The torproject just released ‘Tor Messenger‘. It’s an instant messaging application that allows you to communicate via XMPP (jabber) over the Tor network. It is based on Instantbird.
It is important to know that the client will mask from where you are connecting, but it will NOT mask who you are! This is due to the fact that your alias at the jabber server was probably created beforehand. And even if you create the alias with Tor Messenger, your connections to other users make it possible to identify you.
XMPP (aka Jabber) in combination with OTR is a secure way to chat with others. There are some public servers available, but their popularity centralizes the infrastructure and leaves single points of failure. A recent example is Chaos Computer Club’s Jabber server (jabber.ccc.de) which was down for some days between Christmas and New Years 2014/2015, as a consequence of a DOS attack.
I’ve been setting up a Jabber server of my own on my Raspberry Pi. Here is how you can too:
I recently was pointed to a website where one can get really cheap SSL certificates (Danke Oliver).
They sell certificates, signed by GeoTrust, Comodo, RapidSSL, Thawte and Symantec. As CheapSSLSecurity is a major reseller they can offer a really low price. If you take a 3 year certificate you get as low as 5$/year.
There are also efforts on the way to make encryption free and easy to use: Let’s Encrypt is a free and automated open-source certification authority. Their plan is to offer free certificates in summer 2015.
If you can wait for this service, it should be the cheapest option. To learn more about Let’s Encrypt, watch the talk that was given at 31c3 ( magnet link).
And of course there is CAcert. They are a community driven assurer, which I’ve been using for many years. They however did not yet manage to be included in popular web browsers. Using their certificates will likely trigger warnings with normal desktop setups. Their certificates are free and depending on your involvement they grant certificates for up to two years.
Personally I’m using CAcert for most certificates, but whenever a broader audience should be able to connect without warnings these certificates become combersome. This blog is using a Comodo certificate via cheapsslsecurity.
Update 2015-01-03 14:00: added the Let’s Encrypt video from 31c3.
Update 2015-01-16 12:30: A user comment pointed at www.cheapsslshop.com, which seems even cheaper at $3.5/year, with a new years discount code (“CMDXMAS50”). Thanks.
chromium asks for permission to open a magnet link i posted a how to on a similar solution about one and a half years ago. this time we configure xdg-open to do the same.
note: if you are using ubuntu you might want to try the solution of the previous post. the approach discussed here was needed for a gentoo system, which comes with xdg-open part of xdg-utils.
the setup is as follows:
we have a remote server that runs transmission. the desktop system runs gnome.
the use case: we click a magnet link on the desktop system and the torrents starts downloading on the remote transmission server.
first we need to make a default application that we can hand our magnet link to:
we use the script we know from my previous post:
#!/bin/bash
test -z $1 && echo "need magnet link!
$0 <magnet link>" && exit -1
HOST=127.0.0.1 #YourRemoteHostNameOrIP
PORT=9091 #YourPort(default is 9091)
USER=User
PASS=pass
LINK="$1"
# set true if you want every torrent to be paused initially
#PAUSED="true"
PAUSED="false"
SESSID=$(curl --silent --anyauth --user $USER:$PASS "http://$HOST:$PORT/transmission/rpc" | sed 's/.*<code>//g;s/<\/code>.*//g')
curl --silent --anyauth --user $USER:$PASS --header "$SESSID" "http://$HOST:$PORT/transmission/rpc" -d "{\"method\":\"torrent-add\",\"arguments\":{\"paused\":${PAUSED},\"filename\":\"${LINK}\"}}"
put this script where you like, we will refer here to /home/user/Scripts/magnetLinkTransfer.sh, make it executable, and configure it according to your transmission setup on your remote machine. you might also need to install ‘curl’, which is used by this script.
second we need to define this new ‘application’ in /usr/share/applications/:
add the file “magnet.desktop” in the folder /usr/share/applications/ with the following content:
[Desktop Entry]
Name=Magnet
Type=Application
Comment=Open a magnet link remotly with the help of a script
Exec=/home/user/Scripts/magnetLinkTransfer.sh %U
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/magnet;
lastly we need to add our new ‘application’ in “.local/share/applications/mimeapps.list”. add ‘x-scheme-handler/magnet=magnet.desktop’ to the default applications in that file, like this:
[Default Applications]
# there might be more other default applications defined, leave them unchanged.
x-scheme-handler/magnet=magnet.desktop
that should be it! now when you click a link in your browser it should either work, or ask you if it is ok to start “xdg-open magnet:…”, as seen in the picture. you may set the check box to avoid future confirmations.
