Tag Archives: Internet

Personal Security Vs Online Identity

Personal security is extremely important on the internet. Everyone needs to take steps to make sure their important personal data is protected. Everyone should be using LastPass or KeyPass to manage website passwords, I would also suggest two factor authentication where ever possible. It is also a good habit to not be too revealing about oneself while online and you need to be careful about who you are friends with or following you on social media. Do not allow strangers to have unnecessary access to details of your life. A good example is this blog, I have no control over who reads this blog, so I do not post things like vacation pictures until I am home and I very carefully manage my Facebook account so only people I personally know can see anything and I dutifully delete old posts.

The other side of this coin is managing your online identity. I have met people who stubbornly refuse to have any social media accounts at all because of the security risks involved. The problem with this, is it makes it easy for people to take control of your online identity. A few years ago as a prank, I opened a Facebook account for my Nephew. I purposefully got several details of his life wrong, like his birthday and his graduation date. I did not send out a single friend request to anyone, nor did I post anything other than setting his profile picture. Within 24 hours about a dozen people, including family had sent friend requests. I made it almost 48 hours before he found out about it and figured out it was me and asked me to close it. Pause and think about that for a little while. I had complete control over his Facebook identity for 48 hours, unopposed and unquestioned. I could have posted anything, or in a more sinister light, I had access to a dozen peoples Facebook feeds, who were happily sharing their lives with me.

The point of this post is to point out that while everyone needs to be security conscience, everyone also needs to have control over their online identities, if for no other reason than to control what is being seen and heard. If you have no online identity and you piss someone off, it is really easy for them to assume your identity and ruin your reputation. If you already have an online identity that you have properly managed, it is easy to say, that is not me, see here is my Facebook account, I don’t know who this person is. If you don’t have a Facebook account, it is very difficult to deny that guy posting “My Little Pony” porn on Facebook is not you. If you already have a Facebook account, you also have full control of the message and the image you are projecting. Make your profile picture a picture of you in nice cloths, a couple of time a week post something that shows you in a good light, keep a tight leash on who you friend and who you allow to see your posts, don’t let anyone tag you in anything you feel uncomfortable with. Even if you were at the bong party, you want to be able to deny it.

More site updates

The final part of the website that existed outside of this blog was the Companions of Xarth Wiki, which up to this point was housed within PMWiki. I wanted to bring it into the WordPress framework along with everything else, just for simplicity and continuity. I have been needing to clean it out anyway, there are several half started projects that will never be completed, so I might as well dump it. I have not finished the transition yet, but I think it will be done by tomorrow sometime. At the top you should see a new tab for the CoX Wiki, if you see that I missed something important, let me know.

Edit: Okay, I am not going to get this done before next weekend.

The importance of backups

My friend Chad over at the Kurulounge, linked to one of my posts about my server being down, specifically the one where I discuss backups.

http://kurulounge.blogspot.com/2017/07/what-im-reading-732017.html

This is something that is important, I agree with Chad, and it is worth repeating, if you have proper backups, it solves so many problems and in this day and age there is really no excuse for not doing it. Carbonite is a great idea, but there are other options as well. I use Dropbox, for the paid accounts, they maintain older versions of your documents for 30 days, longer for business accounts. This means, if you get hit by Ransomware, you simply format and reinstall, then delete all your infected files from Dropbox and download the previous un-encrypted versions. Then instead of sending a bitcoin to the Russian government, send them a message that says “Nice try asshole!”. Don’t think because you are running Malwarebytes that you are safe, remember anti-virus and anti-malware software is only as good as its last update and the bad guys will always be 1 or 2 weeks a head of the good guys.

Backup your files, then test your backup, then backup again!

Site Updates

I had a couple of standalone pages on this site. These pages were basically picture albums that PezWitch wanted done. One memorialized her favorite cat Bunter and the other her Grandmother Ellen. I also had one that posted the pictures I took for Thanksgiving last year. I have migrated these pages to the blog, you should be able to see them under “Picture Albums” Tab at the top.

I also added two new albums, while I was spring cleaning I came across a frame that had multiple pictures of PezWitch from childhood on. None of these pictures had ever been scanned, so I scanned them and added them to the collection. Since I had one for PezWitch, I thought it might be a good idea to have one for myself as well.

 

I am over Twitter

I officially declare Twitter the new MySpace, only people who are hopelessly uncool and out of touch continue to use it.

