9 results back to index

Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes


Debian, GnuPG, web of trust, x509 certificate

DROP, refusing packets with disabling TCP service invocation by remote request inserting firewall rules in particular position listing firewall rules logging and dropping certain packets permitting incoming SSH access only preventing pings protecting dedicated server restricting telnet service access by source address simulating packet traversal through to verify firewall operation testing firewall configuration ipchains-restore loading firewall configuration ipchains-save checking IP addresses saving firewall configuration viewing rules with IPSec iptables --syn flag to process TCP packets blocking access for particular remote host for a particular service blocking access for some remote hosts but not others blocking all access by particular remote host blocking all incoming HTTP traffic blocking incoming HTTP traffic while permitting local HTTP traffic blocking incoming network traffic blocking outgoing access to all web servers on a network blocking outgoing Telnet connections blocking outgoing traffic blocking outgoing traffic to particular remote host blocking remote access, while permitting local blocking spoofed addresses building chain structures controlling access by MAC address default policies deleting firewall rules disabling reverse DNS lookups (-n option) disabling TCP service invocation by remote request DROP and REJECT, refusing packets with error packets, tailoring inserting firewall rules in particular position listing firewall rules permitting incoming SSH access only preventing pings protecting dedicated server restricting telnet service access by source address rule chain for logging and dropping certain packets testing firewall configuration website iptables-restore loading firewall configuration iptables-save checking IP addresses saving firewall configuration viewing rules with IPv4-in-IPv6 addresses, problems with ISP mail servers, acceptance of relay mail issuer (certificates) self-signed [ Team LiB ] [ Team LiB ] [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] John the Ripper (password-cracking software) dictionaries for download site wordlist directive [ Team LiB ] [ Team LiB ] [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] kadmin utility adding Kerberos principals to IMAP mail server adding users to existing realm modifying KDC database for host running on new host setting server to start at boot kadmind command (Kerberos) kaserver (Andrew Filesystem) kdb5_util command (Kerberos) KDC [See Key Distribution Center] KDE applications, certificate storage Kerberos authentication in /etc/pam.d startup file hosts, adding to existing realm IMAP, using with Key Distribution Centers (KDCs) ksu ksu command PAM, using with without passwords POP, using with setting up MIT Kerberos-5 KDC sharing root privileges via SSH, using with debugging SSH-1 protocol Telnet, using with users, adding to existing realm web site (MIT) KerberosTgtPassing (in sshd_config) kernel /proc files and collection of messages from by system logger enabling source address verification IP forwarding flag ipchains (Versions 2.2 and up) iptables (Versions 2.4 and up) process information recorded on exit runtime integrity checkers source address verification, enabling Key Distribution Center (KDC), setting up for MIT Kerberos-5 keyring files (GnuPG) adding keys to viewing keys on information listed for keys keys, cryptographic [See also cryptographic authentication] adding to GnuPG keyring backing up GnuPG private key dummy keypairs for imapd and pop3d encrypting files for others with GnuPG generating key pair for GnuPG GnuPG, viewing on your keyring key pairs in public-key encryption keyring files for GnuPG keys obtaining from keyserver and verifying OpenSSH programs for creating/using PGP keys, using in GnuPG revoking a public key sharing public keys securely Tripwire viewing on GnuPG keyring keyserver adding key to informing that a public keys is no longer valid obtaining keys from uploading new signatures to killing processes authorizing users to kill via sudo command pidof command, using terminating SSH agent on logout kinit command (Kerberos) 2nd 3rd -f option (forwardable credentials) klist command (Kerberos) 2nd known hosts database (OpenSSH server) kpasswd command (Kerberos) krb5.conf file, copying to new Kerberos host krb5.keytab file krb5kdc kstat (integrity checker) ksu (Kerberized su) authentication via Kerberos sharing root privileges via [ Team LiB ] [ Team LiB ] [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] last command 2nd lastb command lastcomm utility bugs in latest version lastdb command lastlog command databases from several systems, merging multiple systems, monitoring problems with ldd command libnet (toolkit for network packet manipulation) libnids (for TCP stream reassembly) libpcap (packet capture library) 2nd binary files Snort logging directory, creating in logging Snort data to libpcap-format files network trace files, ngrep Snort, use by libwrap, using with xinetd Linux /proc filesystem differing locations for binaries and configuration files in distributions encryption software included with operating system vulnerabilities Red Hat [See Red Hat Linux] supported distributions for