I wouldn't mind renting space in a bunker in Switzerland.

The Swiss have apparently pivoted on their aptitude for war, choosing to reuse some of their many military bunkers to store gold and bits.

Currently reading Luna: New Moon by Ian McDonald.

The novel tells the story of dynasties struggling for power on the moon, which has been settled and turned into a mining colony. It has been described as “Game of Thrones in space”. While I have not read Game of Thrones, that seems like a roundabout way of saying that it is like another series that deals with the struggles of feudal families mining resources in space. Luna is much like Dune – even up to including a female religious order interested in long term breeding programs and social experiment (funded by The Long Now, of course). Fans of classic science fiction will likely feel at home in its pages. I look forward to the sequel.

Cold Storage

This past spring I mentioned my cold storage setup: a number of encrypted 2.5” drives in external enclosures, stored inside a Pelican 1200 case, secured with Abloy Protec2 321 locks. Offline, secure, and infrequently accessed storage is an important component of any strategy for resilient data. The ease with which this can be managed with git-annex only increases my infatuation with the software.

Data Data Data Data Data

I’ve been happy with the Seagate ST2000LM003 drives for this application. Unfortunately the enclosures I first purchased did not work out so well. I had two die within a few weeks. They’ve been replaced with the SIG JU-SA0Q12-S1. These claim to be compatible with drives up to 8TB (someday I’ll be able to buy 8TB 2.5” drives) and support USB 3.1. They’re also a bit thinner than the previous enclosures, so I can easily fit five in my box. The Seagate drives offer about 1.7 terabytes of usable space, giving this setup a total capacity of 8.5 terabytes.

Setting up git-annex to support this type of cold storage is fairly straightforward, but does necessitate some familiarity with how the program works. Personally, I prefer to do all my setup manually. I’m happy to let the assistant watch my repositories and manage them after the setup, and I’ll occasionally fire up the web app to see what the assistant daemon is doing, but I like the control and understanding provided by a manual setup. The power and flexibility of git-annex is deceptive. Using it solely through the simplified interface of the web app greatly limits what can be accomplished with it.

Encryption

Before even getting into git-annex, the drive should be encrypted with LUKS/dm-crypt. The need for this could be avoided by using something like gcrypt, but LUKS/dm-crypt is an ingrained habit and part of my workflow for all external drives. Assuming the drive is /dev/sdc, pass cryptsetup some sane defaults:

$ sudo cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/sdc

With the drive encrypted, it can then be opened and formatted. I’ll give the drive a human-friendly label of themisto.

$ sudo cryptsetup luksOpen /dev/sdc themisto_crypt
$ sudo mkfs.ext4 -L themisto /dev/mapper/themisto_crypt

At this point the drive is ready. I close it and then mount it with udiskie to make sure everything is working. How the drive is mounted doesn’t matter, but I like udiskie because it can integrate with my password manager to get the drive passphrase.

$ sudo cryptsetup luksClose /dev/mapper/themisto_crypt
$ udiskie-mount -r /dev/sdc

Git-Annex

With the encryption handled, the drive should now be mounted at /media/themisto. For the first few steps, we’ll basically follow the git-annex walkthrough. Let’s assume that we are setting up this drive to be a repository of the annex ~/video. The first step is to go to the drive, clone the repository, and initialize the annex. When initializing the annex I prepend the name of the remote with satellite :. My cold storage drives are all named after satellites, and doing this allows me to easily identify them when looking at a list of remotes.

$ cd /media/themisto
$ git clone ~/video
$ cd video
$ git annex init "satellite : themisto"

Disk Reserve

Whenever dealing with a repository that is bigger (or may become bigger) than the drive it is being stored on, it is important to set a disk reserve. This tells git-annex to always keep some free space around. I generally like to set this to 1 GB, which is way larger than it needs to be.

$ git config annex.diskreserve "1 gb"

Adding Remotes

I’ll then tell this new repository where the original repository is located. In this case I’ll refer to the original using the name of my computer, nous.

$ git remote add nous ~/video

If other remotes already exist, now is a good time to add them. These could be special remotes or normal ones. For this example, let’s say that we have already completed this whole process for another cold storage drive called sinope, and that we have an s3 remote creatively named s3.

$ git remote add sinope /media/sinope/video
$ export AWS_ACCESS_KEY_ID="..."
$ export AWS_SECRET_ACCESS_KEY="..."
$ git annex enableremote s3

Trust

Trust is a critical component of how git-annex works. Any new annex will default to being semi-trusted, which means that when running operations within the annex on the main computer – say, dropping a file – git-annex will want to confirm that themisto has the files that it is supposed to have. In the case of themisto being a USB drive that is rarely connected, this is not very useful. I tell git-annex to trust my cold storage drives, which means that if git-annex has a record of a certain file being on the drive, it will be satisfied with that. This increases the risk for potential data-loss, but for this application I feel it is appropriate.

$ git annex trust .

Preferred Content

The final step that needs to be taken on the new repository is to tell it what files it should want. This is done using preferred content. The standard groups that git-annex ships with cover most of the bases. Of interest for this application is the archive group, which wants all content except that which has already found its way to another archive. This is the behaviour I want, but I will duplicate it into a custom group called satellite. This keeps my cold storage drives as standalone things that do not influence any other remotes where I may want to use the default archive.

$ git annex groupwanted satellite "(not copies=satellite:1) or approxlackingcopies=1"
$ git annex group . satellite
$ git annex wanted . groupwanted

For other repositories, I may want to store the data on multiple cold storage drives. In that case I would create a redundantsatellite group that wants all content which is not already present in two other members of the group.

$ git annex groupwanted redundantsatellite "(not copies=redundantsatellite:2) or approxlackingcopies=1"
$ git annex group . redundantsatellite
$ git annex wanted . groupwanted

Syncing

With everything setup, the new repository is ready to sync and to start to ingest content from the remotes it knows about!

