The torproject just released ‘Tor Messenger‘. It’s an instant messaging application that allows you to communicate via XMPP (jabber) over the Tor network. It is based on Instantbird.
It is important to know that the client will mask from where you are connecting, but it will NOT mask who you are! This is due to the fact that your alias at the jabber server was probably created beforehand. And even if you create the alias with Tor Messenger, your connections to other users make it possible to identify you.
XMPP (aka Jabber) in combination with OTR is a secure way to chat with others. There are some public servers available, but their popularity centralizes the infrastructure and leaves single points of failure. A recent example is Chaos Computer Club’s Jabber server (jabber.ccc.de) which was down for some days between Christmas and New Years 2014/2015, as a consequence of a DOS attack.
I’ve been setting up a Jabber server of my own on my Raspberry Pi. Here is how you can too:
I recently was pointed to a website where one can get really cheap SSL certificates (Danke Oliver).
They sell certificates, signed by GeoTrust, Comodo, RapidSSL, Thawte and Symantec. As CheapSSLSecurity is a major reseller they can offer a really low price. If you take a 3 year certificate you get as low as 5$/year.
There are also efforts on the way to make encryption free and easy to use: Let’s Encrypt is a free and automated open-source certification authority. Their plan is to offer free certificates in summer 2015.
If you can wait for this service, it should be the cheapest option. To learn more about Let’s Encrypt, watch the talk that was given at 31c3 ( magnet link).
And of course there is CAcert. They are a community driven assurer, which I’ve been using for many years. They however did not yet manage to be included in popular web browsers. Using their certificates will likely trigger warnings with normal desktop setups. Their certificates are free and depending on your involvement they grant certificates for up to two years.
Personally I’m using CAcert for most certificates, but whenever a broader audience should be able to connect without warnings these certificates become combersome. This blog is using a Comodo certificate via cheapsslsecurity.
Update 2015-01-03 14:00: added the Let’s Encrypt video from 31c3.
Update 2015-01-16 12:30: A user comment pointed at www.cheapsslshop.com, which seems even cheaper at $3.5/year, with a new years discount code (“CMDXMAS50”). Thanks.
I’ve been setting up a new server at hetzner.de.
I ran into problems when configuring the network. The server is running Debian (wheezy).
The basic configuration looked like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
#
# LAN interface
auto eth0
iface eth0 inet static
# Main IP address of the server
address 192.168.0.250
# Netmask 255.255.255.255 (/32) independent from the
# real subnet size (e.g. /27)
netmask 255.255.255.255
# explicit host route to the gateway
gateway 192.168.0.1
pointopoint 192.168.0.1
I added DNS servers at the end (use your DNS servers here or pick an open DNS server)
1
dns-nameservers X.X.X.X Y.Y.Y.Y
at the end since I’ve resolvconf installed.
eth0 did not come up correctly.
When trying ‘ifdown eth0; ifup eth0’ I kept getting:
1 2 3
ifdown: interface eth0 not configured
RTNETLINK answers: File exists
Failed to bring up eth0.
This error would show up at boot time or when trying to start eth0 by hand.
The setup would look fine otherwise, IP was correct network seemed to work, but the DNS-servers were not added correctly. Weird!
‘ifdown –force eth0; ifup eth0’ worked. Server went off for a second but came back. with DNS-servers setup correctly. Interesting!
I started to comment out lines from /etc/network/interfaces.
Et voilá!
It turns out: It is deadly to try to configure ‘gateway’ in /etc/network/interfaces!
Finally I used this:
1 2 3
## /etc/network/interfaces working Hetzner root server
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.250
netmask 255.255.255.255
# next line optional
network 192.168.0.0
## never EVER use the next line! you have been warned!
## gateway 192.168.0.1
pointopoint 192.168.0.1
dns-nameservers X.X.X.X Y.Y.Y.Y
I hope this post will save others some time to fix this issue with their setup.
More than a year ago I came across a designer lego lamp. I really liked the idea but the price tag was a little hefty. Back then the lamp cost $800 and now it is at $995. But to be honest there is no designer product like this lego lamp that really says “do it yourself” like that!
So I built one myself. I designed the basic form with Lego Digital Designer. The plan can be found here[1]. The base of the lamp uses about 800 pieces. The final build varies from the my first plan, especially in the base where I first planned to hide the foot of the old Ikea lamp. I finally just used the lamps main rod and electrical wire. The arrangement of the bricks varies to give the lamp more structural integrity and was improvised.
The parts were ordered from three different shops on BrickLink. They offered the green I wanted for the lamp at a fraction of the price of the original Lego™ store. The total price for all parts was about 60€. The lamp I had laying around was ‘free’ and the new lamp shade was about 30€. Total of about 100€ – well below the price point of the original.
[1] 2014-11-22, 18:30:
I was asked by the designer Sean Kenney, to remove the LDD plans for the lamp. He argued that the plans would hinder his ability to sell these lamps online.
Although I do not agree with Sean’s argument, that his sales might be influenced by a simple Lego™ scetch for a similar lamp, I’ve respect for the work that went into the lamps Sean designed and did take the plans down for now.
If you’re using transmission’s web interface to manage your torrent downloads, and you are doing this remotely (from outside your LAN), you might want to add some privacy.
As previously posted there are ways to use magnet links with transmission’s web interface. This webinterface works well when you are on your local network aka LAN and don’t have to fear prying eyes.
The moment you’re using the transdroid android app or your laptop in a coffee shop the commands and responses of your transmission daemon at home can be read by anyone.
Luckily the transdroid android app offers an SSL option. All you have to do is configure a proxy on your transmission daemon machine.
Here is how:
Install nginx (a lightweight http/https server):
One of the challenges with bitcoin is to store them securely. There have been severalwellknownincidentswhere Bitcoins have been stolen. It is no mystery. Bitcoin IS money! It’s the same with Euros or Dollars, when you have it lying around it will eventually be missing.
There is a twist with bitcoin to regular money. With Bitcoin one single piece ofinformationis enough for the thief to steal your Bitcoins: Your private key. With Bitcoin it’s about keeping this piece of information secret.