security recipes SuSE [See SuSE Linux] ListenAddress statements, adding to sshd_config listfile module (PAM) ACL file entries local acces, permitting while blocking remote access local facilities (system messages) local filesystems, searching local key (Tripwire) creating with script fingerprints, creating in secure integrity checks read-only integrity checking local mail (acceptance by SMTP server) local password authentication, using Kerberos with PAM localhost problems with Kerberos on SSH SSH port forwarding, use in unsecured mail sessions from logfile group configuration file (logwatch) logger program writing system log entries via shell scripts and syslog API logging access to services combining log files firewalls, configuring for nmap -o options, formats of PAM modules, error messages rotating log files service access via xinetd shutdowns, reboots, and runlevel changes in /var/log/wtmp Snort 2nd to binary files partitioning into separate files permissions for directory stunnel messages sudo command remotely system [See system logger] testing with nmap stealth operations loghost changing remote logging of system messages login shells, root logins adding another Kerberos principal to your ~/.k5login file Kerberos, using with PAM monitoring suspicious activity printing information about for each user recent logins to system accounts, checking testing passwords for strength CrackLib, using John the Ripper, using logouts, history of all on system logrotate program 2nd 3rd logwatch filter, defining integrating services into listing all sudo invocation attempts scanning log files for messages of interest scanning Snort logs and sending out alerts scanning system log files for problem reports lsh (SSH implementation) lsof command +M option, (for processes using RPC services) -c option (command name for processes) -i option (for network connections) -p option (selecting processes by ID) -u option (username for processes) /proc files, reading IP addresses, conversion to hostnames network connections for processes, listing [ Team LiB ] [ Team LiB ] [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] m4 macro processor MAC addresses controlling access by spoofed mail [See email IMAP POP] Mail application (Mozilla) mail clients connecting to mail server over SSL support for secure POP and IMAP using SSL mail facility (system messages) mail servers receiving Internet email without visible server support for SSL testing SSL connection locally Mailcrypt mc-deactivate-passwd to force passphrase erasure official web site using with GnuPG mailpgp (script for encrypting/sending email) mailsnarf command -v option, capturing only unencrypted messages malicious program, /tmp/ls man-in-the-middle (MITM) attacks dsniff, proof of concept with self-signed certificates, risk of services deployed with dummy keys manual integrity checks mask format, CIDR Massachusetts Institute of Technology (MIT) Kerberos matching anything (ALL keyword) 2nd max_load keyword (xinetd) 2nd mc-encrypt function MD5 checksum verifying for RPM-installed files merging system log files MH (mail handler) mirroring a set of files securely between machines MIT Kerberos MITM [See man-in-the-middle attacks] modules PAM CrackLib listfile 2nd pam_stack Perl Sys::Lastlog and Sys::Utmp Sys::Syslog XML::Simple monitoring systems for suspicious activity account use checking on multiple systems device special files directing system messages to log files displaying executed commands executed command, monitoring filesystems searching effectively finding accounts with no password finding superuser accounts finding writable files insecure network protocols, detecting local network activities log files, combining logging login passwords logins and passwords logwatch filter for services not supported lsof command, investigating processes with network-intrusion detection with Snort 2nd decoding alert messages logging output partitioning logs into files ruleset, upgrading and tuning networking observing network traffic with Ethereal GUI open network ports, testing for packet sniffing with Snort recovering from a hack rootkits rotating log files scanning log files for problem reports search path, testing searching for strings in network traffic security incident report, filing sending messages to system logger setuid and setgid programs, insecure syslog configuration, testing syslog messages, logging remotely tracing processes writing system log entries shell scripts with C with Perl scripts monitoring tools for networks NIH page web page information on morepgp (script for decrypting/reading email) mount command -o nodev (prohibiting device special files) grpid option noexec option nosuid option setuid and setgid programs, protecting against misuse mounts file (/proc) Mozilla certificate storage encrypted mail with Mail & Newsgroups Muffet, Alec (Crack utility) multi-homed hosts firewall for SSH client, problems with canonical hostname multi-homed server machines, socket mail server is listening on multicast packets multithreaded services (in inetd.conf) mutt mailer home web page securing POP/IMAP with SSL [ Team LiB ] [ Team LiB ] [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] NAMEINARGS flag for xinetd NAT gateway, canonical client hostname and National Infrastructure Protection Center (NIPC) (U.S.)

