Time has flown by without a blog post, and it's about dang time to release a little something new. Over this post-free time, I have learned several things worthy of sharing. For starters, everyone loves music and it's mission critical for most people to have a music player so they can jam out when working. So let's make one!
Why Make a Music Player When There's So Many Good Ones?
I have over 7 terabytes of music, and every time I've attempted to load my entire playlist of music into popular apps, I wind up cranking an i9-9900K with 64 GB of RAM to nearly 100% usage and cause my system to freeze. Due to this, I figured I would write a simple, lightweight, terminal-based program that would provide the flexibility needed to listen to music without any extra bloat, and could be extensible with bash scripts using something like ncurses. Let me introduce you to what I have accomplished so far for this program!
So I've had lots of privacy scares in the past, with people trying to steal my identity, my banking info and so on. Over the past few years, I've grown fed up with this over time and have been looking for ways to hide my own personal information from theft, prevent telemarketing annoyance, and even gain the added benefit of making it just a little bit harder to be spied on by the government to preserve my own personal freedom.
Enter The PinePhone
What if I wanted a smartphone? I have been using a Google Pixel with a custom Android build for a while now, but I'm beginning to worry that's not enough. I've been hearing through my friends and online about this company called Pine64 that works on Open Source board designs for tech devices, such as smartphones, laptops, tablets and (recently) smartwatches.
So the Pine64 smartphone, or Pinephone, has pretty crappy hardware inside compared to a flagship smartphone. But given the $200 USD price point, I could buy three for the price of a “popular” phone. Also, it runs Linux as well as Android which means it supports the new and coming PureOS- a secured Linux build based on Debian. PureOS is actively made by the company Purism, who releases their own smartphone with this system. But can I run it on some cheap device?
So you've got a nice fresh OpenBSD install on your laptop, and you're excited to use it. However the desktop environment it comes with is absolutely horrifying to use. Following up from the installation of OpenBSD found on This Blog Post, it is time to tweak out OpenBSD to have a nice and custom desktop tailored to your needs.
I will be configuring i3 window manager, although the setup process for a more well-known desktop environment (like GNOME or XFCE) is very similar in terms of setup.
Since I opted for i3, there's a lot more manual configuration- but the reward is much greater in terms of the ability to customize it. Anyways, this machine doesn't configure itself- so lets dive right in!
Installing Required Software
I wanted for a somewhat custom look, so this is what I set out to install:
i3-gaps
i3status
rofi
rxvt-unicode
chromium (yes, it's modded by the developers)
irssi
w3m
vim
openbsd-backgrounds (because it contains the xwallpaper app)
To install these, I logged in as root and ran the following command in the terminal (once connected to internet):
pkg_add i3-gaps i3status rofi rxvt-unicode chromium irssi w3m vim openbsd-backgrounds
With this completed and out of the way, configuration of the OS is now much easier and we're ready to actually begin configuration.
In today's hyper-connected world, it grows increasingly important to have all devices that have an internet connection locked down- not for hiding data but to protect from having day-to-day life completely sabotaged. One may have already locked down their accounts and data about them online, but what if they want to “amp it up” to the next level?
The Problem
It's known that by using Windows or MacOS, you have agreed to Terms of Service that include the upload of their private files to their infrastructure- even if you didn't want it to go on the internet. In Microsoft-Land, this means all your files are scanned and uploaded to Microsoft's infrastructure where they can build a profile on you. Apple happens to engage in similar practices. On top of this, Windows is known for having the most viruses and rootkits in the world while MacOS currently has the record for the most adware in the world. Viruses and rootkits are basically system exploits, while adware is an attack on the web browser, forcing ads to pop up even if you have an ad blocker.
To add further discomfort, the leaks made by ex-CIA/NSA official Edward Snowden from years past verified that there is something called FISA court- a top secret US-based court of law that issues warrants for surveillance. Snowden took huge issues when he learned that the CIA and NSA built this program named XKeyScore, which behaves like a search engine that collects ALL information about people, including private things like Social Security Numbers and text messages. To do this, the FISA courts “rubber-stamped” (and still do) every surveillance request made by the CIA or NSA- allowing them to spy on U.S. Citizens without due process. Nowadays, laws have since been passed where FISA courts are irrelevant and the CIA and NSA can continue to do this.... And if the CIA and NSA are capable of gathering all the info you'd rather keep private, so is the stalker... or the creepy person next door... or the angry ex-husband/ex-wife...