$ git annex sync --content

However, the original repository also needs to know about the new remote.

$ cd ~/video
$ git remote add themisto /media/themisto/video
$ git annex sync

The same is the case for any other previously existing repository, such as sinope.

Currently reading The New Spymasters by Stephen Grey.

The book begins with an overview of espionage immediately before, during, and shortly after the Cold War, before moving on to the role played by Western intelligence agencies in the current millenium. Grey contrasts the earlier focus on human intelligence with the growing dependency on signals intelligence and assassination programs, and makes a compelling case for the need to return to a balanced approach with a focus on traditional spy running.

The dichotomy is reminiscent between that of the longer-term, unconventional warfare practiced by US Special Forces and the direct action focus of other Special Operations Forces as discussed by Tony Schwalm.

Redundant File Storage

As I’ve mentioned previously, I store just about everything that matters in git-annex (the only exception is code, which is stored directly in regular git). One of git-annex’s many killer features is special remotes. They make tenable this whole “cloud storage” thing that we do now.

A special remote allows me to store my files with a large number of service providers. It makes this easy to do by abstracting away the particulars of the provider, allowing me to interact with all of them in the same way. It makes this safe to do by providing encryption. These factors encourage redundancy, reducing my reliance on any one provider.

Recently I began playing with rclone. Rclone is a program that supports file syncing for a handful of cloud storage providers. That’s semi-interesting by itself but, more significantly, there is a git-annex special remote wrapper. That means any of the providers supported by rclone can be used as a special remote. I looked through all of rclone’s supported providers and decided there were a few that I had no reason not to use.

Hubic

Hubic is a storage provider from OVH with a data center in France. Their pricing is attractive. I’d happily pay €50 per year for 10TB of storage. Unfortunately they limit connections to 10 Mbit/s. In my experience they ended up being even slower than this. Slow enough that I don’t want to give them money, but there’s still no reason not to take advantage of their free 25 GB plan.

After signing up, I setup a new remote in rclone.

$ rclone config
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> hubic-annex
Type of storage to configure.
Choose a number from below, or type in your own value
 1 / Amazon Drive
   \ "amazon cloud drive"
 2 / Amazon S3 (also Dreamhost, Ceph)
   \ "s3"
 3 / Backblaze B2
   \ "b2"
 4 / Dropbox
   \ "dropbox"
 5 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
 6 / Google Drive
   \ "drive"
 7 / Hubic
   \ "hubic"
 8 / Local Disk
   \ "local"
 9 / Microsoft OneDrive
   \ "onedrive"
10 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
   \ "swift"
11 / Yandex Disk
   \ "yandex"
Storage> 7
Hubic Client Id - leave blank normally.
client_id> 
Hubic Client Secret - leave blank normally.
client_secret> 
Remote config
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id = 
client_secret = 
token = {"access_token":"XXXXXX"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y

With that setup, I went into my ~/documents annex and added the remote.

$ git annex initremote hubic type=external externaltype=rclone target=hubic-annex prefix=annex-documents chunk=50MiB encryption=shared rclone_layout=lower mac=HMACSHA512

I want git-annex to automatically send everything to Hubic, so I took advantage of standard groups and put the repository in the backup group.

$ git annex wanted hubic standard
$ git annex group hubic backup

Given Hubic’s slow speed, I don’t really want to download files from it unless I need to. This can be configured in git-annex by setting the cost of the remote. Local repositories default to 100 and remote repositories default to 200. I gave the Hubic remote a high cost so that it will only be used if no other remotes are available.

$ git config remote.hubic.annex-cost 500

If you would like to try Hubic, I have a referral code which gives us both an extra 5GB for free.

Backblaze B2

B2 is the cloud storage offering from backup company Backblaze. I don’t know anything about them, but at $0.005 per GB I like their pricing. A quick search of reviews shows that the main complaint about the service is that they offer no geographic redundancy, which is entirely irrelevant to me since I build my own redundancy with my half-dozen or so remotes per repository.

Signing up with Backblaze took a bit longer. They wanted a phone number for 2-factor authentication, I wanted to give them a credit card so that I could use more than the 10GB they offer for free, and I had to generate an application key to use with rclone. After that, the rclone setup was simple.

$ rclone config
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> b2-annex
Type of storage to configure.
Choose a number from below, or type in your own value
 1 / Amazon Drive
   \ "amazon cloud drive"
 2 / Amazon S3 (also Dreamhost, Ceph)
   \ "s3"
 3 / Backblaze B2
   \ "b2"
 4 / Dropbox
   \ "dropbox"
 5 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
 6 / Google Drive
   \ "drive"
 7 / Hubic
   \ "hubic"
 8 / Local Disk
   \ "local"
 9 / Microsoft OneDrive
   \ "onedrive"
10 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
   \ "swift"
11 / Yandex Disk
   \ "yandex"
Storage> 3
Account ID
account> 123456789abc
Application Key
key> 0123456789abcdef0123456789abcdef0123456789
Endpoint for the service - leave blank normally.
endpoint> 
Remote config
--------------------
[remote]
account = 123456789abc
key = 0123456789abcdef0123456789abcdef0123456789
endpoint = 
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y

With that, it was back to ~/documents to initialize the remote and send it all the things

$ git annex initremote b2 type=external externaltype=rclone target=b2-annex prefix=annex-documents chunk=50MiB encryption=shared rclone_layout=lower mac=HMACSHA512
$ git annex wanted b2 standard
$ git annex group b2 backup

While I did not measure the speed with B2, it feels as fast as my S3 or rsync.net remotes, so I didn’t bother setting the cost.

Google Drive

While I do not regularly use Google services for personal things, I do have a Google account for Android stuff. Google Drive offers 15 GB of storage for free and rclone supports it, so why not take advantage?

