looking at my heart

I have not blogged about personal stuff in a long time. Sometimes the only thing that will listen in the way that I want to be heard is with a pen and a piece of paper.

It is clear to me that I am an introvert. When it comes to personal matters, I like being by myself and working out my own problems. With that comes cut-throat prioritization and intense moral struggle.

The exception to my independence is when I fall in love with another person. The act of falling in love happens rarely, because it takes a long time for me to identify someone with a mix of characteristics and mannerisms that I thoroughly and thoughtfully enjoy.

When I do fall in love, I fall quickly, and I fall hard.

When I find this person, I think that I know what to do. I actively demonstrate care, humility, and respect. I become super attentive and reactive. I do all of these things because it is what I want:

  • It is how I want to be mutually treated by this person.
  • Because it is an outlet for positive emotion, one that I understand, which makes me happy.
  • And because I need to create feedback loops to–in my opinion, help–verify the integrity of our feelings.

Sometimes one or more of these things scares people. It makes them question their own emotional depth, which creates uncomfortable rifts. I then get frustrated because these people do not seem to be patient with themselves or with me–or is it truly irreversible?

Cities: adopt these privacy laws

To follow up on a my previous post about enacting local initiatives for the people’s right to privacy:

  • A publicly-accessible warrant must be provided to monitor or capture any private voice communication or digital data, at rest or in motion.
  • Only the entities that privately sign digital certificates for the purpose of encrypting voice communication or digital data, at rest or in motion, can decrypt said voice communication or digital data.
  • Only the original creator of a private certificate may own and use, in such a way, that allows said entity to view or record decrypted voice communication or digital data.
  • It is illegal for any entity to attempt to break or subvert any voice or data encryption mechanism.

I foresee some business impacts to these, so some of them probably need to change. Discuss!

Ideas to support the Tor Project: Wikipedia IdeaLab proposal

Special thanks to my open-access comrade-in-arms Lane Rasberry.

Lane emailed me this morning asking for my input on a current proposal that’s on Jimmy Wales very own Wikipedia talk page.

After CC’ing Runa Sandvik from the Tor Project to verify the factuality of my feedback for the Wikipedia community, I posted my comments.

The ongoing issue, that Jacob Appelbaum repeatedly vocalizes, is that Tor users, Jacob included, is not able to protect his identity and contribute to the knowledge base that exists on Wikipedia.

Political activists and dissidents create a critical feedback loop into the controversial dialogue that is only made possible through the Internet and social media. Not only are these people self-empowering, they are the ones most likely to seek out the truth.

From Lane:

If you would be willing to write a brief set of proposals about what Wikipedia should do with Tor, then [Lane] would format those with you in the IdeaLab. This is a space where ideas are stored on Wikipedia so that they would always be found if anyone ever wanted them. I think it would be a good idea just to establish the conversation.

https://meta.wikimedia.org/wiki/Grants:IdeaLab

[If] it is of interest to you, I would help you start a proposal, format it properly, publicize it, and if you know anyone in the Tor community that might want to make a grant proposal for funding to establish and document the relationship between Tor and Wikipedia, then I might be able to advise on how to do that also.

This conversation is happening now live and it does have Jimbo Wales’ attention. It would be awesome to get input from established Tor supporters.

If you would like to create a proposal and have the support of a Wikipedia veteran, please contact Lane directly, and ask for other peoples input! I’m also extremely interested in supporting, I just don’t know what an ideal proposal would look like, and I don’t want to speak on behalf of Tor Project.

Thank you!

Developing an Open Educational Resource on Encryption

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

— Edward Snowden, answering questions live on the Guardian’s website

Society needs an educational resource, covering the complex topics involved with information encryption, that is modular, openly accessible, and freely remixable. This is my proposal to create such a resource.

Open Educational Resources (OER) are freely accessible, openly licensed documents and media that are useful for teaching, learning, educational, assessment and research purposes. The development and promotion of open educational resources is often motivated by a desire to curb the commodification of knowledge[1] and provide an alternate or enhanced educational paradigm.

