Sunday, May 13, 2018
It's only taken 5 months from concept to completion but it's done.
The Poc||GTFO skateboard has finally been for a spin.
It all started in January while searching charity shops for books which is something I do a lot. In an out of the way corner was a neglected deck once owned by Alex B. I don't know who he is but his name was Sharpie'd onto the trucks. The weather had been bad for skateboarding for a long time and the goal was to make a deck for riding in bad weather.
After a lot of work and some substantial purchases I created the deck you can see in the pictures. It's worth as much as my "good" deck but I'll still ride it on wet tarmac. That's what it was made to do.
So why the PoC||GTFO name?
PoC||GTFO AKA Proof of Concept or Get The F*** Out is a hacker publication. It's something I read to keep up to date with security stuff.
My concept was can I hack a cheap Amazon skateboard into something worth riding? I think I've proven that.
Having cruised my local park yesterday I can say that it's definitely a decent deck now that it's totally transformed. It's blisteringly fast too.
And the weather now it's finished?
It's good so I'm off for a cruise.
Saturday, April 14, 2018
They're usually pretty poor but I don't mind. I can usually get something from them. It's not just an image to me either. It's a picture sent over radio waves that I collect from a wire stretched along my back garden. I still get excited to see the picture forming on my computer screen. It's different every time. Even the same picture on a later transmission will have very different interference patterns overlaid. Maybe the WEFAX transmissions could be a source of entropy.
The other obvious benefit of these transmissions is to provide weather information. It's good too. Accurate and up-to-date, and talking of weather, it's changed significantly enough for me to start receiving WEFAX images.
That's how I know that Spring is truly here.
Sunday, February 25, 2018
While most people were contemplating what to wear on the way to the newsagent's this morning I was once again tinkering with crypto stuff.
The complex subject of air gapped computing was front and centre at 9am in my world. Unless you write your own OS in a Faraday cage then at some point, some part of your computer will have touched the internet. Getting the computer set up with the many updates you probably want for the new system and then pulling it offline is probably what most people do, but is that good enough? Many will argue that it isn't. There has to be a reasonably secure middle ground.
My solution is to power a Pi Zero W from my Pi Top and SSH into it via my phone acting as a wifi hotspot. In effect the Pi Zero W is connected to the internet but isn't accessing it. The only job it has to do is allow me access to the CLI so that I can use the on board hardware random number generator and then only over a secure connection.
If I sit in my Faraday cage of a car in the middle of nowhere especially with a dire cell tower signal I should be OK doing a couple of minutes work.
It's about as good as things are going to get in an ever increasingly connected world. All I need to do now is map cell tower dead spots.
Wish me luck with that one.
Sunday, February 11, 2018
Outside there are large cold flakes of snow falling to the ground but I don't care really.
Apart from the obligatory 3 mile walk this morning I've been inside all day getting stuff to work on the Pi Top. The Pi Top has a Raspberry Pi under the hood and it's running Ubuntu Mate. It's a decent OS for what I need it for which isn't much. A bit of crypto and a Python playground.
I finally got round to writing the Nano crypto bash script for Ubuntu so I thought I'd port it over to Mate. A fairly easy process but you can't just add a bin directory to Home and have it work in the terminal. Several minutes of getting the script into the correct bin directory as root were needed. Anyway, all done now.
Should you be wondering what the script does, it allows me to write gpg encrypted messages without any of the plaintext being written to disc. Very nifty.
As long as no-one has installed a keylogger or happens to be looking over my shoulder I can safely jot down stuff that I want to remain secret.
If you're going to give it a go yourself make sure you have Nano 3.9.3 installed or it won't work.
Who said protecting your privacy wasn't fun.
Friday, November 03, 2017
I've been doing a lot of crypto stuff lately.
When I say 'a lot' I do mean literally hours upon hours of internet research and reading which then turns into hours of practical experimentation. Sometimes I just get it and sometimes what I'm reading makes no sense at all so I have to break things down and take baby steps.
The latest problem I've been working on is how to, without an air-gapped machine, write a text file, encrypt it and then send it to a desktop machine for further processing. So far I can do that. The vulnerabilities are plain to see. I could be hacked on any network. There could be a key-logger installed on the first machine which compromises everything. Or maybe my end machine could be monitored. Where there's a will there's a way.
Unless someone is actually on my case I've come up with a reasonably secure method which involves the use of SSH. I can switch my Android phone into Aeroplane Mode, write and encrypt and then send by SSH to a machine anywhere in the world once back on the network.
Of course there's still work to do. I can build upon my security which at the moment is OK but not great. The nice thing is that having started this I know where to look and I'm a little wiser to the terminology.
I'm not quite there yet.