$ rclone config
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> gdrive-annex
Type of storage to configure.
Choose a number from below, or type in your own value
 1 / Amazon Drive
   \ "amazon cloud drive"
 2 / Amazon S3 (also Dreamhost, Ceph)
   \ "s3"
 3 / Backblaze B2
   \ "b2"
 4 / Dropbox
   \ "dropbox"
 5 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
 6 / Google Drive
   \ "drive"
 7 / Hubic
   \ "hubic"
 8 / Local Disk
   \ "local"
 9 / Microsoft OneDrive
   \ "onedrive"
10 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
   \ "swift"
11 / Yandex Disk
   \ "yandex"
Storage> 6
Google Application Client Id - leave blank normally.
client_id> 
Google Application Client Secret - leave blank normally.
client_secret> 
Remote config
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote or headless machine or Y didn't work
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id = 
client_secret = 
token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y

And again, to ~/documents.

$ git annex initremote gdrive type=external externaltype=rclone target=gdrive-annex prefix=annex-documents chunk=50MiB encryption=shared rclone_layout=lower mac=HMACSHA512
$ git annex wanted gdrive standard
$ git annex group gdrive backup

Rinse and repeat the process for other annexes. Revel in having simple, secure, and redundant storage.

A Place for the SWAT-T

My dislike of the SWAT Tourniquet stems from its difficulty to self-apply one-handed. That eliminated it from the running when evaluating pocket tourniquets, but the PHLster Flatpack has made that category of tool less relevant. Now that I can easily and comfortably carry a primary tourniquet (specifically, a SOFTT-W) on-body, I’ve rethought what I should be carrying in my pack.

In the past I’ve carried a SOFTT-W as part of a small blow-out kit. The kit is in a Triple Seven Gear Micro Kit pouch, which fits easily into whatever pack I’m using. If I’m already carrying a SOFTT-W on my belt, is carrying a second one the best use of the available weight and space? The SWAT tourniquet does have a few things going for it. It works well as a tourniquet, as long as you have two hands to apply it. The width of the SWAT-T allows it to occlude blood flow at a relatively low pressure, and its elasticity can help it to compensate for muscle relaxation. It can function as part of a pressure dressing, or be used to improve an improvised splint, swathe, or sling. And it burns well.

SWAT-T

I decided to replace the SOFTT-W in my blow-out kit with a SWAT-T. With a SOFTT-W in the PHLster Flatpack on my belt, I’m confident in my ability to quickly administer self-aid. Having the SWAT-T in my bag gives me additional options, whether I need to use it as a second tourniquet or as something else.

I put a Raven Pocket Clip on my Elzetta Alpha.

The Elzetta Alpha A323 has been part of my EDC for 2 years now. For all but a few weeks of that time I’ve been carrying it on my belt with a Prometheus Lights Titanium Pocket Clip, which works great on the Alpha. I changed over to the Raven Concealment Systems Pocket Clip to get the finger ring, which is just a large rubber O-ring that allows you to use your hands for something else without dropping the light.

Elzetta Alpha w/ RCS Pocket Clip

Rudy Project Rydon

I’ve used a pair of Rudy Project Rydon Stealth glasses as sun and safety glasses for about five years now. They’re a great eye protection system for active wear, and I think are especially attractive for those who require prescription eyewear. The Rydon offers an adaptable system with interchangeable lenses and full coverage, in a lower profile compared to popular tactical eyewear systems like the Revision Sawfly, Oakley M Frame or ESS ICE.

Rudy Project Rydon System

The temples and nosepads of the Rydon are made from an pliable rubber material that lets the user adjust them however they want. You can have straight temples or hook them down behind your ears. You can move the nosepads to get the right height and clearance on your face. I find that both adjustments largely stay in place after being set. If they do move, it is simple to reset them.

Safety & Durability

The only difference between Rudy’s “Stealth” and non-“Stealth” line is the ANSI Z87.1 rating applied to the frame. Z87.1 is the standard for eyewear protection that will be familiar to anyone who has worn safety glasses or so-called “tactical” eyewear. It describes, among other things, impact resistance. The Rydon lenses are interchangeable between Stealth and non-Stealth variants, and certain lens selections have their own Z87.1 ratings. The Stealth frames are made from a different material than non-Stealth. The non-Stealth Rydons fail to meet Z87.1 standards due to how they shatter1.

Unfortunately, Rudy has not certified the Rydon for MIL-PRF-32432, the military specification for ballistic eyewear.

As you might expect, the Rydon have proven to be very durable. I’ve used them regularly over the past five years. I shoot in them, I crash bikes in them, and I’ve been punched in the face more times than I can count in them. They’re none the worse for wear. Certain lenses have minor scratches, but none that I notice when I’m actually wearing them. The frames themselves are like new. The rubber material does not absorb sweat and odors, which is a complaint I’ve heard of Oakley’s “unobtainium” rubber temples.

ImpactX

Rudy is well known for their ImpactX lenses. They describe it as being a “bullet-proof, transparent, and light-weight material capable of providing superior protection, reliability and longer lasting performance than polycarbonate”. It is what Apache windshield panels are made out of, which makes me feel good about myself2.

ImpactX is actually just Rudy-branded NXT. NXT is a variant of Trivex. I’m not sure what the difference is between NXT and Trivex. It may be that NXT is just a specific branding of Trivex. I do know that the Z87.1 impact protection that NXT/ImpactX claims is a property of the Trivex. Trivex gives equal protection.

Trivex is a polymer that was introduced as an alternative to polycarbonate. Traditionally, most safety glasses are made out of polycarbonate. When you get a prescription insert from Revision or ESS and have them fill the prescription, the lenses they’re putting in are polycarbonate. “Plutonite” is Oakley’s proprietary brand of polycarbonate. Trivex offers equal impact protection, but has a lower Abbe number than polycarbonate, which translates to superior optical quality.

Trivex is slightly more expensive (polycarbonate costs ~$40, Trivex ~$50). Trivex also has a slightly lower refractive index, which translates to Trivex prescription lenses being slightly thicker than polycarbonate. But Trivex has a lower specific gravity, so the Trivex lenses will be slightly lighter than the equivalent polycarbonate, despite the added thickness.