To retain this information in your backups, copy the attributes from the original files to the encrypted files, before the links to the original files are deleted: # find newdir -type f -exec gpg -e '{}' \; \ -exec chown --reference='{}' '{}.gpg' \; -exec chmod --reference='{}' '{}.gpg' \; -exec touch --reference='{}' '{}.gpg' \; -exec rm '{}' \; Method 2 and the CD-ROM variant of method 1 use disk space (at least temporarily) for the encrypted files. 7.25.4 See Also gpg(1), tar(1), find(1), cdrecord(1). Recipe 7.26 Using PGP Keys with GnuPG 7.26.1 Problem You want to use PGP keys in GnuPG operations. 7.26.2 Solution Using PGP, export your key to a file called pgpkey.asc. For example, using freeware PGP 6.5.8, you export a public key with: $ pgp -kxa my_key pgpkey.asc or a private key with: $ pgp -kxa my_key pgpkey.asc my_secret_keyring.skr Then import the key into your GnuPG keyring. For public keys: $ gpg --import pgpkey.asc For private keys: $ gpg --import --allow-secret-key-import pgpkey.asc Now you can use the key in normal GnuPG operations. 7.26.3 Discussion Keys are really abstract mathematical objects; this recipe simply converts a key from one representation to another so that GnuPG can use it. It's similar to converting an SSH key between the SSH2 and OpenSSH formats.

You'll be prompted for the recipient, whose public key must be on your GnuPG keyring: Recipients: and then asked whether you want to sign the message, which is an optional step and requires your GnuPG passphrase. Sign the message? (y or n) Then voilà, your message becomes GnuPG-encrypted for that recipient: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 and Gnu Privacy Guard hQEOAxpFbNGB4CNMEAP/SeAEOPP6XW+uMrkHZ5b2kuYPE5BL06brHNL2Dae6uIjK sMBhvKGcS3THpCcXzjCRRAJLsquUaazakXdLveyTRPMa9J7GhRUAJvd8n7ZZ8iRn ... -----END PGP MESSAGE----- Finally, send the message normally. If you receive an encrypted message, and you already have the sender's key (indexed by her email address) on your GnuPG public keyring, simply invoke: M-x mc-decrypt for the buffer containing the message.


pages: 274 words: 58,675

Puppet 3 Cookbook by John Arundel


Amazon Web Services, cloud computing, continuous integration, Debian, defense in depth, GnuPG, place-making, web application

See also ff Using ERB templates, in this chapter 97 Working with Files and Packages Using GnuPG to encrypt secrets We often need Puppet to have access to secret information, such as passwords or crypto keys, for it to configure systems properly. But how do you avoid putting such secrets directly into your Puppet code, where they're visible to anyone who has read access to your repository? It's a common requirement for third-party developers and contractors to be able to make changes via Puppet, but they definitely shouldn't see any confidential information. Similarly, if you're using a distributed Puppet setup like that described in Chapter 1, Puppet Infrastructure, every machine has a copy of the whole repo, including secrets for other machines that it doesn't need and shouldn't have. How can we prevent this? One answer is to encrypt the secrets using the GnuPG tool, so that any secret information in the Puppet repo is undecipherable (for all practical purposes) without the appropriate key.

One answer is to encrypt the secrets using the GnuPG tool, so that any secret information in the Puppet repo is undecipherable (for all practical purposes) without the appropriate key. Then we distribute the key securely to the people or machines who need it. Getting ready First you'll need an encryption key, so follow these steps to generate one. If you already have a GnuPG key that you'd like to use, go on to the next section: 1. Run the following command. Answer the prompts as shown, except to substitute your name and e-mail address for mine. When prompted for a passphrase, just hit Enter: ubuntu@cookbook:~/puppet$ gpg --gen-key gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection?