Utilizing Creative Commons licensing, an OER can be created on oercommons.org, where it will be maintained by a single authority, yet anyone in the world will be able to adapt and create their own work from ours. Oercommons.org provides a long-term support platform for maintaining these resources.

I started publicly asking for help in June of 2013–and I received a very warm welcome. You don’t have to look far to see why.

2013-06-24

August 2013:

2013-08-23 2013-08-23-2

October 2013: KEYNOTE: Journalism in the Age of Surveillance, Threat Modeling: Determining Digital Security for You, [For Journalism] Keeping Under the Security Radar, Improving Your Digital Hygiene

December 2013: United We Stand — and Encrypt by Josh Sterns2013-12-21

December 2013: Arab journalists need training for civil unrest and wars — referencing the CPJ’s Journalist Security Guide

January 2014: A Modest Proposal for Encrypting the Work of Activists by Kate Krauss

2014-01-20

It is clear that a diversity of educational resources are needed. While my original proposal was going to be supported by the United States Open Knowledge Foundation, OKFNUS has since back peddled due to lack of support from central-OKF. I am hoping that the many people behind Crypto.is are interested in spearheading the development of this OER. If they are not, and no other organization is, I will shortly be registering my own domain name to create a project launch page.

The initial launch of the OER can be created using Micah Lee‘s work, of the Freedom of the Press Foundation, Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance. Micah and the Freedom of the Press Foundation graciously licensed this work as CC-BY, allowing us, and even Wikipedia to reuse the work with attribution. I am hoping that Micah, himself, will want to be included in this project.

The target audience, initially, will be journalists, whistle blowers, activists, and dissidents. While these groups are the extreme, their example proves useful for the rest of society.

Please comment on this post, or tweet me, or email me your feedback.

Strip PNG metadata using Ubuntu 13.11: pngcrush and optipng

PNG optimizing tools reduce size my getting rid of “extra” stuff. Some of that extra stuff is the metadata that can be used to identify who took the picture. I’m no professional metadata-remover, I just did this testing for fun.

sudo apt-get install -y pngcrush libimage-exiftool-perl
pngcrush -rem allb -brute -reduce original.png optimized.png && optipng -o7 optimized.png

pngcrush – run the pngcrush program

-rem allb – remove all extraneous data

-brute – attempt all optimization methods

-reduce – eliminate unused colors and reduce bit-depth 4

original.png – the name of the original (unoptimized) PNG file

optimized.png – the name of the new, optimized PNG file

&& – command #2 will be executed if and only if command #1 returns exit status zero

optipng – run the optipng program

-o7 – optimize the image at the highest possible level

optimized.png – the already pngcrush-optimized PNG file that will be further optimized (if possible) with optipng

Let’s test!

Here’s an image that’s CC-BY-SA from Wikipedia: http://upload.wikimedia.org/wikipedia/commons/8/89/Tenaya_Lake_Yosemite_National_Park.png

pngcrush -rem allb -brute -reduce Tenaya_Lake_Yosemite_National_Park.png Tenaya_Lake_Yosemite_National_Park2.png && optipng -o7 Tenaya_Lake_Yosemite_National_Park2.png

Then to check the metadata:

