mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#HumanRightsTech

0 Beiträge0 Beteiligte0 Beiträge heute
Shawn Webb<p>Current status: Setting up a <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> Onion Service for the new <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> pkgbase repos.</p><p><a href="https://bsd.network/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>I've added some basic instructions on accessing <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> resources (package repos and OS binary updates) over <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> here: <a href="https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/wikis/home#accessing-hardenedbsd-resources-through-tor" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">git.hardenedbsd.org/hardenedbs</span><span class="invisible">d/HardenedBSD/-/wikis/home#accessing-hardenedbsd-resources-through-tor</span></a></p><p>I think some refinements could be made, but this is at least an initial draft. If anyone has any ideas for further refinement, please let me know.</p><p><a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Getting the lab side of my home office organized for mesh network R&amp;D. Here we see four Protectli FW4B devices that will serve as the reference implementation.</p><p><a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>This is where the <span class="h-card"><a href="https://toot.radicle.xyz/@radicle" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>radicle</span></a></span> project gets it right.</p><p>The <a href="https://bsd.network/tags/Radicle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Radicle</span></a> development team has done a fantastic job at supporting different methods of network access, including explicit support for the ways <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> might be configured in the operating environment.</p><p>I can rest assured that Radicle can be safely deployed in any environment.</p><p><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Forcing all public Internet traffic to go through <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> via a transparent proxy, certain open source projects will need to remove their prohibition on resolving <code>.onion</code> names.</p><p>Transparent proxying opens up the possibility of completely oblivious Tor Onion Service support.</p><p>Open source libraries and applications need to permit <code>.onion</code> domain queries by default.</p><p>For projects that want to prohibit <code>.onion</code> by default, I would suggest this:</p><p>Don't. Provide a facility wherein the end user can optionally block resolution of any TLD or hostname.</p><p>For example, one could envision a user wamtomg tp block the <code>.zip</code> TLD. Or another user desiring to block the <code>.onion</code> TLD.</p><p>The decision should be left by the user as to what to permit or prohibit.</p><p><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a> <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a></p>
HardenedBSD<p>The <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> Foundation and The HardenedBSD Project are happy to announce a collaboration with <a href="https://bsd.network/tags/Protectli" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Protectli</span></a> to research and develop a censorship- and surveillance-resistant mesh network: <a href="https://hardenedbsd.org/article/shawn-webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hardenedbsd.org/article/shawn-</span><span class="invisible">webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance</span></a></p><p><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Here we see a hardware donation from the fine folks at <a href="https://bsd.network/tags/Protectli" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Protectli</span></a>. They have donated 4xFW4B devices to support our next foray into <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a>.</p><p>Early in 2025, the <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> project plans to put in a concerted effort at developing a censorship- and surveillance-resistant mesh network.</p><p>More details will come in a future official announcement from the HardenedBSD project.</p><p><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Shawn Webb<p>The <a href="https://bsd.network/tags/Radicle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Radicle</span></a> project is a shining example of how to properly support <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>. They even have a guide on how to use Radicle within a fully Tor-ified network: <a href="https://radicle.xyz/guides/user/#4-embracing-the-onion" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">radicle.xyz/guides/user/#4-emb</span><span class="invisible">racing-the-onion</span></a></p><p><a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Would be very cool to see a <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> port of this by the community: <a href="https://securedrop.org/news/securedrop-workstation-1_0_0-released/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securedrop.org/news/securedrop</span><span class="invisible">-workstation-1_0_0-released/</span></a></p><p><a href="https://bsd.network/tags/SecureDrop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureDrop</span></a> <a href="https://bsd.network/tags/SecureDropWorkstation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureDropWorkstation</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Here we see two <a href="https://bsd.network/tags/Radicle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Radicle</span></a> seed nodes, running behind my fully Tor-fied network.</p><p>This is a test of exposing a Radicle seed node as a Tor Onion Service endpoint.</p><p>These two Radicle nodes are deployed on a <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> 14-STABLE VM.</p><p>Huge step forward for <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a>.</p><p>For more information on Radicle (a sovereign {code forge} built on Git): <a href="https://radicle.xyz/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">radicle.xyz/</span><span class="invisible"></span></a></p><p>Huge shout-out to the Radicle dev team for this collaboration. It has been a blast working with them.</p><p><a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> <a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/Git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Git</span></a> <a href="https://bsd.network/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Shawn Webb<p>Current status: Deploying a test <a href="https://bsd.network/tags/Radicle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Radicle</span></a> node on <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a>. Going to seed the HardenedBSD src and ports repos.</p><p>I'm hoping to continue expanding alternative forms of access to our resources (both code and infrastructure).</p><p>If this test proves successful, we may have another official method of getting HardenedBSD-related stuffs.</p><p><a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>I'll be giving a presentation on <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> today in Denver, Colorado at 6:30pm. If you're interested in <a href="https://bsd.network/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a>, <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a>, and/or <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a>, I'd love for you to come join me.</p><p><a href="https://meetu.ps/e/MNbpb/ck83q/i" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">meetu.ps/e/MNbpb/ck83q/i</span><span class="invisible"></span></a></p><p><a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/DenverCO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DenverCO</span></a> <a href="https://bsd.network/tags/denhac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>denhac</span></a></p>
Shawn Webb<p>Initial work on removing the prohibition of <code>.onion</code> in <a href="https://bsd.network/tags/libcurl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libcurl</span></a> in favor of a user-provided DNS blocklist approach: <a href="https://git.hardenedbsd.org/shawn.webb/curl/-/commit/270380bdc3505db03780382833fabf7775c9683b" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">git.hardenedbsd.org/shawn.webb</span><span class="invisible">/curl/-/commit/270380bdc3505db03780382833fabf7775c9683b</span></a></p><p>Some follow-up work to be done, but this initial commit works.</p><p><a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a> <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a></p>
Shawn Webb<p>I've now applied the patch to the ftp/libcurl port in the <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> ports tree: <a href="https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3173d64b4bc01c0c1c258fe5191c65ea0a766181" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">git.hardenedbsd.org/hardenedbs</span><span class="invisible">d/ports/-/commit/3173d64b4bc01c0c1c258fe5191c65ea0a766181</span></a></p><p>To developers working in networking code: please just do the right thing: do not treat any TLD as special. Do not violate the principle of least astonishment, <strong>especially</strong> when it comes to DNS.</p><p>Perhaps we can convince the <a href="https://bsd.network/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://bsd.network/tags/libcurl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libcurl</span></a> community to revert the patch on their end.</p><p><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> <a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>
Shawn Webb<p>Got my fully Tor-ified home network set up again. Now I can fully test the <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> Onion Service endpoints.</p><p><a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/opsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opsec</span></a></p>
Shawn Webb<p>The question I have about <a href="https://bsd.network/tags/Veilid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Veilid</span></a>:</p><p>Can I serve the <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardenedBSD</span></a> package repos and binary update artifacts over Veilid like I can (and do) via <a href="https://bsd.network/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> onion service?</p><p><a href="https://bsd.network/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://bsd.network/tags/defcon31" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon31</span></a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://bsd.network/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a> <a href="https://bsd.network/tags/HumanRightsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRightsTech</span></a></p>