Modify your hiera.yaml file as follows: :hierarchy: - secret - common :backends: - yaml - gpg :yaml: :datadir: '/home/ubuntu/puppet/data' :gpg: :datadir: '/home/ubuntu/puppet/data' How to do it... In this example we'll create a piece of encrypted data and retrieve it using hiera-gpg. 1. Create the file data/secret.yaml with the following contents: top_secret: 'xyzzy' 2. If you don't already have a GnuPG encryption key, follow the steps in the Using GnuPG to encrypt secrets recipe in Chapter 4, Working with Files and Packages to create one. 3. Encrypt the secret.yaml file to this key using the following command (replace the with the e-mail address you specified when creating the key). This will create the file secret.gpg: ubuntu@cookbook:~/puppet$ cd data ubuntu@cookbook:~/puppet/data$ gpg -e -o secret.gpg -r john@ secret.yaml 4.


Multitool Linux: Practical Uses for Open Source Software by Michael Schwarz, Jeremy Anderson, Peter Curtis


business process, Debian, defense in depth, GnuPG, index card, indoor plumbing, optical character recognition, publish or perish, RFC: Request For Comment, Richard Stallman, SETI@home, slashdot, web application, x509 certificate

If you don't want your command results being returned to you in plain text, you will have to encrypt the results. For these two tasks, encryption and authentication/authorization, we'll use another very handy Linux tool, GnuPG. Securing Everything We are now entering the part of this chapter where it starts to get really funky. Encryption and digital signatures are not new, but when it comes to your use of this technology, you might be new to it and not quite sure of how to go about using it. Don't panic! Chapter 10, Secure Your E-Mail with GPG, discusses everything you need to know about GnuPG. Using GnuPG to Handle Authorizations One small problem with this version of the e-mail console is that anyone is able to send an e-mail to your system and execute commands from your user account. To prevent this, we'll modify the Perl script to include support for digital signature detection and verification.

Locking It Down Because anyone can send me an e-mail, I had to work out a protocol that would allow me and trusted friends, but no one else, to execute commands. I also needed to ensure that the results were returned securely, safe from snooping eyes. The solution to all of this lies with encryption and digital signatures found in another great utility, GnuPG (see Chapter 10, Secure Your E-Mail with GPG). The Project Now that you know the story of how the e-mail console came to be, it's time to put together all the pieces and make a working system. You will be using the following utilities for this project: · Fetchmail— to get the mail · Procmail— to parse and execute the e-mail console script · GnuPG— to decrypt the e-mail and verify the authenticity of the sender The Disclaimer Doing this project could seriously damage your system. If you implement this project, anyone, and I mean anyone, on the planet with Internet access and an e-mail account has the potential to execute any command, even as root, on your system.

For this example, we'll keep it simple and just assume your friends are trustworthy and won't try to erase all your files from your home folder. In addition to authorization, our results should be kept private until the recipient gets the results. To do this, we'll use encryption. Using GnuPG to Encrypt the Results So long as the digital signature verifies, we can now get down to executing the commands contained in the e-mail and placing the results in an encrypted e-mail back to the sender. We'll use GnuPG to encrypt the execution results. We'll do this by using the e-mail address in the From or Reply-to field as the public key identifier when encrypting the results. Sounds easy enough. Putting It All Together Both the digital signature verification and the encryption of the results will require significant changes to the script.


pages: 422 words: 104,457

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance by Julia Angwin


AltaVista, Ayatollah Khomeini, barriers to entry, bitcoin, Chelsea Manning, clean water, crowdsourcing, cuban missile crisis, data is the new oil, David Graeber, Debian, Edward Snowden, Filter Bubble, Firefox, GnuPG, Google Chrome, Google Glasses, informal economy, Jacob Appelbaum, Julian Assange, market bubble, market design, medical residency, meta analysis, meta-analysis, mutually assured destruction, prediction markets, price discrimination, randomized controlled trial, RFID, Robert Shiller, Ronald Reagan, security theater, Silicon Valley, Silicon Valley startup, Skype, smart meter, Steven Levy, Upton Sinclair, WikiLeaks, Y2K, Zimmermann PGP

