A couple of days ago, Elite: Dangerous was finally released.  I’m an original Kickstarter backer and Premium Beta player of ED, and have been playing it off an on during its entire development period.

I don’t have a specific use case for this, but I thought I’d experiment and see just how this can be done.  I’ve recently changed over to encryption on my smartphone, because it came to my attention that it’s possible to use the Android debugger to get access to an Android device’s flash even if you don’t have the unlock pin.  This of course requires physical access to the phone.

Just got my RSI Mouse Mat delivered.  Very quick delivery, only ordered it a few days ago!  Razer Goliathus mouse mat for scale.

Using OpenVPN with OpenWRT is a common solution for pushing routes out various egress points from your network.  However, maintaining a list of routes in your OpenVPN config is a nuisance, plus if the mapping from DNS name to IP address changes, they spontaneously break.  Additionally, you ideally want to use the DNS resolution of a name from the remote end of your VPN tunnel, not from the local end.

So, after an argument with someone about how RFC6238 authenticators work (ie, the authenticator does not need to know any detail or be able to communicate with the service being authenticated to), I decided to cobble together a highly minimalist (and functional) Authenticator which spits out tokencodes that are compatible with Google Authenticator, in Python.

Now, if you’re using an OpenVPN selective routing tunnel like I’ve been discussing to push specific subnets through a tunnel, then you probably also have good reason to want to force specific DNS domains to resolve through a DNS server that is also on the the other end of that tunnel (eg, an internal network).