Tue, Nov 15, 2016
Although there’s a reasonable amount of posts saying that you have to upload a
image to your repository (the code), and then link with the “raw” approach, my
colleague and I found a more elegant solution:
Upload the image directly into the Wiki repository
Indeed the wiki is just another Git repo ! Here is the github
page.
So basically you need first clone the wiki repo:
git clone https://github.com/YOUR_USERNAME/YOUR_REPOSITORY.wiki.git
Then you add your image:
cp ~/myimage.png YOUR_REPOSITORY.wiki/
cd YOUR_REPOSITORY.wiki
git add myimage.png
git commit -m "added picture for the wiki"
git push
Your image is now available at
https://raw.githubusercontent.com/wiki/USERNAME/REPOSITORY/myimage.png
so you only need to link it in your Wiki using the regular link
[text]("https://raw.githubusercontent.com/wiki/USERNAME/REPOSITORY/myimage.png")
Thu, Mar 3, 2016
Using Pass + gpg on different machines
Piouf, as my first introduction to gpg, that was more complicated than expected.
Pass is a password manager that uses gpg to encrypt your password and can be
intergrated with Git. So as long as you have the same gpg key on your devices,
you can have the passwords in clear text AND being able to push those encrypted
password on any git repo. That’s cool !
Create key
gpg --gen-key
(it can depends on your distro)
Choose (1) Rsa & Rsa with 4096 bits (at least)
Export key to remote server
Notes from https://www.debuntu.org/how-to-importexport-gpg-key-pair/
- Lookup the id of your key:
gpg --list-keys
- Export public key:
gpg --output mygpgkey_pub.gpg --armor --export <key-id>
where key-id is the
last part when you list the key *****/<key-id>
- Export secret key :
gpg --output mygpgkey_sec.gpg --armor --export-secret-key ******
- Copy keys to remote server:
scp mygpgkey_pub.gpg mygpgkey_sec.gpg user@remotehost:~/
- Connect to remote:
ssh user@remotehost
- Import the public key:
gpg --import ~/mygpgkey_pub.gpg
- Import the secret key:
gpg --allow-secret-key-import --import
~/mygpgkey_sec.gpg
Troubles
I’ve had trouble when importing the key because of pinentry. In Archlinux,
pinentry points to /usr/bin/pintentry-gtk
(why …?). You have to delete the
symlink /usr/bin/pinentry
and to point it to whatever (ncurse, or tty if you
work on a remote server)
Pass manager
At this point you can use the Pass manager with the key you created:
pass init <mykey-id>
pass git init
Then register one password to test if it works
pass insert server/test
If it fails with There is no assurance this key belongs to the named user
,
that mean you have to put a higher level of trust in the key you just imported.
To do that:
gpg --edit-key <mykey-id>
trust
5 (maximum level since it is basically my key)
quit
Then you can try again to register the password and it should works !
Different machines
Now on the remote server you have a git repo in $HOME/.password_store
. If you
want your passwords on another machines, make sure you import the key as before.
Then you simply can do:
cd && git clone user@myserver.com:~/.password-store
Then your local pass will simply look at this file.
Happy password managing ><
Tue, Mar 1, 2016
After meeting with a bunch of hardcore systems geeks, I decided to put my effort
back into a secure & custom server that I will actually use ;)
Here’s my steps for ArchLinux:
Installing ArchLinux on remote server
Drives
First you need to setup your drives correctly. I use fdisk and you can find
any decent tutorial on it easily.
For encrypting one of the partitions, I follow the archlinux guide
(https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system).
I did not try to encrypt the whole filesystem because it seemed a bit overkill
for my needs. I simply have /dev/sda3 encrypted where all my datas are.
cryptsetup -y -v luksFormat /dev/sda3
cryptsetup open /dev/sda3 cryptroot
mkfs -t ext4 /dev/mapper/cryptroo
System
For installing on the drives, they need to be unmounted so you need to boot on
“rescue” image that your hosting provider is surely providing you. Mine was
offering a Debian image.
For the rest of the steps, simply follow the guide on ArchLinux
(https://wiki.archlinux.org/index.php/Install_from_existing_Linux).
The following notes are simply some stuff that kept me crazy during a lot of
hours.
Notes
- Install
haveged
before running pacman-key --init
, it’ll be WAY much
faster.
- DON’T forget to copy /etc/resolv.conf from the rescue distribution to the
arhclinux one, or use your own (openDNS forexample).