Make sure your porn collection dies with you

The last thing any of us want is to die suddenly and have innocent relatives discover the porn collection stashed on our computer. My solution to this problem is fairly simple, a virtual machine where you can safely download and enjoy porn, without having to worry about clearing you browsing history or storing you videos in misnamed folders. The virtual machine is installed into an encrypted folder or drive where only you can access it. I also suggest taking the additional step of loading the virtual machine with Linux, simply because it is less vulnerable to the malware that tends to inhabit the dark underbelly of the internet. There are many alternatives and combinations of tools, but what I am inclined to use is VeracryptVirtualbox and Ubuntu. You could just as easily use BitLocker, VMWare and Fedora. This is not going to be a tutorial, I am not especially interested in providing a step by step of how to do this, none of these things is terribly difficult to figure out. My intention here is to simply present an idea, a solution to a problem.

RE: Website reconstruction work

I have finished going through all my old blog posts looking for missing pictures. I believe I have gotten them all. If I still had the picture, I uploaded it again, if I did not have it, but got it off the internet, I tried to find the original picture and barring that, I uploaded something close to it. If I could not replace the picture at all, I simply replaced it with picture not available. As I said yesterday, if you come across one please let me know so I can fix it.

Edit: Oh and yes, for those of you who noticed, I did delete all of the old political posts I made, but I did that last November.

Website reconstruction work

So I spent some time today going through my blog looking for missing pictures. I have found a lot of them. If I have the picture, I am re-uploading them, if I don’t have the picture or I cannot find where I got it from on the internet, I am replacing it with “Picture no longer available”. This is probably going to take a while to complete, if you come accross an old post with a broken picture or link, let me know and I will fix it up as soon as I can.

Thanks

ESP8266 Basic

For a while now I have been working with a couple of ESP8266 wireless modules. These devices are pretty nifty and allow for some interesting projects with both Raspberry Pi and Arduino. The biggest actual hurdle is leaning to program them properly and use AT commands to configure them. I found this a bit odious until I discovered ESP8622 Basic, a firmware update that lets you program them using the Basic programming language and a web page interface. The guy who wrote the firmware is a Windows user and does not really have any instructions for flashing the firmware if you use Linux. Through trial and error I figured it out and want to document it for the ages. I use Ubuntu 16.04, so the instructions will be specifically for that, however adapting them to another distro should not be tough. I am using a NodeMCU ESP8266, I like them because they have a built in USB interface and have GPIO pins to make it easier to attach LED’s and sensors. The first thing to do is to plug it in to your computer, there is no need for drivers, it should be recognized instantly and attached to /dev/ttyUSB0, if you have more than one hooked up, the port may end up being different. But once that is done, open a terminal and move on to the next step.

First we need to get the dependencies:

sudo apt-get install python-serial git

Next we need the flashing tool esptool.py:

git clone https://github.com/themadinventor/esptool.git

cd esptool

Download the ESP8622 Basic firmware:

wget https://github.com/esp8266/Basic/tree/NewWebSockets/Flasher/Build/1M/ESP8266Basic.cpp.bin

Then we flash the new firmware:

sudo python esptool.py –port /dev/ttyUSB0 write_flash 0x00000 ESP8266Basic.cpp.bin

Finally you can connect to the device and start programming it by connecting to the ESP network which should be listed as an available wireless network, then point your web browser to http://192.168.4.1/ and you should be off and running.

Links:

https://www.amazon.com/HiLetgo-Version-NodeMCU-Internet-Development/dp/B010O1G1ES

https://www.esp8266basic.com/

http://www.esp8266.com/viewforum.php?f=38

ESP8266 BASIC Sets Up a Web Remote in No Time

Basically, It’s an ESP8266

 

 

Things I have been doing

The last couple of months (November 9th if you must know) I have been working on securing my technology, I am trying to do better in keeping myself safe. Here is the list of things I have accomplished;

  • Encrypted my smartphone and iPad
  • Encrypted the hard drives on both my computers
  • Added two factor authentication to Lastpass, Steam, Dropbox and my Google account
  • Downloaded and installed the TOR Browser

I am not going to lie to you, this has added a new level of “Pain in the ass” to using some of my technology, however, I feel considerably safer now that it is done. The thing I am having the most trouble with is TOR. While it is easy enough to get going, using it is just slow. I don’t mean a little slow, I mean SSSSLLOOOWWW!!! Some days are worse than others, but even the good days still suck really bad. For right now, there is no way I can use TOR for normal day to day stuff. For the foreseeable future TOR has been relegated to the “Just experimenting” bin.