And they had a dashboard of statistics: Brian Kennish, in discussion with author, August 16, 2012. “I think that might be why I’m into data”: Ibid. 13. LONELY CODES First, I downloaded free encryption software: “The GNU Privacy Guard,” Free Software Foundation, Inc., a program called Enigmail: “A Simple Interface to OpenPGP Email Security,” The Enigmail Project, designed to run with: GnuPG, “GnuPG Frequently Asked Questions,” The Postbox support page said: Postbox, Inc., “Extending Postbox,” The Enigmail support forums said: SourceForge, Inc., “PostBox 3.0.7 and Enigmail 1.2.3 Freezing Problem” (forum), I had eagerly downloaded: “The CrytpoParty handbook,” Version: 2013-08-21,

Later, at a conference after-party, I lamented my GPG incompetence to David Robinson, a law and technology consultant who helped found Princeton University’s Center for Information Technology Policy. Robinson showed me a website that made me feel better. It was the personal website of Karl Fogel, a leading software developer. It displayed his public key and this disclaimer: “I don’t trust my ability to use GnuPG.… Guarding against [possible attacks on GPG] would require constant vigilance, and I’m not up to the task. Therefore, if it’s important that your message to me be truly secret, please contact me before you send it, and we’ll work something out.” * * * The fatal flaw of public key encryption is that it relies on individuals to protect their keys. Back in the days of physical codebooks, specially trained messengers ferried codebooks between spies and military operatives.

Off-the-Record is a volunteer project: Off-the-Record Messaging, “The OTR Development Team,” It turned out he was: Evan Schoenberg, in discussion with author, November 25, 2012. When the antinuclear activist Phil Zimmermann: Phil Zimmermann, “Creator of PGP and Zfone: Background,” (personal blog), The software I was using: “The GNU Privacy Guard,” GnuPG, On March 9, 1993, Eric Hughes published: Eric Hughes, “A Cypherpunk’s Manifesto,” March 9, 1993, The U.S. Customs Service began investigating whether: Phil Zimmermann, “Testimony of Philip R. Zimmermann to the Subcommittee on Science, Technology, and Space of the US Senate Committee on Commerce, Science, and Transportation,” (personal blog), June 26, 1996,


pages: 678 words: 159,840

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery by Raphaal Hertzog, Roland Mas


bash_history, Debian, distributed generation,, failed state, Firefox, GnuPG, Google Chrome, Jono Bacon, NP-complete, QWERTY keyboard, RFC: Request For Comment, Richard Stallman, Skype, SpamAssassin, Valgrind, web application, x509 certificate, zero day, Zimmermann PGP

.] $ dpkg -I /var/cache/apt/archives/gnupg_1.4.12-7_amd64.deb new debian package, version 2.0. size 1952176 bytes: control archive=3312 bytes. 1449 bytes, 30 lines control 4521 bytes, 65 lines md5sums 479 bytes, 13 lines * postinst #!/bin/sh 473 bytes, 13 lines * preinst #!/bin/sh Package: gnupg Version: 1.4.12-7 Architecture: amd64 Maintainer: Debian GnuPG-Maintainers <> Installed-Size: 4627 Depends: libbz2-1.0, libc6 (>= 2.4), libreadline6 (>= 6.0), libusb-0.1-4 (>= 2:0.1.12), zlib1g (>= 1:1.1.4), dpkg (>= 1.15.4) | install-info, gpgv Recommends: libldap-2.4-2 (>= 2.4.7), gnupg-curl Suggests: gnupg-doc, xloadimage | imagemagick | eog, libpcsclite1 Section: utils Priority: important Multi-Arch: foreign Homepage: Description: GNU privacy guard - a free PGP replacement GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC 4880. [...]

→ → → TOOL Developer's database Debian has a database including all developers registered with the project, and their relevant information (address, telephone, geographical coordinates such as longitude and latitude, etc.). Some of the information (first and last name, country, username within the project, IRC username, GnuPG key, etc.) is public and available on the Web. → The geographical coordinates allow the creation of a map locating all of the developers around the globe. Debian is truly an international project: its developers can be found on all continents, although the majority are in “Western countries”. Figure 1.1. World-wide distribution of Debian developers Package maintenance is a relatively regimented activity, very documented or even regulated.

