|
||||
Featured Articles           Whonix 14 just came out last month. I went to update, but I couldn't figure out what version I was currently running. The documentation said to run this command, but the output didn't make sense when I ran it on my whonix-gw TemplateVM. Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael This post will describe how to detect if your network is blocking outgoing ports. In this test, we'll be using nmap and the fine website portquiz.net Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael In this article, I'll describe a procedure for preparing a brand-new USB flash drive for use. First we'll securely erase all the data on the drive, then we'll encrypt the entire drive, and--finally--we'll check the drive for bad blocks. Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* to shred a specific sector? Like it or not, those days are gone in the land of USB flash volumes. There's a lot of great reads on the complications of securely erasing data on a USB thumb drive. Unfortunately, a lot of the techniques are not universal to all technologies or manufacturers. Consequently, my approach is more ignorant, straight-forward, and broad (at the risk of causing these cheap usb drives to fail sooner & the process taking longer): First, I make sure never to write any unencrytped data to the disk Second, when I want to wipe the disk, I fill it entirely with random data Below are the commands that I use to prepare a new usb drive for my use immediately after purchase. These commands are presented as a rough guide; they're mostly idempotent, but you probably want to copy & paste them Today I discovered how to validate the Public Key Algorithm that's used for a given gpg key. Unfortunately, it's extremely unintuitive & took quite a bit of digging to figure out how. So I'm leaving this here in hopes it helps someone in their future searches. Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael 
This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN--and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet. * Assuming your config doesn't leak DNS; see improvements section Update 2017-08-25: Added "kill switch" firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN's vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the 'home' wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP--giving a false sense of privacy). Update 2021-02-01: Fixed GitHub URL of cryptostorm's free OpenVPN configuration file Update 2021-02-14: Fixed GitHub URL of cryptostorm's paid OpenVPN configuration file Update: I wrote this guide in 2017. It's intended for an audience that has This post will describe how to route outgoing traffic in a python script running on TAILS first through Tor, then through a SOCKS proxy created with an ssh tunnel. This is helpful when you want to use the anonymizing capabilities of tor, but you need to access a website that explicitly blocks tor exit nodes (common with sites running CloudFlare on default settings). Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael This post attempts to answer the following question: If an evesdropper intercepts a message encrypted with gpg, how much information will they be able to extract from the message without a decryption key? I will show the unencrypted metadata added to a GPG-encypted message, and I will present commands that can be used to extract this unencrypted metadata. Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael I'm going on another cross-country cycling trip this summer, and I'm in the market for a good, solid MP3 player. Disclaimer: I'm a software guy who likes my devices to be good quality and long lasting. I'm by no means an audiophile, hardware tech, or professional MP3 player reviewer. All of my research was done using Google, and the only MP3 player I've owned is the Sansa e260 v2. Requirements Note: These are my personal requirements. They effectively eliminated a *lot* of products in the MP3 market. 1. Rockbox Support First and foremost, I need rockbox support. Rockbox is a must-have FOSS firmware for MP3 players with a fantastic feature list. You can buy an MP3 player with terrific hardware design, but your experience can be absolutely ruined by poorly designed firmware. My old Sansa e260 was this way, but once I installed rockbox, it was like the device was freed from a software prison. And, of course--another benefit of it being open source--you can completely customize the look+feel of your MP3 player with other user's custom rockbox themes. Here is a list of MP3 players (targets) and their support status for the Rockbox firmware. 2. Rugged Components that In a given week, I touch maybe a half dozen different Operating Systems/Distributions. Some are similar to others (centos, rhel), some--not so much (solaris). The common commands are easy enough to remember ( @ls@ vs @dir@ ), but I always forget how to search through each OS's package manager for a software package. For my reference (and perhaps yours?) here's a list for each of the OSs' package managers I use frequently: yum - RHEL/CentOS yum list apt - Debian/Ubuntu apt-cache search pacman - Arch pacman --sync --search pacman -Ss portage - Gentoo emerge --search # pkg names only emerge --searchdesc # pkg names & descriptions emerge -S # alias of --searchdesc See Also: "Install 'build-essential' on RHEL/CentOS and OpenSolaris":/wp/?p=231 Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael tech.michaelaltfield.net/ I really should be studying for my stat exam tomorrow, but I was logging into my.ucf to download my lecture notes, and while Blackboard Learning System (the really shitty replacement for WebCT) was stuck in an infinite loading loop (most probably caused by incompetent javascript) I decided to finally get Google Chromium (which apparently has an excellent javascript engine) working on my Sabayon Linux desktop. Michael Altfield Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡ About Michael |
|
|||
|
Copyright © 2024 Michael Altfield's Tech Blog - All Rights Reserved Powered by WordPress & Atahualpa |
||||
