Tech

Setting up fgallery on OS X with Homebrew

How’d I Pick fgallery Anyway? Currently this site is being generated offline as a series of static images, HTML, CSS, and JS files that get served almost entirely out of cache through the CDN provided by Cloudflare. This is made possible by a piece of software called Hugo. Hugo takes a series of Markdown formatted text files, some HTML/CSS/JS templates, and a theme made of HTML/CSS/JS and generates this entire site each time I run the command hugo inside my site repository.

How to Track People Who've Signed Your PGP Key in Keybase

This is going to be a short article, but I thought this might be useful to someone else. As many of you may already know, I use a service called Keybase. This service provides a number of features: Prove ownership of your social media identities via cryptographic cross-verification Prove your identify for your PGP key via cross-verificatin to your known social identities Prove ownership of your devices cryptographically Share encrypted files between your devices seamlessly using KBFS Track other Keybase users and encrypt messages to them simply Of course as should be obvious upon setting up your Keybase account, it has no relation to the existing OpenPGP Web of Trust (WoT), and therefore no easy way to connect the two.

Setting up OpenVPN on CentOS 7 using DigitalOcean

Introduction Why Bother? As should be abundantly clear from my prior writings I am about to leave on a trip for a year. During that time I’ll likely be making use of numerous public Wi-Fi access points, not to mention whatever dodgy cellular providers are available in each location I travel to. As part of my overall stance on privacy, its essential I take steps to secure my communication while traveling, the primary of which is using a VPN for basically everything on both my laptop and my phone.

OpenVPN + Google Authenticator + SELinux on CentOS 7

Just a quick post to share this with anyone else that needs it. I spent hours using Google and reading posts from random people on the net, including bug comments from Dan Walsh on a never solved Fedora bug specifically related to this. The conclusion I came to was that hardly anyone uses SELinux and the ones that do just hack around the problem rather than solving it. In this particular case, the fault is really with the terrible implementation of Google Authenticator, which I found out during the course of this by reading through the source code.

Setting Up a Macbook for an OpSec Focused Developer - Part 2

Introduction My apologies for the delay in posting part 2. I encountered a few chicken-and-egg problems in that I wanted to write this update from my new Macbook but needed complete the remainder of the setup in order to have a comfortable and secure environment to do so from. Without further ado, on to the meat of it. Organization I’m breaking this article up into several parts to both assist me in the process of writing it and to make it easier to digest.

Setting Up a Macbook for an OpSec Focused Developer - Part 1

Introduction That time has come again, and I have acquired a new Macbook Pro. In this case its primarily in preparation for my trip so that I can edit photos effectively on the go. It replaces my aged 2011 Macbook Air (which has served me well). It seems an opportune time then to write up my process for setting up a Macbook, and with a particular focus on security.

The Ops Approach to Linux Server Security

This post was originally a response to a question I received from a friend via email, with some additions. I’m not going to try to get very in-depth here, this is more of a high-level overview of what you should be doing to secure a server running Linux. This is mainly focused on a business environment where you have multiple users and multiple servers (and are hopefully using configuration management software).