repats blog Thoughts of a digital native

4Jul/110

Carnivorous Plants – Natures’ Flyswatter

At summertime my kitchen is full of flies and little mosquitos, even though I live in a rainy part of Germany, which is not even that warm. Last time I went to the hardware store, I found the Venus Flytrap and thought I might give it a try. And it worked! The plant grew quite a bit. I gave it some time to see if it survives because usually not even a cactus will grow in my room :/ Probably because I see it everyday while eating I remembered to water it regularly. Best thing is: you can't water it too much, it's a Helophyte ("swamp plant"), so it's used to a lot of water;) One thing to be careful about: you can only use distilled water(1€/5 liter) or rain water. If you've got a pond in your garden that should be alright too. After a while I bought a little plastic terrarium and added a Sarracenia Purpurea and a Pinguicula caudata. It's 5€ each and about 7€ for the little terrarium.

This is the perfect self-sustaining flyswatter brought to you by Nature™.
carnivorous plants
(click to enlarge)

carnivorous plants

flattr this!

Tags: , , , , , , , , , , , , keine Kommentare
13Apr/112

Making Skype secure via VPN or SSH Tunnel

Since you just can not convince people not to use Skype because it. really. is. insecure, at least for professionals and businessmen. I decided to make Skype more secure by adding extra encryption, which is, as I found out, pretty simple. Just for written conversations you might want to try cryptochat, an extension just for skype(128-bit RSA), but no guarantees, I just googled it myself. Also consider using another service besides Skype(de) for as many connections as possible.

VPN (Virtual Private Network) (easiest)

A VPN creates a tunnel to a service provider you trust, preferably in Sweden, Iceland or other countries that are legally allowed not to store traffic data(unlike the US). This means every bit of traffic is as good secured as the encryption to the end of the tunnel is. Between you and your computer, there is nothing(not your ISP or eavesdropper) that could intercept the data. On the other hand, you have to trust the VPN Provider.

For a few bucks a month(~5€) you can rent a VPN Service from several providers, see list below. Be sure not to use PPTP, because this is fairly insecure as well, a good choice might be OpenVPN or IPSec/L2TP. Most of the providers also have an idiot-proof introduction and how-to on their homepage.

SSH(Secure Shell)(advanced)

With both putty under Windows and OpenSSH under Linux it is possible to create a tunnel and use it on your computer like a socks5 proxy server. For creating a really secure SSH connection, don't use passwords but public-key infrastructure. Without any programming you can set up the encryption up to 4096bit which is quite strong. Some of the latest OpenSSH Versions even support ECC. Use this tutorial to create a tunnel with windows, for Linux use this command:

ssh -D 1337 user@host

Where 1337 is the port, user is the linux username and host is the hostname of your provider. Then configure your Skype with the following settings(not for VPN!):

Important

All the tweaks shown here don't make skype secure(!), just a little more secure as it was before, adding extra encryption because of the RC4 Implementation. It doesn't prevent Skype or Intelligence Services from intercepting what your skyping. If you're computer is unsecure e.g. through keyloggers, trojan horses etc, VPN and SSH is just useless.

Providers

  • https://www.shellfire.de/
  • https://www.vpntunnel.se/de (only e-mail adress, nickname and a payment method(see below))
  • http://strongvpn.com/
  • https://www.relakks.com/
  • http://unblockvpn.com
  • http://www.google.com/search?hl=en&q=rent%20vpn

Payment

//edit: make sure you check out jitsi !

flattr this!

Tags: , , , , , , , , , , , , , , , , , , , , , , , , 2 Kommentare
12Apr/110

Establish secure instant messaging connections via jabber and OTR

//update: even easier: My installer for both messenger and encryption

So first of all, this site doesn't offer SSL, so if you're somewhat paranoid, consider using encrypted anonymous networks like TOR or i2p. Otherwise everybody could potentially listen what you're up to and the kind of software you're going to use.

Instant Messaging is what most of you might know as ICQ, AIM, YIM, Windows Live Messenger(or "MSN"), Skype, Google Talk, etc.

What I'm going to show you is how to install the instant-messenger Pidgin, the encryption extension OTR and create a jabber-account with a provider of your choice. But don't worry, this is not getting very technical, in fact, it probably takes you less than 5 minutes(!). At the end of the article you'll find some more explanations and backgrounds, if you're interessted.

Step by step

1. Download Pidgin at http://www.pidgin.im/download (Link for Windows)

2. Download the OTR Pidgin plugin at http://www.cypherpunks.ca/otr/ (Link for Windows)

3. Install Pidgin, just doubleclick on the icon and press next every time you're asked something. Then install the OTR plugin, same procedure.

