8 A Secure Public Jabber/XMPP Server Federated on Hyperboria, Tor, and The Internet

With Google’s transition away from open federation in favor of “Hangouts” and PRISM being all but certain I decided it was a good time to find an alternative to my Google Talk account. I decided to set up a Jabber/XMPP server that is open for public registration and will federate with any xmpp server over the Internet and over Hyperboria and which is also accessible over Tor.

The service is called (yz6yiv2hxyagvwy6.onion on Tor).

To sign up, simply use any Jabber/XMPP client, like Pidgin, and add an XMPP connection with any [email protected] Registration is handled in-band so you can simply check “create this account on the server” and you will have a new account.

If connecting over Tor, enter the same info, but specify the connect server as yz6yiv2hxyagvwy6.onion and make sure it’s tunneling over your Tor proxy via SOCKS5.

You’ll then be able to chat with any Jabber/XMPP account over the internet or Hyperboria. And don’t forget to add me: [email protected]

More info at



Prevent Ctrl-C From Terminating a Process in Bash

I run a few java processes in screen and occasionally need to hop in and run some interactive commands. The problem is I also hop between using a Mac and using a Linux desktop. This means that I have gotten used to hitting command+c when I want to copy something on the Mac. When I switch to a regular keyboard I tend to hit control-c when trying to copy from a terminal window and end up killing whatever process I was running.

To prevent ctrl-c from killing the process I’ve added this bit of code to the bash startup scripts that run these processes. It simply uses the trap mechanism to catch the signal and ignore it.

trap '' INT
# rest of the code to start the process here


Provider Independent Zero-Knowledge Backups

I recently went looking for a secure cloud-based backup solution. I always have, and still do, run my own backup server out of my apartment using the excellent open source package BackupPC. But this has the obvious disadvantage of being in the same physical location as the things it’s backing up. Also, BackupPC hasn’t been updated in a few years and development may be stalled.

The primary problem that I wanted to avoid when looking for a backup provider is one that the vast majority of them suffer from. They are fundamentally insecure. By this I don’t mean that they don’t require complex passwords, because they do. And I don’t mean that they don’t encrypt your data, because they do that too. The problem is that they also hold the key to that data. In those cases the security of your data is only as good as the policies of the service provider. What I mean is that you are no longer protected by the mathematics of encryption, instead you are simply trusting the provider not to lose or use your key.
Continue Reading →



Electronic Communications Privacy Act Modernization Act of 2012 – HR6339

I am rarely happy to see new legislation related to online privacy, mostly because it comes from the wrong side. I’m looking at you PIPA, SOPA, ACTA. But the recent bill introduced by John Conyers and Jerrold Nadler is an exception. Rather than trying to combat “piracy” like so many other tech bills, the Electronic Communications Privacy Act Modernization Act of 2012 (H.R. 6339) is legitimately aimed at protecting rights and privacy online.
Continue Reading →



Dallas Meshnet

I recently came across this interesting project called CJDNS. It is an open-source implementation of a packet router written in C. It has some interesting properties including end-to-end encryption, packet routing without any memory lookups, decentralized IP address allocation, and a trusted peer system allowing for democratic abuse mitigation. You can get more technical information and background in the CJDNS Whitepaper.
Continue Reading →



Running a Public Minecraft Server – A Year Later

A year ago today I started playing Minecraft. I am not a gamer. I have only played a dozen games in my life and only gotten invested in a couple (a few months of WoW addiction and many months of incessant Quake3 fragging). But I had kept hearing about other developers getting into Minecraft because it was a free-form building game, like virtual Legos, with no real objective, and hackable (custom server wrappers and plugins). This intrigued me, so I purchased the game and started up a vanilla Minecraft server on one of my development boxes.
Continue Reading →



PHP 5.3.10 and APC 3.1.9 on Ubuntu 10.04.4

This is not the latest Ubuntu LTS or PHP versions but it happens to be my current configuration until Xen is working better with 12.04 (hopefully 12.04.1) and I’m also waiting for a stable Suhosin patch for PHP 5.4 on 12.04 (also, hopefully 12.04.1).

To get PHP 5.3.10 on Ubuntu 10.04.4 LTS I recommend using Brian Mercers PPA. It is not being updated any longer but that’s fine since I’m only concerned with having PHP 5.3.10 with Suhosin.
Continue Reading →



Performance Tweaking nginx For Static Files Over SSL

A few small changes to your nginx.conf can increase your SSL performance. Enabling session cache and extending its timeout will allow reuse of the secure connection without having to renegotiate the key exchange. Increasing the keepalive will allow the workers to serve more requests before being restarted. Disabling the EDH cipher will significantly reduce the connection time. Thanks to Mike for pointing out in the comments that by disabling the Ephemeral Diffie-Hellman cipher you gain speed but lose perfect forward secrecy. In my particular case of serving static assets this was an acceptable trade-off.

http {
        keepalive_timeout 65;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers ALL:!kEDH!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        // ....

If you want to examine which ciphers are being used on an SSL connection you can use this openssl command:

openssl s_client -host HOSTNAME -port 443

Then in your server block of your nginx config you can set cache control headers far in the future for your image assets.

server {
        listen x.x.x.x:443 ssl;
        root /var/www/;
        index index.html;
        location ~* \.(?:ico|gif|jpe?g|png)$ {
                expires max;
                add_header Pragma public;
                add_header Cache-Control "public";


User-Specific Timezones With Symfony2 and Twig Extensions

It’s considered a best-practice to store all your times in the same timezone. Usually this timezone is UTC. Whenever a user enters a time it should be converted from their local timezone to UTC before being persisted. Whenever you want to display a timezone to a user it can be converted from UTC to whichever timezone they prefer. This normalizes the data in your database to a common timezone which allows for simpler querying and data aggregation. It also gives you the flexibility of having simple user-specific timezones that can be changed.

We can use Symfony’s events and dependency injection to make this conversion as seamless as possible.

Continue Reading →