identify -verbose Tenaya_Lake_Yosemite_National_Park.png

Image: Tenaya_Lake_Yosemite_National_Park.png
Format: PNG (Portable Network Graphics)
Class: DirectClass
Geometry: 2048x1536+0+0
Resolution: 70.87x70.87
Print size: 28.898x21.6735
Units: PixelsPerCentimeter
Type: TrueColor
Endianess: Undefined
Colorspace: sRGB
Depth: 8-bit
Channel depth:
red: 8-bit
green: 8-bit
blue: 8-bit
Channel statistics:
Red:
min: 0 (0)
max: 255 (1)
mean: 111.14 (0.435842)
standard deviation: 42.8511 (0.168043)
kurtosis: 0.724192
skewness: 1.17595
Green:
min: 0 (0)
max: 255 (1)
mean: 130.885 (0.513273)
standard deviation: 38.549 (0.151173)
kurtosis: -0.384294
skewness: 0.458422
Blue:
min: 0 (0)
max: 255 (1)
mean: 155.366 (0.609278)
standard deviation: 48.5428 (0.190364)
kurtosis: -0.907909
skewness: -0.00882359
Image statistics:
Overall:
min: 0 (0)
max: 255 (1)
mean: 132.463 (0.519464)
standard deviation: 43.5073 (0.170617)
kurtosis: 0.23089
skewness: 0.637459
Rendering intent: Perceptual
Gamma: 0.454545
Chromaticity:
red primary: (0.64,0.33)
green primary: (0.3,0.6)
blue primary: (0.15,0.06)
white point: (0.3127,0.329)
Interlace: None
Background color: white
Border color: srgb(223,223,223)
Matte color: grey74
Transparent color: black
Compose: Over
Page geometry: 2048x1536+0+0
Dispose: Undefined
Iterations: 0
Compression: Zip
Orientation: Undefined
Properties:
date:create: 2014-01-15T19:41:21-08:00
date:modify: 2014-01-15T19:41:21-08:00
png:cHRM : chunk was found (see Chromaticity, above)
png:gAMA : gamma=0.45454544 (See Gamma, above)
png:iCCP : chunk was found
png:IHDR.bit_depth : 8
png:IHDR.color_type : 2 (Truecolor)
png:IHDR.interlace_method: 0 (Not interlaced)
png:IHDR.width,height : 2048, 1536
png:pHYs : x_res=7087, y_res=7087, units=1
png:sRGB : intent=0 (See Rendering intent)
signature: 4be08d8b3f54c63739c5653a38dd4f817da97114025dddaccbf7e9e533396d56
Profiles:
Profile-icc: 1352 bytes
Description: Camera RGB Profile
Manufacturer: Camera RGB Profile
Model: Camera RGB Profile
Copyright: Copyright 2003 Apple Computer Inc., all rights reserved.
Artifacts:
filename: Tenaya_Lake_Yosemite_National_Park.png
verbose: true
Tainted: False
Filesize: 4.961MB
Number pixels: 3.146M
Pixels per second: 10.49MB
User time: 0.290u
Elapsed time: 0:01.300
Version: ImageMagick 6.7.7-10 2013-09-10 Q16 http://www.imagemagick.org

And compare the optimized copy:

identify -verbose Tenaya_Lake_Yosemite_National_Park2.png

Image: Tenaya_Lake_Yosemite_National_Park2.png
Format: PNG (Portable Network Graphics)
Class: DirectClass
Geometry: 2048x1536+0+0
Resolution: 72x72
Print size: 28.4444x21.3333
Units: Undefined
Type: TrueColor
Endianess: Undefined
Colorspace: sRGB
Depth: 8-bit
Channel depth:
red: 8-bit
green: 8-bit
blue: 8-bit
Channel statistics:
Red:
min: 0 (0)
max: 255 (1)
mean: 111.14 (0.435842)
standard deviation: 42.8511 (0.168043)
kurtosis: 0.724192
skewness: 1.17595
Green:
min: 0 (0)
max: 255 (1)
mean: 130.885 (0.513273)
standard deviation: 38.549 (0.151173)
kurtosis: -0.384294
skewness: 0.458422
Blue:
min: 0 (0)
max: 255 (1)
mean: 155.366 (0.609278)
standard deviation: 48.5428 (0.190364)
kurtosis: -0.907909
skewness: -0.00882359
Image statistics:
Overall:
min: 0 (0)
max: 255 (1)
mean: 132.463 (0.519464)
standard deviation: 43.5073 (0.170617)
kurtosis: 0.23089
skewness: 0.637459
Rendering intent: Perceptual
Gamma: 0.454545
Chromaticity:
red primary: (0.64,0.33)
green primary: (0.3,0.6)
blue primary: (0.15,0.06)
white point: (0.3127,0.329)
Interlace: None
Background color: white
Border color: srgb(223,223,223)
Matte color: grey74
Transparent color: black
Compose: Over
Page geometry: 2048x1536+0+0
Dispose: Undefined
Iterations: 0
Compression: Zip
Orientation: Undefined
Properties:
date:create: 2014-01-15T19:58:34-08:00
date:modify: 2014-01-15T19:58:34-08:00
png:cHRM : chunk was found (see Chromaticity, above)
png:gAMA : gamma=0.45454544 (See Gamma, above)
png:IHDR.bit_depth : 8
png:IHDR.color_type : 2 (Truecolor)
png:IHDR.interlace_method: 0 (Not interlaced)
png:IHDR.width,height : 2048, 1536
png:sRGB : intent=0 (See Rendering intent)
signature: 4be08d8b3f54c63739c5653a38dd4f817da97114025dddaccbf7e9e533396d56
Artifacts:
filename: Tenaya_Lake_Yosemite_National_Park2.png
verbose: true
Tainted: False
Filesize: 4.454MB
Number pixels: 3.146M
Pixels per second: 14.98MB
User time: 0.210u
Elapsed time: 0:01.209
Version: ImageMagick 6.7.7-10 2013-09-10 Q16 http://www.imagemagick.org