The Dark Web Sucks

I am messing around with Tor Browser, trying to look around the so called Dark Web. I have to say it socks the big one. The naming conventions are random letters more or less, the connections are slow and the web pages look like utter crap. I was looking around for some interesting forums or blogs, but really all I found was conspiracy theory bullshit. To be fair I did not spend a ton of time with it and I am sure there is more interesting stuff out there, i just need to look harder.

RE: Facebook and Me

Facebook, well really all social media, and I have always had a tenuous relationship. I mean I almost always have to force myself to post anything with any consistency. Lately I have found myself self censoring, basically not responding to things other people posted because I didn’t really want to stir the pot. When I would post things to stir the pot, I found basically everyone else is self censoring as well. So then the question becomes what do I need social media for?

The obvious answer here is so I can stay in touch with friends and family. This makes sense on face value, Facebook lets me keep track on people in more or less real time. Going back to my first paragraph, if I am self censoring and everyone I know is self censoring, then we are not really having any sort of real dialog. All we are really using the platform for is to send targeted messages to each other. Okay, I have an email address for that and a phone number that receives text messages. So then I am back to the question what do I need social media for?

PezWitch uses social media as a way to express herself. She posts pictures and video’s on a near daily basis. Much of this stuff is very creative and fun to do, I can see why she does it. My hobbies are very different though, I play dungeons & dragons, read comic books and mess with computers. This blog is very much an expression of those hobbies. For the most part I enjoy posting here because I know the people who come here do so to specifically read what I am writing and people who don’t like it rarely come back and that is alright with me. Posting stuff on Twitter there is a 100% chance someone whom you do not know and has no business reading your posts is going to read something they don’t like and freak out. Here its nice and quiet, its just me writing about things I enjoy doing and if someone gets stupid, I delete their comments and block their IP address. Once again I am back to the question of do I really need social media?

BBS, past and future

Over the last several weeks I have spent a lot of time working on my little corner of the internet. I built a new server, one specifically designed to house virtual machines and run with little need of maintenance or even outside interference. I have been running my web site on a virtual machine for some time now, this something I do not want to modify much or add services to, I just want it to run this blog, my gaming wiki and perhaps at some point I will add some forum software to add another dimension to my Friday night game.

I have since, built a second virtual machine, this VM is where I do all the stupid things, things that are not as secure as they could be, things that could potentially screw with other things. In other words, this is not my production server. Right now the only thing it does is run Mystic BBS. You can access it via telnet, but there is nothing on it at this time. I originally started messing with this software as a prop for my Cyberpunk game, but as time went on, I never really used it for that. During the process of researching old BBS software, I came across an blog post that discussed the future if BBSing.

http://www.bbscorner.com/future/

Let me be very specific about his, BBSing has not future outside of being a niche hobby. BBS’s have already been replaced with better software, better interfaces, and better methods of access. The BBS scene died not because it was particularly bad, it had just become obsolete. The only reason there are still telnet BBS in existence, is for the same reason there are still Commodore 64 hobbyists. They don’t do it because it is better, they do it because it gives a feeling of nostalgia, it gives them a little piece of “The Good Old Days” back. There is nothing wrong with this, but it needs to be kept in perspective.

RE: Setting up Mystic BBS on Linux

Almost a year ago I wrote tutorial on setting up Mystic BBS software under Linux.

Setting up Mystic BBS on Linux

I had a couple of problems with it, first I was never able to get Telnet to properly work and ssh required users to login twice. I have since figured out how to get Telnet to work and dispense with ssh altogether. The instructions in my previous post still apply, except I would download the latest Alpha version 1.12 A22, this supports 64 bit Linux, so you do not have to install all the 32 bit libraries to make it work.

Second, once you have gotten everything running, add the following line to the /etc/rc.local file

/home/mystic/mis -d

What this does is starts the Mystic BBS built in server in daemon mode, turning your system into a Telnet server. The server software even transitions itself to run as the owner of the program rather than root as a security precaution.

I have not made this accessible to the public, I am not sure I am going to. I originally started this project as part of my Cyberpunk campaign, as a sort of prop to be used during the game. While this was an interesting exercise in 90’s technology, it really is terribly outdated, and does not really offer anything a mediocre website with plug in parts could not do better.

bbs

 

Roll20Con

On June 3rd, Roll20.net is having an online gaming convention. I have decided I am taking the day off and I am spending the day playing D&D online. I really want to play, but every time I look at the available games, nothing jumps out at me. I have been back several times and watched new games get posted and older games fill up, but still nothing really grabs me and says, lets go. I think I have the same basic problem I have always had. I prefer to game with a very specific set of people. I think I have to force myself to game with people I don’t know. In the past when I have done so, I have always had fun, so I don’t know why I am so reluctant to do it.

