Introducing MKISIO

Roundabout a year ago yours truly sought out “substitute” for this blog. I desired the ability to “post” information to content consumers, much as is done with websites, except I wanted the content delivered direct. Use an email newsletter service. Voila! There are tons of those around. Easy!

That is a fact. There are plenty of email newsletter service providers already in business. Some are free, and others even allow you to charge for your newsletter. I was looking for both options, but I also wanted the ability to encrypt newsletters with OpenPGP and provide subscribers with a way to read the stuff without having a degree from MIT (i.e. install crazy complex software); I thought it would also be nice to have some protection for both myself and potential subscribers in case of a security breach. As the latter goes, nothing but NOTHING is un-hackable, so why not make the stored data completely useless to miscreants?

I simply could not get this combination of features from anything in the wild, so I built it myself (with a little help of course). It is called MKISIO.

After covering the basic requirements some additional fun stuff was added, including …

  • Optional invitation functionality – so a publisher can ensure only known peeps are subscribing to their newsletter
  • Shortlink and QR code quick subscribe widgets – for plastering on legacy blogs and social media profiles
  • Subscription clearinghouse – as new publications are started, anyone with an account can find them and subscribe (assuming they are not invitation-only)
  • A couple of aces and kings up a sleeve, guaranteeing consistent performance in Hold ‘Em

As to the why this concoction was dreamed up in the first place, well the folks over at ReclaimTheWeb have the skinny on that. It wasn’t about creating a solution for raw censorship or economic hardball a.k.a. de-platforming though; I just wanted something that could afford more privacy and security, thereby making free speech the default. Sure, if someone wants to share confidential information via a MKISIO newsletter, they most certainly can use the encryption functionality. That was part of my original wish list, if only because nobody was doing it. Call it a personal challenge, successfully tackled. But the system is also good for sharing treasured fruitcake recipes, keeping extended family up-to-date on the kiddos report cards, or castigating members of the condo association … without fear of “repercussions”.

Meanwhile, I will be writing what otherwise would get posted here, over there. You can subscribe to my newsletters by clicking this link. Alternatively, feel free to point your phone camera at the nifty QR code to the left (that is if you are not already reading this post on it).

End Note: If you’ve read all of the above technical jargon slash carefully crafted PR and are still wondering where the name came from because you thought “MKIS” stood for Marketing Information Systems (you are correct), just read this (warning: it’s silly, but almost the truth). Finally, don’t forget that the beast is still work-in-progress, so if you decide to play and find a problem please feel free to let me know.

MG signing off (to blog via email for a while)

Highly Addictive Substance Alert!

This is a Highly Addictive Substance Alert, brought to you by the World Health OrganizationThe Centers for Disease Control … some cat who thinks about these things every time they drive by the supermarket (and usually winds up ‘stopping in to check inventory’).

These things will be the death of me

MG signing off (after using an exclamation point in the title so you know it’s serious)

Quick fix for the phpseclib -> BigInteger choke on macOS 10.14

This will be quick.

You are tooling with phpseclib on macOS. You try generating some hefty, say 4096 bit keypairs and BigInteger times out after 60 seconds. WTF do you do?

Well, BigInteger.php will leverage OpenSSL and/or bcmath for this kind of stuff, but it seems it gets a migraine after 2048 bits. It’ll charge after mcrypt and gmp too, if they are available, but neither is in macOS’s default PHP. We’ve covered mcrypt in the recent (and many days) past, and I had it and libsodium installed on my “device” when I filled an Apache error log up with fatals. Hence I looked to get gmp running.

It’s a relatively simple process … first gather all the items listed in this post on installing mcrypt. Then, you are going to follow some simple steps.

(more…)

Curiosity and Contemplation

Photo: Koji Sasahara/AP

Possible cavorting in background.

MG signing off (.)

Installing libsodium for PHP on macOS Mojave 10.14

While mcrypt installation has been the subject of [developer] fits and [yours truly’s] restarts, mcrypt is in fact going away. libsodium is the new player in town, a point I anticipated long ago being the venerable tech expert that I am just found out being the accountant who unfortunately bears the burden of having used dBase and Paradox in a past life.

