Brian Krebs’ recent experience highlights PayPal’s insecurity. The convenience and ease of use of PayPal give them a wide customer base, but their inherent untrustworthiness has long been reason for concern. For as long as I’ve used the service, I’ve been concerned about external attacks, like what Krebs experienced, as well as the internal threat – PayPal themselves have a history of freezing and diverting their users’ funds. Both of these concerns can be addressed via a proxy bank.
In 2008 I opened an online checking account with a new bank, completely separate from the financial institutions I normally use. The account has no “overdraft protection” or any line of credit. As with my PayPal account, I keep no money in the checking account. This checking account is the only account I associate with PayPal. When I want to make a purchase via PayPal, I transfer the needed funds from my primary financial institution to the checking account at the proxy bank. Since banks still subscribe to the archaic notion of “business days”, this transfer can sometime take up to week, but more frequently completes within 2-3 days.
The brief wait period is acceptable to me (it certainly reduces the ability to impulse buy) and gives me a level of security that otherwise cannot be achieved with PayPal. If someone breaks into my PayPal account, there’s nothing for them to steal. Even PayPal themselves have limited ability to steal funds. If an attacker is lucky, they may gain access to the account when I’m transferring funds in preparation for a purchase. My PayPal transactions are typically low-value, so at most this lucky attacker will acquire $100 or so. That’s an acceptable risk for the convenience of PayPal.
In the past I used this multilayer approach for all online purchases. A debit card from a proxy checking account at a different bank with no access to my primary accounts was the only thing I would use to make online purchases. When the account was compromised, the wait period for a new card wasn’t the inconvenience it normally is, since it had no impact on my day-to-day spending with my primary accounts. I think this type of security is required for shopping online, but responsible use of a credit card can offer acceptable protection for non-PayPal transactions without the hassle of a proxy account.
Arch has been my Linux distribution of choice for the past 5 years or so. It’s a fairly simple and versatile distribution that leaves most choices up the user, and then gets out of your way. Although I think it makes for a better end experience, the Arch Way does mean that it takes a bit more time to get a working desktop environment up and running.
At work I use Ansible to automate the provisioning of FreeBSD servers. It makes life easier by not only automating the provisioning of machines, but also by serving as reference documentation for The One True Way™. After a short time using Ansible to build servers, the idea of creating an Ansible playbook to provision my Arch desktop became attractive: I could pop a new drive into a machine, perform a basic Arch install, run the Ansible playbook and, in a very short period of time, have a fresh working environment – all without needing to worry about recalling arcane system configuration or which obscure packages I want installed. I found a few projects out there that had this same goal, but none that did things in the way I wanted them done. So I built my own.
Spark is an Ansible playbook meant to provision a personal machine running Arch Linux. It is intended to run locally on a fresh Arch install (ie, taking the place of any post-installation), but due to Ansible’s idempotent nature it may also be run on top of an already configured machine.
My machine is a Thinkpad, so Spark includes some tasks which are specific to laptops in general and others which only apply to Thinkpads. These tasks are tagged and isolated into their own roles, making it easy to use Spark to build desktops on other hardware. A community-contributed Macbook role exists to support Apple hardware. In fact, everything is tagged, and most of the user-specific stuff is accomplished with variables. The idea being that if you agree with my basic assumptions about what a desktop environment should be, you can use Spark to build your machine without editing much outside of the variables and perhaps the playbook.
The roles gather tasks into logical groups, and the tasks themselves are fairly simple. A quick skim through the repository will provide an understanding of everything Spark will do a matter of minutes. Basically: a simple i3 desktop environment, with GUI programs limited to web browsers and a few media and office applications (like GIMP and LibreOffice), everything else in the terminal, most network applications jailed with Firejail, and all the annoying laptop tasks like lid closure events and battery management automated away. If you’re familiar with my dotfiles, there won’t be any surprises.