Edit – Update: Okay I broke down and signed up for two games; here is my tentative convention schedule;

12:00 AM Opening Ceremony

5:00 AM VIP Streamed Game (I may not make this)

9:00 AM Panel, Publishing in the Digital Age

10:00 AM The Ruins of Efreeti (D&D 5E)

3:00 PM Mutants & Masterminds 3E Game

9:00 PM VIP Streamed Game

11:30 PM Closing Ceremony

Recent Projects

Recently I have been messing around with Arduino boards. At first I was looking at them as an extension of my Raspberry/Banana Pi boards. That was definitely a mistake, these things can be programmed to do a fairly wide variety of things.

arduino1

Pictured here are the two projects I have been working on. To the right is a simple digital picture frame, this was not terribly difficult to put together, it is kind of ugly but runs off a battery pack. To the left is what I refer to as the Turtle, which is a prototype sensor platform, the idea is it will collect data on light, temperature, sound and movement, transmitting all of this data to my webpage via wireless network (you can see the ESP8266 wireless bridge in the upper left quad of the picture). Currently the networking portion has been completed, I can interact with it across the network, the next stage is mounting the sensors.

April 1st

I will not be on the internet at all tomorrow, no good ever came on the internet on April 1st.

My hopes are high

I am a man of the digital age. Although I was born into a time before computers were anything people thought they may someday own, I have embraced the idea of digital technology and everything it has to offer. I do not remember the last time I read a paper book, a comic book, magazine or newspaper. For that matter, I don’t remember the last time I bought an actual music CD. All of these things have been replaced by digital versions. I no longer play Dungeons & Dragons in person with my friends, we play using an internet chat and mapping program. In fact, most of my best friends are online rather than people I physically talk to everyday.

I think about how my Grandmother must have felt. She was born in a time when horse and buggy was the predominate mode of transportation of the world and she lived to see a man walk on the moon, can you imagine that? When I was born, cars were the predominate mode of transportation and it still basically is and that technology really has not changed much in the last 50 years. On top of that, we pretty much lost interest in manned space flight, we pretend to play at it, talk about going back to the moon or even Mars. The reality is though, there will be no manned space vehicle leaving earths orbit again in my lifetime. We as a people simply do not have the will or the sense of adventure we had 50 or 100 years ago.

What has changed in my life time, is computers. I marvel at how far we have come in my lifetime. When I was born computers still filled buildings and ran on vacuum tubes and had very little connectivity. Today, the phone I carry in my pocket has more computing power than there was in the whole world on the day I was born. In the early 60’s they used computers to calculate trajectories of missile, today we use them tweet about our bowel movements.

I am no longer waiting for my chance to go to space, I am no longer waiting for a personal jet pack, I am no longer waiting for life extension treatments. What I am still waiting for is usable consumer grade virtual reality, Occulus Rift is not quit there, but we are on the verge. I am also waiting for truly useful wearable computers, smart watches are getting us close, but still not it. I would also love to see the first true AI in my lifetime, again, there are some good smart systems out there and some interesting work being done in computers that learn, but we are probably still 20 years away. My hopes are still high.

Carnifex.org update

For the last couple of weeks I have been experiencing issues with my website and the server it runs on. There seems to be a lot of lag, high CPU and memory usage, some things like that. If you remember, last year I switched from running this site from a Raspberry Pi to a Virtual Machine. One of the advantages to running the site on a VM is the ease in which I can back it up. So rather than spending 6 hours trying to figure if I had been hacked or if Apache2 was just broken, I simply restored from last known good backup. It took me maybe 2 hours to get everything back up and running. First I installed the backup VM on my main system and made sure it did not have the same problem, getting it updated and patched before putting it directly on the internet and installing newer posts the backup did not contain. There is still a bit of work to do, like the CoX wiki is a bit outdated, but nothing I don’t have a backup for. So everything worked the way I assumed it would.

And yes, I have created a new restore point.

RE: Email Archive

From December 2005 until January 2007 I kept every single personal email I sent and received. I wrote about this about a year and a half ago as I was trying to decide what to do with this on the 10 anniversary of this archive. I was thinking about posting each email here on the day it was sent or alternately just putting it up for anyone who wanted to could look at it. However, as I read through the emails, I found there was a lot of very personal things in there, not just about me, but my friends and family as well. There are emails in there from people who are now dead and emails from people I have not spoken to in 8 or 9 years. So in retrospect I think those two options would be inappropriate. Maybe at the 20 year mark I will reconsider, because at that point, I don’t think anyone will care what we were doing or saying in 2006.