There’s nothing rare or special about Trivex. Everyone does it. You can bring any set of frames into any optometry office and tell them you want to put Trivex lenses in it. As long as your prescription fits the frame, they can do it. The resulting lenses will meet or exceed Z87.1, even though your optometrist likely isn’t going to get them certified for the Z87.1 stamp.

Photochromic

The ImpactX lenses, in addition to offering impact protection, are also photochromic. Photochromic lenses darken when exposed to ultraviolet radiation. Having a clear lens in a pair of safety glasses is critical for indoor work, and being able to use the same lenses as sunglasses outdoors keeps the overall price down. It is also helpful for transitions. If you start out in the sun and then go inside, or the clouds roll in or the sun sets, your optics quickly respond without you needing to take time to remove the glasses or swap lenses.

When I first purchased the Rydon system, one of the lenses I included was the ImpactX photochromic clear-to-black. This is a neutral lens that offered 18-78% light transmission. A few months ago, I purchased Rudy’s ImpactX-2 photochromic clear-to-black lenses. These offer 9-74% light transmission. In addition to the change in light transmission, ImpactX-2 also reacts faster and is supposed to respond slightly better to non-UV light3.

Other Lenses

While the ImpactX lenses are the only offerings from Rudy with the Z87.1 stamp, the company does offer some other lens options.

Rudy’s Polar 3FX is their polarized lens solution. Polarized lenses reduce glare, which is useful on water and snow. I have a pair of Polar 3FX brown lenses. At 15% light transmission, these offer about the same protection as my old Julbo Micropore glacier glasses. They’re a great supplement to the ImpactX photochromic lenses, and are light enough that I am happy to carry them as a secondary option on backpacking trips for use above the tree line.

The third lens I went with is what Rudy calls Racing Red. These are a high contrast red lens with 28% light transmission. A contrast lens in something like red or yellow is a great option for hazy days when it isn’t bright out and you don’t want much light reduction, but you find yourself squinting from the glare4.

Of the three lenses (or four, since I now have two of the photochromic clear-to-black lenses), I use the Racing Red least of all. They’re great in certain conditions, but the ImpactX(-2) lenses work well in all conditions, so I find that I can just leave them in the frame all the time and never think about it. Plus, Z87.1.

Prescription

Rudy has a few options for people who need prescription lenses. The option that I’ve gone for is the Optical Insert. I used a similar setup back in the day with Revision Sawfly eyewear and their insert, but I think Rudy does it better. While this kind of dual lens system does result in a slight degradation of optical quality, it means that you only pay for the prescription once. Being able to purchase multiple non-prescription lenses that sit in front of the prescription lens is the only thing that makes this kind of multi-lens system tenable.

Rudy offers two different carrier styles: a full metal frame and a “rimless” option.

When I first purchased the Rydon system I went with the full metal frame. It has served well over the years. Like the Rydon frame, it still functions like new. Occasionally a punch in the face will cause the insert to be knocked out of the Rydon, but that hasn’t caused any damage to the carrier, and it only takes a second to pop it back in.

This past spring, when I bought the new ImpactX-2 lenses, I also wanted to purchase another carrier to have my new prescription put in it. This time around I tried the “rimless” model. The “rimless” carrier is not actually rimless: the lenses are held in place by a thin wire that goes around the circumference of each lens. This can result in a thicker lens. With a rimless carrier, the lens need a groove cut into it to accept the wire. Prescription lenses are thinnest on the inside (near the nose) and thickest on the outside. If your prescription is weak enough that the outside of the lens is not already thick enough for the groove to be cut, the thickness will need to be increased.

I’ve not found that the lenses in my rimless carrier appear any thicker than the ones in my old carrier, but that’s something that you may want to keep in mind when deciding between the two carrier options.

When you’ve received the carrier, you can take it to any optometrist to have your prescription lenses filled. Finding an optometrist who has some experience with this kind of setup – whether they are actually a Rudy dealer or offer some other sport brand with an insert system – will like behoove you. With my first pair, I used a Rudy dealer. The optometrist that I used when filling the new carriers this year was not a Rudy dealer, nor had they ever dealt with something like this before. However, they actually grind their lenses in house, which is something I’ve never seen before. When placing the order I was able to talk with the lab manager who would actually be making the lenses, which gave me confidence that I wouldn’t be wasting my money5.

For the prescription lenses, I went with polycarbonate. With a dual lens system like this, both weight and thickness are a concern. While Trivex would have been lighter, we decided that the thinner polycarbonate would be better suited for my prescription. The polycarbonate prescription lenses would be behind the Rydon’s ImpactX(/NXT/Trivex) lenses, so I don’t have much concern about the lower impact resistance.

This time around I went with an anti-fog coating, which I did not have previously. While it was rarely ever an issue, I did occasionally experience fogging with the old lenses. It usually happens when walking into a sweaty gym when it is cold and dry outside. It’s not really the time of year for me to be able to evaluate if the anti-fog coating is doing anything on the new lenses.

I think an anti-glare coating on the prescription lens is unnecessary. The tinted Rydon lenses should take care of that problem whenever necessary.

I did also go with an edge polish on the new prescription lenses. Previously I opted to forgo that option with the old metal carriers, but with the rimless carrier I thought that it would help maintain a lower profile look – both from the outside looking in and the inside looking out. I think it was a smart decision.

Notes

  1. Personally, I think that wearing sunglasses which are not Z87.1 rated is stupid and a waste of money, outside of certain specialty requirements. Eyes are important. You can't fight what you can't see, unless you are a time travelling samurai.
  2. When you get down to it, why wouldn't you protect your eyeballs with the same technology used in gunships?
  3. Traditionally, one of the shortcomings of photochromic lenses is that they don't work well in cars. Windshields filter UV light. ImpactX-2 is supposed to handle that a little better. I can't comment on that -- I spend very little time in cars.
  4. I also believe that having a contrast lens that you can wear when it isn't necessarily bright enough for normal sunglasses is useful to combat color-based advertising intended to condition us to better suit our extraterrestrial overlords.
  5. With most optometrists you end up dealing with the people who sell lenses. Talking to someone who actually makes the things lets you dip into a different knowledge base.

