diff options
Diffstat (limited to 'content/entry')
| -rw-r--r-- | content/entry/dead-mans-switch.md | 14 | ||||
| -rw-r--r-- | content/entry/debugging-neomutt.md | 2 | ||||
| -rw-r--r-- | content/entry/future-proof-digital-timestamping.md | 2 | ||||
| -rw-r--r-- | content/entry/on-compassion.md | 4 |
4 files changed, 11 insertions, 11 deletions
diff --git a/content/entry/dead-mans-switch.md b/content/entry/dead-mans-switch.md index 2b57b9f..2b7887e 100644 --- a/content/entry/dead-mans-switch.md +++ b/content/entry/dead-mans-switch.md @@ -63,7 +63,7 @@ Once your encrypted archive is prepared you'll need to distribute it to others. ## VPS Setup Now comes the part of the setup where you need a server machine to actually trigger the DMS. If you're using a DMS there's no reason not to make it as secure as possible because securing it from a state-level adversary is only a few steps extra versus securing it from a mobster. I won't cover how to secure your personal computer but if you're using a DMS you should at a minimum have [full-disk encryption](https://en.wikipedia.org/wiki/Full_disk_encryption) enabled with a strong password. -To get started use an anonymous VPS since you shouldn't have physical access to the server. If you have physical access an adversary could also gain physical access and permanently disarm the switch. So the first thing you need to do is acquire [Monero](https://www.monero.how/). Then use Tor Browser to [purchase a foreign VPS with the Monero](https://www.getmonero.org/community/merchants/#hosting), but don't give the VPS provider your true credentials. You can ssh into your VPS with the command torify ssh <user>@<server>. Then you should [harden your ssh configuration](https://blog.stribik.technology/2015/01/04/secure-secure-shell.html) and put sshd behind a [Tor v3 Hidden Service](https://scribe.rip/@NullByteWht/how-to-set-up-an-ssh-server-with-tor-to-hide-it-from-shodan-hackers-eda93927a742) so a [MITM](https://en.wikipedia.org/wiki/Man-in-the-middle) can't locate it. Once all that's done you're finally ready to set up the actual DMS. +To get started use an anonymous VPS since you shouldn't have physical access to the server. If you have physical access an adversary could also gain physical access and permanently disarm the switch. So the first thing you need to do is acquire [Monero](https://www.monero.how/). Then use Tor Browser to [purchase a foreign VPS with the Monero](https://www.getmonero.org/community/merchants/#hosting), but don't give the VPS provider your true credentials. You can ssh into your VPS with the command torify ssh [user]@[server]. Then you should [harden your ssh configuration](https://blog.stribik.technology/2015/01/04/secure-secure-shell.html) and put sshd behind a [Tor v3 Hidden Service](https://scribe.rip/@NullByteWht/how-to-set-up-an-ssh-server-with-tor-to-hide-it-from-shodan-hackers-eda93927a742) so a [MITM](https://en.wikipedia.org/wiki/Man-in-the-middle) can't locate it. Once all that's done you're finally ready to set up the actual DMS. ## Cron There is free software that automatically configures a DMS, but it's equally as easy to set one up yourself. Simply write a script that checks for the existence of a file and schedule it to run at regular intervals using [Cron](https://en.wikipedia.org/wiki/Cron). If the file exists, delete it. If the file does not exist, your script should execute a separate script that publishes the passphrase or private key needed to decrypt the data. It's up to you where you publish the decryption key. Just be sure to test it first with a fake key. @@ -71,10 +71,10 @@ There is free software that automatically configures a DMS, but it's equally as Here's what such a script might look like: ```bash {linenos=table} -# File: /home/<user>/trigger.sh +# File: /home/[user]/trigger.sh -FILE_DISARMED=/home/<user>/disarmed -LEAK_SCRIPT=/home/<user>/leak.sh +FILE_DISARMED=/home/[user]/disarmed +LEAK_SCRIPT=/home/[user]/leak.sh if test -f "$FILE_DISARMED"; then rm "$FILE_DISARMED" @@ -88,7 +88,7 @@ The script for disarming the switch might look like: ```bash {linenos=table} # File: /usr/local/bin/disarm.sh -FILE_DISARMED=/home/<user>/disarmed +FILE_DISARMED=/home/[user]/disarmed GREEN='\033[0;32m' CYAN='\033[0;36m' NC='\033[0m' @@ -104,13 +104,13 @@ fi Those two scripts are the most important. Don't forget