Decentralizing the Internet Is Only the Start to Reclaiming Privacy

There is much backlash going on over Facebook’s revelations of user data being in the hands of Cambridge Analytica and perhaps many more. Not much of a surprise to more technical users who are more familiar with the surveillance economy as it is now known. People for going on decades have given away their digital identities in exchange for some free services. It is a somewhat timely moment of clarity for Internet users as a whole since it coincides with the explosion of blockchain and other decentralized services and projects.

Now is the time to seize on the backlash and reclaim our privacy online as not just a country but as the Internet as a whole.

There are many good open source and decentralized projects for social media and Facebook equivalents. The real issue comes down to user adoption and supporting the developers.

Read more

Anonymous Smart Contract Driven Orgs and Funds

One of the biggest things that first came out of Bitcoin and blockchain was initially Decentralized Autonomous Organizations (DAOs).  This concept has evolved with Colored Coins, Counterparty, and Ethereum since then.  Of course there have been (big!) bumps in the road. The Ethereum DAO being seen as securities by the SEC is one good example.  Along with the DAO hack which wreaked havoc and caused a lot of drama.

But in hindsight these were all just growing pains of a young technology. Not to say these were not big issues. But with any new technologies there are some casualties. When real world money is involved this can make things more painful for those affected.

Read more

Blockchains for Immutable Infrastructure

Yes, we’ve all heard the hype around ICOs (Initial Coin Offerings) and the Bitcoin/Ethereum price explosion. People are scrambling to make any BS product as an excuse to do an ICO. But let’s not overlook the real use and value of blockchains. To put it simply a blockchain is a cryptographic ledger (or database) that stores data in a P2P fashion. With consensus between them to write the data to the blockchain.

The blockchain can help alleviate the issues of configuration management, file integrity checking, and help build immutable cloud infrastructures with less complexity.

This can help to secure the Internet of Things (IoT) among others things like server configurations. The blockchain is much more than just for currency. Being only the tip of the iceberg in terms of what can be done using them. Not to say that everything should be on the blockchain. One of the biggest issues in past implementations of File Integrity Checking (FIC) is the obvious attack vector was via the database, the hashes were written to verify/monitor file integrity. Compromise the database and it renders the FIC moot. Blockchain based FIC you do not need this worry since that hash is stored across many thousands of nodes across the globe. So even if the local copy is compromised it will be detected by the network as a whole. There would be no central control or access to compromise the signature “database”. With the rise of Infrastructure as Code and Containers there is a bigger need to be able to verify the integrity of systems.

This can be done by generating a token on existing chain like Ethereum (ETH). But the speed of “transactions” is paramount to using a blockchain in this way. So a custom chain would need to be built.


Why Your Dockerfile Sucks for Production

Harpooned by a Dockerfile that sucks
Don’t get harpooned by a Dockerfile that sucks

Your Docker Compose file might suck too.

I admit it! I am guilty of making Dockerfiles that suck.

We’re all guilty of being overly general in our Dockerfiles. Just look on Docker Hub or GitHub. But in some ways it might be making things less consistent across builds.


FROM debian:latest 

Which is fine for testing something or working to build Dockerfiles for development pipelines. But let’s look at the shortfalls and headaches we can all avoid. You never really know what something like the above will get you.

The same applies to running package manager with only package name and no version. In some instances you will want to update a package for security or bug fix purposes. But for Docker in Production you want to stipulate these things.

So first let’s stipulate the right known base image using it’s SHA256:

FROM debian@sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4

To get the SHA256 you can get it when you pull the intial image you’ll be using to build projects.

$ sudo docker pull debian:8.7
8.7: Pulling from library/debian
693502eb7dfb: Pull complete
Digest: sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4
Status: Downloaded newer image for debian:8.7


Now you know the exact version you will be running. Now be sure to stipulate for other packages you need to install.

RUN apt-get update && apt-get install -y \
python=2.7.5-5 \
python-pip=1.5.4-1 \
some-package=1.1.1 \
&& rm -rf /var/lib/apt/lists/*

Now you have your Dockerfile not sucking so much for Production use!

You’ll also want to have internal Docker Registry for versioning and storing your containers once you build.


100 Days to Privacy Online: Day 15 – Taking a Stand

There are a lot of organizations fighting for your freedoms when it comes to digital rights. But the oldest and most effective is perhaps the Electronic Frontier Foundation (EFF).

From their site:

The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.

Even in the fledgling days of the Internet, EFF understood that protecting access to developing technology was central to advancing freedom for all. In the years that followed, EFF used our fiercely independent voice to clear the way for open source software, encryption, security research, file sharing tools, and a world of emerging technologies.

Today, EFF uses the unique expertise of leading technologists, activists, and attorneys in our efforts to defend free speech online, fight illegal surveillance, advocate for users and innovators, and support freedom-enhancing technologies.

Together, we forged a vast network of concerned members and partner organizations spanning the globe. EFF advises policymakers and educates the press and the public through comprehensive analysis, educational guides, activist workshops, and more. EFF empowers hundreds of thousands of individuals through our Action Center and has become a leading voice in online rights debates.

EFF is a donor-funded US 501(c)(3) nonprofit organization that depends on your support to continue fighting for users.

Learn More and Join/Donate Today!