4. Create a jabber account, for the beginning https://register.jabber.org/ will do (ignore the SSL warning, if you get one). Just choose a nickname, that might be your real name, a nickname or some letter-number-chaos, just remember it and the password too.

5. Open Pidgin, you're gonna be asked to create an profile/account. Choose XMPP as protocol. Username is the part in front of @jabber.org at your new jabber-address, so the nickname you chose before. Domain is jabber.org. Leave recource free and enter your password. Click Save.

7. Your buddy-list opens, as you might know it from ICQ or Skype. You can now add buddys via the main menu.

8. Enable OTR by clicking Tools/Plugins in the main menu, then scroll down, until you find Off-the-Records Messaging, make sure it's checked.

9. As soon as you chat with someome who also has OTR installed, Pidgin creates a pair of keys(only for the first time). As from now on the connection is encrypted. Just make sure, the person you're talking to, is really the person you think it is.

10. That's what the verifying function is about. On the right side of a chat window, there is a button with encrypted but not authorized butto, click on it and authorize your chat buddy via passphrase, question and answer or by compairing digital fingerprints over a secure connection, e.g. mobile phone or by standing next to each other.

 

Extra Information

Pidgin is a multi platform chat client. This means you can use whatever chat provider you want to, such as ICQ, Windows Live(MSN) or Skype and use just one programm for all of them. Also, OTR works with all of them, but to be completly independent on commercial providers, I chose jabber.

Now, jabber works a bit like e-mail (decentralized, that is). You have to choose a provider, just like you would choose hotmail.com, googlemail.com, yahoo.com etc for e-mail. There a quite a few providers, for example the Chaos Computer Club in Germany or even German Universities. Since jabber is free software you might even want set up your very own jabber server in your basement like me.

OTR has a pretty good encryption(AES, which is considered good enough for classified data by the US Intelligence Service National Security Agency(NSA), for more information, visit http://en.wikipedia.org/wiki/Advanced_Encryption_Standard). The big advantage is the encryption from end to end, so unless the attacker is in control over your computer, no ones gonna see what you're writing. Plus, it's plausible deniable, which means no one, not even your chat buddy, has any digital evidence you have ever said a word, see Plausible Deniability at wikipedia

Jabber, or rather the protocol XMPP is used by various big companies such as Google(google talk) or facebook(facebook chat). You just hardly ever get to know what's behind a system.

flattr this!

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , keine Kommentare
15Jan/111

IPv6 Privacy extensions Ubuntu 10.04

If not already happened, add the following to /etc/udev/rules.d/70-persistent-net.rules:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*",
RUN+="sysctl net.ipv6.conf.%k.use_tempaddr=2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*",
RUN+="sysctl net.ipv6.conf.%k.use_tempaddr=2"

Usually this happens when installing miredo or similar IPv6 tunneling software, but you might want to double-check it. Also, check if the eth* and wlan* fit your ethernet/wifi devices.

btw, unfortunately Android and I-Phone Devices don't have this, which causes quite a bit privacy concerns, see heise.de on IPv6 on Smartphones for more information (German)

flattr this!

Tags: , , , , 1 Kommentar
29Dez/103

27c3 signs

strange, funny, weird sings signs..mail to repat[at]repat[dot]de

flattr this!

Tags: 3 Kommentare
26Dez/100

Speicherkarte gefunden – Besitzer gesucht – Sydney NYE 2008

German Version below.

As I was doing some backups I found some pictures of a girl I have never met on my SD Card. Well, actually, it probably isn't mine;) Inspired by this blog post by steffen (and since it worked for him) I decided to try finding this girl over the internet.

So, dear Internet, do you know this Jane Doe?

On the pictures you see Sydney, NSW on 31/12/2008, mostly the harbour and Bondi Beach the next morning(01/01/2009). I've been to Sydney so I most likely took the SD Card accidentally while living in a hostel in Newtown. The photos were taken with a Nikon E4600. Sorry that I had a look at your photos but I guess that's the only way to get them back. Write me an email to repat[at]repat[dot]de or drop a comment here.

---

Als ich heute Backups gemacht habe habe ich Bilder auf einer SD Karte gefunden, von einem Mädel, das ich nie in meinem Leben gesehen habe. Inspiriert von diesem blog post von Stefan werde auch ich versuchen den rechtmässigen Besitzer über das Internet zu finden, immerhin hat es bei ihm geklappt.

Also, liebes Internet, kennt ihr diese Jane Doe?

