How to make Apple TV work across network boundaries using iptables and mdns-repeater.

Apple TV HD

The Apple TV exists in somewhat of a gray area in a home network. It is both a media player which you might screencast to and a hub for HomeKit IoT devices. If you happen to segment those two networks for security reasons, where do you put the Apple TV? It has to be able to directly reach all the IoT devices but user devices should still be able to stream to it.

Typically these two networks are distinct subnets like and Let’s say

Wireguard is insanely great. Modern crypto, lightweight, in-kernel, UDP for everything and seamless roaming if your IP changes. What’s not to love?

But if you are just starting out with it and have a strong TCP/IP and Linux background, you might appreciate a concise explanation. This attempts to be that.


All it Does

Wireguard creates a virtual network interface, the first of which is called wg0, which encrypts and decrypts traffic. The kernel retains a list of peers and associated public keys. If the kernel get a packet destined to one of the peers, it gets encrypted and sent via UDP to the…

Let’s just start this off by saying ziplines are dangerous and I’m far from an expert. Don’t attempt this on your own. However, if you choose to ignore this warning, don’t blame me if you hurt yourself or others. This is dangerous — you have been warned.

When I was little, my father built a zipline for my siblings and me. It was an adventure from the familiar confines of our side yard into the darkest tree tops of the untamed woods next door. We had the quintessential “sloping away” landscape that left the rider high up one of the…

Since the 90’s I’ve had a filesystem which I call “Vault”. It contains all the bits I really don’t want to loose. It includes documents, code, (including my first efforts from the 80's) audio and video recordings and most importantly my photo archive. (both digitally originated and scans of film based photos from pre-digital camera era) I keep a copy of the Vault on a live filesystem that is network accessible, usually on a software RAID. This is handy to both be able to access the bits and as a place to easily drop new data that should eventually reach…

Some media players handle subtitles well and others… not so much. Rather than leaving it to chance, I like to render the subtitles right into the video. ffmpeg is an excellent tool for this.

Grab ffmpeg if you don’t already have it. In OS X you can use brew.

brew install ffmpeg

Or use a package manager in Linux:

apt install ffmpeg

Either way, you want to make sure you have the libass (Advanced Sub Station) renderer in there. Most package manager versions have this but if you are compiling from source you want to --enable-libass.

A popular format for…

I spent some time overhauling my home network. There was no way I was going to settle for the default WiFi access point you get from an internet service provider. (Verizon in my case) My house is big enough to need more than one access point anyway and I run some local servers so I needed a bit more flexibility. Additionally, I’ve started to deploy some IoT devices, mostly related to home automation, so I wanted some isolation from my user network should a device spiral out of control. (flooding the network / general security issues) All of these things…

If you build Node.js HTTPS servers as much as we do, you’ll know how easy it is to get things going. But we were surprised to find that we could quickly add client x.509 certificate checking in just a few lines of code.

Typically HTTPS servers do a basic TLS handshake and accept any client connection as long as a compatible cipher suite can be found. However the server can be configured to challenge the client with a CertificateRequest during the TLS handshake. This forces the client to present a valid certificate before the negotiation can continue. …

Anders Brownworth

Applied CBDC Research @ the Federal Reserve — fmr USDC @, MIT / Podcaster / Runner / Helicopter Pilot

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store