It should come as little surprise to anyone out there that I have a bit of a problem with hoarding data. Books, music, and of course files of all kinds that I download and read or use in a project for something. Legal briefs, research papers (arXiv is the bane of my existence), stuff people ask me to review, the odd Humble Bundle... So much so that a scant few years ago I rebuilt Leandra to better handle the volume of data in my library. However, it's taken me this long to both figure out and get around to making it easier to find anything in all that mess. If I can't find it, I can't do anything with it, or even figure out what I do or don't have. I also don't often have console access so it's not as if I can SSH in and grep for what I need. I use Nginx as a web server on Leandra so actually getting access to files when I need them is trivial.
Difficulty rating: 8. Highly specific use case, highly specific setup, assumes that you know what these tools are already.
Let's assume that you have a couple of servers that you can SSH into over Tor as hidden services.
Let's assume that your management workstation has SSH, the Tor Browser Bundle and Ansible installed. Ansible does all over its work over an SSH connection, so there's no agent to install on any of your servers.
Let's assume that you only use SSH public key authentication to log into those servers. Password authentication is disabled with the directive PasswordAuthentication no in the /etc/ssh/sshd_config file.
Let's assume that you have sudo installed on all of those servers, and at least one account can use sudo without needing to supply a password. Kind of dodgy, kind of risky, mitigated by only being able to log in with the matching public key. That seems to be the devopsy way to do stuff these days.
Problem: How to use Ansible to log into and run commands on those servers over the Tor network?
Chrome isn't bad; I have to use it at work (it's the only browser we're allowed to have, enforced centrally). In point of fact, I'd have switched to it a long time ago if it wasn't for one thing. I make heavy use of a plugin for Firefox called Scrapbook Plus, which make it possible to take a full snapshot of a web page and store it locally so that it can be read offline, annotated, and full-text searched. I never count on having connectivity (I live in the United States, after all, and right now my home connection is running quite poorly and has been for several days due to an ongoing situation at my local CO) so I try to keep both essential documentation and reading material in general stored locally for those dry periods. However, there is no port of Scrapbook Plus for Chrome, nor is there a workable equivalent addon for same (I think I've tried them all). I'm not about to do without my traveling hoard of information (which at this time numbers around 10,000 unique web pages and 15 gigabytes of disk space). Out of desperation last night I did some research into how I might be able to speed up Firefox just a little and get more use out of it until I figure out what to do. Here's what I found:
Now that ISPs not selling information about what you do and what you browse on the Net is pretty much gone, a lot of people are looking into using VPNs - virtual private networks - to add a layer of protection to their everyday activities. Most of the time there are two big use cases for VPNs: Needing to use them for work, and using them to gain access to Netflix content that isn't licensed where you live. Now they may as well be a part of everyday carry.
So: Brass tacks. Here's a quick way to set up your own VPN server, as well as a solution to a problem that frustrated me until very recently. For starters, unless you're an experienced sysadmin don't try to freestyle the setup. There is an excellent script on Github called openvpn-install that will do all of the work for you (including adding and deleting users) in less than a minute. Use it to do the work for you. Please. Also, if you build an OpenVPN server, consider going in with a couple of friends on the cost.
Chances are you're running either Windows or Mac OSX (Linux and BSD users, you know what to do) so you'll need an OpenVPN client on the users' end. This means that you want to run either the Windows version of the OpenVPN client or an OSX client like Tunnelblick. However, these clients assume that you're just loading an all-in-one configuration file, called an .ovpn file. If you've never done it before they're remarkably tricky to build but they're basically a copy of the OpenVPN client.conf with all of the crypto keys embedded in special stanzas. It took me a lot of fumbling and searching but I eventually figured out how to reliably make them. To save you some time here's a copy of the one I use with all the unique stuff removed from it. If you open it in a text editor you'll notice a couple of things: First, the very first non-commented line says that it's for the client and not the server. Second, I have it configured to use TCP and not UDP. This is so that you don't have to reconfigure the firewall you're behind to get your traffic through. Keep it simple, trust me on this. Third, the ca, cert, and key directives are commented out because those keys are embedded at the end of the file. Fourth, I have tls-auth enabled so that all traffic your server will handle is authenticated for better security.
If you freestyle (that is, build by hand) your OpenVPN server, you'll need to keep in mind the following things:
I've mentioned once or twice that I have a media box at home running Kodi on top of Arch Linux. Once you've got your media drives registered and indexed, it's pretty easy to use. Save for the clock in the upper right-hand corner of the display, which almost never seems to coincide with the timezone set when you install Arch. So I don't forget again, and to try to fix the problem of skillions of worthless threads on the Kodi forums, here's how you fix it from inside of Kodi when it's running:
- System -> Settings
- Appearance menu
- International tab
- Timezone Country
- Pick the country you live in
- Pick the timezone you're in
- You're done.
UPDATE - 20170327 - Truecrypt was disconnected in 2014.ev when Microsoft stopped supporting Windows XP. DO NOT USE IT. This blog post must be considered historical in nature.
If you've been following the news media for the past year or so, stores have been cropping up with frightening regularity about travelers who are detained at the border while customs agents demand the login credentials for their notebook computers so that they can be examined for gods-know-what kind of information. From time to time, the hard drives of computers are actually imaged for later analysis. As if that weren't enough, the United States Supreme Court has stated the opinion that this is permissible and a legally defensible thing to do, regardless of whether or not you are an American citizens, regardless of whether or not you're actually up to no good. Just a few days ago, it came out that Canada is trying to push through the Anti-Counterfeiting Trade Agreement, which would make it legal for Canadian border authorities to search not only portable computers, but USB keys, cellular phones, and MP3 players for information (specifically, pirated MP3 files)... the very act of searching one's personal and corporate storage media constitutes a potential information spillage situation because it may not be possible to prove in a court of law that data wasn't copied during the search. You can't necessarily prove a negative when you're dealing with file systems.