Setting up OpenVPN Access Server for Ubuntu 13.11

About OpenVPN Access Server: https://openvpn.net/index.php/access-server/overview.html. I use OpenVPN-AS to self-host a really easy to use VPN for Windows, Linux, and Android devices.

Access Server release notes for 2.0.3: http://openvpn.net/index.php/access-server/download-openvpn-as-sw/532-release-notes-v200.html

on the server side:

sudo apt-get install openvpn bridge-utils openvpn-blacklist
openvpn --version

You should get (or later): “OpenVPN 2.3.2 x86_64-pc-linux-gnu”.

Check to verify that you will be downloading and installing the latest version of OpenVPN-AS by visiting this page and selecting your OS: https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html

wget http://swupdate.openvpn.org/as/openvpn-as-2.0.3-Ubuntu13.amd64.deb
sudo dpkg -i openvpn-as-2.0.3-Ubuntu13.amd_64.deb

I use Ubuntu’s “Uncomplicated Firewall” (https://help.ubuntu.com/community/UFW) to mange my server-side iptables firewall. I added a rule to allow incoming TCP traffic over port 1194.

sudo ufw allow 1194/tcp
sudo ufw reload

Create a user on your server that won’t have administrative rights, that you’ll use to access your VPN:

sudo adduser ovpnuser

then on the client side:

Unfortunately, at the time of writing, “.ovpn” files are not supported through the gnome GUI as described here: http://askubuntu.com/questions/187511/how-can-i-use-a-ovpn-file-with-network-manager. So you will have to connect via command-line.

  1. Go to https://your_static_ip:1194 in your web browser.
  2. Log in with the above user credentials that you created.
  3. Click: “Yourself (user-locked profile)” to download the “client.ovpn” file.
  4. Open a terminal window and enter:
sudo openvpn --config /home/your_user/Downloads/client.ovpn

5. Verify that you’re using your remote IP address: http://ipchicken.com/

Ubuntu 13.11 + ZFS / raidz2 Samba share

These are the steps that I took and what works for me. I hope it helps someone else. Configure the RAID controller as either JBOD or as each HDD being an independent RAID-0 logical volume. Then install Ubuntu server 13.11 x64 with OpenSSH and Samba.

sudo add-apt-repository ppa:zfs-native/stable
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install ubuntu-zfs python-software-properties
dmesg | grep ZFS
sudo vim /etc/modules

(add the following…)

spl
zavl
znvpair
zunicode
zcommon
zfs

(then run…)

sudo update-initramfs -u
sudo reboot
sudo zpool status
sudo zpool create zfsshare raidz2 /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf -f
sudo zfs list
sudo zfs create zfsshare/backup
sudo zpool status
sudo vim /etc/samba/smb.conf

(configured smb.conf…)

sudo zfs set sharesmb=on zfsshare/backup
sudo chmod 0777 /zfsshare/backup
sudo service samba restart
sudo zfs get sharesmb,sharenfs
sudo zfs set compression=lz4 zfsshare/backup
sudo zdb -b zfsshare
sudo zfs set dedup=on zfsshare/backup

(after copying SQL .bak files, etc, to the share…)

ls -alh /zfsshare/backup/
sudo zfs get compressratio zfsshare/backup
sudo zfs get all |grep comp