Scoring Trolls

I have been on the internet a long time. I have been trolled by the people who invented internet trolling. When you have been at this as long as I have, it becomes a bit of a game really. So needless to say, I am pretty thick skinned and it is very hard to impress me. These days when someone trolls me, I score them 0 to 5.

5: You are a master, you had me spitting nails and calling you Hitler in three posts, good job.

4: You managed to make an interesting argument and kept me engaged, but you probably had to work at it and you might have even made me angry at some point.

3: You are either a really good troll with a boring topic, or a bad troll with a good topic. Either way you managed get me to respond, but most likely I lost interest at some point.

2: Really you are probably a 1 and I have taken pity on you. Your subject is boring and your delivery is poor. I am probably only engaging you to help you improve.

1: You are a complete n00b, I do not find you entertaining on any level. I probably do not even realize you are trying to troll me and responded to you by accident.

0: You probably need to leave the internet.

Humanity is now doomed

Posted without comment.

Humanity is doomed.

Windows 10???

So every time Microsoft updates their Windows OS there seems to be a resurgence of the Windows vs Linux debate on the internet, specifically on Slashdot. I long ago gave up the fight for Linux on the desktop, for a variety of reason. I really don’t care what operating system other people choose to use just as long as they do not call me when it breaks. So here is my official opinion slash stance on Windows 10;

“If it came pre-installed on your system and I don’t have to fuck with it, I think Windows 10 is great!”

 

RIP OpenRPG

So this morning I was culling my home folder of shit I do not need anymore and I came across my old OpenRPG folder. For those who do not know what OpenRPG is, it was a program used for playing RPGs online. We used it from 2002 up until 2013 when we switched to Roll20. I decided to fire it and see if it still ran, one of the problems I was having, was no one had updated the program in 2 or 3 years and as time progressed things started breaking, especially in the server side. The program ran after spewing some interesting Python error messages at me, however when I opened the Server browser, I discovered no more servers were online.

This was something I had been expecting for awhile. In OpenRPGs hey day, you could find 30+ servers online with full lobbies of players waiting for a GM to come along and start a game. In the last couple of years, the number of servers dwindled to 3 the last time I looked several months ago. I am frankly surprised the Meta-Server is still online, my guess is as soon as whoever is paying for it gets his next bill, even that will go offline. So long OpenRPG, with great sadness, I am now deleting you from my hard drive. ;(

Setting up Mystic BBS on Linux

The last time I migrated my website I did not setup the Mystic BBS node that I had setup for my future GURPS Cyberpunk game. I had a few spare minutes so I quickly it up, since I had already done it, I found this time around to be much easier.

1. Add a user to your Linux box, this needs to be a new user and one you are not going to use for anything else. I chose “mystic” just because it was easy, when it asks for a password use something easy to remember and something unrelated to any of your other users. If you are going to actually run a BBS here, you will be giving this password out to other people so they can secure shell into this account.

sudo adduser mystic

2. Download the Mystic BBS software from here and extract the rar file.

3. Change into the directory created by extracting the rar file and run the install program. When is asks where to install the files, change the path to “/home/mystic/”

cd mys110l

sudo ./install

4. Edit the /etc/passwd file and change the line that reads;

mystic:x:1001:1001:,,,:/home/mystic:/bin/sh

to

mystic:x:1001:1001:,,,:/home/mystic:/home/mystic/mystic

This makes it so anyone logging into the mystic account automatically be taken to the Mystic BB login screen where they will be prompted for their user name and password.

sudo nano /etc/passwd

5. Secure Shell into the box you are installing this on, logging into the mystic account, you should have the Mystic BBS login screen. Since this is the first use of the software, when you enter your user name it will not exist and you will be prompted to create an account. Once that is done, logout.

6. Now change to the mystic home directory and run the configuration. I would change the BBS name and the SysOp name under General Settings. You will also need to go to the User editor and upgrade your user account to SysOp status so you can administrate the software through your login. Once you are done with that, you will want to make sure all of the file ownership is correct.

cd /home/mystic

sudo ./mystic -cfg

sudo chown -R mystic.mystic *

7. You should be ready to go, if you are really intending to run a BBS, you will need to setup port forwarding for port 22 so your users can use a Secure Shell client to access you BBS.