Der Wiener “Umbenannt Worden” Ring auf google maps heute wurde in wien der Dr. Karl Lueger-Ring in Universitätsring umbenannt. aus diesem anlass wollte ich wissen wie schnell die kartendienste google maps, bing maps und openstreetmap so ein update durchführen.
es stellt sich heraus dass openstreetmap google maps und bing maps bei einem solchen update schlägt.
man findet zwar auf google maps den Dr. Karl Lueger-Ring nicht mehr auf der karte (in der suche schon), aber der neue name ist auch noch nicht eingetragen. stattdessen sieht man “Umbennant Worden” als strassenbezeichnung (siehe bild)! Bing Maps mit der alten bezeichnung Universitätsring auf openstreetmap (mit suche)
bing maps scheint von alledem gar nichts mit zu bekommen. auf deren seite findet man den Dr. Karl Lueger-Ring nach wie vor. sowohl in der karte als auch in der suche. zugegeben es kann durchaus sinnvoll sein den alten namen per suche findbar zu halten, aber derzeit schaut es bei bing maps nicht nach einem schnellen update aus.
openstreetmap bietet hingegen schon die korrekte bezeichnung in der karte und eine funktionierende suche nach dem neuen strassennamen “Universitätsring” an. ebenso findet man weiterhin den Universitätsring unter seinem alten namen.
openstreetmap vs. google vs. bing: 1:0:0
update 6.7.2012: 2 tage später ist der status unverändert. bei google heisst der universitätsring immer noch ‘umbenannt worden’ und bing weiss noch gar nichts von einem neuen namen.
update 8.7.2012: 4 tage später; immer noch keine veränderung bei google oder bing.
update 9.7.2012: 5 tage später; google benennt den ring jetzt korrekt. bing kennt den ‘universitätsring’ immer noch nicht. totales fail!
update 27.8.2012: bing kennt den universitätsring bis jetzt immer noch nicht 🙁
update 15.10.2012: das wird zum running gag! bing kennt den universitätsring immer noch nicht…
update 30.01.2013: mehr als ein halbes jahr nach umbenennung des Dr. Karl Lueger-Ring in Universitätsring hat bing.com diesen immer noch nicht aktualisiert. was für ein armutszeugnis. für so schlecht hab’ ich bing bisher gar nicht gehalten gehabt. schade. hier geht’s zur karte.
update 22.03.2013: endlich hat bing den universitätsring als solchen im system! hier geht’s zur karte. lange genug hat’s ja gedauert. suchen kann man übrigens noch nicht danach, da muss man nach wie vor den Dr. Karl Lueger Ring verwenden…
i’ve been waiting for this since i first used wordle. wordle was great. it has a great design and is easy to use, but the java plugin mess was horrible. it worked unter mac os x but linux support is just not there when you want to export a word cloud as vector graphic.
yesterday our API (the API of qr.cx) returned rubbish for about 12 hours. i apologize for that, this will not happen again. we are working on a reimplementation which should be far more reliable.
however the thing had an upside. we were able to expose twitter bots who published this rubbish without checking. in total we found 336 twitter bots who did so. they included
1
<br /><b>Notice</b>: Undefined variable: [...] in <b>/[...]/qr.cx/htdocs/api/index.php</b>[...]"
in their tweets. a human being would not do that. firstly the API is made for automated use, so why would one use that on a regular basis; secondly the error is apparent to a human user. one would not publish a tweet with the full nonsense. the bots did.
so now we can search twitter for this perfidious string and see which account is a bot. this is good, this could help twitter™ to identify malicious users/bots and protect their normal human users.
but it also helps us, the urlshortener, to safeguard the system. we can identify spam links. we can search the twitter bot’s stream for links it has shortened before. those links are most likely links to spam or fraudulent pages. disabling those would be no harm.
i’m looking forward to implementing these security features. it will definitely require a little more thinking to setup a nice safe system.
magnet link