Included in Spark is a file which describes how I install Arch. It is extremely brief, but provides everything needed to perform a basic installation – including full disk encryption with encrypted /boot – which can then be filled out with Ansible. I literally copy/paste from the doc when installing Arch. It takes about 15 minutes to complete the installation. Running Ansible after that takes about an hour, but requires no interaction after entering a passphrase for the SSH key used to clone the dotfiles. Combined with backups of the data in my home dir, this allows me to go from zero to hero in less than a couple hours without needing to really think about it.
If you use Arch, fork the repository and try it out.
Shirley’s cyberpunk magnum opus tells the story of a private security company attempting to use the distraction of a third world war to impose fascism across the United States and Europe, and the guerrillas who resist them. Although first published in the 1980s, the omnibus edition was refreshed by the author for publication in 2012, which gives it the feel of taking place 20 minutes into the future.
The Pelican 1060 plus pre-cut foam from eBay makes for compact and environmentally secure battery storage. The foam I bought has 10 holes for AAA batteries and 40 holes for CR123 and AA batteries.
This holds the CR123 batteries I keep on hand to feed devices and all of my spare AA/AAA Eneloops.
A diameter of 1.65 mm puts it in the same neighborhood as Type I Paracord, but with a little over twice the tensile strength. It fits through more eyelets than the typical Type III Paracord, making it appropriate for a wider range of footwear. It holds knots well, will pop through zip-ties in a jiffy, and the inner Kevlar can be broken down into three strands. I buy it from TwinLine.
The web browser is one of our computers’ primary means of interaction with the unwashed mashes. Combined with the unfortunately large attack surface of modern browsers, this makes a sandbox which does not depend on the browser itself an attractive idea.
Firejail is a simple, lightweight sandbox that uses linux namespaces to prevent programs from accessing things they do not need.
Firejail ships with default profiles for Firefox and Chromium. These profiles drop capabilities, filter syscalls, and prevent access to common directories like /sbin, ~/.gnupg and ~/.ssh. This is a good start, but I see little reason to give the browser access to much of anything in my home directory.
The --private flag instructs Firejail to mount a new user home directory in a temporary filesystem. The directory is empty and all changes are discarded when the sandbox is closed – think of it as a more effective private browsing or incognito mode that also resets your browser to factory defaults.
$ firejail --private firefox
A more useful option for normal browsing is to specify a directory that Firejail should use as the user home. This allows you to keep a consistent browser profile and downloads directory, but still prevents the browser from accessing anything else in the normal user home.
This is the method I default to for my browsing. I’ve created my own Firejail profile for Firefox at ~/.config/firejail/firefix.profile which implements this.
The only inconvenience I’ve discovered with this is that linking my Vimperator configuration files into the directory from my dotfiles repository creates a dangling link from the perspective of anything running within the jail. Since it cannot access my real home directory, it cannot see the link target in the ~/.dotfiles directory. I have to copy the configuration files into ~/firefox and then manually keep them in sync. I modify these files infrequently enough that for me this is worth the trade-off.
The temporary filesystem provided by --private is still useful when accessing websites that are especially sensitive (such as a financial institution) or especially shady. In my normal browser profiles, I have a number of extensions installed that block ads, disable scripts, etc. If these extensions completely break a website, and I don’t want to take the time to figure out which of the dozens of things I’m blocking are required for the website to function, I’ll just spin up a sandboxed browser with the --private flag, comfortable in the knowledge that whatever dirty scripts the site is running are limited in their ability to harm me.
I perform something like 90% of my web browsing in Firefox, but use Chromium for various tasks throughout the day. Both run in Firejail sandboxes, helping to keep me safe when surfing the information superhighway. Other programs, like torrent applications and PDF readers, also make good candidates for running within Firejail.
A GPS track provides useful a useful log of physical activities. Beyond simply recording a route, the series of coordinate and time mappings allow statistics like distance, speed, elevation, and time to be calculated. I recently decided that I wanted to start recording this information, but I was not interested in any of the plethora of social, cloud-based services that are hip these days. A simple GPX track gives me all the information I care about, and I don’t have a strong desire to share them with a third party provider or a social network.