Auf den Bildern sieht man überwiegend den Hafen von Sydney am 31.12.2008 und Bondi Beach am nächsten Morgen(1.1.2009). Ich bin selbst in Sydney gewesen und habe die Karte wahrscheinlich ausversehen in einem Hostel in Newtown eingesteckt. Die Fotos wurden mit einer Nikon E4600 gemacht. Tut mir leid, dass ich mir die Bilder angeschaut habe, aber das ist wohl die einzige Möglickeit sie wieder zu bekommen. Schreib mir eine mail an repat[at]repat[punkt]de oder hinterlasse hier einen Kommentar.

flattr this!

Tags: , , , keine Kommentare
15Dez/101

Diaspora and status.net/identi.ca

Today I read the following on twitter:

" and now !Diaspora is mirroring into !statusnet. Excellent! #microblogging #socialnetworks #onefeedtorulethemall "

originally from http://encyclomundi.status.net/notice/11978

After I scrolled through diaspora it turns out that's what he ment:

"I was imprecise in my grammar. My Diaspora is feeding into my statusnet, because i put the RSS feed from Diaspora into mirroring option on statusnet. Statusnet is pulling, Diaspora is not pushing :) "

That's of course not a bad idea, although identi.ca doesn't support this. Luckily twitterfeed.com also supports status.net, so identi.ca:) Just create an account, enter your RSS Adress(https://joindiaspora.com/public/username) and there you go:)

flattr this!

Tags: , , , , 1 Kommentar
5Dez/102

iodine – free wifi hotspots mit IPv4 ueber DNS und Dockstar

Vorweg: Diese Anleitung dient nur zur Lehrzwecken, ich bin nicht dafür verantwortlich, wenn damit, sei es legal oder illegal Sicherheitssperren umgangen werden!

Jeder kennt das Problem, das man am Gate am Flughafen sitzt oder im ICE und es gibt einen W-LAN Hotspot, nur leider muss man dafür zahlen...In Australien gab es an jeder Ecke Paid HotSpots(häufig Global Gossip), zu horrenden Preisen und mit einer unverschämt langsamen Verbindung.

Nun hab ich grade über einen Bekannten eine theoretische Lösung für solche bzw. die meisten solcher unangenehmen Anbieter gefunden: iodine

Dieses kleine Programm sendet alle Pakete über Port 53, also DNS, welches die meisten Firewalls durchlassen, testen kann man das mit folgendem Befehl:

$ ping repat.de
PING repat.de (212.12.54.159) 56(84) bytes of data.

Wenn sich also der Name in eine IP-Adresse auflöst, dann sollte das hier prinzipiell möglich sein.

Eine kleine Anleitung, da ich hier nicht alles aufschreiben kann, was gemacht wurde: Als allererstes muss DNS richtig konfiguriert werden für die Domain, dazu brauch man vollen Zugriff. Es ist mit einer dyndns Adresse unseres Wissens nicht möglich, s. dazu das README .

Dann kann man auf der Dockstar, einem kleinen Homeserver, oder auch auf jedem beliegen Server, auf den man Root-Zugriff hat, den iodine-server starten :

iodined -P password 192.168.3.123 meine.dyndns.tld

Auf dem Client jetzt die /etc/default/iodine anpassen:

# Default settings for iodine. This file is sourced from
# /etc/init.d/iodined
START_IODINED="false"
IODINED_ARGS="192.168.3 tunnel.domain.tld"
IODINED_PASSWORD="Passwd"

Falls man die Dockstar benutzt, muss man nur noch Port 53 auf die Dockstar IP im Router forwarden und den Client starten:

sudo iodine -f tunnel.domain.tld

tunnel.domain.tld ist die subdomain, die der Bekannte für mich eingerichtet habt für meine dyndns Adresse.

Voila, free Internet überall:)

//update

Geschwindigkeitsoptimierer:

  • Bilder ausstellen
  • Einen User-Agent von mobilen Geräten/Smartphones benutzen(z.B. mit User Agent Switcher als Firefox-Plugin)
  • Opera Turbo aktivieren beim Opera Browser(Website wird von Opera Servern angefragt, komprimiert, dir zugesendet und dort wieder entpackt, also quasi ein Proxy)
  • lynx als textbasierten Browser

flattr this!

Tags: , , , , , , , , , , , , , 2 Kommentare
13Okt/102

Diaspora on Dockstar with Debian Lenny

I'll write this in English because more people might want to read it;)

Diaspora, programmed by 4 young hackers in NYC, is "The privacy aware, personally controlled, do-it-all, open source social network"(joindiaspora.com). Some say it's gonna be a facebook killer, some say it's gonna fail for various reasons. Basically, the idea is to create your own server - seed - which "speaks" to other servers on the diaspora network, so a decentralized network instead a central server(farm) like facebook or several others. The main reason to do this is that your data stays in your own hands. Therefore everybody would have to install their own servers, which 99,9% of all internet users wouldn't, simply because they wouldn't know how.