to set their permissions as executable. Next you need to decide how often you want the switch to be triggered. You can set it to be as frequent as you wish but remember if the switch isn't deactivated each time before trigger.sh runs it will publish the private key. The last thing you want is to accidentally trigger the switch. Phoenixnap.com has a great [knowledge base article on using Cron](https://phoenixnap.com/kb/set-up-cron-job-linux). Here's an example that triggers the switch monthly at 00:00 hrs: ```plaintext -@monthly /home/<user>/trigger.sh +@monthly /home/[user]/trigger.sh ``` And finally the client command to disarm the switch is: ```bash -torify ssh <user>@<address.onion> disarm.sh +torify ssh [user]@[address.onion] disarm.sh ``` ## Reminder diff --git a/content/entry/debugging-neomutt.md b/content/entry/debugging-neomutt.md index ff40926..714aced 100644 --- a/content/entry/debugging-neomutt.md +++ b/content/entry/debugging-neomutt.md @@ -14,7 +14,7 @@ I wasn't sure how to further proceed in debugging, so I joined the Neomutt chann I wasn't about to send him my private key. Someone else suggested I could decrypt the email with my private key, then reencrypt it with a new private key I wouldn't mind divulging. Luckily I knew of a better way. GPG has the "--show-session-key" option. It's used to allow others to decrypt specific messages intended for you without giving them your private key. -The Neomutt developers edited their GPG options inside the Neomutt configuration so it would successfully decrypt the original email. They used "--override-session-key <string>". Their clients did not crash when opening the email. At that point, I knew the cause was my GPG configuration. Still, an esoteric configuration should not cause Neomutt to core dump. Core dumps should never happen. So I was determined to find the root cause of the bug. +The Neomutt developers edited their GPG options inside the Neomutt configuration so it would successfully decrypt the original email. They used "--override-session-key [string]". Their clients did not crash when opening the email. At that point, I knew the cause was my GPG configuration. Still, an esoteric configuration should not cause Neomutt to core dump. Core dumps should never happen. So I was determined to find the root cause of the bug. Since Flatcap couldn't reproduce the crash, the only option left was to debug it myself. Flatcap helped me to compile Neomutt from source so I'd have the debugging symbols. Then he explained how to attach GDB to the Neomutt process. I proceeded to purposely crash Neomutt. diff --git a/content/entry/future-proof-digital-timestamping.md b/content/entry/future-proof-digital-timestamping.md index 653c1f6..fa83e55 100644 --- a/content/entry/future-proof-digital-timestamping.md +++ b/content/entry/future-proof-digital-timestamping.md @@ -27,7 +27,7 @@ Also, OpenTimestamps has an extremely efficient design compared to other Bitcoin So anyway, I created a timestamped Git commit and tagged it [timestamp-1](https://archive.softwareheritage.org/swh:1:rel:e4726ec79a43e28c616e4d5f3db0efe2237b23f9;origin=https://git.nicholasjohnson.ch/nicksphere-gmi;visit=swh:1:snp:fb9bef300f9b939382f5656232d95377c8630a10). I wrote the concatenated commit data of the timestamped commit to [a file](/timestamp-1.txt) in case you're interested to see what it looks like. The software works in a very elegant fashion. It even maintains compatibility with non-OpenTimestamps Git clients, so GnuPG can still verify the commit signature. -The base64-encoded timestamp appended to the commit data includes all the necessary hashes to build the Merkle path from the tagged commit to the merkle root included in the Bitcoin transaction. Using './ots --git-extract <filename>' on any file in the nicksphere-gmi repo present at the timestamped commit, you can extract an ots proof file which you can then verify with './ots --verify <filename>'. +The base64-encoded timestamp appended to the commit data includes all the necessary hashes to build the Merkle path from the tagged commit to the merkle root included in the Bitcoin transaction. Using './ots --git-extract [filename]' on any file in the nicksphere-gmi repo present at the timestamped commit, you can extract an ots proof file which you can then verify with './ots --verify [filename]'. Thus future