Recording Tracks
The discovery of GPSLogger is what made me excited to start this project. A simple but powerful Android application, GPSLogger will log to a number of different formats and, when a track is complete, automatically distribute it. This can be done by uploading the file to a storage provider, emailing it, or posting it to a custom URL. It always logs in metric units but optionally displays in Imperial.
What makes GPSLogger really stand out are its performance features. It allows very fine-grained control over GPS use, which allows tracks to be recorded for extended periods of times (such as days) with a negligible impact on battery usage.
For activities like running, shorter hikes and bicycle rides I tend to err on the side of accuracy. I set GPSLogger to log a coordinate every 10 seconds, with a minimum distance of 5 meters between points and a minimum accuracy of 10 meters. It will try to get a fix for 120 seconds before timing out, and attempt to meet the accuracy requirement for 60 seconds before giving up.
For a longer day-hike, the time between points could be increased to something in the neighborhood of 60 seconds. For a multi-day backpacking trip, a setting of 10 minutes or more would still provide great enough accuracy to make for a useful record of the route. I’ve found that being able to control these settings really opens up a lot of tracking possibilities that I would otherwise not consider for fear of battery drain.
Storing Tracks
After a track has been recorded, I transfer it to my computer and store it with git-annex.
Everything in my home directory that is not a temporary file is stored either in git or git-annex. By keeping my tracks in an annex rather than directly in git, I can take advantage of git-annex’s powerful metadata support. GPSLogger automatically names tracks with a time stamp, but the annex for my tracks is also configured to automatically set the year and month when adding files.
$ cd ~/tracks
$ git config annex.genmetadata true
After moving a track into the annex, I’ll tag it with a custom activity field, with values like run, hike, or bike.
I also find it useful to tag tracks with a gross location value so that I can get an idea of where they were recorded without loading them on a map. Counties tend to work well for this.
One could also use fields to store location values such as National Park, National Forest or Wilderness Area.
Metadata Views
The reason for storing metadata is the ability to use metadata driven views. This allows me to alter the directory structure of the annex based on the metadata. For instance, I can tell git-annex to show me all tracks grouped by year followed by activity.
$ git annex view "year=*""activity=*"
$ tree -d
.
└── 2015
├── bike
├── hike
└── run
Or, I could ask to see all the runs I went on this July.
$ git annex view year=2015month=07activity=run
I’ve found this to be a super powerful tool. It gives me the simplicity and flexibility of storing the tracks as plain-text on the filesystem, with some of the querying possibilities of a database. Its usefulness is only limited by the metadata stored.
Viewing Tracks
For simple statistics, I’ll use the gpxinfo command provided by gpxpy. This gives me the basics of time, distance and speed, which is generally all I care about for something like a weekly run.
$ gpxinfo 20150725110839.gpx
File: 20150725110839.gpx
Length 2D: 6.081km
Length 3D: 6.123km
Moving time: 00:35:05
Stopped time: n/a
Max speed: 3.54m/s =12.74km/h
Total uphill: 96.50m
Total downhill: 130.50m
Started: 2015-07-25 18:08:45
Ended: 2015-07-25 18:43:50
Points: 188
Avg distance between points: 32.35m
Track #0, Segment #0
Length 2D: 6.081km
Length 3D: 6.123km
Moving time: 00:35:05
Stopped time: n/a
Max speed: 3.54m/s =12.74km/h
Total uphill: 96.50m
Total downhill: 130.50m
Started: 2015-07-25 18:08:45
Ended: 2015-07-25 18:43:50
Points: 188
Avg distance between points: 32.35m
For a more detailed inspection of the tracks, I opt for Viking. This allows me to load the tracks and view the route on a OpenStreetMap map (or any number of other map layers, such as USGS quads or Bing aerial photography). It includes all the detailed statistics you could care about extracting from a GPX track, including pretty charts of elevation, distance, time and speed.
If I want to view the track on my phone before I’ve transferred it to my computer, I’ll load it in either BackCountry Navigator or OsmAnd, depending on what kind of map layers I am interested in seeing. For simply viewing the statistics of a track on the phone, I go with GPS Visualizer (by the same author as GPSLogger).