Geoff Manaugh discusses the deception and misdirection of robot vision.

Starting with the recent Tesla crash caused by the car’s inability to discern the tractor against the bright sky, Geoff discusses how the spread of robots may force us to rebuild our environment – either to support their perceptual systems or hinder them. It’s an interesting idea to ponder, particularly within the context of the rise of drones. Readers of Daniel Suarez can sleep easier at night knowing that razorbacks can probably be defeated with a few mirrors and rubber.

One possible line of defense—among many, of course—would be to redesign your city, even down to the interior of your own home, such that machine vision is constantly confused there. You thus rebuild the world using light-absorbing fabrics and reflective ornament, installing projections and mirrors, screens and smoke. Or “stealth objects” and radar-baffling architectural geometries. A military robot wheeling its way into your home thus simply gets lost there, stuck in a labyrinth of perceptual convolution and reflection-implied rooms that don’t exist.

Breaking News

In the past I’ve struggled to find a way to be alerted to breaking news, were “breaking news” is defined as things that matter1.

For some time, Scanner Radio Pro was my preferred solution. The Android application uses Broadcastify to stream feeds of police and EMS radio (among other sources). While a police scanner is always a good thing to have, the application is relevant here because of its notification support. It will push notifications when a channel has a certain number of users listening to it. The application default threshold is 3500 listeners for all channels, but it also allows you to configure per-channel thresholds. I set the threshold to 200 listeners for San Francisco police and EMS channels. I also have the threshold set to 200 for any station within 50 miles of my current location. Those two are redundant when I’m in San Francisco, but it means that if I’m travelling I’ll receive alerts for wherever I am, and I’ll be able to stay up to date on what’s happening back in the city.

The alerts simply tell me that a large number of people are listening to a certain channel, which indicates that something is probably going on in that location. It doesn’t tell me what is happening, but prompts me to figure that out for myself. When the shooting started in Dallas a couple weeks ago, I was alerted immediately that something was happening due to the unusually high number of people listening to the Dallas PD channel. When I saw that, I performed a quick search for Dallas news and discovered the reason.

I’ve had good success with these alerts. It has worked well for shootings like in Dallas. The alerts kept me informed of disruptions in the area this past winter when the Super Bowl was in town. Unfortunately, most of the Broadcastify feeds and listeners are US-focused, so it tends not to help with events outside of the country. There were no alerts for the attack in Nice, France.

More recently I’ve begun supplementing Scanner Radio Pro with the conveniently named Breaking News. They are basically a modern wire service, collating data from traditional news sources, social media channels like Twitter, and direct user submissions. Human editors manage the service, which does seem to take care of some of the cruft. Events are grouped into topics, and topics can be muted or subscribed to. Their mobile application supports push notifications for global major stories, as well as stories based on geographic proximity to the device’s current location.

I’ve noticed that the application does have an impact on my battery (even with the “battery saver” option enabled), but I think it’s worth it for the service provided. They provide alerts for a wider breadth of topics than the police scanner, and provide immediate context for the alert. If they provide an alert for an event that I don’t care about, I can mute the topic and never hear about it again. It’s rare that I need to do this, as they seem judicious in their use of push notifications.

Scanner Radio Pro and the Breaking News application live on the home screen of my phone in a directory labelled “Intelligence”. Along with applications like Flightradar24 and Marine Traffic (like Flightradar24 but for boats), they help provide context for and build awareness of the world around me.

Notes

  1. Not celebrities. Not sports.

Currently reading Musashi by Eiji Yoshikawa.

The book presents a fictionalized portrait of the life of Miyamoto Musashi. It is an epic novel, exploring the development of many of the concepts and themes which Musashi codified at the end of his life in The Book of Five Rings.

Musashi Miyamoto with two Bokken

I don't always do jits.

But when I do, I shank the other guy first. Spending the weekend with Cecil for IAJJ.

Train

Cryptographic Identity

Despite its shortcomings, I think PGP is still one of the better ways to verify a person’s identity. Because of this – and because I use my PGP key daily1 – I make an effort to properly secure my private key. Verifying a PGP key is a fairly straightforward process for fellow PGP users, and my hope is that anyone who does verify my key can maintain a high confidence in its signature.

However, I also use other cryptographic channels to communicate – XMPP/OTR and Signal chief among them. I consider these keys more transient than PGP. The OTR keys on my computer are backed up because it takes no effort to do so, but I have no qualms about creating new ones if I feel like it. I don’t bother to port the same keys to other devices, like my phone. My Signal key is guaranteed to change anytime I rebuild or replace my phone. Given the nature of these keys and how I handle them, I don’t expect others to put the same amount of effort into verifying their fingerprints.

The solution to this is to maintain a simple text file, signed via PGP, containing the fingerprints of my other keys. With a copy of the file and a trusted copy of my public PGP key, anyone can verify my identity on other networks or communication channels. If a key is replaced, I simply add the new fingerprint to the file, sign it and distribute. Contacts download the file, check its signature, and thus easily trust the new fingerprint without additional rigmarole.

The first examples of this that I saw were from Yan and Tom Lowenthal. I thought it seemed like a great idea and began to maintain a file with a list of examples whenever I stumbled across then, with a note that I should do that someday2.

Today I decided to stop procrastinating on this and create my own identity file. It is located at pig-monkey.com/id.txt. The file, along with the rest of this website, is in git so that changes to it may be tracked over time.