That said, the process is relatively similar to mcrypt i.e. you will need brew (and I suggest XCode command line tools, just in case). Instructions for both are readily available via the only hyperlink in the paragraph immediately proceeding this one. Further, you need not bother with PHP source, but you might as well turn off SIP beforehand. Now let’s get started.

(more…)

Plugging mcrypt into PHP on macOS Mojave 10.14

Back by popular demand i.e. someone was struggling with ciphers in PHP and doing so on my dime. This will be quicker than prior implementations as we are going to dispense with building libmcrypt from source, as well as roll 64-bit only.

First, grab/do the following …

1) PHP 7.1.23 source code, which is available here; it is what my machine was running as of late, but you should use php -v to check your version of PHP and then download the PHP source for that version;

2) Xcode 10.2.1, available from the Mac App Store; you will also need the Command Line Tools (macOS 10.14) for Xcode, which you get by selecting “Xcode/Open Developer Tool/More Developer Tools…” from the Xcode menu, then logging into your Apple Developer account; it was at the top of the list as of the morning this post was written;

3) Homebrew (http://brew.sh) which can be installed by typing ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/ install/master/install)” at the command line; I removed Homebrew completely then reinstalled, rather than deal with updates, permissions issues, etc. that might arise after numerous macOS updates/upgrades;

4) Turn off System Integrity Protection (SIP):

  • Click the Apple menu (upper left hand corner of your screen)
  • Select Restart, then hold down the Command-R keys to boot into Recovery Mode
  • Select the Utilities menu and then Terminal
  • In Terminal, type csrutil disable and then hit return; then close Terminal
  • Click the Apple menu and select Restart
  • When you are done installing mcrypt, you can restart SIP by following the above steps while using csrutil enable.
(more…)

Tracker-less

While relatively inactive, this website is now tracker-less.

  • No ads, beacons, or surreptitious pixels
  • No embedded analytics, nor external measurement artifices in use *
  • No externally served fonts (a laughably obvious tracking mechanism)
  • No linkage to “social media” or other insidious trash external content
  • No first-party cookies (at least after fairly extensive testing)

There are a few YouTube videos embedded within, and since that service’s owner distributes tracking cookies via that media, it will be removed in due course. There may be links to other so-called “services” – varying displays of external content types accumulated over the years – but they too will be exterminated as they are found. Bonus: an aggregate Pingdom score consistently between 99 and 100.

MG signing off (because it was mostly useless anyway)

* Google Analytics was reinitiated.

A beginners’ guide to running blockchain full nodes using external storage devices

For those loath to run an established (read: huge) blockchain full node because they don’t want to reserve double digit percentages of their laptop’s soldered (additional read: not upgradeable) solid state storage for the cause, here are simple steps to do so by leveraging external drives. These instructions are for macOS, but Linux and Windows users should be able to derive their own setup from it.

First, let us note the location and size of comprehensive blockchain data stores as presented by both Bitcoin Core and Ethereum Wallet

Bitcoin Core default stores the Bitcoin blockchain under ~/Library/Bitcoin. There you will find several directories and files, including those for your wallet. That which we will want to deploy elsewhere is as follows:

1) ~/Library/Bitcoin/blocks at roughly 170 GB

2) ~/Library/Bitcoin/chainstate at roughly 3 GB

Ethereum is less unwieldly, but nonetheless a lot of data. It can be found under ~/Library/Ethereum; we’ll concentrate on the directories below:

1) ~/Library/Ethereum/geth/chaindata at roughly 80 GB

2) ~/Library/Ethereum/geth/lightchaindata at roughly 0.5 GB

Note that we are going to ignore other items under the main directories, including that representing keys i.e. wallets, wallet.dat in the case of Bitcoin and the /keystore for Ethereum. Why? While setups vary, my particular environment includes a laptop with FileVault2 activated, and a discrete backup drive encrypted AES-256 that receives a weekly clone of the former. Hence I always have two very secure copies of my keys and prefer to keep it that way.