readers of my journal and historians will be able to verify that each entry was written by a human with no major external dependency other than the widely witnessed Bitcoin ledger. There are caveats to that, but luckily I thought up ways around all of them. diff --git a/content/entry/on-compassion.md b/content/entry/on-compassion.md index a334eb1..a418ab7 100644 --- a/content/entry/on-compassion.md +++ b/content/entry/on-compassion.md @@ -33,11 +33,11 @@ Okay, everyone knows prisons are hateful places. But the very worst kind of hate I've seen young people, as their immediate first instinct, pull out their smartphones and record someone else who is being homophobic or racist or transphobic and later publish it to social media in an attempt to weaponize the social media cancel mob against them. Perhaps to make them lose their job, be ostracized from their community, or have total strangers think poorly of them. ## Is Cancel Culture Helpful? -These smartphone-wielding social justice warriors who treat the social media hate mob as their own personal weapon fail to realize that they themselves are guilty of the very thing they're attempting to expose. Is purposely mobilizing an online hate mob against someone any less hateful than being a racist? You're not going to make <insert ism here> go away by shaming people. You're just making people uncomfortable to express it which pushes it into the shadows. It doesn't actually disappear. +These smartphone-wielding social justice warriors who treat the social media hate mob as their own personal weapon fail to realize that they themselves are guilty of the very thing they're attempting to expose. Is purposely mobilizing an online hate mob against someone any less hateful than being a racist? You're not going to make [insert ism here] go away by shaming people. You're just making people uncomfortable to express it which pushes it into the shadows. It doesn't actually disappear. Let's do a thought experiment and I've seen this happen before: An older lady shamed a young girl for her promiscuity. The young girl pulled out her smartphone to record the older lady and posted the incident on social media. In the comments, the social justice mob went after this lady: "What a horrible person. Nobody likes her. She's just jealous of the young girl's looks." and on and on. Now let's suppose the lady even saw the comments being made about her. Do you think she was encouraged to be more compassionate and understanding by random internet strangers telling her off? -Is stoking an internet hate mob really the best way to go about promoting self-reflection? Is that really what compassion looks like? Is that what justice looks like? I don't think so. There are better ways to get people to self-reflect. People that do this clearly have bad motives. If it's someone in a position of power being exposed like a politician or leader of some community, then obviously to some degree they're signing up to public scrutiny. But when it's done to <insert ist here> Joe Blow, what good is coming out of that? +Is stoking an internet hate mob really the best way to go about promoting self-reflection? Is that really what compassion looks like? Is that what justice looks like? I don't think so. There are better ways to get people to self-reflect. People that do this clearly have bad motives. If it's someone in a position of power being exposed like a politician or leader of some community, then obviously to some degree they're signing up to public scrutiny. But when it's done to [insert ist here] Joe Blow, what good is coming out of that? ## Lack of a Mechanism For Forgiveness And don't forget there's practically no way to atone for your wrongdoing after you've been canceled. If your public racism gets recorded on video and uploaded and you get canceled, and then after some self-reflection you see the error of your ways, it's too late. You've already been condemned. Everyone who saw the video already thinks you're a racist jerk. Even if you make a formal apology, is everybody going to see that? And even if they do, will they believe that it's genuine or will they think you're just apologizing to get uncanceled? There is no mechanism for forgiveness because the internet never forgets and your mistake stands independent from any atonement or personal growth you've made since. |