1. 2

    Getting acquainted with terraform for the first time by using it to automate the deployment of a sensitive service into an isolated AWS account @ $dayjob. Finding it really interesting work thus far, and I’m delighted to be easily automating what would have been very repetitive and annoying work otherwise.

    1. 4

      I’ve been running four Tor exit nodes for about a couple of months now. Abuse mails are not as common as I’d expected (my combined exit capacity is higher than the author’s) and the majority of them actually come from some kind of European Union cyber-security organisation(!)

      I’d stress the point about network diversity – if OVH or online.net decide they don’t like Tor it could be very bad for the network as a whole. If you’re looking to run a relay, please research and find a lesser-used ISP.

      1. 1

        As an alternative to running an exit yourself, if there’s anyone here who’s living in under-represented countries in relation to exit bandwidth and you know of people in educational or ISP communities that might be friendly to the idea of facilitating a Tor exit relay with external administration and funding help, I’d very much love to hear from you. I’m trying to see how hard it might be to extend Tor capacity into these regions, and local people to talk to would be a huge help.

      1. 2

        Cool. I want this as a “service.”

        I want to donate $x/month to someone that uses that money to run TOR exit points.

        1. 5

          This is what TorServers does; https://torservers.net/donate.html

          1. 2

            there are a number of groups that do this sort of work. Noisetor is one of them, and due to its being housed within Noisebridge, a 501©(3) educational non-profit, any and all donations to Noisetor are considered charitable donations.

            disclaimer: I’m involved heavily in both Noisebridge and Noisetor.

          1. 1

            I recently purchased an X260 as a replacement for my primary personal development machine and have been having a really confusing time trying to get the Skylake graphics working on Debian. I’m tracking sid, have the latest firmware and xserver-xorg-video-intel packages installed, but gdm cannot launch X on boot at all. Various logs indicate that the i915 driver is being loaded, and that the kms modeswitching is also enabled but to no avail. I’m also running a 4.6 kernel which, from what I was able to gather online, has improved skylake support. Hitting head against desk somewhat at this stage.

            1. 1

              I don’t know how different the X260 is, but I bought a T460s a couple weeks ago. Debian was frustrating; I eventually got things working somehow, after building a custom kernel and installing xorg packages and other stuff from backports. But it was scetchy and I had some issues still after that. I decided to try arch linux, and so far everything just works (after installing the right packages).

            1. [Comment removed by author]

              1. 16

                In bash, set -o errexit causes the script to exit if any command fails. As well, set -o nounset prevents unset variables from expanding to nothing.

                1. [Comment removed by author]

                  1. 25

                    Bash strict mode:

                    set -e # stop the script on errors
                    set -u # unset variables are an error
                    set -o pipefail # piping a failed process into a successful one is an arror
                    

                    Additionally, install and run shellcheck on every bash script you write, and fix all the warnings.

                    1. 6

                      Wow. I didn’t know about pipefail – that’s really useful.

                      1. 4

                        these are very helpful, thanks! I was only aware of set -e

                      2. 3

                        Be aware that there are a number of subtleties with set -e – see http://mywiki.wooledge.org/BashFAQ/105 for some examples. As demonstrated toward the bottom of that page, some regard these subtleties as reasons to avoid set -e; others don’t. I’m in the latter camp, personally (i.e. I usually use it), but it’s not quite as simple and awesome as it might look at first.

                    2. 6

                      I think the real solution here is to use a real programming language even for your one-off throwaway scripts.

                    1. 2

                      I grew up in Dublin, Ireland but have been living in the SF Bay Area for the last ~5 years.

                      1. 6

                        I’m most impressed with the metrics about how many new hosts are using TLS that previously were not. It’d be one thing if Let’s Encrypt ate the other CA’s lunch in their first few months by taking existing customers, but to allow such a large portion of the internet to be encrypted for the first time is a major achievement. Well, well done to the team. Very proud to be a monthly donor to the EFF to support work like this (their other work is also great, but this is hugely impactful).

                        1. 4

                          I’ve been working through the Matasano Cryptopal challenges in Rust the last week or so, and seem to have come to an inflection point in my Rust learnings where the compiler is now my friend.

                          Outside of the cryptopal challenges I’m working on a doorbell notification service in Rust for Noisebridge to extend our existing access control system to allow people to “take the doorbell” for an hour at a time, whereby the physical doorbell in the space would not ring and instead this person would receive slack / SMS notifications about the door.

                          1. 1

                            have come to an inflection point in my Rust learnings where the compiler is now my friend.

                            ? congrats! How long did it take you, do you think?

