Feel free to browse around and you'll have a pretty good idea of what this is about. I write about security, privacy, vulnerabilities and exploits, various programming languages and my projects. I might have written some stuff that's in my GitHub, but I'll never admit it anyway.

Hacker. Not Phineas Fisher. My other computer is your computer.

#Tor · #Ricochet · #Debian · #Infosec · #CubeSat · #OSdev · #Cyberpunk · #Cypherpunk

If you want to contact me, do it. I might answer. Probably. Or not.

 PGP  Key: 0xFAEA6AF5567BE45D
Fingerprint: 9AB8 10E5 AC82 1C12 53A3 D1D8 FAEA 6AF5 567B E45D

Building Shallot on macOS

Shallot allows you to create customized .onion addresses for Tor’s hidden services. (By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.) - Project Github page

Make sure you have Homebrew installed and start by installing the Homebrew OpenSSL package:

$ brew install openssl

DNS servers

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected.

Below is a list of public DNS service operators.


Quad9 is a not-for-profit public-benefit organization supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), and many other cybersecurity organizations for the purpose of operating a privacy-and-security-centric public DNS resolver. Its main differentiators from other DNS resolvers are that it does not record the queries users send to it, and that it automatically blocks domains known to be associated with malicious activity. Quad9 offers DNS over TLS service over port 853, DNS over HTTPS over port 443 and DNSCrypt service over port 443. - Wikipedia


DNS over TLS

Compile a list of all Facebook-owned IPs

Sometimes you want to block all Facebook IPs for various reasons (1, 2, 3, 4, 5, 6, 7, 8). Sometimes you really really do want that (and you should do it), so compiling a list with all the IPs is easy (both IPv4 and IPv6):

$ whois -h whois.radb.net '!gAS32934' | tr ' ' '\n' | awk '!/[[]]/' > facebook-ips-ipv4.txt
$ whois -h whois.radb.net '!6AS32934' | tr ' ' '\n' | grep '::' > facebook-ips-ipv6.txt

And a list of Facebook-owned IPs will be saved into the facebook-ips-{ipv4/ipv6}.txt files, ready to be used.

Azure and Full Disk Encryption


Here is a small tutorial on encrypting a Microsoft Azure virtual machine disk.

Preparing the Azure Virtual Machine

Enable the Azure Key Vault provider within your Azure subscription.

$ az provider register -n Microsoft.KeyVault

Create a resource group in your favorite location (keep in mind different locations enable different features, some VM sizes are not available in other locations).

The Starfish Parable

One day an old man was walking along the beach. It was low tide, and the sand was littered with thousands of stranded starfish that the water had carried in and then left behind.

The man began walking very carefully so as not to step on any of the beautiful creatures. Since the animals still seemed to be alive, he considered picking some of them up and putting them back in the water, where they could resume their lives.

The man knew the starfish would die if left on the beach’s dry sand but he reasoned that he could not possibly help them all, so he chose to do nothing and continued walking.