This article will describe how to point a .onion domain at your existing wordpress sites (on wordpress multisite) so that your website will be accessible both on the clearnet and directly on the darknet via a .onion domain.
Intro
There are numerous security benefits for why millions of people use tor every day. Besides the obvious privacy benefits for journalists, activists, cancer patients, etc -- Tor has a fundamentally different approach to encryption (read: it's more secure).
Instead of using the untrustworthy X.509 PKI model, all connections to a v3 .onion address is made to a single pinned certificate that is directly correlated to the domain itself (the domain is just a hash of the public key + some metadata).
Moreover, some of the most secure operating systems send all the user's Internet traffic through the Tor network -- for the ultimate data security & privacy of its users.
In short, your users are much safer communicating to your site using a .onion domain than its clearnet domain.
For all these reasons, I wanted to make all my wordpress sites directly available to tor users. Unfortunately, I found that it's not especially easy to point a .onion domain at . . . → Read More: WordPress Multisite on the Darknet (Mercator .onion alias)
This post will describe how to host a sphinx-powered site (using the Read the Docs theme) on your own GitHub Pages site, built with GitHub's free CI/CD tools.
ⓘ Note: If you don't care about how this works and you just want to make a functional repo, you can just fork my 'rtd-github-pages' GitHub repo.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
I woke up on April 2nd to discover that over 1 million people on earth had tested positive for coronavirus. "I couldn't find a website that was extrapolating the COVID-19 dataset, so I decided to build one"
It took over 4 months for COVID-19 to hit 1 million world-wide, and the graph was showing a horrifying exponential growth of cases. When I saw this, a question popped-into my head: when will it hit 2 million? (spoiler: it took only 13 days to go from 1 million to 2 million)
When will it infect 4 million? 8 million? 100 million? 1 billion? 50% of the population on Earth?
I searched-and-searched, but I couldn't find a website that was extrapolating the COVID-19 dataset daily to predict the future spread of the virus, so I decided to build one myself.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
This post will outline recommended steps to harden phpList after install to make it reasonably secure.
phpList is the most popular open-source software for managing mailing lists. Like wordpress, they have a phplist.com for paid hosting services and phplist.org for free self-hosting.
Earlier this week, it was announced that phpList had a critical security vulnerability permitting an attacker to bypass authentication and login as an administrator using an incorrect & carefully-crafted password in some cases. This bug is a result of the fact that [a] PHP is a loosely typed language and [b] the phpList team was using the '==' operator to test for equality of the user's hashed password against the DB. This security pitfall has been known in PHP since at least 2010 (a decade ago!), but I'm sure the same mistake will be made again..
Indeed, security is porous. There's no such thing as 100% vulnerability-free code, and phpList is no exception. But if we're careful in adding layers of security to our infrastructure, then we might be able to protect ourselves from certain 0-days.
That said, here's my recommended steps to making your phpList install reasonably secure.
This article is a part 3/3 of a series describing how to setup an Ephemeral Firefox session as a Site-Specific Browser. The ultimate goal is to be able to have a self-destructing browsing session that can only access a single company's services, such as Google or Facebook.
Part 1/3: Ephemeral Firefox in Ubuntu Part 2/3: Ephemeral Firefox with Extensions Part 3/3: Ephemeral Firefox as a Site-Specific Browser
After setting up the Site-Specific Ephemeral Firefox Browser, you can then blacklist services designated to your Site-Specific browser(s) (such as Google or Facebook) from your main browser. This significantly improves your ability to browse the internet without your activity being tracked by these companies -- leaving your sensitive data vulnerable to being stolen by hackers.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN--and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.
* Assuming your config doesn't leak DNS; see improvements section
Update 2017-08-25: Added "kill switch" firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN's vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the 'home' wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP--giving a false sense of privacy).
I've been using Synapse for a few months now. This software is invaluable to my experience on my PC because: # I can *quickly* do what I want to do without fighting with a big, hierarchaial menu # It doesn't require any huge dependencies (I use XFCE, so I don't want something that requires Gnome or KDE libraries)
Unfortunately, the documentation is non-existant. So when I wanted to be able to configure Synapse to execute a custom command when I typed a custom keyword, it took me a while to figure it out.
This post explains how to define custom commands in Synapse to execute custom commands in your terminal. For example, I'll show how to make "Google Drive" open a firefox window to https://drive.google.com
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
In a given week, I touch maybe a half dozen different Operating Systems/Distributions. Some are similar to others (centos, rhel), some--not so much (solaris). The common commands are easy enough to remember ( @ls@ vs @dir@ ), but I always forget how to search through each OS's package manager for a software package. For my reference (and perhaps yours?) here's a list for each of the OSs' package managers I use frequently:
yum - RHEL/CentOS
yum list
apt - Debian/Ubuntu
apt-cache search
pacman - Arch
pacman --sync --search pacman -Ss
portage - Gentoo
emerge --search # pkg names only emerge --searchdesc # pkg names & descriptions emerge -S # alias of --searchdesc
See Also: "Install 'build-essential' on RHEL/CentOS and OpenSolaris":/wp/?p=231
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