                            1. 1

                              hard to measure exactly, but I’d wager about 3 weeks or so of time spent tinkering with it.

                              Another major factor is Rust having stable releases. When I originally looked at Rust a few months back there was a lot of out of date documentation online from the pre 1.0 days which made learning it a bit more cumbersome. Anecdotally I’ve found the documentation to be really great post 1.0 which has really aided the learning. I use zeal a lot w/ the Rust documentation.

                              1. 1

                                What’s zeal?

                                Also, glad to hear it. I’ve been hearing stories of a few weeks to a few months. Always collecting more anecdotes!

                                1. 1

                                  ah should have linked to zeal. It’s an offline documentation browser for Linux and Windows modeled off Dash for OS X (it also uses the same documentation set downloads).

                                  The documentation / stabilization of Rust is definitely going to cut down on the learning curve. Exciting times ahead.

                                  1. 1

                                    Ah that’s cool! I’ve heard great stuff about Dash, but since I don’t use a mac…

                            2. 1

                              Thanks for the mention of cryptopals; I should pick that back up…

                            1. 2

                              Definitely interested in keeping measurements for the performance of my replacement X220 battery, so this is really timely and useful to read!

                              1. 3

                                I really can’t wait for general release of Let’s Encrypt. It’s enough to have a new, highly competent and easily usable CA issuing free certificates, but it’s entirely another to release tools to automate the process to the degree that they’ve done. This will have a large impact on the security of the internet, and for that they should be very proud.

                                1. 10

                                  Controversial viewpoint: content (ad) injection is the “worse” problem, not surveillance. At least for the majority of sites that are still http at this time.

                                  I don’t think the NSA cares which pages of ESPN I visit. I don’t care if the NSA does care. But ESPN probably cares that some asshat is polluting their page and damaging their reputation. I care as well, to the extent I may misjudge which sites I want to visit or not.

                                  1. 6

                                    I think part a big difference is when the costs are paid and recognized.

                                    With ad injection, we immediately have slower pages with distracting garbage on them. There’s also possible future security cost because now every page is dependent on the security of the injector and ad services.

                                    With surveillange, we generally have no idea it’s happening and nothing negative at all happens to us (assuming we do not live in a country targeted by the U.S. military). There’s a huge potential for future abuse on a scale and scope the Stasi and KGB could only dream of, but that’s a possible future cost.

                                    So even though both topics come up when we talk about upgrading protocol to use end-to-end encryption, we’ve really only experienced the cost of ad injection. The potential negatives of surveillance far outweigh it, but right now they’re still only potential. (Though maybe we’ll learn in a few decades that we’ve been paying the costs, and what they were.) It’s really easy to fall into arguing the merits of each without realizing the different stakes and its evaluation.

                                    1. 1

                                      I’ve been wondering for a bit if no privacy brinkmanship is the right way to go. People seem to accept the dystopian future Stasi as inevitable. And that’s why we need encrypted email, etc. but I’m not sure future Stasi are going to care if they can read your email or not. Somebody is going to want your parking spot, they’re going to report you, and away you go. “But my email was encrypted, there’s no way you could read it” will probably not save you.

                                      I think privacy advocates will discover too late that the problem with a privacy invading authoritarian state is not the “privacy invading”. Perhaps if we eliminate privacy, people will be more motivated to prevent the rise of the evil emperor. Just a thought.

                                      1. 1

                                        I’m not sure we actually have a lot of choice in either part of that - increasing authoritarianism, or apathy towards it.

                                        Um, I notice the self-reference there, though, and would love to be convinced otherwise.

                                    2. 3

                                      That’s reasonable. I mean, with regard to the privacy concern, I like to bring up the WebMD example, but it’s not the NSA that I’d be worried about; it’s family members. I’m hopeful that this doesn’t exist today, but I’m certainly also concerned about access-point providers capturing and reselling browsing history. Not even only for corporate purchasers; there are plenty of private parties who would pay to get the records of someone they dislike.

                                      Which problem is worse depends on your threat model. :) But ad injection is serious and bad, and I don’t mean to downplay it!

                                      1. 2

                                        Controversial viewpoint: content (ad) injection is the “worse” problem, not surveillance. At least for the majority of sites that are still http at this time.

                                        I don’t think the NSA cares which pages of ESPN I visit. I don’t care if the NSA does care. But ESPN probably cares that some asshat is polluting their page and damaging their reputation. I care as well, to the extent I may misjudge which sites I want to visit or not.

                                        By surveillance are you including the possibility of malicious content injection outside of just ads? Plain HTTP leaves you vulnerable to multiple 3rd parties, not just the big bad NSA (who also abuse it)

                                        1. 1

                                          Malware injection is a problem, but malware remains a problem with https. Watering hole attacks, etc.