Post-Identification

We are now going to move the big directories noted above to an external storage device. To keep everything organized, first create a “Bitcoin” and/or “Ethereum” directory on the device. Then copy the entire directories from above into those. Next, append “.old” to the original directory location names i.e the directories you copied from.

Now we will create symbolic links aka aliases to point the wallet applications to the new data store. Type the following into terminal …

For Bitcoin

ln -s /Volumes/XYZDRIVE/Bitcoin/blocks ~/Library/Application\ Support/Bitcoin/blocks

ln -s /Volumes/XYZDRIVE/Bitcoin/chainstate ~/Library/Application\ Support/Bitcoin/chainstate

For Ethereum

ln -s /Volumes/XYZDRIVE/Ethereum/chaindata \ ~/Library/Ethereum/geth/chaindata

ln -s /Volumes/XYZDRIVE/Ethereum/lightchaindata \ ~/Library/Ethereum/geth/lightchaindata

(where XYZDRIVE is your drive name)

Note that as the latter locations go for each blockchain, they are small in comparison to the others (not critical to move). Further, with the Ethereum light client data (still in beta), it may be advantageous to not move the lightchaindata directory, in case you are on the road and want to use your wallet in a jiffy.

Finale

Run Bitcoin Core and/or Ethereum Wallet. Assuming your previously stored blockchain(s) is not too far behind with syncing, it should start rolling right away. You can delete the “dot old” directories after you’ve confirmed all is right with the world.

MG signing off (to contribute to the stability of another network, without the storage headaches)

Grab and validate National Vulnerabilities Database updates

Here is a concoction to grab National Vulnerability Database feeds, specifically the Modified JSON and related metadata, then validate the reported sha256 hashes:

import urllib.request
import gzip
import hashlib

#json file
fileurl = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz'
json_file = '/Users/laptopuser/Documents/Active/NVD/nvd-data/0326/nvdcve-1.0-modified.json.gz'
urllib.request.urlretrieve(fileurl, json_file)
json_file_open = gzip.open(json_file, 'rb')

#meta file
fileurl = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta'
json_meta_file = '/Users/laptopuser/Documents/Active/NVD/nvd-data/0326/nvdcve-1.0-modified.meta'
urllib.request.urlretrieve(fileurl, json_meta_file)
json_meta_file_open = open(json_meta_file, 'r')

#get hash from meta file
for line in json_meta_file_open:
    li = line.split(':')
    if li[0] == 'sha256':
        ze_sha = li[1].strip('\n')
        print('Meta:', ze_sha)

#calc hash of file
sha256_hash = hashlib.sha256()
with json_file_open as f:
    for byte_block in iter(lambda: f.read(4096),b""):
        sha256_hash.update(byte_block)
    ze_hash = sha256_hash.hexdigest().upper()
    print('Calc:', ze_hash)
    
if ze_sha == ze_hash:
    print('MATCH')

json_file_open.close()
json_meta_file_open.close()

You will get output that looks something like this …

Meta: E3ECE7D603F091E68E60E68CD6E230A28BC9E23EFB7E9B8145E559D1910BE9A6
Calc: E3ECE7D603F091E68E60E68CD6E230A28BC9E23EFB7E9B8145E559D1910BE9A6
MATCH

No apologies for the basic code presentation, nor for using urllib.request.urlretrieve. Feel free to copy and paste into Jupyter notebook or PyCharm if syntax highlighting is desired; as the latter goes, I know that function is supposed to disappear but my application requires keeping a sizable rotation of NIST’s handiwork close by.

MG signing off (to grab and validate some more)

Betting the book will sell

… if author Annie Duke’s interview is any measure:

Video link -> https://www.youtube.com/watch?v=jxUZDiscLis

Made me go looking for Ms. Duke’s work. After checking Barnes & Noble stock, I was going for my keys when I realized I was actually preparing to get charged a roughly 50% premium for the trip. Too much vig for my taste.

MG signing off (having put my chips on the pass line instead)