The Blog of Tom Webster

Chronic Ranter, Reviewer, and Developer

New PGP Key

  2017-02-16 10:05:15 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have signed the text of this blog post with both my new and old keys for
verification purposes.

I've created a new PGP key. You can find it over on the [PGP Page](/pgp/).
Additionally, you will find links to the MIT and SKS keyservers where you can
verify the key. You may also find me (and my identity proofs) [on
Keybase](https://keybase.io/samurailink3). The new key
(37E8CF026EACC295F9EC9CB9CB744273EDA0E0BB) has been signed by my old key
(11C930C4693A6C9B789BB0F76442DF0A14BA4EFD) so you can verify that the new key is
valid. The old key can be found on [the PGP Archive page](/pgp/archive/).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEN+jPAm6swpX57Jy5y3RCc+2g4LsFAlilwWsACgkQy3RCc+2g
4Lvp5w/+NZO+bhDD9CC0cOS+834vb3vD4F3j8AlE57pQbvn9MKpKoWaVS05Q3Q/w
rIVlAT5HW4UDW6n9vxn/2gNBcymZkGTHP3fNs4rufkYLySgWyZuGJwiZIUTgJ1Nz
gbJoZtQ2YBUZBIecCv9xg+Xcb5vLInTsm1jz39lpLR4FUIhOeojBD/YTq3Z7or+M
Jjwas0rbluhcmrzho3OjBisrxQg3S5GzNhSS4nbRzCKW6Ys9UiylW5P3ERrYHcVZ
BWtpjz+LTmSfAZmQ8i0NKFloDyErHxAa9Sv/Ojp1ooENB/9EmxuYg+wNufw8X0sk
/OiLCZVYvJG5gkCpN0q9HYt5rFMYcYJRxidPv4tfXmViQWALKPnq6s0YO2cAwijF
jk1nTKDGlJG/CUsBP65gQHPksA9mtpfJu0pf+6zTT7LJrTk3gZHp/xBk9fc6Gxgd
QJVOjY8ErQ1IDzJ5WU+Q5se2McBKoZ2LvaQUlHJrEZi8XGwx0g5C4AHioTPMtHPd
BdHK28E7qG3K/0zeI8lKC2EODD0yWm4Rl1BPU6j9VxTPns1jmTkYNZWqoSZwe0Se
eWIvnl5frQr6Yj8Mh4SpOoa3IbAGnWzUhXyPBJXrEb5SpFDuorG3rrikDw/2WV2I
XJlVY5o4diXwKlWgBNk8Umvvbicd0q/C5EYNCLnOF1NQj7anfss=
=clqN
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have signed the text of this blog post with both my new and old keys for
verification purposes.

I've created a new PGP key. You can find it over on the [PGP Page](/pgp/).
Additionally, you will find links to the MIT and SKS keyservers where you can
verify the key. You may also find me (and my identity proofs) [on
Keybase](https://keybase.io/samurailink3). The new key
(37E8CF026EACC295F9EC9CB9CB744273EDA0E0BB) has been signed by my old key
(11C930C4693A6C9B789BB0F76442DF0A14BA4EFD) so you can verify that the new key is
valid. The old key can be found on [the PGP Archive page](/pgp/archive/).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEckwxGk6bJt4m7D3ZELfChS6Tv0FAlilwY0ACgkQZELfChS6
Tv3LDg//bFXLrGtb0ZBYKBl+PJMXQJpkMpSkM/YX4uTDdiUXdxT/ThoHqtMKBKtx
MqOKtjoInLiBlkKsqXjHUJGPPG6RAwfZhwQUWgtXF49j3kzv0isgye/b8an4XCor
d7dbxN/2fuOzCsf7s6FZqx17KfJmDfky84fQmc+yJ+XjJeWkEcf53CY4A4vkaBie
xYoF68ZDF09+zizGc+CqyyoeOt58j5XiiJ3x3K/IEhJIHcc5CTVlsjy1rRWkiHIL
9mcQJpSJmTP75we/N2JBsCQKVXEr1BPneyzBWBP4NOdGew42zGaJwwmGChL+PfMf
QkX9tQQeCOBEoPus1KnCVUTAtHmKZftONZ0w6wWDq8VNU1T8TLRxgahM6TjyQeQf
rzBPkVR50su/FclLj9v11tUWIxYkBdhQuW16X1szkkAKdnIrmfODUiIzl+44MeRx
sHkaDAsE1TQMlht/lxPmniJXOIGsumaIrghsURTyyy2z4IM1npXmm/LLKgKKLYvT
f7IjXWAHAylrYbxw9pp0K725X15eGdTG9rPpT/b7HXodgoWibHtEHBZxq7EoobKN
NXJE9n55wB20QAwXH4/LAnbaxkyiDnCpekJAf7GHviB9TSKK25nTzlYE1mRqH/9P
Kc35tdlb7DyU3fWTqkWFgsZFJbVxO9l65DIYVcLuRUhx3NOZh+s=
=78aO
-----END PGP SIGNATURE-----