op=log Vcs-Svn: svn:// Build-Depends: debhelper (>= 7.4.12), python-support (>= 0.8), xdg-utils, python (>= 2.5), libgtk2.0-0 (>= 2.6), python-gtk2, python-xdg, python-simplejson | python (>= 2.6) Checksums-Sha1: bd84fa5104de5ed85a49723d26b350856de93217 966899 zim_0.48.orig.tar.gz 352111ff372a20579664416c9abd4970839835b3 9615 zim_0.48-1.debian.tar.gz Checksums-Sha256: 77d8df7dc89b233fdc3aab1a8ad959c6888881ae160770f50bf880a56e02f895 966899 zim_0.48.orig.tar.gz 0fceab5d3b099075cd38c225fa4002d893c1cdf4bbcc51d1391a34248e1e1a22 9615 zim_0.48-1.debian.tar.gz Files: 88cfc18c0c7339528d5f5f463647bb5f 966899 zim_0.48.orig.tar.gz 608b6e74aa14252dfc6236ab184bdb0c 9615 zim_0.48-1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJMSUAfAAoJEAOIHavrwpq5qjUIAKmM8p86GcHYTxMmKENoBUoW UPi5R7DzrLMbFrUXKgXWLvEKQTXpmkJhh2aSWq2iY+5piBSHwMiITfaBTpdTRvzU 5nT/n9MlF8sJFESet/NgZaMPFDzWUbIy5aYbuG1TXmn/7XiDrBaQGiVqKkVLPrqc yWhsotn3JNKIjbPDW/DjImYyKD5RZpXrbVjuIgDT1E6yxtNYwUyBlK0cx/GITNep uV48hsT8cj0paqVXl5+P9Ww8XIE3clxNpE/45/tvKvkqGOeysc6OPAqsIw6HYFY9 0EnvMTfMpeQOA68ZqsNpUjomv5r/EGwdCbAWo5iJDsZzXQ1Feh6iSNrjv3yeRzg= =qnbh -----END PGP SIGNATURE----- Note that the source package also has dependencies (Build-Depends) completely distinct from those of binary packages, since they indicate tools required to compile the software in question and construct its binary package.


pages: 349 words: 114,038

Culture & Empire: Digital Revolution by Pieter Hintjens


4chan, airport security, anti-communist, anti-pattern, barriers to entry, Bill Duvall, bitcoin, blockchain, business climate, business intelligence, business process, Chelsea Manning, clean water, congestion charging, Corn Laws, correlation does not imply causation, cryptocurrency, Debian, Edward Snowden, failed state, financial independence, Firefox, full text search, German hyperinflation, global village, GnuPG, Google Chrome, greed is good, Hernando de Soto, hiring and firing, informal economy, invisible hand, James Watt: steam engine, Jeff Rulifson, Julian Assange, Kickstarter, M-Pesa, mutually assured destruction, Naomi Klein, national security letter, new economy, New Urbanism, Occupy movement, offshore financial centre, packet switching, patent troll, peak oil, pre–internet, private military company, race to the bottom, rent-seeking, reserve currency, RFC: Request For Comment, Richard Feynman, Richard Feynman, Richard Stallman, Satoshi Nakamoto, security theater, Skype, slashdot, software patent, spectrum auction, Steve Crocker, Steve Jobs, Steven Pinker, Stuxnet, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, trade route, transaction costs, union organizing, web application, WikiLeaks, Y2K, zero day, Zipf's Law

You subscribe to some topics, and then receive posts on those topic, asynchronously, as your local server chats with other servers. Usenet is where FAQs and spam originated. Anonymous broadcasting -- using the Usenet protocols or something very much like them -- also solves the problem of how to avoid flooding the Cellnet. Social Networks There are ways to communicate that are considered secure. People do still trust Tor, "Off-the-record" (OTR) chatting, and cryptographic layers like GnuPG. However, as I've explained, these are still vulnerable in various ways. Even if you do wrap your messages in unbreakable end-to-end security, so no server in the middle can ever see the unencrypted data, you are still providing that metadata, which can be sufficient to build a case against you. Simply talking to a person of interest, no matter what you say, can make you a person of interest in turn.