Inspired by some of the examples I had collected, I added a couple pieces of related information to the file. The section on PGP key signing should provide others some context for what it means when they see my signature on a different key. Even if no one cares, I found it useful to enunciate the policy simply to clear up my own thinking about what the different certification levels should mean. Finally, the section on key management gives others a rough idea about how I manage my key, which should help them to maintain their confidence in it. If I verify that someone’s identity and fingerprint match their key, I will have high confidence in its signature initially. But if I know that the person keeps their secret key on their daily driver machine without any additional effort to protect it, my confidence in it will degrade over time. Less so if I know that they take great care and handling in their key’s protection.

A file like this should also provide a good mechanism for creating a transition and revocation statement for my PGP key, should the need arise. One hopes that it does not.

Notes

  1. Realistically, I use PGP multiple times per hour when I'm on my computer.
  2. Since I began my list, Keybase has become a thing. It addresses a similar problem, although seems to promote using services like Twitter as the root of trust. Assuming that you want to stubbornly stick with a PGP key as the root of trust, I don't see the advantage of using Keybase for this problem, except that it offers a centralized lookup repository.

Lately I've had trouble finding prepaid debit cards in denominations greater than $50.

It’s 2016, and stuffing cash in an envelope and mailing it to a small island nation is sometimes still the best way to move money with some degree of privacy.

This is not the cyberpunk dystopia I was promised.

I treat myself to a new laptop every three or four years.

A few weeks ago I bought a Lenovo Thinkpad X260, replacing the T430s that has been my daily driver since 2012. I’m a big fan of the simplicity, ruggedness and modularity of Thinkpads. It used to be that one of the only downsides to Thinkpads were the terrible screens, but that has been addressed by the X260’s FHD display. The high resolution let me move from the 14” display of the T430s to the 12.5” display of the X260 without feeling like I’ve lost anything, but with an obvious gain in portability. The X260 is a great machine to put Linux on, which Spark helps me to do with no effort and a minimum expenditure of time.

Thinkpad X260

A Bug Out Stuff Sack

I have a pretty thorough setup with my every day carry. Between the level 1 items on my body and the level 2 items in my pack, I have all the tools that I think I may need. This limits the need for a bug out bag in my environment. Were I packing a bag to support running away from a disaster, it would largely duplicate what I carry every day. The difference is in shelter. Specifically, clothing.

Bug Out Stuff Sack

For the past few years, I’ve kept a bug out stuff sack instead of a bug out bag. The stuff sack contains clothes, which gives me what I need to leave in a hurry regardless of what I’m currently wearing. I keep a pair of merino wool boxer briefs, merino wool long underwear, a lightweight merino wool long sleeve shirt, quick-drying nylon pants, a Buff, merino wool and nylon blend socks, and a cotton bandana. The two non-clothing items in the stuff sack are a Tru-Nord compass and a silk escape map.

The map is from SplashMaps in the UK. It is a print of the OpenStreetMap for the San Francisco bay area at 1:40000 scale.

Conspicuously absent from the contents of the stuff sack is any sort of foul-weather gear. I don’t venture outside without a hardshell jacket in my pack, even here in drought-stricken California. I also generally will have some sort of insulating layer already in my pack, making that an uncessary addition to the stuff sack.

The stuff sack I went with is a Sea To Summit 8L Big River. This is a much heavier stuff sack than any of those I use backpacking. When I was deciding on the stuff sack for this project, I knew I wanted something that I would be comfortable running outside of a pack. The 420 denier nylon on the Big River is more abrasion resistant than any of my cuben or sil-nylon stuff sacks, and the Big River also includes Hypalon lash points on either side of the bag to assist when securing it. When I’m carrying a larger pack, like the FAST Pack EDC, these points are moot since I can just toss the stuff sack into the pack on the way out the door. However, if I’m using something smaller, like the FAST Pack Litespeed, the pack may already be close to full. With the Big River I’m able to quickly and easily lash the stuff sack to the bottom of the pack, without taking time rearranging the inside of the pack in an attempt to make more room.

Bug Out Stuff Sack

The stuff sack hangs on a hook on my wall, immediately next to the door. My pack and footwear stay underneath on the floor when I’m home. Keeping these items in the same spot means that I can grab them and be out the door in a short count of seconds. Also hanging in this area are my gloves and helmet, which are necessary when leaving on a bike (certainly the best bug out vehicle for a city). I also leave a hat, insulating jacket, and rain jacket hanging in this area. These items should already be in my pack, but leaving duplicates here allows me to easily grab them on my way out if needed. The last item in this area, hanging on the same hook as the stuff sack, is a small bag with documents that I may want when leaving in a hurry.

I keep a stuff sack at my desk at work with all the same things in it. Since I only have one of the silk maps from SplashMaps, the stuff sack at work instead has a few USGS quads of the area printed on glow in the dark onion skin paper. I buy these from zdw on eBay.

Currently reading The Black Banners by Ali Soufan.

In his decade at the FBI, Soufan developed an expertise in al-Qadea, investigating the Kenyan embassy bombing, Jordan millennium pole, attack on the USS Cole, and the September 11th attacks. The book is a history of al-Qaeda, beginning with the Soviet invasion of Afghanistan, as well as a memoir of the author’s experience investigating the organization. It is a well-written, intriguing read that offers a different insight into familiar stories. I was inspired to read it after subscribing to the The Soufan Group‘s daily IntelBriefs and have not been disappointed.

I celebrated World Backup Day by increasing the resiliency of data in my life.

Four encrypted 2TB hard drives, stored in a Pelican 1200, with Abloy Protec2 PL 321 padlocks as tamper-evident seals. Having everything that matters stored in git-annex makes projects like this simple: just clone the repositories, define the preferred content expressions, and watch the magic happen.

Cold Storage

Isolating Chrome Apps with Firejail

Despite its terse man page, Chromium provides a large number of command-line options. One of these is app-id, which tells Chromium to directly launch a specific Chrome App. Combined with the isolation provided by Firejail, this makes using Chrome Apps a much more enjoyable experience.