PGP Key Expiring Soon

  2017-02-09 12:39:27 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My PGP key will be changing soon. It expires on 2017-03-18. I'll attempt to change it this month (2017-02).
I will update keybase.io/samurailink3, https://samurailink3.com/pgp/, and the MIT PGP Key Server.
This message is signed by me (and my still-valid key) so you know it's the real deal.
This will be tweeted by @samurailink3, posted on https://samurailink3.com, and posted in the
Security:inThirty group chat for additional verification.
Another blog post/tweet/message will be made when my new key has been created.
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCAA1FiEEEckwxGk6bJt4m7D3ZELfChS6Tv0FAlicqRQXHHNhbXVyYWls
aW5rM0BnbWFpbC5jb20ACgkQZELfChS6Tv2YgA//WJUqAwAkW9zcxym54+z+zNdV
0s5mQgztt/eCcbfNaakqdkKboREW03dU26k/uKaWOvqW/fOWRmgDQ7XNGq5OHP+f
5L5LD+2z9Hx0T4LlowYnDmqmTplzIfmwpFnXHqXp0kvk2nbPzVwJdcE5fQjdhAF2
sQU12MhcWly9iwYvEo5pU/5WyWfMvaxn3m5pFv0vzdCVzyWb+qdpvN0VZgipDiXK
OSMR+8TDvWHuZSDS02V1QGh9eVT0SrbGeFY6TJHwPjGrzTv+QFKrrgVh+uSsNDuM
CVSeg0yqhLx+fLyOiYHbOklzrcMmIj1lF1wMs/AuyTCtJ3J2E2Xpvc6dyhDp0wma
9noov4yW0HOEZEgrP3GMtsBnBU1gpnawRA8snnc/pUppGQcR2tm7HTOxsGE2d5u3
5DQ59WQc/3LOmrNWlaKEAzITNaWZ74yMu0IB9PLUSx0sPQ+LP6ja0y72cwfWiL4g
L+Di9WMFrnrRf6EDVOTiwW1rQlOQrWr+c/PhyWv/gKtaznHiL9/13ulgRPymqGgv
pRILzRFFBve8n+7QVczr6LILLJDAQqS8xfQuA+Fm9f78vsFflNs59EBNBIqdRaae
ieFJ0YMOxUgbPEX0oo5/BsLG1itW7VH1ylcIlA8r5mMrliP/i8ZGydqTxceTe2ak
fpnSgNpoB9nAIUNmtw0=
=l9er
-----END PGP SIGNATURE-----

watchtwitch 5.0.0 - Command Line Twitch.TV Browser

  2016-11-26 14:38:32 EST

video_game video_game video_game video_game video_game video_game video_game video_game video_game video_game

Another update to watchtwitch. The big news this time is that I've implemented a step-through menu, specifically to make the program more usable to those unfamiliar with command line flags. By default, the application will launch the step-through menu if no flags are present, allowing first-time users to get to know the program without needing to delve into the flags themselves. Advanced users can use the flags and the step menu will be deactivated automatically.