                                      1. 1

                                        Exciting to hear about a possible replacement for Adium for those of us using OS X. That development has slowed so much is worrisome.

                                        Also great to hear of the upcoming Axolotl support and their progress on Push support. Definitely going to be keeping a close eye on this.

                                        1. 3

                                          I finished reading “where wizards stay up late” last night having enjoyed it thoroughly cover to cover. It’s a fantastic look at the history of computer networking, and I’d highly recommend it to anyone with an interest in technical history.

                                          I’m on vacation at the moment and I have to hand a copy of Code which I’m starting to read. Simultaneously I’ve purchased a copy of The Martian by Andy Weir after a number of friends recommended it. I’ve yet to start reading it (this evening hopefully) but I’m excited to dig into it.

                                          1. 3

                                            Where Wizards Stay Up Late: The Origins of the Internet. I purchased a copy a while ago after a friend recommended it, but it’s been sitting unopened on my shelf for months. I’m doing a small amount of travel at the moment so figured it’d be a good time to get through the backlog. So far a very enjoyable look into that period of history, and the people who put the internet together.

                                            1. 2

                                              this is one of my two favourite history-of-tech books! lost count of how many copies i’ve given out as gifts. the other is “dealers of lightning”, which i highly recommend if you haven’t read it yet.

                                            1. 5

                                              I’ve made some hasty progress on the Noisebridge library scanning project that’s been on the slow burner for the last while. I have a working golang tool which reads ISBNs from stdin, looks for them using the OpenLibrary API, and then records them in a PostgreSQL database which is feeding a small flask app. There’s still lots to do and clean up, but it’s a fun chance to spend some time with golang. Code is on Github

                                              1. 2

                                                Noisebridge Dead Tree Library: Working on the Go program to take the ISBNs from the books in the library, query for them using the OpenLibrary API and record them in our PostgreSQL database to serve a public searchable index of the books.

                                                Separately I’m working on bringing back a noisebridge 311 service for people to use in the event that something is going on in the space that they’d like help with.

                                                1. 4

                                                  Noisebridge shenanigans: I finished the very first version of my barcode scanning flow in Rust. Currently it claims the input device such that it other programs listening on stdin don’t receive its input, filters for valid ISBN13 numbers and prints those out to stdout. The bit I’m working on now is a small golang utility which will read these ISBNs, look for them using the OpenLibrary API and then store the book data in PostgreSQL. The final part is a small flask app which someone else in the space is writing which will display them in a searchable manner.

                                                  I’m also setting up some infrastructure for Freecon, which is a FOSS unconference event that a few of us at Noisebridge are hoping to put on in October 2015 in San Francisco. We’re very much at the planning stages, but I’m excited to see what we’ll put together.

                                                  1. 5

                                                    Side projects and hackerspace shenanigans: I’m working on a small project to begin cataloging the extensive dead tree book collection at Noisebridge. I want to build a public, searchable index of our book collection.

                                                    The part I’m working on in particular is setting up a barcode scanner flow. I’ve bought a wireless USB scanner which presents itself as a regular HID. I’m taking the opportunity to write my first thing in Rust, a small program which uses libevdev to read the key events and gather the UPC barcodes and spit out ISBN numbers. The code is on Github. I’ve near-zero experience with compiled languages and I’ve found this to be a really fun project with which to learn.

                                                    1. 2

                                                      Yay, treeware indices. Librarian has always been a dream job of mine. I think your project sounds fun.

                                                    1. 4

                                                      “reducing network errors by an incredible 84.1%” would be very interested to hear the details on what issues Docraptor experienced on Linode WRT networking. From reading a short blog post of theirs it seems like they experienced network partitions between hosts in a particular DC (Newark)

                                                      1. 2

                                                        It would also be interesting to hear if they are now spending more or less money to achieve those numbers.

                                                        1. 3

                                                          +1, I’d imagine it’s more expensive unless they’re making great use of AWS' autoscaling abilities.

                                                      1. 5

                                                        However, if all your need is quick access to pretty-printing, consider piping to ‘python -m json.tool’, which will already be available on most systems.

                                                        1. 3

                                                          python -m json.tool really is an invaluable tool to have, both for pretty printing and verifying that the JSON itself is valid. I love sharing it with teammates and seeing their joyous reactions.

                                                          1. 5

                                                            I am always finding myself looking at a blob of json in vim (pasted or otherwise), and a quick reformat is only a few keys away:

                                                            :%!python -m json.tool
                                                            

                                                            Works for jq too:

                                                            :%!jq .