For instance, I use the Signal Desktop app. When I received the beta invite, I created a new directory to act as the home directory for the sandbox that would run the app.

$ mkdir -p ~/.chromium-apps/signal

I then launched a sandboxed browser using that directory and installed the app.

$ firejail --private=~/.chromium-apps/signal /usr/bin/chromium

After the app was installed, I added an alias to my zsh configuration to launch the app directly.

alias signal="firejail --private=~/.chromium-apps/signal /usr/bin/chromium --app-id=bikioccmkafdpakkkcpdbppfkghcmihk"

To launch the application I can now simply run signal, just as if it was a normal desktop application. I don’t have to worry about it accessing private information, or even care that it is actually running on Chromium underneath. I use this method daily for a number of different Chrome Apps, all in different isolated directories in ~/.chromium-apps. As someone who is not a normal Chromium user, it makes the prospect of running a Chrome App much more attractive.

I've been carrying the PHLster Flatpack Tourniquet Carrier for about a month.

It’s the first solution I’ve found that allows me to carry a SOFTT-W on-body, comfortably and unobtrusively. The Flatpack prevents the need to resort to a secondary tourniquet for first line carry, which makes it a valuable supplement to any EDC. BFE Labs offers an overview of the product in their first look.

PHLster Flatpack

Russia's latest spyplane is broadcasting its flight home from Syria.

The Aviationist pointed out that the plane had its ADS-B transponder on, allowing it to be tracked on Flightradar24. The Tu-214R also broadcast its deployment to Syria on the 15th.

LX9203 flight path

An older article on The Aviationist discusses the impact of ADS-B and MLAT tracking on military craft. Somewhat related is a recent Defense One article on using commercial satellite imagery to identify airstrip expansion.

I stopped worrying and embraced the security freeze.

A credit security freeze denies access to your credit file. I first learned about it last summer from Brian Krebs, but didn’t implement it until a couple months later. It took me about 45 minutes and $20 to activate the freeze with the five major credit bureaus. This goes a long way to reducing the threat of identify theft, with very little energy expenditure required. A proactive defense is superior to reactive monitoring services. If you need your credit pulled monthly or more frequently, constantly freezing and unfreezing your file would probably be an annoying inconvenience. For the rest of us, I’m not sure if there is any good reason not to enable the freeze.

I use BRouter for offline bicycle navigation.

BRouter is open source navigation software built on OpenStreetMap, intended primarily for bicycle routing. It offers both web and Android versions. The Android version calculates routes as GPX tracks, which are then fed into a mapping application. My preferred OpenStreetMap application, OsmAnd, supports BRouter as its navigation back-end. OsmAnd allows me to configure the frequency, repetition and units of instructions. I use Ivona TTS with the UK voice, which I think sounds more natural than either the Ivona US voice or Google’s TTS offerings. In sum, this gives me accurate, offline navigation, tuned to my method of travel, anywhere on the planet, with superior maps to traditional commercial offerings.

OsmAnd / BRouter

Carry a towel and don’t panic.

Firewarden

I’ve previously mentioned the Firejail sandbox program. It’s an incredibly useful tool. I use it to jail pretty much all the things. Over the past six months, I’ve found that one of my primary use cases for Firejail is to create private, temporary sandboxes which can be destroyed upon closure. I wrote Firewarden, a simple wrapper script around Firejail, to reduce the keystrokes needed for this type of use.

Disposable Browsers

Prepend any program with firewarden and it will launch the program inside a private Firejail sandbox. I use Firewarden to launch disposable Chromium instances dozens of times per day. When the program passed to Firewarden is chromium or google-chrome, Firewarden will add the appropriate options to the browser to prevent the first run greeting, disable the default browser check, and prevent the WebRTC IP leak. The following two commands are equivalent:

$ firejail --private chromium --no-first-run --no-default-browser-check --enforce-webrtc-ip-permission-check
$ firewarden chromium

Firewarden also provides a few options to request a more restricted Firejail sandbox. For instance, you may want to open a URL in Chromium, but also use an isolated network namespace and create a new /dev directory (which has the effect of disabling access to webcams, speakers and microphones). The following two commands are equivalent:

$ firejail --private --net=enp0s25 --netfilter --private-dev chromium --no-first-run --no-default-browser-check --enforce-webrtc-ip-permission-check https://example.org
$ firewarden -d -i chromium https://example.org

In this example, Firewarden used NetworkManager to discover that enp0s25 was the first connected device, so it used that for the network namespace.

Local Files

Firewarden isn’t just useful for browsers. It can be used with any program, but my other major use case is safely viewing local files. File types like PDF and JPG can include malicious code and are a primary vector for malware. I use zathura as my PDF reader, which is a simple and lightweight viewer that doesn’t include anywhere near the number of potential vulnerabilities as something like Adobe Acrobat, but I still think it prudent to take extra precautions when viewing PDF files downloaded from the internet.

If Firewarden thinks the final argument is a local file, it will create a new directory in /tmp, copy the file into it, and launch the program in a sandbox using the new temporary directory as the user home directory1. Firewarden will also default to creating a new /dev directory when viewing local files, as well as disabling network access (thus preventing a malicious file from phoning home). When the program has closed, Firewarden removes the temporary directory and its contents

$ firewarden zathura notatrap.pdf

The above command is the equivalent of:

$ export now=`date --iso-8601=s`
$ mkdir -p /tmp/$USER/firewarden/$now
$ cp notatrap.pdf /tmp/$USER/firewarden/$now/
$ firejail --net=none --private-dev --private=/tmp/$USER/firewarden/$now zathura notatrap.pdf
$ rm -r /tmp/$USER/firewarden/$now

I use this functionality numerous times throughout the day. I also include Firewarden in my mailcap, which goes a long way to reducing the dangers of email attachments.