Agreed, the very notion of the spy state watching and perhaps hunting us, the idea that we live in mortal fear of our own elected governments is highly uncomfortable, close to paranoia. However, why even take the risk? We can build social networks over the Cellnet. They will be asynchronous and distributed and impossible to trace, except by physical seizure or brute-force hacking of individual devices, the most costly and impractical of surveillance options. We would want end-to-end security, as GnuPG or ZeroMQ provides, and some form of anonymous routing across nodes, as I've already described. We could exchange security keys by touching our phones together, using the near-field communications, or NFC, feature that many smartphones have. Then we could share data privately, and securely, over multiple hops, whether we're still in the same city, or half-way around the world. As a user experience, it's simple.


pages: 282 words: 79,176

Pro Git by Scott Chacon


continuous integration, Debian, distributed revision control, GnuPG, pull request, revision control

All you have to do is use -s instead of -a: $ git tag -s v1.5 -m 'my signed 1.5 tag' You need a passphrase to unlock the secret key for user: "Scott Chacon <>" 1024-bit DSA key, ID F721C45A, created 2009-02-09 If you run git show on that tag, you can see your GPG signature attached to it: $ git show v1.5 tag v1.5 Tagger: Scott Chacon <> Date: Mon Feb 9 15:22:20 2009 -0800 my signed 1.5 tag -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEABECAAYFAkmQurIACgkQON3DxfchxFr5cACeIMN+ZxLKggJQf0QYiQBwgySN Ki0An2JeAVUCAiJ7Ox6ZEtK+NvZAj82/ =WryJ -----END PGP SIGNATURE----- commit 15027957951b64cf874c3557a0f3547bd83b3ff6 Merge: 4a447f7... a6b4c97... Author: Scott Chacon <> Date: Sun Feb 8 19:02:46 2009 -0800 Merge branch 'experiment' A bit later, you’ll learn how to verify signed tags. Lightweight Tags Another way to tag commits is with a lightweight tag.


pages: 296 words: 86,610

The Bitcoin Guidebook: How to Obtain, Invest, and Spend the World's First Decentralized Cryptocurrency by Ian Demartino


3D printing, AltaVista, altcoin, bitcoin, blockchain, buy low sell high, capital controls, cloud computing, corporate governance, crowdsourcing, cryptocurrency, distributed ledger, Edward Snowden, Elon Musk, ethereum blockchain, fiat currency, Firefox, forensic accounting, global village, GnuPG, Google Earth, Haight Ashbury, Jacob Appelbaum, Kevin Kelly, Kickstarter, litecoin, M-Pesa, Marshall McLuhan, Oculus Rift, peer-to-peer lending, Ponzi scheme, prediction markets, ransomware, Satoshi Nakamoto, self-driving car, Skype, smart contracts, Steven Levy, the medium is the message, underbanked, WikiLeaks, Zimmermann PGP

At the time of this writing, Valhalla and AlphaBay are two of the most popular and reputable, but their status could change at any time. and Reddit’s subforums r/Darkmarkets and r/DarkmarketNoobs are great resources for individuals looking to order something from the Deep Web. Ordering from these sites requires PGP and Bitcoin. Guides on how to use Bitcoin can be found in this book and countless places online. GnuPG (or GPG for short, often still referred to as PGP) is the open-source version of PGP, which was the world’s most popular and arguably powerful personal encryption software until GPG was released. It was invented by Phil Zimmerman and owned by the PGP Corporation until 2010, when it was purchased by Symantec.15 Since Windows is extremely unsecure and Tor has been shown to be compromised, it has been suggested that users with particularly strong concerns about privacy and anonymity should take the extra steps of using TailsOS, which I mentioned earlier.


Version Control With Git: Powerful Tools and Techniques for Collaborative Software Development by Jon Loeliger, Matthew McCullough


continuous integration, Debian, distributed revision control, GnuPG, pull request, revision control, web application, web of trust

Although Git implements only one kind of tag object, there are two basic tag types, usually called lightweight and annotated. Lightweight tags are simply references to a commit object and are usually considered private to a repository. These tags do not create a permanent object in the object store. An annotated tag is more substantial and creates an object. It contains a message, supplied by you, and can be digitally signed using a GnuPG key according to RFC4880. Git treats both lightweight and annotated tag names equivalently for the purposes of naming a commit. However, by default, many Git commands work only on annotated tags, because they are considered “permanent” objects. You create an annotated, unsigned tag with a message on a commit using the git tag command: $ git tag -m "Tag version 1.0" V1.0 3ede462 You can see the tag object via the git cat-file -p command, but what is the SHA1 of the tag object?