Unfortunately they decided to write the whole thing in ruby(on rails), which I don't know and most of the paid-hosters don't support by default(unlike http/php/mysql/perl). As the database system they chose MongoDB, unusual as well.

My idea would have been, to install Diaspora on a mini server like the Sheeva Plug or Dockstar(3-5 Watt), with a debian/gentoo system on a USB Stick. It's not to hard, there are a lot of tutorials on the internet. All the packages, like ruby/rake are supported. But would have? Yes, because obviously MongoDB doesn't support ARM(Debian Lenny on a Dockstar with all dependencies installed):

In file included from db/../bson/bsoninlines.h:21,
from db/jsobj.h:43,
from db/jsobj.cpp:21:
db/../bson/util/atomic_int.h:96:4: error: #error "unsupported compiler or platform"
scons: *** [db/jsobj.o] Error 1
scons: building terminated because of errors.

So unless you want to keep your HomePC running 24/7(effect on environment? energy cost?), there's no chance to host your own Diaspora seed at home. Therefore you have to pay a hoster to do so, and nearly nobodie's gonna do that, because facebook is for free. I don't think Diaspora will change their database system, so this goes out to all MongoDB developers: Please add support for ARM! According to this post on in a google group it can't be too hard, but I really can't tell:/ As I found out while googling I obviously wasn't the only person who thought this might be a good idea:)

I'll try to keep you uptodate, if anybody finds a solution, please post a comment:)

update: I just tried to use the same code for ARM as for i386 and - of course - got an error:

/tmp/ccEB7sgz.s: Assembler messages:
/tmp/ccEB7sgz.s:7236: Error: bad instruction `lock'
/tmp/ccEB7sgz.s:7237: Error: bad instruction `xadd r3,[r2,#0]'

Unfortunately I don't know any ARM ASM, but maybe someone can translate?

update: In the code(/bson/util/atomic_int.h) it said 

#elif defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
// this is in GCC >= 4.1

So I just added || defined(__arm__) because my dockstars gcc said:

# gcc -v
Using built-in specs.
Target: arm-linux-gnueabi
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1'
 --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,
objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib
 --without-included-gettext --enable-threads=posix --enable-nls
 --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu
 --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --disable-libssp --disable-sjlj-exceptions
 --enable-checking=release --build=arm-linux-gnueabi --host=arm-linux-gnueabi --target=arm-linux-gnueabi
Thread model: posix
gcc version 4.3.2 (Debian 4.3.2-1.1)

I thought this might work. Then it compiled for about 3 hours and I got this error:

db/jsobj.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/db/../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
util/message.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/util/../util/../db/../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
db/stats/counters.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/db/stats/../../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
/root/mongo/db/stats/../../bson/util/atomic_int.h:29: undefined reference to `__sync_fetch_and_add_4'
/root/mongo/db/stats/../../bson/util/atomic_int.h:29: undefined reference to `__sync_fetch_and_add_4'
db/stats/counters.o:/root/mongo/db/stats/../../bson/util/atomic_int.h:29: more undefined references to `__sync_fetch_and_add_4' follow
s/chunk.o: In function `mongo::AtomicUInt::operator++()':
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
collect2: ld returned 1 exit status
scons: *** [mongodump] Error 1
scons: building terminated because of errors.

Any ideas? Seems like gcc has to be >= 4.4.0. Might be a good idea to install squeeze instead of lenny but it's nearly 5am and I can't be bothered now;)

Update: at the MongoDB Bugtracker the user Eliot Horowitz stated:

"Unfortunately compiling is only a small portion of the issue.
The bigger problem is endianness - which is fixable, just a fair amount of work."

I guess we'll just have to wait-.-

Update: Great news! Looks like somebody finally did it:

Although they did not really write a tutorial... I can't seem to find that many differences in the code but it's definitly right, that ARM is bi-endian(didn't know that until my professor told me this semester). Might work with the newser gcc version. Anyway, if I find some free time, I'll test it.

 

Related:

 

flattr this!

Tags: , , , , , , , , , , , 2 Kommentare
   

Suchen

Seiten

Wikipedia muss Kulturerbe werden Piratenpartei Deutschland Python Firefox Follow me on twitter Follow me on identi.ca Debian User Ubuntu User This blog is under CC-BY-SA Hacker Logo Club Mate Android User Chaos Computer Club Germany Australia Wikipedia OpenStreetMap Cryptocurrency Bitcoin Have a look at my social bookmarks Freedom of Speech Jabber Instant Messaging flattr repat.de telecomix

Valid XHTML 1.0 Transitional

If this article helped you it'd be nice of you to drop a comment or flattr me:)

Follow me on identi.ca

RSS scuttle

Blogroll

Podcasts

Kategorien