Firewarden doesn’t add any new functionality to Firejail, but it does make it easier to take advantage of some of the great features that Firejail provides. Check it out if you’re interested in reducing the keystrokes required to Jail All The Things™.

Notes

  1. This is similar to using Firejail's old --private-home option, which was removed in 0.9.38. However, that option was limited to files in the user's home directory. It couldn't be easily used with a file from a USB drive mounted at /media/usb, for instance.

Watch the Sky

I learned about Flighradar24 last year. They offer a live flight radar, using data provided by ADS-B on top of Google Maps.

Immediately after the San Bernadino shooting in December, a Cessna 182 with the registration number N404KR flew circles around the area for hours. This plane is registered to OBR Leasing, which is one of the shell companies the FBI uses for surveillance. The ability to observe these types of flights is interesting, and sometimes useful.

The airspace above San Francisco is usually fairly dead. From what I’ve seen, most commercial jets heading in and out of SFO or OAK avoid flying directly over the city. This week I’ve been watching the radar more frequently than usual. With the Super Bowl in town, I assumed there would be more interesting traffic. I use the radar to look for suspicious flights, which to me means smaller craft with circular paths.

N2462G flight path

N2462G has what must be a mind-numbingly boring job. Every day, the Cessna 206 takes off from the Concord area (possibly Buchanan) and flies circles around the Embarcadero and Treasure Island. The aircraft is registered to an aerial sports broadcasting company, so I assume they’re just shooting footage of Super Bowl City.

More interesting are the government flights. Today during lunch I watched N6241L. The Beech Super King took off from Mountain View, flew up the coast, and made circles around the Golden Gate. A quick search showed this to be registered to the Department of Homeland Security. The radar isn’t limited to fixed wing craft. N3933A, a Eurocopter Squirrel also registered to DHS, was flying down the coast at about the same time.

N6241L flight path

There are of course flights that don’t show up on the radar, but the service provides an idea of what’s going on in the sky. I think the Android application is a good buy. Combined with a police scanner, you can begin to turn a smartphone into a mobile intelligence gathering toolkit. It is useful for locating excitement, whether you’re trying to avoid it, get into it, or just be aware of it.

Using Network Trust

Work continues on Spark, my Arch Linux provisioning system. As the project has progressed, it has created some useful tools that I’ve spun off into their own projects. One of those is nmtrust.

The idea is simple. As laptop users, we frequently connect our machines to a variety of networks. Some of those networks we trust, others we don’t. I trust my home and work networks because I administer both of them. I don’t trust networks at cafes, hotels or airports, but sometimes I still want to use them. There are certain services I want to run when connected to trusted networks: mail syncing, file syncing, online backups, instant messaging and the like. I don’t want to run these on untrusted networks, either out of concern over the potential leak of private information or simply to keep my network footprint small.

The solution is equally simple. I use NetworkManager to manage networks. NetworkManager creates a profile for every network connection. Every profile is assigned a UUID. I can decide which networks I want to trust, lookup their UUID with nmcli conn, and put those strings into a file somewhere. I keep them in /usr/local/etc/trusted_networks.

nmtrust is a small shell script which gets the UUIDs of all the active connections from NetworkManager and compares them to those in the trusted network file. It returns a different exit code depending on what it finds: 0 if all connections are trusted, 3 if one or more connections are untrusted, and 4 if there are no active connections.

This makes it extremely easy to write a script that executes nmtrust and takes certain action based on the exit code. For example, you may have a network backup script netbackup.sh that is executed every hour by cron. However, you only want the script to run when you are connected to a network that you trust.

1
2
3
4
5
6
7
8
9
#!/bin/sh

# Execute nmtrust
nmtrust

# Execute backups if the current connection(s) are trusted.
if [ $? -eq 0 ]; then
    netbackup.sh
fi

On machines running systemd, most of the things that you want to start and stop based on the network are probably described by units. ttoggle is another small shell script which uses nmtrust to start and stop these units. The units that should only be run on trusted networks are placed into another file. I keep them in /usr/local/etc/trusted_units. ttoggle executes nmtrust and starts or stops everything in the trusted unit file based on the result.

For example, I have a timer mailsync.timer that periodically sends and receives my mail. I only want to run this on trusted networks, so I place it in the trusted unit file. If ttoggle is executed when I’m connected to a trusted network, it will start the timer. If it is run when I’m on an untrusted network or offline, it will stop the timer, ensuring my machine makes no connection to my IMAP or SMTP servers.

These scripts are easy to use, but they really should be automated so that nobody has to think about them. Fortunately, NetworkManager provides a dispatcher framework that we can hook into. When installed, the dispatcher will execute ttoggle whenever a connection is activated or deactivated.

The result of all of this is that trusted units are automatically started whenever all active network connections are trusted. Any other time, the trusted units are stopped. I can connect to shady public wifi without worrying about network services that may compromise my privacy running in the background. I can connect to my normal networks without needing to remember to start mail syncing, backups, etc.

All of this is baked in to Spark, but it’s really just two short shell scripts and a NetworkManager dispatcher. It provides a flexible framework to help preserve privacy that is fairly easy to use. If you use NetworkManager, try it out.

A Personal Micro-Cut Shredder

I purchased the AmazonBasics 8-Sheet Micro-Cut Shredder a few months ago. For the price I think it’s a good buy. The CD shredding is a bit of a joke (use scissors), but it handles paper and cards admirably, cutting them into 4mm x 12mm pieces that will foil the casual antagonist. The 8-sheet capacity, compact size, and low cost make it a good choice for personal document filing. Tis the season.

Micro-Cut Shredder

A Tradecraft Primer

The CIA’s A Tradecraft Primer is a brief introduction to critical thinking and structured analysis. Its techniques are not limited to intelligence, but instead are applicable to any field where the bias of preconceived notions may cause harm. Its short length makes it a worthwhile read – I read it in a little over an hour while waiting for a plane – particularly as an adjunct to publications like Red Team Journal.

A Tradecraft Primer