Enter OpenBSD
OpenBSD began in 1995, where the founder Theo De Raadt took issue with the design approach of NetBSD- which traces it's ancestral roots all the way back to the original UNIX from the early 1980's. De Raadt was (and still is) a firm believer in correctness of code, extensive auditing of the code, and extreme levels of security. OpenBSD is widely considered to be the most secure Operating System on the planet, with the most bleeding edge technologies in cryptography and so on- to the point where some countries ban the OS for import even though that's unenforceable thanks to the internet. It is known for having sane and secure defaults in the installation, and several audits of the entire system's source code yearly. They are responsible for the invention of the applications sudo, openssl, libressl, ssh, pf, and pledge(). If familiar with any Linux/Unix command line, it's easy enough to notice that they invented some of the most common protocols utilized in locking down a system.
Odds are that if you're reading this blog, you own one of these:
These routers appear like closed-off boxes, with this “firmware” voodoo that you need to download and update it once every few months. However, what if it was possible to take apart a router image and discover how it works? Let's tear the D-Link DWR-956 Router's firmware apart and discover how it works.
In the early 1940s during World War 2, a world renowned rock-'n-roll guitarist named Woody Guthrie mustered up the courage to paint a slogan on his guitar, that would forever change the way we view the world and influence many people's views on the subject of free speech. After the publishing of one of his wartime songs, Guthrie painted “THIS MACHINE KILLS FASCISTS” onto his guitar. But Why Would He? Guthrie believed that the battle Freedom of Speech and Censorship was more important than the war between Good and Evil itself. Enough history, why is this viewpoint relevant to society today?
This post is different, I recently downloaded a videogame I remembered playing from several years ago, called Return To Castle Wolfenstein. It's considered to be cult classic game, but I learned it was banned to own or sell in Germany and a couple other countries, due to it's use of the Nazi Swastika. This got me thinking on the topic of censorship as it relates to the world we live in, why hackers should care, and how we can tackle this issue.
What is true online? How can you find useful information online? How can you verify the truth of something online? How can you learn more about current events, people or organizations and only get the statistical numbers?
These are legitimate questions, and with the dawn of the “fake news” misnomer, it's increasingly important to know how to search for verifiable, empirical information that can be measured (so you can form your own opinions, instead of believing whatever is the latest fad). Due to this, I personally feel morally obligated to share introductory techniques and tools of the trade of Seeking– gathering useful and actionable information.
This blog post is dedicated to Francesco Vianello (1952-2009). May you continue to rest in peace, and may your wisdom continue to be useful to us all.
Getting Started
Before we begin to do some deep digging, we'll need to have a few programs at the ready. You MUST have a text editor, a way to edit spreadsheets, and Tor Browser. Tor Browser is important because it becomes harder to track your current location, allowing you to bypass location filters.
Ever since the revelations of Edward Snowden and learning about the fact that the United States Government implements and utilizes commercial-grade equipment to spy on society, there's been an ongoing battle for personal privacy. Most don't do this because they have things to hide, but because they have important things to protect, like their banking information or previous addresses. With the rise of major technology companies and governments at the helm of new technical innovations and controlling most people's everyday lives, it becomes people's responsibility to carefully handle their personal information- both online and offline. For those unfamiliar, this blog post seeks to provide a “quick start guide” on how one can protect their info from malicious actors, governments, and so forth.
This post has been long in coming. For those who haven't read the previous posts in this series, below are links to bring you up to speed.
In Part 1, we covered the basic mathematical information and technical information required to understand and begin to implement your own cryptography.
Part 1: HERE
In Part 2, we set up a Cryptographically Secure Pseudo-Random Number Generator to be used by our cryptographic algorithms.
Part 2: HERE
If you're stuck, the previous posts may help with bringing you up to speed. Now, let's add in the hashing algorithm!
Hashing? What's that?
A Hashing Algorithm is this carefully crafted program that takes a string as an input, performs a bunch of cryptographic functions on it, and spits out a fixed-length string that appears to be random. However, if you compute the hash again with the same string, you will achieve the same output.
A sample hashing function could be a simple XOR operator. You take random bytes to produce “entropy” for the hashing function, saving the information somewhere. Then you could just XOR the string with the saved random bytes, chopping the hash off at a fixed length. This is known to be highly insecure as performing an XOR against itself is effectively an inverse operation and will undo the work of creating a hash.
I was reading old blog posts and realized I didn't touch on a CRITICAL piece of the puzzle to understanding computing... How your device actually works. This post aims to remediate this and provide a “one-stop” guide from understanding the low-level circuitry to how that allows people to program on their devices.
No computers were harmed in the making of this post. No, seriously.
The Electronics
Everything in a computer is a 1 or a 0. Many people call this true or false, or even on or off. Whatever you may call it, it's the basis for boolean (digital) logic. When you use a series of true or false statements, you are making use of the binary number system. Instead of having a 10's, 100's, 1000's etc place there's powers of 2. so 11111111 would equal 255, because 1+2+4+8+16+32+64+128=255. This is similar to how we would calculate what 255 equals- 200 + 50 + 5 = 255.
