the network adapters in the PC engines machine,
|
||||
for Intel, network connectors, and OpenBSD names the network adapters by the driver,
|
||||
and Intel uses the EM driver, so the network devices are EM0, EM1, and EM0, EM1, and EM2.
|
||||
So when I built the virtual machine, you have the, normally I would use the
|
||||
for IO network adapters, but I had the option of using the like an emulated Intel network adapter,
|
||||
so I did that, that way the network device names are the same, because that was one of the things
|
||||
I had to set up, was I had to, you know, EM0 on the router needed to be EM0 on the virtual machine,
|
||||
that way I can practice all the network and things and stuff, same EM1 and EM2.
|
||||
So I gathered all this stuff up, built a virtual machine, practiced,
|
||||
we found something that I missed, go back and look, had a Playbook,
|
||||
over and over again, it took me, I spent a lot of time doing this, not because it was a lot of work,
|
||||
it just, it took me a lot of, it took me a little while to convince myself that I'd actually found
|
||||
everything that I needed to change, and that I found everything that needed to be in the,
|
||||
in the Playbook, so I had this original Playbook that I mentioned in this, where I did HBR,
|
||||
a couple of years ago, I had that, to compare a lot of it, but not everything was in there, so I built
|
||||
this new one, practiced it on the VM for a little while, I mean I'm embarrassed to say it's probably
|
||||
a couple of months, but finally I got to the point where I was comfortable, and then I figured
|
||||
that there was something that I missed that I was close enough that I could fix it.
|
||||
All right, so I finally worked up the courage to start the upgrade process, one thing I wanted to
|
||||
do before I actually replace OS is update the firmware, like the BIOS firmware, I didn't want
|
||||
there to be like, you know, any issue that with a new OS version that was maybe incompatible
|
||||
or acting weird or whatever with the firmware, so I did that one weekend, updated the firmware,
|
||||
open BSD, I had some really good instructions for updating the firmware on the APUs, and
|
||||
it's in the package readmeasers, and the package is called flash rom, that comes with a readme,
|
||||
open BSD readme that details the process, it's really simple, but I did that one weekend,
|
||||
to kind of let it bake in, and then on a Saturday morning before everyone else got up,
|
||||
went in there, made one last backup of all the convict files and stuff just in case,
|
||||
took everything apart, took the router out, disconnected it, powered it down,
|
||||
I just wanted to disk out, put the USB installer, a broken BSD in, booted it up, installed it,
|
||||
went through the regular installation, then ran the playbook on there, and man, when you believe it,
|
||||
it worked, the first time, I was so cautious and careful, that I don't think I missed anything,
|
||||
so I was really pleased with how well the process turned out.
|
||||
I'll see what, I don't know what kind of stone notes I'm going to have,
|
||||
which is sort of rambling for a little bit, I will at least put some links in there to some of
|
||||
the projects that I was talking about, I found some links to IPCOP, the old router-centric
|
||||
distribution that I was using, and I got some links to a few of the PC engines pages,
|
||||
with the, their pages about the hardware that I was using, and then I'll link to the open BSD
|
||||
example for setting up a home router, and then just sort of encourage you to, this is something
|
||||
you're interested in, just jump in and do it, you know, there's not a lot of risks, the only risk
|
||||
really is some of your family yelling at you because of the internet now while you're making
|
||||
the changes, but that's it, I'll see you guys next time.
|
||||
Hosting for HBR has been kindly provided by
|
||||
an honesthost.com, the internet archive, and our syncs.net.
|
||||
On the Sadois status, today's show is released under Creative Commons,
|
||||
Attribution 4.0 International License.
|
||||
Reference in New Issue
Block a user