For Windows users who would like to make use of this program, I've also included Windows builds below. The best way to use this is to throw it in the same folder MPV resides and launch it from there.

Downloads

As always, you can grab the code here on GitLab. If you'd like a build for a different platform, let me know in the comments.

video_game video_game video_game video_game video_game video_game video_game video_game video_game video_game

Tor Hidden XMPP Server

  2016-11-12 15:45:37 EST

A few weeks ago I got on a kick and wanted to self-host a Signal server that used usernames instead of phone numbers. Ideally, this could federate with other self-hosted Signal systems as well. Unfortunately, this hasn't been easy, Signal is open source, but isn't designed to be federated.

Signal rules, I love it, it's easy to use, and it is the best secure communication app that is usable by normal people, not just crypto-nerds like myself. But at the same time... I really wanted something I could stand up, run on my own hardware, and tear down at will. I don't really have a huge use case, I just wanted to see if I could.

One of the most widely-used federated messenging protocols, XMPP, is functional today, but not nearly user-friendly enough or technically up-to-snuff when compared to messenging platforms like WhatsApp, Signal, or Hangouts. Fortunately, for this use-case, it works well enough (if not a bit rough around the edges). For end-to-end encryption, XMPP classically relied on Off-The-Record (OTR) to keep conversations secure. Sadly, OTR was pretty annoying to use in production and liked to fail in odd ways. I didn't want to use OTR in my new system, I really wanted to use the Signal-style double ratchet end-to-end encryption algorithm that Moxie Marlinspike pioneered.

Enter OMEMO. It utilizes the same Signal-style end-to-end encryption, but wraps this in a way that it works with XMPP servers and clients. Check out the website for more information, but needless to say, it is superior to OTR in many ways.

So what does this mean for my project and you? Well, I've designed an Ansible playbook for Debian (and Ubuntu) systems that will set up a system running the Prosody XMPP server and configure Tor for you automatically (if you so desire).

IMPORTANT NOTE!! - As far as I can tell, multi-user chat IS NOT ENCRYPTED VIA OMEMO. Disclaimer: XMPP is an old dog, it has some nasty edge-cases. This is purely experimental. If you need Real Security: Use Signal, Use Tor.

IMPORTANT NOTE!! - Configuring the system in general is out-of-scope for this playbook. Some things that I usually do for all servers is set up Debian auto-upgrades, install some base packages, secure ssh, and configure IP Tables to block everything incoming (for tor servers).

IMPORTANT NOTE!! - When setting this up, make sure to follow hidden service best practices. Don't administer the server over the internet, use a tor hidden service for ssh. Don't let ssh listen on the default interface, only localhost. Use a single-use ssh key to prevent identity verification (ssh public keys are PUBLIC!). Do your research and read up on how to avoid leaking your identity when running a hidden service.

IMPORTANT NOTE!! - By default, this server allows OPEN REGISTRATION! Anyone can register a username on your server and connect to other XMPP servers with it. For my default use case (providing an open secure communications channel for all), this is fine. It may not be fine for you. Remember, this is on Tor, there are bad people on Tor that could use your server to post or store VERY illegal data.

IMPORTANT NOTE!! - By default, no username is set up to be an administrator, there is a loopback-only (not exported via the hidden service) telnet server that you can use to administer the system in various ways. A tutorial is out of scope for this post, but you can read up on it here.

Ansible Playbook For: XMPP Hidden Service

watchtwitch 4.0.0 - Command Line Twitch.TV Browser

  2016-10-14 21:44:32 EDT

video_game video_game video_game video_game video_game video_game video_game video_game video_game video_game

Yet another updated to watchtwitch, this time removing the dependency on streamlink (or livestreamer). watchtwitch is now able to load up streams all on its own. This is still a new feature, so it may not work 100% of the time, so I've included a -fallback flag that uses streamlink to grab the streams.

Other than that, I've switch the default media player from VLC to MPV.

Downloads

As always, you can grab the code here on GitLab. If you'd like a build for a different platform, let me know in the comments.

video_game video_game video_game video_game video_game video_game video_game video_game video_game video_game

Page: 1 of 23