- Change the udev rules so you have
eth0
instead of .. whatever:
[root@***** ~]# cat /etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="**:**:**:**:**:**",NAME="eth0"}
- use netctl (for lxc ease-of-use containers network):
[root@**** ~]# cat /etc/netctl/ethernet-static
Description='Server ethernet connection'
Interface=eth0
Connection=ethernet
IP=static
Address=('****/24')
Gateway='****'
DNS=('****')
- Don’t forget to
netctl enable ethernet-static
- Don’t forget to
systemctl enable sshd
For non official packages, install yaourt:
[root@****] cat /etc/pacman.conf
# ####
# ...
[archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
Wed, Dec 9, 2015
Since I’ve read so much from other blogs, I thought I should share a bit more,
get out of my confort zone and share some thoughts / experiences that may be
useful to others.It’s actually also a nice way to remember things for yourself.
Mon, Jan 1, 0001
About passionate people …
I’ve attented the TorDev meeting 2016 in Valencia & some parts of the IFF also
taking place right after it in the same city. That was my first dive into this
world of open source communities / hacktivists / hardcore systems hackers etc.
Man, it was worth it ! To be honest that was a lot to process and I felt a bit
over pressured since I was not very involved at that time in those communities
and I’ve put been in their sessions and group meetings just as if I were an
equally important contributor so.. that felt a bit wrong at first sight.
Of course, I’ve told my little me in my head to go out there and talk to people
about what you think, this project, the way this is done and so on, but this
feeling of being small was very present throughout the first days, mostly
during the TorDev meeting.
Finally I got to talk to one or two people about the projects I work on and how
this might be / or not / a good idea to try that on Tor, and then I’ve had kind
of a goal, so I guess that helped me relieve a bit from that pressure.
What I find crazy about all this is the gathering of people coming from all
differents kinds of background, places and have all different kind of skills.
They gather together and make something great out of it. They can because for
most of them, they’re one of the most highly talented, kind & patient people
I’ve ever met, all at the same time. This kind of atmosphere you have here is
very different from what you can experience elsewhere (for me at least). It’s
like you feel you almost already know the people in the place, even if you don’t,
so you feel relaxed and you laugh with them and such, and in the same time, you
talk about hard problems with them like you would do small talk with your friends.
One of the big thing that has been poking my mind a lot is that most of the people
I’ve met have their own identity.
They dress some specific way, they think a very peculiar way, they behave
in a peculiar way, they are specialized and sometimes not. They do what they
like and they like Tor or any other privacy-security systems and they do
something useful because they actually like it. What’s the best motivation if
not passion ? And because of that, they actually get out of the typical good
citizen picture that we’ve been taught from childhood. From my point of view, they
seemed to get in their own path actually.
All of this had led to a series of questions about what I want to do in my life.
Not what would be the best to do, but what I really want to do ?
How do I construct this inner identity ? Would it be by following your inner
choice (i.e. instinct) in your life instead of what seems to be the best, or
the more reasonable ?
I know a lot of people that actually fit very well in their environment they’ve
been given and don’t try to change it, but rather simply try to enjoy it. For my part
I find it difficult to fit in the system I’m in now. After some more thoughts, the
reason I come up with is that I haven’t really followed my instincts
throughout my life. I’ve basically tried to do things I like but in a way that
fits the system regardless on how I would have done it otherwise. These
questions seems very high-level but actually can be applied for very practical
stuff:
- Should I go to work the way I want (large hippie pan or colorful hairs or
no hairs or with flipflop or whatever) regardless of every
other people that do not behave in any other way that the regular pants +
shirt ? There’s not even an actual rule about it, but the people have the
tendency to judge you from the way you look (in the place I’m in). If you’re not
an actual genius, you don’t have that excuse to not behave like this. I don’t
know why geniuses get to behave the way they want but not us? It seems childish
but I do feel this way in the place I work & live.
- Should I fuck off of the IT guys and install my own Archlinux on the Mac
they’ve been given to me ? I actually tried this for a few month now and I
miss my Linux machine with my sweet tiling w.m… (I’ve already decided that
I’d do it anyway^^)
- How should I choose the project I want to work on, on my free time. Should
they be useful for the community even if I find them boring at first sight ?
Should I choose them according to the most passion I have about them ? That’s a
tough one for me now because I think both are essentials but my coding-free-time
is very limited. Get deep into other’s people code and fixing bugs OR implement
a cool stuff with a cool language that may or may not be used later by the
community if this proves to be adequately coded ?
- Regardless the utility vs usefulness question, in what kind of projects do I
want to be involved in ? Of course, it seems great to take part in projects
that protects privacy or circonvemt censorship. And of course, it seems to
suck to work for boring projects like implementing a accountability software in
Java (I’m not doing this). Most of the time you just do project because they sound fun or you like
the technical side (that’s the one most often used).
After all of this, nothing is resolved and I’ve only have more questions in my
mind but it has opened a whole new world of perception / possibilities that I
did not really thought about before. Every change is good, so I take it it’s one
way of creating your own identity that to ask those questions…
Peace.